Acceptable Use Policy
Last updated: 16 April 2026
DIRECT EPC
directepc.co.uk
Privacy Policy, Cookie Policy
and Acceptable Use Policy
Effective Date: 26 March 2026
Contact: info@directepc.co.uk
Contents
Part 1: Privacy Policy
1. Who We Are
2. Data We Collect
3. Legal Basis for Processing
4. How We Use Your Data
5. Data Sharing
6. Data Retention
7. Your Rights Under UK GDPR
8. International Transfers
9. Data Security
10. Children's Privacy
11. Third-Party Links
12. Changes to This Privacy Policy
13. Contact Us
Part 2: Cookie Policy
14. What Are Cookies
15. Types of Cookies We Use
16. Specific Cookies on Our Platform
17. Third-Party Cookies
18. Managing Cookies
19. Cookie Consent
Part 3: Acceptable Use Policy
20. Scope
21. Prohibited Uses
22. Intellectual Property
23. User-Generated Content
24. Reporting Violations
25. Consequences of Breach
26. Governing Law
PART 1
Privacy Policy
This Privacy Policy explains how Direct EPC collects, uses, stores, and protects your personal data when you use our Platform at directepc.co.uk. It is provided in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
1. Who We Are
1.1 The data controller responsible for your personal data is Direct EPC, operating the Platform at directepc.co.uk.
1.2 If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us by email at info@directepc.co.uk.
2. Data We Collect
We collect and process the following categories of personal data:
2.1 Personal Information
When you create an account or place a booking, we collect your name, email address, telephone number, and postal address.
2.2 Property Information
We collect details of the property for which you are booking an EPC, including the property address, property type, and number of bedrooms.
2.3 Payment Information
Payments are processed securely through Stripe, our third-party payment processor. We do not store, collect, or have access to your full card details. Stripe may collect payment card information directly in accordance with its own privacy policy.
2.4 Account Information
We collect information relating to your account, including login credentials (stored in encrypted form) and your activity on the customer dashboard.
2.5 Technical Data
We automatically collect technical information when you visit our Platform, including your IP address, browser type and version, device type, operating system, and screen resolution.
2.6 Usage Data
We collect information about how you use our Platform, including pages visited, time spent on pages, navigation paths, and booking history.
3. Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. The legal bases we rely upon are:
3.1 Contract Performance — Processing is necessary for the performance of a contract with you, including processing your booking, assigning an Assessor, and facilitating payment.
3.2 Legitimate Interests — Processing is necessary for our legitimate interests, including improving our services, ensuring the security of our Platform, preventing fraud, and conducting analytics to enhance user experience.
3.3 Consent — Where you have given us specific consent, including for marketing communications and the use of non-essential cookies. You may withdraw consent at any time.
3.4 Legal Obligation — Processing is necessary for compliance with legal obligations to which we are subject, including tax reporting, regulatory compliance, and responding to lawful requests from public authorities.
4. How We Use Your Data
We use your personal data for the following purposes:
4.1 Processing and managing your bookings and payments.
4.2 Assigning an Assessor to your booking and sharing the necessary contact and property details with the assigned Assessor to enable the EPC assessment to be carried out.
4.3 Providing access to your customer dashboard, including booking history, EPC certificates, and the EPC Modeller tool.
4.4 Sending you marketing communications where you have provided consent. You may opt out at any time by using the unsubscribe link in any marketing email or by contacting us.
4.5 Analysing usage patterns and improving the functionality, performance, and content of our Platform.
4.6 Preventing fraud, detecting security incidents, and protecting against malicious, deceptive, or illegal activity.
5. Data Sharing
We may share your personal data with the following categories of recipients:
5.1 Assessors — When you place a booking, we share your name, telephone number, email address, and property address with the assigned Assessor. Only the information necessary to carry out the EPC assessment is shared.
5.2 Stripe — We use Stripe as our payment processor. Your payment information is shared directly with Stripe in accordance with Stripe's privacy policy. We do not store your card details.
5.3 Google — We use Google Analytics for website analytics and Google Ads for advertising. These services may collect data through cookies as described in Part 2 of this document.
5.4 Hosting Providers — Our Platform is hosted by third-party hosting providers who process data on our behalf under appropriate data processing agreements.
