1) Who We Are & Scope

EnergyPlus (referred to as “EnergyPlus”, “we”, “us”, or “our”) operates the website energyplus.co.uk and provides energy-related information and services to customers and website visitors across the United Kingdom.

For the purposes of UK data protection laws, EnergyPlus is the controller of personal data processed via this website and related customer interactions, unless stated otherwise.

This policy applies to personal data collected online via our website and through our contact channels (for example, when you request a quote, sign up to newsletters, create an account, or contact support).

2) How to Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Online: Contact page
• Address: EnergyPlus, United Kingdom (full postal details available upon request)

If applicable, we may appoint a Data Protection Lead responsible for privacy matters. You can reach our team using the details above.

3) What Data We Collect

We collect and process the following categories of personal data, depending on your interactions with us:

Identity & contact data

• Name, title, job title
• Postal address, email address, telephone number
• Company details (for business enquiries)

Account & interaction data

• Account credentials (if applicable; passwords stored using industry-standard hashing)
• Support messages, call notes, and communication preferences
• Form submissions (quotes, enquiries, surveys, feedback)

Technical & usage data

• Device information, browser type, IP address, approximate location
• Pages viewed, links clicked, session duration, referring/exit pages
• Cookie IDs and similar identifiers

Marketing & communications data

• Newsletter subscriptions and consent records
• Campaign interactions (opens, clicks) where permitted

Special category data

We do not intentionally collect special category data (e.g., health, ethnicity) through this website. If such information is provided by you incidentally, we will only process it where a lawful basis applies and, where required, with your explicit consent.

Children

Our services are not directed to children and we do not knowingly collect data relating to children.

4) How We Collect Data

• Direct interactions: when you complete forms, request a quote, subscribe, or contact us.
• Automated technologies: through cookies, pixels, and analytics when you browse our site.
• Third parties: analytics providers, advertising networks, social media platforms, and business partners who may provide us with information consistent with this policy and applicable law.

5) Why We Use Your Data (Legal Bases)

We process personal data only when we have a lawful basis. Common purposes and legal bases include:

• To provide and improve our services, respond to enquiries, and manage customer relationships – performance of a contract or steps prior to entering into a contract; legitimate interests.
• To operate our website, diagnose issues, and keep it secure – legitimate interests and legal obligation (security and fraud prevention).
• To personalise content and measure site performance – legitimate interests and/or consent (for non-essential cookies).
• To send marketing communications – consent where required; legitimate interests for similar products/services to existing customers, with an easy opt-out.
• To comply with legal and regulatory obligations – legal obligation.

Where we rely on consent, you can withdraw it at any time using the links in our emails or by contacting us. Where we rely on legitimate interests, we balance our interests against your rights and expectations.

6) Cookies & Similar Technologies

We use cookies and similar technologies to make our site work, remember your settings, understand how you use our services, and, where permitted, tailor content and ads. Non-essential cookies are used only with your consent in accordance with the Privacy and Electronic Communications Regulations (PECR).

Cookie categories

• Strictly necessary: required for core site functionality (cannot be switched off).
• Performance/analytics: help us improve the site by collecting anonymous usage data.
• Functionality: remember preferences to enhance your experience.
• Targeting/advertising: deliver relevant content or measure marketing effectiveness.

You can also control cookies in your browser settings. Blocking certain cookies may impact your experience on our site.

7) Marketing Preferences

We may send you information about products, services, and insights that we believe are relevant. You can manage your preferences or opt out at any time by:

• Using the unsubscribe link in our emails
• Updating your preferences via our Contact page

We will not sell your personal data. We may use list suppression to respect your opt-out choices.

8) Sharing Your Data

We share personal data only as necessary and in accordance with the law:

• Service providers (processors): hosting, security, analytics, email delivery, CRM, and customer support tools under contracts that require appropriate data protection and security.
• Professional advisers: legal, compliance, or auditors where necessary.
• Authorities: where required by law, court order, or to protect rights, safety, and security.
• Business transfers: in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.

9) International Transfers

If personal data is transferred outside the UK, we implement safeguards such as UK-approved Standard Contractual Clauses, an adequacy decision, or other lawful mechanisms. We take steps to ensure your data receives an equivalent level of protection.

10) Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy and to comply with legal, tax, or accounting requirements. Typical retention periods include:

• Enquiry records: up to 24 months after last interaction
• Customer account and contract data: for the contract term and up to 6 years thereafter
• Marketing preferences and consent records: for as long as you remain subscribed (plus a limited period for suppression evidence)
• Technical logs and security records: typically 12–24 months

We may anonymise data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

11) How We Protect Your Data

We use administrative, technical, and organisational safeguards designed to protect personal data, including encryption in transit (HTTPS), access controls, secure configuration, regular monitoring, and staff awareness. While no method is 100% secure, we continually improve our security practices.

12) Your Privacy Rights

Under UK GDPR, you have rights which may include:

• Access: request a copy of your personal data
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion in certain circumstances
• Restriction: limit how we use your data
• Portability: obtain your data in a structured, commonly used format
• Object: to processing based on legitimate interests or to direct marketing
• Withdraw consent: where processing is based on consent

To exercise these rights, contact us via our Contact page. We may need to verify your identity. We aim to respond within one month, subject to lawful extensions for complex requests.

13) Children’s Privacy

Our services are intended for adults and business users. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

14) Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our services. We will post the updated version here with a new “Last updated” date and, where appropriate, notify you through our website or email.

Last updated: 11 October 2025

15) Concerns & Complaints

If you have concerns, please contact us first so we can try to resolve them. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk or call 0303 123 1113.

Privacy FAQs