Privacy Policy
Last updated: June 2026 (v5)
1. Who we are
Home Energy Tailor T/A Michael Farley is the data controller for personal data collected through this website. We are registered with the UK Information Commissioner's Office (ICO):
- Organisation name: Home Energy Tailor
- ICO registration number: ZA637076
For any data-protection request, contact us at privacy@homeenergytailor.co.uk.
2. What we collect
- Quote & booking details: your name, email, phone, the property address being assessed, and the property characteristics you provide.
- Payment data: processed securely by Stripe - we never see or store your card details.
- Assessment data: the survey data and resulting EPC, energy report or Made-to-Measure Energy Plan.
- Correspondence: messages you send us and a log of the emails we send you.
- Marketing subscription: if you subscribe to our updates, your email (and name, if given), the date and source of your consent, and your subscription status.
- Technical data: IP address and essential session cookies.
- Analytics data: if you accept analytics cookies, anonymised usage data (pages visited, time on page, approximate location) via Google Analytics. We do not use advertising cookies.
3. Why we use it & legal basis
- To provide your quote, booking and assessment - performance of a contract.
- To lodge an EPC and meet accreditation-scheme rules - legal obligation.
- To contact you about your booking and send confirmations, receipts, reminders and your report - contract.
- To respond to enquiries and improve our service - legitimate interests.
- Optional review requests - legitimate interests; you can opt out at any time.
- To send marketing newsletters and campaign emails - your consent, which you give by subscribing (double opt-in) and can withdraw at any time.
- To measure website usage with analytics cookies - your consent, given via the cookie banner.
4. Who we share it with
We share data only as needed to deliver the service: our accreditation scheme (Elmhurst Energy Systems Ltd) and the national EPC Register (operated by Landmark) for EPC lodgement; Stripe for payments; our email and hosting providers (IONOS, Vercel and MongoDB Atlas); Brevo (Sendinblue) for sending marketing newsletters and campaign emails; and Google Analytics for website usage measurement (only if you accept analytics cookies). These act as our data processors. We never sell your data.
5. Retention
We keep booking and assessment records for as long as needed to provide the service and to meet our legal and accreditation obligations, after which they are deleted or anonymised. Marketing subscription data is kept until you unsubscribe, after which we retain a minimal record of your unsubscribe to honour your choice. You can request earlier deletion where we are not legally required to retain the data.
6. Your rights
Under UK GDPR and the Data Protection Act 2018 you can request access to, correction or deletion of your data, restrict or object to processing, and request portability. Contact us using the details above.
7. Marketing communications
We only send marketing emails to people who have subscribed and confirmed their subscription (double opt-in). Every marketing email includes a one-click unsubscribe link, and you can unsubscribe at any time with no effect on any bookings or services you have with us. Unsubscribing is actioned immediately. Marketing emails are separate from essential service messages (such as booking confirmations and your report), which we send as part of our contract with you.
8. Cookies & analytics
We use essential cookies to make the site work. With your consent (via the cookie banner) we also use Google Analytics to understand how the site is used, with IP anonymisation enabled and no advertising cookies. You can change your choice at any time by clearing the site's cookies. See our Cookie Policy for details.
9. Complaints
If you are unhappy with how we handle your data you can complain to the Information Commissioner's Office (ICO): ico.org.uk. Our ICO registration number is ZA637076.
10. Security
We use encryption in transit (TLS), reputable processors, and follow security best practices to protect your data.
