1.1 EPC Hub takes your privacy seriously. We are committed to protecting your personal data, being clear about how we use it, and giving you control over your information.
1.2 This Privacy Policy explains what personal data EPC Hub collects, why we collect it, how we use it, who we may share it with, how long we keep it, and what rights you have.
1.3 This Policy applies when you use EPC Hub, including when you:
a. visit our website; b. create an account; c. use our platform or app; d. search for a property, assessor, professional or service; e. request a quote, send a message or make a booking request; f. use a Property Passport, dashboard, profile, directory, messaging or CRM feature; g. enrol in a CPD course or download EPC Hub resources; h. contact us for support; i. make a complaint; j. receive emails, SMS messages or platform notifications from us; k. interact with EPC Hub in any other way.
1.4 This Policy should be read together with our Terms & Conditions, Cookie Policy, Accessibility Statement, Complaints Policy, Payment & Fees Policy, Refunds & Cancellations Policy and any other EPC Hub policy published from time to time.
1.5 By using EPC Hub, you confirm that you have read and understood this Privacy Policy.
2. Who We Are
2.1 EPC Hub is a UK-based property energy platform supporting homeowners, property owners, landlords, Domestic Energy Assessors, retrofit professionals, installers, learners, partners, organisations and other property energy-related users.
2.2 EPC Hub helps users access property energy information, connect with trusted professionals, manage enquiries, communicate through the platform, access CPD or learning content, and use property energy-related tools.
2.3 For the purposes of UK data protection law, EPC Hub will usually be the data controller of the personal data we collect and use. This means we decide why and how that personal data is processed.
2.4 In some circumstances, EPC Hub may act as a data processor for a business client or organisation. Where this applies, a separate Data Processing Addendum or written agreement may apply.
a. “EPC Hub”, “we”, “us” or “our” means EPC Hub. b. “You” or “your” means any person using EPC Hub. c. “User” means any homeowner, property owner, landlord, assessor, professional, learner, organisation, partner, visitor or other person using EPC Hub. d. “Customer” means a homeowner, property owner, landlord, tenant, buyer, seller, agent or other person requesting property energy-related services through EPC Hub. e. “Professional” means an assessor, retrofit assessor, retrofit coordinator, installer, contractor, organisation, supplier, partner or other service provider using EPC Hub. f. “Assessor” means a Domestic Energy Assessor or other accredited energy professional using EPC Hub. g. “Platform” means the EPC Hub website, app, dashboards, directories, profiles, messaging tools, quote tools, booking tools, CRM tools, Property Passport, training areas and related services. h. “Personal data” means information that identifies you or could reasonably identify you. i. “Processing” means anything done with personal data, including collecting, storing, using, sharing, updating, deleting or analysing it. j. “Special category data” means more sensitive personal data, such as health information, religious beliefs, political opinions, racial or ethnic origin, biometric data used for identification, trade union membership, sex life or sexual orientation.
4. Data Protection Standards We Follow
4.1 EPC Hub processes personal data in line with the UK General Data Protection Regulation, the Data Protection Act 2018 and other applicable UK privacy laws.
4.2 We follow these data protection principles:
a. we use personal data lawfully, fairly and transparently; b. we collect personal data for clear and legitimate reasons; c. we only collect the personal data we need; d. we keep personal data accurate where necessary; e. we do not keep personal data for longer than needed; f. we protect personal data using appropriate security measures; g. we take responsibility for how personal data is handled.
5. Personal Data We Collect
5.1 The personal data we collect depends on how you use EPC Hub.
5.2 We may collect account and identity information, including:
a. your name; b. email address; c. telephone number; d. postal address; e. billing address; f. login or authentication information; g. account role, such as homeowner, assessor, professional, learner or organisation user; h. profile photo, avatar or uploaded image; i. business name; j. trading name; k. company number; l. VAT status or VAT number; m. accreditation details; n. professional membership details; o. insurance details; p. identity verification information, where required; q. compliance, fraud prevention or verification records.
5.3 We may collect contact and communication information, including:
a. messages you send to EPC Hub; b. support enquiries; c. complaints; d. feedback; e. survey responses; f. reviews; g. chat messages between users; h. attachments uploaded through messaging or support tools; i. email communication records; j. SMS communication records; k. phone or call-related records, where applicable; l. notification preferences; m. marketing preferences; n. records of consent, opt-ins and opt-outs.
