EPC domestic commercial

02036332089
9AM to 9PM 7days a week

9AM to 9PM 7days a week

Privacy Policy

PRIVACY POLICY – FAST EPC LONDON LTD

Last updated: 24 November 2025

FAST EPC LONDON LTD (“we”, “us”, “our”) is committed to protecting the privacy of our customers and website users.

We are a private limited company registered in England and Wales under company number 13066885. Our registered office and correspondence address is:

FAST EPC LONDON LTD
134 Longheath Gardens
Croydon
England
CR0 7TP

Telephone: 020 3633 2089
Email: [email protected]

We provide energy assessment and related services, including domestic and commercial Energy Performance Certificates (EPCs), floorplans and gas safety certificates, in England with a focus on London and surrounding local areas.

This Privacy Policy explains how we collect, use, store and protect your personal data in line with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data controller

For the purposes of data protection law, FAST EPC LONDON LTD is the data controller of the personal data we collect about you when you:

  • use our website

  • make an enquiry

  • book and pay for a service online

  • receive an EPC, floorplan or gas safety certificate from us.

Our director, Mr Mohammad Mahdi, has overall responsibility for data protection within the company.

2. Personal data we collect

We may collect and process the following categories of personal data:

Identity and contact data

  • Name, title

  • Phone number

  • Email address

  • Billing address

  • Property address where the assessment will take place.

Property and assessment data

  • Property type, size and layout

  • Construction details and building elements

  • Heating, hot water and insulation details

  • Meter readings and other technical data

  • Floorplans

  • Photographs taken at the property as evidence for EPC and audit purposes.

Booking and payment data

  • Date and time of appointments

  • Service ordered

  • Amount paid and currency

  • Last four digits of the card and transaction reference (we do not see or store full card numbers or CVV codes; payment processing is handled securely by Stripe).

Technical and usage data

  • IP address

  • Browser type and version

  • Device type

  • Pages you visit and how you navigate the site

  • Security logs from our website firewall and Cloudflare (used for security and DDoS protection).

We do not currently use Google Analytics, Google Tag Manager or similar analytics tags on the website.

3. How we collect your data

We collect personal data in the following ways:

  • Directly from you when you call, email or complete a form

  • When you use our online booking and payment forms (via the Forminator plugin and Stripe)

  • During the site visit and assessment (notes, measurements and photographs)

  • From accreditation bodies and scheme software where necessary (for example Quidos and Elmhurst systems when lodging EPCs).

4. Lawful bases for processing

We process your personal data under the following lawful bases:

  • Contract – to take steps at your request before entering into a contract and to perform our contract with you (e.g. accepting bookings, carrying out assessments, issuing EPCs and invoices).

  • Legal obligation – to comply with legal and regulatory requirements, including EPC legislation and the requirements of government-approved accreditation schemes and registers.GOV.UK

  • Legitimate interests – for the proper running of our business, such as managing our schedule, preventing fraud, network and information security, and responding to complaints.

  • Consent – where we rely on your consent (for example, to send non-essential marketing communications). You can withdraw consent at any time by contacting us.

5. How we use your personal data

We use your personal data to:

  • Schedule and manage appointments

  • Carry out EPC inspections, floorplans and gas safety checks

  • Produce EPCs and lodge them on the official government EPC register as required by lawHomeOwners Alliance+1

  • Produce and deliver reports, certificates and invoices

  • Take and process payments via Stripe

  • Manage our relationship with you (including responding to queries and complaints)

  • Comply with accreditation scheme rules and audits (Quidos and Elmhurst)mail.elmhurstenergy.co.uk+1

  • Maintain records for tax, accounting and regulatory purposes

  • Protect our systems and website from abuse, attacks and fraud (using Cloudflare security and firewall features).

We do not sell your personal data to third parties.

6. EPC evidence and retention periods

As an EPC provider accredited with Quidos and Elmhurst, we are required to retain sufficient evidence to support each EPC we lodge. Elmhurst guidance and Code of Conduct require members to keep assessment evidence safely for 15 years, with reference to the Latent Damage Act 1986.mail.elmhurstenergy.co.uk

To comply with these scheme rules and demonstrate that reports are accurate and robust, we will normally retain:

  • Site notes

  • Floorplans

  • Photographs taken at the property

  • Supporting calculations and evidence

for up to 15 years from the date of the assessment, unless a longer period is required by law (for example, for ongoing disputes) or a shorter period is allowed and agreed in future by the accreditation schemes or regulator.

Other categories of data are retained as follows (unless law requires longer):

  • Basic customer and invoice records: up to 7 years for tax and accounting purposes

  • Enquiry emails: up to 3 years

  • Security logs: typically up to 1 year, unless required for investigation.

7. Sharing your personal data

We may share your personal data with:

  • Government EPC register for lodging EPCs as required by law

  • Accreditation schemes such as Quidos and Elmhurst, including for quality assurance and auditingQuidos+1

  • Our EPC software providers, where used to collect and lodge data

  • Stripe (payment processor) for secure handling of card payments

  • Our website hosting provider and Cloudflare, who process IP addresses and technical data for hosting, security, firewall and DDoS protection

  • Professional advisers (solicitors, accountants, insurers) where necessary to protect our legal interests

  • Law enforcement, regulators or courts where we are legally required to do so.

Where service providers act on our behalf, they are required to keep your data confidential and secure and only use it in line with our instructions and the law.

Some providers (for example Stripe and Cloudflare) may transfer data outside the UK/EEA, usually on the basis of adequacy regulations or standard contractual clauses approved by the UK government or European Commission.

8. Cloudflare and security

We use Cloudflare to provide:

  • Content delivery (CDN)

  • Web application firewall (WAF)

  • DDoS protection

  • Performance and security optimisation.

When you visit our website, your request may be routed through Cloudflare’s network. Cloudflare may process your IP address, device information and basic usage data to provide these security services, in line with its own privacy policy and data protection obligations.

9. Cookies

Our website may use small text files called cookies and similar technologies to:

  • Maintain basic website functionality

  • Provide security and firewall protection (for example via Cloudflare)

  • Remember information you enter into forms during a session.

We do not currently use cookies for marketing or analytics. If this changes in future (for example if we add Google Analytics), we will update this Privacy Policy and, where required, provide a cookie banner or consent mechanism.

You can usually control cookies through your browser settings, but blocking essential cookies may affect how the website functions.

10. Your rights

Under the UK GDPR, you have the following rights in relation to your personal data, subject to certain conditions:

  • Right to be informed – to receive clear information about how we use your data

  • Right of access – to request a copy of your personal data

  • Right to rectification – to have inaccurate or incomplete data corrected

  • Right to erasure – to request deletion of your data in certain circumstances

  • Right to restriction of processing – to request that we limit how we use your data

  • Right to data portability – to receive your data in a structured, commonly used format where applicable

  • Right to object – to object to processing based on our legitimate interests or to direct marketing

  • Rights related to automated decision-making and profiling – we do not carry out automated decision-making which has legal or similarly significant effects on you.

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before responding.

11. Complaints

If you have concerns about how we handle your personal data, please contact us first at:

Email: [email protected]
Post: FAST EPC LONDON LTD, 134 Longheath Gardens, Croydon, CR0 7TP

You also have the right to lodge a complaint with the UK data protection regulator:

Information Commissioner’s Office (ICO)
ico.org.uk

12. Children

Our services and website are aimed at adults arranging property services. We do not knowingly provide services to, or collect data from, individuals under the age of 18 without appropriate authority from a parent, guardian or legal representative.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services or how we process personal data. The date at the top of this page shows when it was last updated. We encourage you to review this page periodically.