EPC Hub (“we”, “us”, “our”) respects your privacy and is committed to protecting the personal information you provide when using our platform, services, and website (the “Services”). This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection laws.
By using EPC Hub, you agree to the terms of this Privacy Policy.
1. Principles of Processing
EPC Hub processes personal data in line with the principles of UK GDPR:
Lawfulness, fairness, and transparency.
Purpose limitation.
Data minimisation.
Accuracy.
Storage limitation.
Integrity and confidentiality.
Accountability.
2. Information We Collect
We may collect and process the following categories of personal data:
a. Information you provide directly
Name, email address, telephone number, postal address.
Business details (company name, VAT number, professional accreditation numbers).
Payment and billing information (through our secure payment providers).
Content uploaded by you, such as profile details, reviews, and communications with clients or assessors.
b. Information collected automatically
Technical information including IP address, browser type, device identifiers, operating system.
Usage data including pages visited, time spent, and actions taken on our platform.
Cookies and similar technologies (see Section 10).
c. Information from third parties
Professional accreditation data (where publicly available).
Identity verification data.
Payment processors and fraud prevention providers.
Special Category Data: EPC Hub does not require or request sensitive data (e.g. health information). If you choose to provide such data, you do so at your own discretion and risk.
3. How We Use Your Information
We process personal data for the following purposes:
To provide and operate our Services (creating and managing accounts, bookings, profiles, payments).
To communicate with you (service updates, confirmations, notices).
To process payments, manage subscriptions, and enforce any applicable non-refundable fees in line with our Terms & Conditions.
To detect and prevent fraudulent or unauthorised activity.
To improve our Services, troubleshoot, and analyse usage.
To comply with legal and regulatory obligations.
For marketing and promotional communications (only where lawful and with your consent, where required).
To investigate misuse of our platform, enforce our Terms & Conditions, and take appropriate action including suspension or termination of accounts.
To fulfil data subject requests, including portability. Data exports will be provided in a machine-readable format (e.g. CSV or JSON).
You may opt out of marketing communications at any time; however, essential service-related messages will still be sent.
We may use anonymised and aggregated data for analytics, benchmarking, and improving our Services. This information does not identify individuals.
4. Legal Basis for Processing
We process your personal data under one or more of the following lawful bases:
Contractual necessity.
Legitimate interests.
Legal obligation.
Consent.
5. Sharing of Information
We do not sell your personal data. We may share your data only with:
Service providers (payment processors, hosting, analytics, marketing tools).
Other users (to the extent required for bookings, profiles, communications).
Professional/regulatory bodies (to verify accreditation or compliance).
Legal authorities (where required to comply with law or protect rights).
Business transfers (merger, acquisition, restructuring).
Marketing safeguard: EPC Hub will never sell or share your personal data with third parties for their own independent marketing purposes.
6. Joint Controllers and Responsibility
EPC Hub acts as a data controller for user accounts, payments, and communications.
Independent assessors act as separate controllers for the personal data they provide to customers and are responsible for their own compliance.
7. Data Retention
We retain personal data only as long as necessary.
Previous versions of this Privacy Policy are available on request.
8. Data Security
We implement appropriate technical and organisational measures to safeguard your personal data, including encryption, access controls, and secure servers.
While we take reasonable steps to protect your information, no system is completely secure. As outlined in our Terms & Conditions, EPC Hub accepts no liability for unauthorised access or loss beyond our control.
In the event of a data breach likely to result in risk to your rights, we will notify you and the ICO.
We train our staff on data protection and regularly audit our third-party providers.
9. International Transfers
If personal data is transferred outside the UK/EEA, we ensure safeguards are in place (adequacy decisions or standard contractual clauses).
Your personal data is primarily stored on secure servers located in the UK and/or EEA.
10. Cookies & Tracking
We use cookies and similar technologies to improve site functionality, analyse traffic, and personalise content. See our Cookie Policy [link].
11. User-Generated Content
Certain information you provide, such as profiles, reviews, and business details, may be visible to users and the public. Do not upload information you do not wish to make public.
Information provided by assessors, including qualifications, prices, and availability, is the sole responsibility of the assessor. EPC Hub is not liable for inaccuracies in user-generated content.
Indemnity: You agree to indemnify EPC Hub for any claims, damages, or costs arising from unlawful, inaccurate, or unauthorised personal data you provide.
12. Automated Processing & Profiling
EPC Hub may use automated systems to display assessors based on relevance (such as location, services, and reviews). This does not have significant effects but improves efficiency.
If you believe an automated decision has unfairly affected you, you may request a human review.
13. Third-Party Links
Our Services may contain links to external sites. EPC Hub is not responsible for the privacy practices or content of third-party sites.
14. Law Enforcement Requests
EPC Hub will only disclose personal data to law enforcement or regulators where legally required or necessary to protect rights and safety, and always in line with UK law.
15. Supplier and Sub-Processor Transparency
A current list of our key sub-processors and service providers (such as payment processors, hosting providers, and analytics partners) is available on request. All providers are contractually required to comply with applicable data protection laws.
16. Your Responsibilities
Users are responsible for:
Maintaining the confidentiality of their account credentials.
Securing their own devices against unauthorised access.
Ensuring personal data they provide is accurate and lawful.
EPC Hub is not liable for breaches arising from user negligence.
17. Your Rights
Under the UK GDPR, you have the following rights: access, rectification, erasure, restriction, objection, portability, consent withdrawal, complaint.
We will respond to requests within one month. If unhappy, contact us first (we respond within 30 days). You may also complain to the ICO.