5.4 We may collect property and service information, including:
a. property address; b. postcode; c. property type; d. property size or approximate property details; e. EPC rating or EPC-related information; f. property energy data; g. property upgrade interests; h. service request details; i. quotes requested or generated; j. booking request details; k. professional service areas; l. pricing settings; m. availability settings; n. deposit or payment settings; o. job records; p. property reports, documents, images or attachments uploaded by users.
5.5 If you are an assessor, professional or organisation, we may collect and display professional profile information, including:
a. your name; b. business name; c. profile photo; d. public bio; e. location or service area; f. services offered; g. pricing; h. availability; i. accreditation scheme; j. accreditation ID, where relevant; k. years of experience; l. business status; m. contact methods; n. website or social media links; o. reviews and ratings; p. profile performance data; q. verification badges or trust indicators; r. uploaded branding, images, logos or documents.
5.6 If you use EPC Hub CPD, training or learning resources, we may collect learner information, including:
a. course enrolments; b. course progress; c. module completion records; d. quiz or assessment results; e. certificates issued; f. CPD logs; g. download records; h. support requests; i. feedback and evaluation responses; j. records needed for CPD, audit, verification or certification purposes.
5.7 We may collect payment, billing and transaction information, including:
a. billing name; b. billing address; c. payment amount; d. subscription plan; e. membership status; f. transaction date; g. invoice records; h. refund records; i. deposit records; j. payout records; k. payment status; l. chargeback or payment dispute records; m. payment processor reference numbers; n. tax-related transaction records.
5.8 EPC Hub does not directly store full payment card numbers. Card and payment details are processed securely by third-party payment providers, such as Stripe, PayPal or other payment providers we may use.
5.9 We may collect technical and usage information automatically, including:
a. IP address; b. device type; c. browser type; d. operating system; e. device identifiers; f. session data; g. login times; h. pages visited; i. features used; j. buttons clicked; k. referring website; l. approximate location from IP address; m. error logs; n. performance data; o. security logs; p. cookie identifiers; q. analytics events; r. fraud prevention signals.
5.10 We may collect marketing and analytics information, including:
a. marketing preferences; b. email open and click data; c. campaign engagement data; d. referral source; e. advertising interaction data; f. conversion events; g. audience analytics; h. aggregated performance data; i. responses to surveys, forms or promotional campaigns.
5.11 We may collect security, verification and compliance information, including:
a. identity verification results; b. professional accreditation checks; c. insurance verification records; d. suspicious activity logs; e. audit logs; f. access logs; g. moderation records; h. blocked or restricted account records; i. security incident records; j. complaint and dispute evidence; k. records required by law, regulators, courts, payment providers or law enforcement.
6. Special Category Data
6.1 EPC Hub does not normally require special category data.
6.2 You should not provide special category data unless it is genuinely necessary.
6.3 If you choose to provide special category data, for example in a support message, complaint, accessibility request or uploaded document, we will process it only where we have a lawful basis and, where required, a specific condition under UK GDPR.
7. How We Collect Personal Data
7.1 We may collect personal data directly from you when you:
a. visit our website; b. create an account; c. complete a form; d. request a quote; e. search for a professional; f. save, shortlist, message or book a professional; g. upload content, files, reports, images or documents; h. enrol in CPD or training; i. make a payment; j. contact support; k. make a complaint; l. leave a review; m. update your profile; n. change your preferences.
7.2 We may collect personal data automatically when you use EPC Hub, including through cookies, analytics, server logs, security tools and usage tracking.
7.3 We may receive personal data from third parties, including:
a. payment providers; b. professional registers; c. accreditation bodies; d. identity verification providers; e. fraud prevention providers; f. analytics providers; g. marketing platforms; h. service providers; i. business partners; j. other EPC Hub users, where they provide information connected to an enquiry, message, booking, review, complaint or dispute.
8. Why We Use Personal Data
8.1 We use personal data to provide, operate and improve EPC Hub.
8.2 We may use personal data to:
a. create and manage accounts; b. allow secure login; c. provide website and platform functionality; d. display professional profiles; e. enable property searches; f. generate quote pathways; g. support enquiries, messages, bookings and service requests; h. provide Property Passport or property energy journey features; i. provide dashboards, CRM tools, reminders and notifications; j. process CPD enrolments and course completions; k. issue certificates; l. provide downloads, guides and resources; m. maintain platform performance, reliability and security.