5.5 Professional Advisors — We may share data with our legal, accounting, and other professional advisors where necessary for the provision of their services to us.
5.6 Law Enforcement and Regulatory Bodies — We may disclose personal data where required by law, regulation, or court order, or where disclosure is necessary to protect our rights, property, or safety.
We do not sell your personal data to any third party.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our specific retention periods are:
6.1 Account Data — We retain your account information for the duration of your account plus six (6) years following account closure, to meet our legal and regulatory obligations.
6.2 Booking Records — We retain booking and transaction records for six (6) years in accordance with tax and legal requirements (including HMRC requirements).
6.3 Marketing Data — We retain marketing preferences and consent records until you withdraw consent or unsubscribe from marketing communications.
6.4 Technical Logs — We retain technical and usage logs for twelve (12) months, after which they are anonymised or deleted.
6.5 When the applicable retention period expires, we will securely delete or anonymise your personal data.
7. Your Rights Under UK GDPR
Under UK GDPR, you have the following rights in relation to your personal data:
7.1 Right of Access — You have the right to request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one month of receiving your request.
7.2 Right to Rectification — You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
7.3 Right to Erasure — You have the right to request that we delete your personal data (the "right to be forgotten"), subject to our legal obligations to retain certain records.
7.4 Right to Restriction of Processing — You have the right to request that we restrict the processing of your personal data in certain circumstances.
7.5 Right to Data Portability — You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller.
7.6 Right to Object — You have the right to object to processing based on legitimate interests or for direct marketing purposes.
7.7 Right to Withdraw Consent — Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
7.8 To exercise any of these rights, please contact us at info@directepc.co.uk. We will respond to your request within one month.
7.9 If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can find out more at ico.org.uk.
8. International Transfers
8.1 We primarily store and process your personal data within the United Kingdom and the European Economic Area (EEA).
8.2 Some of our third-party service providers (including Google and Stripe) may transfer data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Government or adequacy decisions by the Secretary of State.
8.3 You may contact us at info@directepc.co.uk for further information about the safeguards we have in place.
9. Data Security
9.1 We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.
9.2 Our security measures include, but are not limited to:
(a) encryption of data in transit using SSL/TLS protocols;
(b) encrypted storage of passwords and sensitive account information;
(c) regular security assessments and vulnerability testing;
(d) access controls limiting data access to authorised personnel only; and
(e) secure payment processing through Stripe (PCI DSS compliant).
9.3 While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your personal data.
10. Children's Privacy
10.1 Our Platform and Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
10.2 If we become aware that we have collected personal data from a child, we will take steps to delete that data as soon as reasonably practicable. If you believe we may have collected data from a child, please contact us at info@directepc.co.uk.
11. Third-Party Links
11.1 Our Platform may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
11.2 We do not control these third-party websites and are not responsible for their privacy policies or practices. We encourage you to read the privacy policy of every website you visit.
12. Changes to This Privacy Policy
12.1 We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any changes will be posted on this page with an updated effective date.
12.2 Where changes are significant, we will notify you by email or through a prominent notice on our Platform.
12.3 Your continued use of the Platform after any changes to this Privacy Policy constitutes acceptance of those changes.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Email: info@directepc.co.uk
Website: directepc.co.uk
You may also contact the Information Commissioner's Office (ICO) at ico.org.uk if you wish to raise a concern about how we have handled your personal data.
PART 2
Cookie Policy
This Cookie Policy explains how Direct EPC uses cookies and similar technologies on our Platform at directepc.co.uk. This policy should be read alongside our Privacy Policy (Part 1 of this document). This Cookie Policy is provided in compliance with the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR.
14. What Are Cookies
14.1 Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently and to provide information to the website owner.
14.2 Cookies may be set by the website you are visiting ("first-party cookies") or by third parties who provide services to the website ("third-party cookies").
14.3 Cookies can be "session cookies" (which are deleted when you close your browser) or "persistent cookies" (which remain on your device for a set period or until you delete them).
15. Types of Cookies We Use
We use the following categories of cookies on our Platform:
15.1 Strictly Necessary Cookies
These cookies are essential for the operation of our Platform. They enable core functionality such as user authentication, session management, and secure payment processing through Stripe. Without these cookies, the Platform cannot function properly. These cookies do not require your consent under PECR.
