Privacy policy

Privacy Policy

Winckley EPC

Last Updated: January 2026

Who We Are

Winckley EPC is a professional Energy Performance Certificate provider operating in the United Kingdom. We are committed to protecting your privacy and handling your personal data responsibly.

Data Controller: Winckley EPC, 33-34 Winckley Square, Preston PR1 3JJ

Data We Collect

We collect and process the following types of personal data when you use our services:

Identity Data: Full name, title

Contact Data: Email address, telephone number, postal address

Property Data: Property address, property type, building characteristics

Transaction Data: Payment details, service history

Technical Data: IP address, browser type, device information (when using our website)

Communication Data: Records of correspondence, enquiries, feedback

How We Use Your Data

We use your personal data for the following purposes:

  • Service Delivery: To provide Energy Performance Certificates and related assessments
  • Communication: To respond to enquiries, send appointment confirmations, and deliver certificates
  • Regulatory Compliance: To lodge EPCs with the national register as required by law
  • Payment Processing: To process payments for our services
  • Service Improvement: To improve our services and customer experience
  • Legal Obligations: To comply with legal and regulatory requirements

Legal Basis for Processing

We process your personal data under the following lawful bases:

  • Contract: Processing necessary to perform our contract with you (e.g., conducting an EPC assessment)
  • Legal Obligation: Processing necessary to comply with UK energy regulations and EPC registration requirements
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as improving services and fraud prevention
  • Consent: Where you have given explicit consent for marketing communications

Data Sharing

We may share your personal data with:

  • Government Bodies: EPC data is registered with the national EPC Register as required by law. This information becomes publicly accessible.
  • Payment Providers: Secure third-party payment processors to handle transactions
  • Professional Advisers: Accountants, lawyers, or insurers when necessary
  • Regulatory Authorities: When required by law or to protect our legal rights

We will never sell your personal data to third parties for marketing purposes.

Data Retention

We retain your personal data only for as long as necessary:

  • EPC Records: As required by regulations, EPC data remains on the public register for 10 years
  • Financial Records: 7 years for tax and accounting purposes
  • Communication Records: Up to 3 years after our last interaction
  • Marketing Consents: Until you withdraw consent

Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details below. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. Visit ico.org.uk for more information.

Cookies

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device.

Types of Cookies We Use:

  • Essential Cookies: Required for the website to function properly
  • Analytics Cookies: Help us understand how visitors use our website
  • Functional Cookies: Remember your preferences and settings

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:

  • Secure, encrypted data transmission (SSL/TLS)
  • Secure storage systems with access controls
  • Regular security assessments and updates
  • Staff training on data protection

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact us:

Winckley EPC

Email: mike@winckleyepc.co.uk

Phone: 07786 917834

Address: 33-34 Winckley Square, Preston PR1 3JJ

© 2026 Winckley EPC. All rights reserved.