8.3 We may use personal data to connect customers and professionals, including to:
a. match users with relevant professionals; b. show professionals in search results; c. allow customers to contact professionals; d. allow professionals to respond to enquiries; e. support quotes, booking requests and service discussions; f. share necessary property or contact details between users; g. support reviews, ratings and trust signals; h. support availability, service area and pricing features.
8.4 We may use personal data to process payments, including to:
a. process payments, subscriptions, deposits, invoices and refunds; b. manage membership plans; c. track transaction history; d. manage failed payments; e. support chargeback or payment dispute handling; f. calculate fees, commissions or balances where applicable; g. support payouts; h. meet accounting, tax and audit requirements; i. prevent fraud or misuse of payment systems.
8.5 We may use personal data to provide CPD, training and learning services, including to:
a. enrol users in courses; b. track course progress; c. confirm module completion; d. issue certificates; e. maintain CPD audit records; f. respond to learner support queries; g. improve course design; h. collect feedback.
8.6 We may use personal data to communicate with you, including to send:
a. account messages; b. service updates; c. booking or enquiry notifications; d. payment confirmations; e. security alerts; f. support replies; g. complaint responses; h. policy updates; i. platform announcements; j. training updates; k. reminders.
8.7 We may use personal data for marketing where permitted by law, including to send:
a. newsletters; b. product updates; c. feature announcements; d. course releases; e. offers; f. industry updates; g. membership information; h. assessor growth resources; i. homeowner guidance; j. property energy insights.
8.8 You can opt out of marketing at any time. Essential service, legal, security, account and payment messages may still be sent.
8.9 We may use personal data to improve EPC Hub, including to:
a. analyse platform performance; b. understand user behaviour; c. improve user experience; d. develop new features; e. test design improvements; f. measure conversion rates; g. identify popular content; h. monitor service quality; i. improve training materials; j. improve support processes; k. create anonymised or aggregated insights.
8.10 We may use personal data to maintain trust, safety and compliance, including to:
a. verify user identity; b. verify professional status; c. verify accreditation or insurance; d. detect and prevent fraud; e. detect misuse, abuse or spam; f. monitor compliance with EPC Hub policies; g. investigate complaints or disputes; h. moderate user content; i. protect users and EPC Hub; j. enforce our Terms & Conditions; k. respond to legal or regulatory requests; l. protect EPC Hub’s rights, reputation and platform integrity.
9. Lawful Bases for Using Personal Data
9.1 EPC Hub only uses personal data where we have a lawful basis under UK GDPR.
9.2 We may use personal data because it is necessary for a contract with you. This includes account creation, platform access, bookings, payments, subscriptions, CPD enrolments, certificates, support and service communications.
9.3 We may use personal data because we have a legitimate interest. This includes operating EPC Hub, improving services, preventing fraud, keeping the platform secure, supporting users, handling complaints, developing features, communicating with users and protecting EPC Hub’s legal and business interests.
9.4 We may use personal data because you have given consent. This may apply to certain marketing, non-essential cookies, analytics, advertising technologies or other processing where consent is required.
9.5 You can withdraw consent at any time where consent is the lawful basis.
9.6 We may use personal data because we have a legal obligation. This includes tax, accounting, data protection, fraud prevention, payment, regulatory, court or law enforcement obligations.
9.7 In rare cases, we may use personal data to protect someone’s vital interests, such as where there is an urgent safety concern.
10. Sharing Personal Data
10.1 EPC Hub does not sell your personal data.
10.2 We only share personal data where necessary, lawful and proportionate.
10.3 We may share relevant information with other users where needed to provide the platform. For example, we may share customer enquiry details with a professional, or professional profile details with a customer.
10.4 Information shared between users may include:
a. name; b. contact details; c. property address; d. service requirements; e. booking or enquiry details; f. messages; g. uploaded documents or attachments; h. reviews or ratings; i. other information needed to provide the service.
10.5 We may share personal data with trusted service providers who help us operate EPC Hub, including:
a. hosting providers; b. database providers; c. authentication providers; d. email providers; e. SMS providers; f. payment processors; g. analytics providers; h. customer support tools; i. marketing platforms; j. file storage providers; k. identity verification providers; l. fraud prevention providers; m. security providers; n. course or learning platforms; o. accounting and invoicing tools; p. professional advisers.
10.6 We require service providers to protect personal data and only use it for authorised purposes.
10.7 We may share personal data with payment providers, such as Stripe, PayPal or other providers we may use. These providers may have their own privacy policies.