15.2 Performance and Analytics Cookies
These cookies collect information about how visitors use our Platform, such as which pages are visited most often and whether users receive error messages. The information collected is aggregated and used to improve the performance and usability of our Platform. We use Google Analytics for this purpose.
15.3 Functionality Cookies
These cookies allow our Platform to remember choices you make (such as your preferred language or region) and provide enhanced, personalised features. They may also be used to remember changes you have made to customisable areas of the Platform.
15.4 Advertising and Targeting Cookies
These cookies are used to deliver advertisements that are relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns. We use Google Ads for conversion tracking and remarketing purposes.
16. Specific Cookies on Our Platform
The following table details the specific cookies used on our Platform:
Cookie Name |
Provider |
Purpose |
Duration |
Type |
_ga |
Distinguishes unique users by assigning a randomly generated number as a client identifier for Google Analytics. |
2 years |
Analytics |
|
_gid |
Stores and updates a unique value for each page visited for Google Analytics. |
24 hours |
Analytics |
|
_gat |
Throttles the request rate to Google Analytics, limiting data collection on high-traffic sites. |
1 minute |
Analytics |
|
_gcl_au |
Google Ads |
Stores conversion data related to Google Ads clicks on the website. |
90 days |
Advertising |
_gcl_aw |
Google Ads |
Stores information about ad clicks to attribute conversions for Google Ads campaigns. |
90 days |
Advertising |
IDE |
Google Ads |
Used by Google DoubleClick to register and report the user's actions after viewing or clicking an advertiser's ad, for remarketing purposes. |
1 year |
Advertising |
NID |
Registers a unique ID that identifies a returning user's device for targeted advertising. |
6 months |
Advertising |
|
__stripe_mid |
Stripe |
Fraud prevention and detection — identifies the browsing session for payment security. |
1 year |
Strictly Necessary |
__stripe_sid |
Stripe |
Fraud prevention and detection — identifies the browsing session for payment processing. |
30 minutes |
Strictly Necessary |
session_id |
Direct EPC |
Maintains user session state and authentication across page requests. |
Session |
Strictly Necessary |
csrf_token |
Direct EPC |
Prevents cross-site request forgery attacks by validating form submissions. |
Session |
Strictly Necessary |
cookie_consent |
Direct EPC |
Stores the user's cookie consent preferences. |
1 year |
Strictly Necessary |
17. Third-Party Cookies
Some cookies on our Platform are set by third-party services. We do not control these cookies. The third parties and their purposes are:
17.1 Google Analytics
We use Google Analytics to understand how visitors interact with our Platform. Google Analytics uses the cookies _ga, _gid, and _gat to collect anonymised information about page visits and user behaviour. For more information, see Google's privacy policy.
17.2 Google Ads
We use Google Ads for conversion tracking and remarketing. Google Ads cookies (including _gcl_au, _gcl_aw, IDE, and NID) help us measure the effectiveness of our advertising campaigns and show relevant advertisements to users who have previously visited our Platform.
17.3 Stripe
We use Stripe to process payments securely. Stripe sets cookies (__stripe_mid and __stripe_sid) for fraud prevention and to ensure the security of payment transactions. For more information, see Stripe's privacy policy.
18. Managing Cookies
18.1 You can control and manage cookies in several ways. Please note that removing or blocking cookies may affect your experience on our Platform and some features may not function as intended.
18.2 Browser Settings
Most browsers allow you to refuse or delete cookies through their settings. The method for doing so varies from browser to browser. You can generally find instructions in the "Help", "Tools", or "Settings" menu of your browser.
18.3 Google Analytics Opt-Out
You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
18.4 Google Ads Opt-Out
You can manage your Google advertising preferences or opt out of personalised advertising at Google Ads Settings.
18.5 Impact of Disabling Cookies
If you choose to disable or block cookies, you may not be able to access certain parts of our Platform or use certain features. Strictly necessary cookies cannot be disabled as they are essential for the Platform to function. Disabling analytics or advertising cookies will not affect the core functionality of the Platform.
19. Cookie Consent
19.1 When you first visit our Platform, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies.
19.2 Strictly necessary cookies will be set regardless of your choice, as they are required for the Platform to function.
19.3 You can change your cookie preferences at any time by adjusting your browser settings or using the cookie preference controls on our Platform.
