UK Green Homes Limited

 PAS 2035 Aligned

Privacy & Data Protection

Website Privacy Notice (public) and Internal Data Protection Procedure (for staff & partners).

Controller: UK Green Homes Limited · 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB · 0208 938 3087 · info@ukgreenhomes.com
Primary contact for all notices: Peter Gordon, Managing Director (MD). All statutory notifications must be routed to Peter Gordon.
Last updated: 20 October 2025

1) Who we are

UK Green Homes Limited ("UKGH", "we", "us") provides domestic retrofit services aligned to PAS 2035. For this website, UKGH is the Data Controller.

2) What data we collect via this website

  • Contact forms: name, email, phone, address, enquiry details.
  • Quotes & bookings: property details relevant to surveys (where you choose to provide them).
  • Analytics & cookies: IP address, device info, pages viewed, interactions (see Cookies).
  • Call/Email: if you contact us by phone or email, we process the content you provide. Calls may be recorded for training/compliance (you will be told if recording is active).

3) Why we use your data (lawful bases)

  • Provide services & respondContract / legitimate interests.
  • Improve the site & securityLegitimate interests.
  • Marketing by email/SMSConsent (or soft opt‑in for existing customers, per PECR). You can opt out anytime.

4) Sharing

We share website data with trusted IT/analytics providers acting as Processors under contract, and, where an enquiry leads to a project, with PAS 2035 professionals (Coordinator/Assessor/Designer/Installer/Evaluator) on a need‑to‑know basis. We never sell your data.

5) International transfers

Where providers are outside the UK, we rely on adequacy decisions or approved safeguards (e.g., UK IDTA / UK Addendum to SCCs).

6) Retention

  • Website enquiries: typically 24 months from last contact (unless a project starts—then project retention applies).
  • Analytics cookies: per cookie lifetime or platform default (see banner/manager).

7) Your rights

You can request access, correction, deletion, restriction, portability, and object to marketing. Where we rely on consent, you may withdraw it at any time.

To exercise rights, contact Peter Gordon (MD) at info@ukgreenhomes.com or 0208 938 3087.

8) Cookies

We use strictly necessary, performance/analytics, functionality, and (if enabled) marketing cookies. Non‑essential cookies run only with your consent. Manage preferences via the cookie banner.

9) Complaints

Please contact Peter Gordon first. You can also complain to the ICO (ico.org.uk; 0303 123 1113).

10) Contact

UK Green Homes Limited · 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB · 0208 938 3087 · info@ukgreenhomes.com

All statutory privacy notices and security incident notifications must be addressed to Peter Gordon, Managing Director.

A) Purpose & scope

This procedure applies to all UKGH staff, contractors and PAS 2035 roles handling personal data. It complements the full GDPR & Privacy Policy and supports compliance with PAS 2035 documentation, TrustMark, ECO/GBIS and related scheme rules.

B) Roles & responsibilities

  • Managing Director (Peter Gordon): Accountable for data protection, breach notifications, and regulator liaison. Approves DPIAs and LIAs.
  • Retrofit Coordinator: Ensures information flows are minimal and appropriate across assessment, design, installation and evaluation. Validates sharing on a need‑to‑know basis.
  • Project Leads: Ensure processors/subcontractors sign Data Processing Agreements and follow this procedure.
  • All Staff: Complete annual training; report incidents immediately; follow secure handling rules.

C) Data handling rules

  • Minimisation: Collect only data needed for the specific PAS 2035 task. Avoid special category data unless strictly necessary and authorised.
  • Access control: Store records in approved systems. Use role‑based permissions. Do not share credentials.
  • Secure transfer: Use encrypted channels (TLS) and approved portals for documents/photos. Never send raw special category data in open email—use secure links or password‑protected files.
  • Redaction: Remove unnecessary personal identifiers before sharing with third parties or for training.
  • Photography on site: Obtain permission where occupants are present; avoid capturing people or unrelated personal items wherever possible.
  • Mobile/field devices: Enable device lock, OS updates, and remote‑wipe; store data within approved apps. Upload to project folders promptly and delete local copies.

D) Retention & deletion

  • Project files (assessments, designs, install/commissioning, warranties): retain 10–15 years from completion, aligned to warranty/claims periods.
  • Complaints/disputes: retain 6 years from closure (longer if litigation is likely).
  • Financial records: retain 6–7 years per HMRC.
  • Delete or anonymise when the period ends; log deletion events.