10.8 We may share personal data with professional, accreditation, regulatory, legal or enforcement bodies where necessary, including:
a. accreditation bodies; b. professional bodies; c. regulators; d. courts; e. law enforcement; f. government bodies; g. fraud prevention agencies; h. payment providers; i. tax authorities.
10.9 We may share personal data with lawyers, accountants, auditors, insurers, consultants and other professional advisers where necessary.
10.10 If EPC Hub is involved in a merger, acquisition, restructuring, sale, investment or transfer of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.
10.11 We may disclose personal data where necessary to protect safety, prevent fraud, investigate unlawful activity, enforce our Terms, respond to legal claims, comply with law or protect EPC Hub, users or third parties.
11. International Transfers
11.1 EPC Hub aims to use UK or EEA-based providers where practical.
11.2 Some service providers may process personal data outside the UK or EEA.
11.3 Where personal data is transferred internationally, we will take reasonable steps to ensure suitable safeguards are in place. These may include:
a. adequacy regulations; b. International Data Transfer Agreements; c. UK Addendums to Standard Contractual Clauses; d. contractual safeguards; e. technical and organisational security measures; f. supplier due diligence.
12. Cookies and Similar Technologies
12.1 EPC Hub uses cookies and similar technologies.
12.2 Cookies may be used to:
a. keep the website and platform secure; b. remember preferences; c. enable login and authentication; d. support core functionality; e. measure performance; f. analyse usage; g. improve user experience; h. support marketing and advertising where permitted; i. detect fraud or misuse.
12.3 Some cookies are strictly necessary. Others, such as analytics or marketing cookies, may require your consent.
12.4 You can manage cookies through our cookie banner, Cookie Policy, browser settings or any cookie preference tool we make available.
12.5 Full details are set out in our Cookie Policy.
13. Marketing Communications
13.1 EPC Hub may send marketing communications where permitted by law.
13.2 Marketing may include:
a. platform updates; b. membership information; c. CPD and training updates; d. property energy insights; e. assessor growth resources; f. homeowner guidance; g. feature announcements; h. partner opportunities; i. promotional offers.
13.3 You can opt out of marketing at any time by clicking the unsubscribe link in our emails or contacting us.
13.4 Even if you opt out of marketing, we may still send essential service, legal, security, payment, account and transactional messages.
14. User-Generated Content
14.1 EPC Hub may allow users to submit or upload content, including:
a. profile text; b. images; c. logos; d. service descriptions; e. pricing; f. reviews; g. ratings; h. messages; i. attachments; j. documents; k. course feedback; l. complaint or support evidence.
14.2 Some content may be visible to other users or the public, depending on the feature used.
14.3 You are responsible for ensuring that any personal data you upload, publish or share through EPC Hub is accurate, lawful and does not infringe another person’s rights.
14.4 You must not upload confidential, sensitive or third-party personal data unless you have a legal right to do so.
14.5 EPC Hub may moderate, remove, restrict or retain user-generated content where necessary for legal, safety, compliance, evidential, quality assurance or platform integrity reasons.
15. Messages, Attachments and Platform Communications
15.1 Where EPC Hub provides messaging, chat, support or communication tools, we may process:
a. message text; b. sender and recipient details; c. timestamps; d. read status; e. attachments; f. file names; g. file types; h. file sizes; i. access logs; j. thread records; k. support records; l. moderation and compliance metadata.
15.2 EPC Hub may store, access, review or monitor communications where reasonably necessary for:
a. delivering the messaging service; b. troubleshooting; c. security; d. fraud prevention; e. support; f. complaint handling; g. dispute resolution; h. quality assurance; i. legal compliance; j. policy enforcement; k. user protection.
15.3 Users must not send unlawful, abusive, confidential, excessive or unnecessary personal data through EPC Hub communication tools.
16. Reviews, Ratings and Testimonials
16.1 EPC Hub may allow users to leave reviews, ratings, testimonials and feedback.
16.2 We may process and display:
a. your name or display name; b. rating; c. review text; d. service details; e. response from the professional; f. date of review; g. verification status; h. related booking or enquiry metadata.
16.3 EPC Hub may moderate reviews to prevent fraud, abuse, unlawful content, defamatory content, manipulation, spam or policy breaches.
16.4 Where permitted by our Terms, reviews and feedback may be used in EPC Hub marketing, platform pages, performance analytics or trust features.
