Privacy Policy

Last updated: 03 December 2025

At truEPC, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our website and services.

1. Information We Collect

1.1 Information You Provide

When you request a quote or book a Commercial EPC assessment, we collect:

  • Your name (first and last)
  • Email address
  • Telephone number
  • Property address (where the EPC assessment will be conducted)
  • Billing address (if different from property address)
  • Payment information (processed securely through Stripe)

1.2 Automatically Collected Information

When you visit our website, we automatically collect:

  • IP address (stored as a hashed value for security)
  • Browser type and version
  • Operating system
  • Pages visited and time spent on each page
  • Referral source

1.3 Cookies and Tracking

We use cookies and similar technologies to enhance your browsing experience. See our Cookie Policy for detailed information.

2. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: To provide Commercial EPC assessments, arrange site visits, and deliver certificates
  • Communication: To contact you regarding your booking, send confirmations, and provide customer support
  • Payment Processing: To process payments securely through our payment provider (Stripe)
  • Legal Compliance: To comply with legal obligations and maintain records as required by law
  • Service Improvement: To analyse usage patterns and improve our website and services
  • Fraud Prevention: To detect and prevent fraudulent bookings and protect our business

3. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to fulfil our contract with you (providing EPC services)
  • Legitimate Interests: Fraud prevention, website analytics, and service improvement
  • Legal Obligation: Compliance with tax, accounting, and regulatory requirements
  • Consent: Marketing communications (only with your explicit consent)

4. How We Share Your Information

We do not sell your personal information. We may share your data with:

  • Accredited Assessors: Your contact details and property information are shared with our qualified Non-Domestic Energy Assessors to conduct your EPC survey
  • Payment Processors: Stripe processes payments on our behalf (see Stripe's privacy policy)
  • Email Service Providers: For sending booking confirmations and certificates
  • Legal Authorities: When required by law or to protect our legal rights

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • SSL encryption for all data transmission
  • Secure database storage with regular backups
  • IP address hashing for privacy protection
  • Access controls limiting who can view personal data
  • Regular security updates and monitoring

Payment card details are never stored on our servers. All payment processing is handled by Stripe, which is PCI-DSS Level 1 certified.

6. Data Retention

We retain your personal information for as long as necessary:

  • Quote Data: Expires after 1 hour if not converted to a booking
  • Booking Data: Retained for 7 years to comply with accounting and tax regulations
  • Email Communications: Retained as long as necessary to provide customer support
  • Website Analytics: Aggregated data retained indefinitely; individual session data for 14 months

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Request limitation on how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications at any time

To exercise any of these rights, please contact us at [email protected].

8. Third-Party Services

8.1 Stripe (Payment Processing)

Payment processing is handled by Stripe. When you make a payment, your card details are sent directly to Stripe and are not stored on our servers. View Stripe's privacy policy at stripe.com/gb/privacy.

8.2 Email Service Provider

We use email services to send booking confirmations and certificates. Your email address is shared with our email provider solely for this purpose.

8.3 Website Hosting

Our website is hosted in the UK. Your data is stored on secure servers within the United Kingdom.

9. International Transfers

Your personal data is processed and stored within the United Kingdom. If we transfer data outside the UK, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

10. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on this page with a new "Last Updated" date.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: [email protected]
Website: https://www.truepc.co.uk/

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator, at ico.org.uk.