Select Page

Data Protection Statement

Effective Date: 20/03/2026
Website: https://theepcwoman.co.uk/
Business Name: The EPC Woman

1. Introduction

The EPC Woman is committed to protecting and respecting your personal data.

This Data Protection Statement explains how personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Our Role as Data Controller

The EPC Woman acts as a data controller in relation to personal data collected through this website and in the course of providing EPC services.

3. Data Protection Principles

We adhere to the core data protection principles under UK GDPR. Personal data will be:

  • Processed lawfully, fairly, and transparently

  • Collected for specified and legitimate purposes

  • Limited to what is necessary

  • Accurate and kept up to date

  • Retained only for as long as necessary

  • Processed securely

4. Personal Data We May Process

Depending on your interaction with us, we may process:

  • Contact details (e.g. name, email address, telephone number)

  • Property address and details required for EPC assessments

  • Booking and appointment information

  • Communication records (emails, calls, enquiries)

  • EPC-related data required to produce certificates

We do not intentionally collect sensitive personal data unless required and provided voluntarily.

5. Lawful Basis for Processing

We rely on the following lawful bases:

  • Contractual necessity – to provide EPC assessments and reports

  • Legitimate interests – to operate and improve the business

  • Consent – where required (e.g. marketing communications)

  • Legal obligation – to comply with EPC regulations and record-keeping requirements

6. How We Use Personal Data

We use personal data to:

  • Arrange and carry out EPC assessments

  • Produce and lodge EPC certificates

  • Communicate with customers regarding bookings and services

  • Maintain business and regulatory records

  • Improve our services and customer experience

7. Data Sharing

We may share personal data where necessary with:

  • EPC accreditation schemes and regulatory bodies

  • Software providers used to produce EPC certificates

  • IT and website service providers

  • Professional advisors (e.g. accountants)

  • Legal or regulatory authorities where required

We do not sell personal data.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure storage of customer information

  • Restricted access to authorised personnel

  • Use of compliant EPC software systems

However, no system can be guaranteed to be completely secure.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Provide EPC services

  • Meet regulatory and accreditation requirements

  • Comply with legal and financial obligations

Retention periods may vary depending on the type of data.

10. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent where applicable

To exercise your rights, please contact us.

11. Contact Details

If you have any questions about this Data Protection Statement or how your data is handled, please contact us.

12. Complaints

If you are not satisfied with how your personal data is handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Website: https://www.ico.org.uk

13. Updates to This Statement

We may update this Data Protection Statement from time to time. Updates will be published on this page with a revised effective date.