17. Professional Profiles and Public Visibility
17.1 If you create a professional profile, some of your information may be visible publicly or to other users.
17.2 Public profile information may include:
a. name; b. business name; c. service area; d. profile photo; e. bio; f. pricing; g. services offered; h. availability; i. accreditation information; j. badges; k. review rating; l. customer reviews; m. contact options; n. links; o. images; p. other information you choose to publish.
17.3 You are responsible for keeping your public profile accurate, lawful and up to date.
17.4 EPC Hub may use profile data to support search visibility, directory listings, matching, trust indicators, marketing, analytics and platform functionality.
18. Property Passport and Property Energy Features
18.1 Where EPC Hub provides Property Passport, home energy journey, upgrade planning or related tools, we may process:
a. property address; b. EPC information; c. property energy rating; d. improvement interests; e. recommended services; f. saved professionals; g. messages; h. quotes; i. shortlists; j. grant or finance interests; k. customer notes; l. upgrade history; m. documents or reports uploaded by users; n. AI or automation outputs where applicable.
18.2 These tools are designed to help users understand and manage their property energy journey.
18.3 These tools do not replace professional surveys, legal advice, financial advice, regulated energy advice, assessor judgment or independent professional advice.
19. AI, Automation and Analytics
19.1 EPC Hub may use AI, automation or analytics to support platform performance, search, matching, recommendations, moderation, property guidance, customer support, training, communication, fraud prevention and business insights.
19.2 Personal data may be used to:
a. generate relevant suggestions; b. prioritise search results; c. improve quote pathways; d. detect suspicious activity; e. classify support requests; f. improve learning content; g. analyse engagement; h. support property energy planning; i. improve user experience.
19.3 Where possible, EPC Hub will use anonymised, pseudonymised or aggregated data for analytics and service improvement.
19.4 EPC Hub does not use AI or automation to make legally binding professional decisions on behalf of assessors, accreditation bodies, regulators, lenders, installers or public authorities.
19.5 AI and automated outputs are indicative only and should be checked before reliance.
19.6 Where required by law, you may request human review of any automated decision that produces legal or similarly significant effects.
20. Data Retention
20.1 EPC Hub keeps personal data only for as long as reasonably necessary.
20.2 We may keep personal data to:
a. provide services; b. manage accounts; c. comply with law; d. maintain tax and accounting records; e. resolve disputes; f. enforce agreements; g. maintain security; h. prevent fraud; i. protect EPC Hub’s rights; j. support audits; k. maintain CPD or certificate evidence.
20.3 Indicative retention periods are:
a. website enquiry records: up to 3 years after last contact; b. account records: for the duration of the account and up to 6 years after closure; c. booking, quote and transaction records: up to 6 years; d. payment and invoice records: up to 6 years; e. CPD course and certificate records: up to 6 years, or longer where needed for audit or certification evidence; f. support and complaint records: up to 6 years, or longer where required for legal defence; g. messages and attachments: as long as needed for service, compliance, disputes and audit, then deleted or anonymised; h. professional profile records: for the duration of the profile and a reasonable period after closure; i. reviews and ratings: as long as relevant to platform trust, unless removed under policy or law; j. security logs: usually 12 to 24 months, unless needed for investigation or compliance; k. marketing data: until you opt out or the data is no longer needed; l. cookie consent records: usually up to 12 months, or as legally required; m. legal, fraud or enforcement records: as long as necessary to protect legal rights and comply with obligations.
20.4 We may keep data for longer where necessary for legal, regulatory, tax, accounting, insurance, audit, fraud prevention, dispute resolution or enforcement purposes.
20.5 When personal data is no longer needed, we will delete it, anonymise it or securely archive it.
20.6 Anonymised data may be kept indefinitely because it no longer identifies an individual.
21. Data Security
21.1 EPC Hub uses appropriate technical and organisational measures to protect personal data.
21.2 These measures may include:
a. encryption in transit; b. secure hosting; c. access controls; d. role-based permissions; e. authentication controls; f. logging and monitoring; g. staff confidentiality obligations; h. supplier due diligence; i. secure file storage; j. backup and recovery processes; k. vulnerability monitoring; l. incident response processes; m. data minimisation; n. regular access reviews.