Requests: [Insert contact email].
18. Children’s Privacy
Our Services are not intended for individuals under 18. We do not knowingly collect data from minors.
19. Changes to this Policy
We may update this Privacy Policy. Updates will be posted with a “last updated” date.
As we develop new features or adopt new technologies, we may process data in ways not specifically described here, but always in line with this Policy and UK GDPR.
20. Disclaimers and Force Majeure
We make no warranties that our Services or data storage systems will operate without interruption or error, or that data loss will never occur.
EPC Hub is not liable for any failure to perform its obligations under this Privacy Policy where such failure is due to circumstances beyond our reasonable control, including but not limited to cyber-attacks, natural disasters, or government actions.
EPC Hub is not responsible for failures, breaches, or unlawful acts committed by third-party service providers, provided we have taken reasonable steps in selecting them.
EPC Hub cannot guarantee the accuracy or completeness of personal data provided by users, and accepts no liability for reliance placed on such information.
21. Governing Law, Jurisdiction, and Class Action Waiver
This Privacy Policy and related disputes are governed by the laws of England and Wales.
Any claims relating to this Privacy Policy must be brought exclusively before the courts of England and Wales.
You agree that any claim you bring against EPC Hub in relation to this Privacy Policy must be brought individually, and not as part of any group or class action.
22. Limitation on Time to Bring Claims
Any claim relating to this Privacy Policy must be brought within six (6) months of the event giving rise to the claim; otherwise, it is permanently barred.
23. Liability Limitation
To the maximum extent permitted by law, EPC Hub’s liability under this Privacy Policy shall not exceed the total subscription or service fees paid by you to EPC Hub in the 12 months preceding the claim. EPC Hub shall not be liable for any indirect, incidental, special, or consequential damages, including loss of profits, data, or goodwill.
24. No Third-Party Rights
This Privacy Policy does not create rights enforceable by any person or entity other than EPC Hub and its users.
25. Severability
If any provision of this Privacy Policy is held invalid or unenforceable, the remaining provisions shall remain in full force and effect. Any invalid provision shall be replaced with the closest enforceable equivalent reflecting the original intent.
26. Entire Agreement
This Privacy Policy, together with our Terms & Conditions and Cookie Policy, constitutes the entire agreement between you and EPC Hub regarding the processing of personal data.
27. Reservation of Rights
EPC Hub reserves the right to suspend or restrict Services where reasonably necessary to comply with data protection laws, regulatory requirements, or to protect its business interests.
EPC Hub may immediately suspend or restrict your account if it reasonably suspects that continued use would create a security risk, breach of law, or reputational harm.
28. Choice of Language
In case of any conflict between translated versions of this Privacy Policy, the English version shall prevail.
29. Data Processing Addendum (DPA)
For business clients requiring additional assurances, EPC Hub may enter into a Data Processing Addendum (DPA) consistent with this Privacy Policy.
30. Monitoring and Auditing
EPC Hub reserves the right to monitor and audit use of the platform for compliance with this Privacy Policy and our Terms & Conditions.
31. Non-Waiver
Failure by EPC Hub to enforce any right or provision of this Privacy Policy shall not constitute a waiver of such right or provision.
32. Assignment
EPC Hub may assign or transfer its rights and obligations under this Privacy Policy without restriction. Users may not assign their rights without prior written consent.
33. Costs of Enforcement
If EPC Hub is required to enforce this Privacy Policy against you and is successful, you agree to reimburse all reasonable legal fees and costs incurred.
34. Security Testing Prohibition
You must not attempt to probe, scan, or test the vulnerability of our systems or Services. Any such activity is strictly prohibited and may result in legal action.
35. Retention of Communications
EPC Hub may retain records of communications with users for compliance, security, and evidential purposes.
36. Interpretation
EPC Hub reserves the exclusive right to determine the meaning, scope, and application of this Privacy Policy in practice.
37. Notification Method
You agree that EPC Hub may provide notices, including updates to this Privacy Policy, via email or through the platform, and that such notices shall be legally effective.
38. Local Law Compliance
Users accessing EPC Hub from outside the UK are solely responsible for ensuring compliance with any applicable local laws regarding data use.
39. Limitation on Remedies
Your sole and exclusive remedy for any breach of this Privacy Policy shall be limited to monetary damages; you waive any right to seek injunctive or equitable relief against EPC Hub.
40. Good Faith
All rights under this Privacy Policy must be exercised in good faith. EPC Hub reserves the right to reject frivolous or abusive claims.
41. Intellectual Property
Nothing in this Privacy Policy shall be construed to transfer any intellectual property rights of EPC Hub.
42. Arbitration Option
EPC Hub may, at its discretion, require that any dispute arising under this Privacy Policy be resolved by confidential arbitration rather than litigation. Any arbitration shall take place in London, England, and shall be conducted in English.
43. Successors and Assigns
This Privacy Policy is binding upon and will inure to the benefit of EPC Hub’s successors and assigns.
44. No Publicity Without Consent
Users may not use EPC Hub’s name, trademarks, or branding in any publicity, complaint, or proceeding without prior written consent.
45. Headings for Convenience
The section headings in this Privacy Policy are for convenience only and shall not affect its interpretation.
46. Survival
The provisions of this Privacy Policy relating to liability, indemnification, governing law, jurisdiction, dispute resolution, limitation periods, remedies, and survival shall remain in effect even after termination of your account.
47. Electronic Acceptance
Acceptance of this Privacy Policy electronically, including by clicking to agree or using the Services, shall have the same legal effect as a handwritten signature.
48. Acknowledgement
By using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
