UK GDPR & Data PRotection Policy

Effective Date: 12 June 2026
Review Date: 12 June 2027

Introduction

A1 Home Inspectors is committed to protecting personal information and handling data responsibly, securely, and in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

As a partnership providing Energy Performance Certificate (EPC) services across Bristol and the wider Somerset area, we recognise the importance of protecting the personal information of customers, clients, assessors, contractors, and business contacts.

This policy sets out how we collect, use, store, and protect personal data.

1. Scope

This policy applies to:

  • The partners of A1 Home Inspectors

  • Domestic Energy Assessors (DEAs)

  • Contractors and individuals working on behalf of the partnership

  • Any person who processes personal data for business purposes

All persons working on behalf of A1 Home Inspectors are expected to follow this policy.

2. Data Protection Principles

A1 Home Inspectors is committed to processing personal information in accordance with the following principles.

Personal data will be:

  • Processed lawfully, fairly, and transparently

  • Collected for legitimate business purposes

  • Limited to what is necessary

  • Accurate and kept up to date where appropriate

  • Retained only for as long as required

  • Stored securely and protected against unauthorised access, loss, or misuse

3. Types of Personal Data We May Process

We may process personal information including:

  • Names

  • Addresses and property addresses

  • Email addresses

  • Telephone numbers

  • Appointment and booking details

  • EPC assessment information

  • Payment information where applicable

  • Business contact information

We only collect information necessary to provide our services and meet legal or regulatory obligations.

4. Lawful Basis for Processing

We process personal information under one or more lawful bases, including:

  • Performance of a contract

  • Legitimate business interests

  • Compliance with legal obligations

  • Consent (where required)

For EPC services, some personal data processing is necessary to fulfil legal and accreditation requirements.

5. Data Retention

We only retain personal information for as long as necessary to provide our services and meet legal, professional, and regulatory obligations.

As an Energy Performance Certificate (EPC) provider, A1 Home Inspectors is required to comply with the Energy Performance of Buildings Regulations and accreditation requirements. This means we are required to retain records relating to EPC assessments, including property and customer details relevant to the assessment, for a period of 15 years.

These records are stored securely and are only accessed where necessary for business, compliance, audit, or legal purposes. Information may be shared with Elmhurst Energy, our accreditation scheme provider, for quality assurance, audit, and supervisory purposes where required.

We do not sell, rent, or improperly disclose personal information. Any sharing of information is carried out in accordance with applicable legal and regulatory requirements, including UK data protection law.

Once information is no longer required and any legal retention period has expired, records will be securely deleted or destroyed.

6. Data Security

We take appropriate technical and organisational measures to protect personal information.

These measures may include:

  • Password-protected systems and devices

  • Secure storage of electronic records

  • Restricted access to personal information

  • Appropriate disposal of confidential information

Individuals working on behalf of A1 Home Inspectors must take reasonable steps to protect personal data and prevent unauthorised disclosure.

7. Sharing Personal Data

We do not sell or rent personal data.

Personal information may only be shared where necessary for:

  • Providing EPC services

  • Accreditation or audit requirements

  • Payment processing

  • Legal or regulatory obligations

Any sharing of information will be carried out lawfully and securely.

8. Data Subject Rights

Individuals may have the following rights under UK GDPR:

  • The right to access personal information

  • The right to request correction of inaccurate information

  • The right to request deletion in certain circumstances

  • The right to restrict or object to processing

  • The right to data portability where applicable

  • The right to withdraw consent where consent applies

Requests relating to personal data should be made using the contact details below.

9. Data Breaches

Any suspected personal data breach, loss of information, unauthorised disclosure, or cyber security incident must be reported to the partners immediately.

Where required by law, breaches will be reported to the Information Commissioner’s Office (ICO).

10. Responsibilities

The partners, Gary Langale and Richard Buckner, are jointly responsible for ensuring compliance with this policy.

All assessors, contractors, and persons working on behalf of A1 Home Inspectors are responsible for:

  • Following this policy

  • Keeping personal information secure

  • Reporting concerns or breaches promptly

  • Only accessing information necessary for their role

11. Contact Details

For questions regarding this policy, personal data, or data protection matters, please contact us on the details below.

12. Policy Review

This policy will be reviewed periodically to ensure it remains appropriate and compliant with legal requirements.