21.3 No online platform, storage system or transmission method is completely secure.
21.4 EPC Hub takes reasonable steps to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
21.5 Users are responsible for keeping their own devices, email accounts, passwords, login links and systems secure.
22. Your Responsibilities
22.1 You are responsible for:
a. providing accurate personal data; b. keeping your account details up to date; c. protecting your login details; d. using secure devices and networks; e. not sharing login links or authentication credentials; f. ensuring you have permission to upload third-party data; g. not uploading excessive, unlawful or unnecessary personal data; h. not misusing personal data received through EPC Hub; i. complying with your own legal obligations where you act as a controller; j. not using EPC Hub for spam, harassment, scraping, fraud or unlawful activity.
22.2 Assessors, professionals, organisations and business users may have their own data protection obligations in relation to their clients, customers, employees, subcontractors and business contacts.
23. Your Data Protection Rights
23.1 Under UK data protection law, you may have the rights set out in this section.
23.2 You may have the right to access the personal data we hold about you.
23.3 You may have the right to ask us to correct inaccurate or incomplete personal data.
23.4 You may have the right to ask us to delete personal data where there is no lawful reason for us to keep it.
23.5 You may have the right to ask us to restrict how we use your personal data in certain circumstances.
23.6 You may have the right to object to processing based on legitimate interests or direct marketing.
23.7 You may have the right to receive certain personal data in a structured, commonly used and machine-readable format.
23.8 Where we rely on consent, you may withdraw that consent at any time.
23.9 Where applicable, you may have rights relating to automated decision-making.
23.10 You also have the right to complain to the Information Commissioner’s Office if you believe your data protection rights have been breached.
23.11 ICO contact details are:
Website: ico.org.uk Telephone: 0303 123 1113
23.12 We ask that you contact EPC Hub first so we can try to resolve your concern.
24.2 Please include enough information for us to identify you and understand your request.
24.3 We may need to verify your identity before responding.
24.4 We will normally respond within one month.
24.5 If your request is complex or you have made several requests, we may extend the response period where permitted by law.
24.6 We may refuse or limit requests where they are manifestly unfounded, excessive, unlawful, conflict with legal obligations, affect the rights of others, or relate to data we must retain.
25. Children’s Privacy
25.1 EPC Hub is not intended for children under 18.
25.2 We do not knowingly collect personal data from children under 18.
25.3 If we become aware that a child has provided personal data without appropriate consent or lawful basis, we will take reasonable steps to delete it.
26. Accessibility and Privacy Requests
26.1 If you need this Privacy Policy in an alternative format, or need support making a privacy request because of accessibility needs, please contact us.
26.3 We will make reasonable adjustments where feasible.
27. Data Breaches
27.1 If EPC Hub becomes aware of a personal data breach, we will assess the risk and take appropriate action.
27.2 Where required by law, we will notify the Information Commissioner’s Office within the applicable timeframe.
27.3 Where a breach is likely to result in a high risk to your rights and freedoms, we will notify affected individuals where required.
27.4 Users must notify EPC Hub promptly if they become aware of unauthorised access, disclosure, loss or misuse of personal data connected with EPC Hub.
28. Third-Party Links and Services
28.1 EPC Hub may contain links to third-party websites, platforms, tools or services.
28.2 We are not responsible for the privacy practices, security standards, content or actions of third parties.
28.3 You should read the privacy policy of any third-party service you use.
28.4 Third-party services may include payment providers, analytics providers, social media platforms, accreditation bodies, mapping tools, communication services, learning platforms, government websites and professional service providers.
29. Data Processing Addendum
29.1 Where EPC Hub processes personal data as a processor on behalf of a business client, organisation or professional user, additional data processing terms may apply.
29.2 These terms may cover:
a. documented instructions; b. confidentiality; c. security measures; d. sub-processors; e. international transfers; f. data subject requests; g. breach notification; h. return or deletion of data; i. audit assistance; j. controller responsibilities.
29.3 Business clients remain responsible for ensuring they have a lawful basis for any personal data they instruct EPC Hub to process.
30. Sub-Processors and Suppliers
30.1 EPC Hub may use sub-processors and suppliers to help deliver services.
30.2 Categories of sub-processors may include:
a. cloud hosting; b. database infrastructure; c. authentication; d. payments; e. email delivery; f. SMS delivery; g. analytics; h. customer support; i. file storage; j. security; k. identity verification; l. learning management; m. marketing automation; n. accounting and administration.