E) Vendor/processor management

  • Use approved suppliers only. Ensure signed Data Processing Agreement with confidentiality, security, breach notice (to Peter Gordon), sub‑processor controls, and return/delete on exit.
  • Check international transfers have valid safeguards (UK IDTA/UK Addendum or adequacy).
  • Review critical suppliers annually.

F) Data subject requests (DSRs)

  1. Log the request in the DSR register (date, requester, scope).
  2. Verify identity if needed; clarify scope.
  3. Locate data across systems and project folders; involve the Retrofit Coordinator for PAS 2035 records.
  4. Respond within 1 month (extend up to 2 further months if complex; inform requester).
  5. Redact third‑party data and legally privileged content.
  6. All correspondence must be copied to Peter Gordon.

G) Incident & breach response

  1. Identify & contain: If data is lost, accessed unauthorisedly, or sent to the wrong recipient, contain immediately and preserve evidence.
  2. Notify internally: Report at once to Peter Gordon (MD) via info@ukgreenhomes.com and phone 0208 938 3087.
  3. Assess risk: Determine likelihood and severity of risk to individuals. If risk is likely, prepare ICO notification within 72 hours and consider notifying affected individuals without undue delay (MD decides).
  4. Remediate & document: Fix root cause; record actions in the incident register; review lessons learned.

H) DPIAs, LIAs & special category data

  • Complete a DPIA for high‑risk processing (e.g., continuous monitoring, special category data for vulnerability/health relevance).
  • Perform LIA where relying on legitimate interests.
  • Use explicit consent or an appropriate Article 9 condition for special category data. Store consent records.

I) Training & audits

  • All staff complete onboarding privacy training and annual refreshers.
  • Project spot‑checks verify minimisation, correct sharing, and retention adherence.
  • Certification/audit bodies (TrustMark/MCS/Gas Safe/UKAS‑accredited) may review records—cooperate while maintaining confidentiality.

J) Contact & governance

Questions about this procedure, DPIAs/LIAs, DSRs, or incidents must be directed to Peter Gordon, Managing Director at 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB · 0208 938 3087 · info@ukgreenhomes.com.

UK Green Homes Limited – GDPR & Privacy Policy (PAS 2035 Aligned)

Effective date: 20 October 2025 · Version: 1.0

1) Who we are

UK Green Homes Limited ("UKGH", "we", "us", "our") is a UK retrofit services provider operating in accordance with PAS 2035 and related regulation.

Registered address: 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB · Phone: 0208 938 3087 · Email: info@ukgreenhomes.com

Primary contact for all privacy matters & notifications: Peter Gordon, Managing Director (MD) — please address all statutory notices, data subject requests, and privacy communications to Peter Gordon at the above contact details.

Role under UK GDPR/DP Act 2018: For most processing described below, UK Green Homes Limited is the Data Controller. In some instances (e.g., when delivering services for a landlord, local authority, principal contractor, or energy supplier), we may act as Data Processor; in such cases we process personal data strictly under documented instructions of the relevant controller and our contract.

2) Scope and legal framework

This policy explains how we collect, use, disclose, secure, and retain personal data of homeowners, tenants, landlords, trade partners, subcontractors, suppliers, auditors and certifying bodies, website visitors and marketing contacts. We comply with UK GDPR, Data Protection Act 2018, PECR, PAS 2035, and relevant schemes (TrustMark, ECO4, GBIS, MCS, Gas Safe, UKAS).

3) What personal data we collect

  • Core identity & contact: name, title, role, address/UPRN, email, phone, preferred contact method, ID where needed.
  • Property, survey & technical (PAS 2035): property type/age/construction, RdSAP/SAP inputs/outputs, ventilation & moisture risk, airtightness, thermal imaging, photos, IoT/IAQ data (if applicable), installation records, serials, warranties, POE data.
  • Eligibility & vulnerability: indicators of vulnerability/access needs/health factors impacting design; evidence for scheme eligibility (e.g., income/benefits) where required.
  • Commercial & contractual: contracts, correspondence, payments (bank details), insurance/warranty information.
  • Digital & analytics: IP/device data, pages viewed, cookies; call recordings where notified.

Special category data is collected only where strictly necessary with a valid Article 9 condition (e.g., explicit consent, substantial public interest, health).