19.4 For further information about cookies and your rights, you may visit allaboutcookies.org.
PART 3
Acceptable Use Policy
This Acceptable Use Policy sets out the terms under which you may access and use our Platform at directepc.co.uk. By using our Platform, you agree to comply with this policy. This policy supplements our Terms and Conditions and should be read alongside them.
20. Scope
20.1 This Acceptable Use Policy applies to all users of the Platform at directepc.co.uk, including Customers, Assessors, and visitors.
20.2 By accessing or using our Platform, you confirm that you accept this policy and agree to abide by it. If you do not agree, you must not use our Platform.
21. Prohibited Uses
You must not use our Platform:
21.1 For any unlawful purpose, or in any way that breaches any applicable local, national, or international law or regulation.
21.2 To harass, abuse, threaten, intimidate, or otherwise cause distress or inconvenience to any person.
21.3 To submit false, misleading, or inaccurate information, including false property details, false contact information, or fraudulent bookings.
21.4 To attempt to gain unauthorised access to our Platform, the server on which our Platform is stored, or any server, computer, or database connected to our Platform.
21.5 To introduce viruses, trojans, worms, logic bombs, spyware, malware, or any other material which is malicious or technologically harmful.
21.6 To engage in any automated data collection, including data extraction, data mining, or any other automated means of gathering information from our Platform without our prior written consent.
21.7 To circumvent, disable, or otherwise interfere with security-related features of the Platform, including features that prevent or restrict use or copying of any content.
21.8 To impersonate any person or entity, or to misrepresent your identity or affiliation with any person or entity.
21.9 To use our Platform to promote, advertise, or provide competing services without the prior written permission of Direct EPC.
21.10 To interfere with, disrupt, or place an unreasonable burden on the Platform or the networks or services connected to it, including actions that could impair other users' experience.
22. Intellectual Property
22.1 All content on our Platform, including but not limited to text, graphics, logos, icons, images, audio clips, digital downloads, data compilations, and software, is the property of Direct EPC or its content suppliers and is protected by United Kingdom and international copyright, trademark, and other intellectual property laws.
22.2 You may not reproduce, distribute, modify, create derivative works from, publicly display, publicly perform, republish, download, store, or transmit any material from our Platform without our prior written consent, except as permitted for personal, non-commercial use.
22.3 The Direct EPC name, logo, and all related names, logos, product and service names, designs, and slogans are trademarks of Direct EPC. You must not use such marks without our prior written permission.
23. User-Generated Content
23.1 Where you provide any content to our Platform (including feedback, reviews, or information submitted through forms), you grant Direct EPC a non-exclusive, royalty-free, worldwide licence to use, reproduce, modify, and display that content in connection with our services.
23.2 You are responsible for ensuring that any content you submit is accurate, does not infringe the rights of any third party, and complies with all applicable laws and this Acceptable Use Policy.
23.3 We reserve the right to remove any user-generated content that we consider, in our sole discretion, to be in breach of this policy or otherwise objectionable.
24. Reporting Violations
24.1 If you become aware of any breach of this Acceptable Use Policy, or any other misuse of our Platform, please report it to us immediately at info@directepc.co.uk.
24.2 We will investigate any reported violations and take appropriate action, which may include the measures described in Section 25 below.
25. Consequences of Breach
If we determine that a breach of this Acceptable Use Policy has occurred, we may take such action as we deem appropriate, including:
25.1 Issuing a warning to you.
25.2 Temporary or permanent suspension of your account and access to the Platform.
25.3 Immediate, temporary, or permanent removal of any content posted by you to the Platform.
25.4 Legal proceedings against you for reimbursement of all costs (including reasonable administrative and legal costs) resulting from the breach.
25.5 Disclosure of such information to law enforcement authorities as we reasonably consider necessary or as required by law.
25.6 We exclude liability for all actions taken in response to breaches of this policy. The responses described above are not limited, and we may take any other action we reasonably deem appropriate.
26. Governing Law
26.1 This Acceptable Use Policy is governed by and construed in accordance with the laws of England and Wales.
26.2 Any disputes arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.
26.3 If any provision of this policy is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be deemed modified to the minimum extent necessary to make it valid, legal, and enforceable, and the remaining provisions shall continue in full force and effect.
— End of Document —
Direct EPC
directepc.co.uk
info@directepc.co.uk