30.3 A current list of key sub-processors may be made available on request where appropriate.
30.4 EPC Hub may update suppliers or sub-processors from time to time, provided appropriate safeguards remain in place.
31. Complaints About Privacy
31.1 If you have a concern about how EPC Hub handles personal data, please contact us at:
31.2 We will review your complaint and aim to respond within a reasonable period.
31.3 You may also complain to the Information Commissioner’s Office.
31.4 ICO contact details are:
Website: ico.org.uk Telephone: 0303 123 1113
32. Changes to This Privacy Policy
32.1 EPC Hub may update this Privacy Policy from time to time.
32.2 We may update this Policy to reflect changes in:
a. law; b. regulation; c. platform features; d. technology; e. business operations; f. data practices; g. security requirements; h. supplier arrangements.
32.3 The latest version will be published on this page with the updated date.
32.4 Where required by law, we will provide additional notice or request consent.
32.5 Continued use of EPC Hub after publication of an updated Privacy Policy means you have had the opportunity to review the updated Policy.
33. Relationship With Other EPC Hub Policies
33.1 This Privacy Policy should be read together with EPC Hub’s other policies and terms.
33.2 Where there is a conflict between this Privacy Policy and the Terms & Conditions, the Terms & Conditions will apply except where data protection law requires otherwise.
33.3 Where there is a conflict between this Privacy Policy and the Cookie Policy regarding cookies or similar technologies, the Cookie Policy will provide more specific details.
33.4 Nothing in this Privacy Policy excludes or limits rights that cannot be excluded under UK data protection law.
34. Limitation of Liability
34.1 EPC Hub will comply with its obligations under applicable data protection law.
34.2 To the maximum extent permitted by law, EPC Hub is not liable for:
a. losses caused by inaccurate data supplied by users; b. unauthorised access caused by user negligence; c. third-party service failures outside EPC Hub’s reasonable control; d. losses caused by users uploading unlawful or unauthorised personal data; e. indirect, consequential or business losses arising from use of EPC Hub; f. events beyond EPC Hub’s reasonable control.
34.3 Nothing in this Privacy Policy excludes or limits liability where it would be unlawful to do so.
35. Governing Law and Jurisdiction
35.1 This Privacy Policy is governed by the laws of England and Wales.
35.2 Any dispute relating to this Privacy Policy will be subject to the courts of England and Wales, unless applicable data protection law requires otherwise.
36. English Language
36.1 This Privacy Policy is drafted in English.
36.2 If this Privacy Policy is translated into another language, the English version will prevail in the event of inconsistency, unless applicable law requires otherwise.
37. Contact Us
37.1 For questions, requests or complaints about this Privacy Policy or the way EPC Hub handles personal data, please contact:
EPC Hub Email:privacy@epchub.org Alternative email:info@epchub.org Website: epchub.org Registered address: 124 City Road, London, England, EC1V 2NX
Privacy FAQs
1. What personal data does EPC Hub collect?
EPC Hub collects the information needed to provide its website, platform, CPD, support, professional profiles, property energy tools, messaging, payments and related services. This may include your name, contact details, account information, property information, professional details, messages, course records, payment records, device information and usage data.
2. Does EPC Hub sell personal data?
No. EPC Hub does not sell personal data.
3. Does EPC Hub store payment card details?
No. EPC Hub does not directly store full payment card numbers. Payments are processed securely by third-party payment providers such as Stripe, PayPal or other providers we may use.
4. Can I ask EPC Hub to delete my data?
Yes. You can request deletion. We will comply where legally possible. Some data may need to be kept for legal, tax, accounting, audit, dispute, security or compliance reasons.
5. How long does EPC Hub keep CPD records?
EPC Hub may keep CPD, course completion and certificate records for up to 6 years, or longer where required for audit, certification, legal or compliance purposes.
6. Does EPC Hub use cookies?
Yes. EPC Hub uses cookies for security, functionality, analytics, performance and, where permitted, marketing. Full details are set out in our Cookie Policy.
7. Can I unsubscribe from emails?
Yes. You can unsubscribe from marketing emails at any time. Essential service, account, legal, payment and security messages may still be sent.
8. Who can see my professional profile?
If you create a public professional profile, users and visitors may be able to see your published profile information, including your name, business name, service area, bio, photo, services, pricing, reviews, badges and contact options.
9. Are messages private?
Messages are not publicly visible. However, EPC Hub may access, store, review or monitor messages where necessary for service delivery, support, security, compliance, complaints, disputes, legal obligations or policy enforcement.