4) Sources of data

You or your representatives; landlords/agents; PAS 2035 professionals; funding bodies (ECO/GBIS/LA); certification bodies; public registers (EPC); third‑party datasets (UPRN/mapping); smart meter/device data with permission.

5) Purposes of processing (PAS 2035)

  • Assess properties and occupants’ needs; create Whole‑House Retrofit Plans.
  • Design, install, commission and evaluate measures.
  • Quality assurance, audits, warranties, compliance records.
  • Funding eligibility verification and administration (ECO4/GBIS/LA schemes).
  • Contract, payments, supplier performance management.
  • Customer service, complaints, legal claims/defence.
  • Regulatory reporting (e.g., TrustMark lodgements).
  • Service improvement, website performance and security, aggregated analytics.
  • Service communications and (where permitted) marketing updates.

6) Lawful bases

Contract; Legal obligation; Legitimate interests (with LIA); Consent; Public task (occasionally via schemes). Special category data under Article 9 (explicit consent, substantial public interest, or health) where relevant.

7) Children’s data

Services are directed to adults; incidental household information about children is minimised and safeguarded.

8) Data sharing & recipients

PAS 2035 roles; TrustMark and scheme bodies; certification/audit/warranty bodies (MCS, Gas Safe, UKAS‑accredited); subcontractors/suppliers; professional advisers; IT service providers as processors; regulators/law enforcement when required. All recipients are bound to confidentiality, purpose limitation, and security obligations.

9) International transfers

Use of UK IDTA/UK Addendum to SCCs, adequacy decisions, or other lawful mechanisms. Copies of safeguards available on request to Peter Gordon.

10) Data minimisation, accuracy & storage limitation

We collect only what is necessary; we strive for accuracy and maintain retention schedules appropriate to PAS 2035 and legal requirements.

11) Retention schedule (guide)

  • Project files (PAS 2035, TrustMark, designs, surveys, photos, commissioning, warranties): 10–15 years from completion.
  • Financial records: 6–7 years from year‑end (HMRC).
  • Customer service & complaints: 6 years from closure (longer if litigation is likely).
  • Call recordings (if used): up to 12 months unless required longer.
  • Marketing preferences: until withdrawal/objection.
  • Website analytics: per cookie lifetimes/platform defaults.

12) Security measures

  • Access controls and role‑based permissions; least‑privilege.
  • Encryption in transit and at rest where supported; MFA; password policy.
  • Vendor risk assessments; DPAs with processors; audit rights.
  • Secure templates; redaction of unnecessary identifiers.
  • Staff training; confidentiality; incident response; backups and BCP.

13) Your rights

Access; rectification; erasure; restriction; portability; object (including to direct marketing); withdraw consent at any time. We aim to respond within one month (extendable by two months for complex cases). Contact Peter Gordon to exercise rights.

14) Complaints

Contact Peter Gordon first. You may also complain to the Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF · Tel 0303 123 1113 · ico.org.uk.

15) Cookies, analytics & similar technologies

Strictly necessary, performance/analytics, functionality, and (if enabled) marketing cookies. Non‑essential cookies run only with consent. Manage preferences via the cookie banner.

16) Marketing communications

Service communications are necessary for projects. Marketing by email/SMS is based on consent or soft opt‑in where allowed; unsubscribe anytime.

17) Automated decision‑making & profiling

No solely automated decisions with legal/similar effects. Limited, human‑in‑the‑loop profiling may support eligibility pre‑checks or prioritisation; you may object.

18) When we act as Processor

We follow controller instructions; maintain security; assist with DSRs and breaches; use authorised sub‑processors with equivalent protections; return/delete data at contract end.

19) DPIAs & LIAs

We conduct DPIAs where processing is high‑risk and LIAs for legitimate‑interest processing. Summaries available on request from Peter Gordon.

20) Data breaches

Incident response plan in place. If risk to individuals is likely, we notify the ICO in accordance with law and inform affected individuals without undue delay. All formal notifications are routed to Peter Gordon.

21) Third‑party links

We are not responsible for third‑party privacy practices; review their policies.

22) Changes to this policy

We may update to reflect legal/standards changes. Material changes will be communicated appropriately. All updates and notifications go to Peter Gordon (MD).

23) Contact us

Peter Gordon, Managing Director · UK Green Homes Limited · 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB · 0208 938 3087 · info@ukgreenhomes.com