Privacy Policy

Effective from 7 June 2026. Version 1.2.

This privacy notice explains what personal data ExpertHousing (Ecohomesuk Ltd) collects when you use our website at experthousing.co.uk or contact us by phone or email, why we collect it, what we do with it, how long we keep it, and what rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

This website is operated by Ecohomesuk Ltd, trading as ExpertHousing. We are the data controller for the personal data described in this notice. Our role is as a managing agent for UK government-backed home energy improvement schemes: we coordinate surveys, grant applications, and installations carried out by our network of local MCS-approved installer partners.

• Company name: Ecohomesuk Ltd
• Trading as: ExpertHousing
• Companies House registration: 12365019
• VAT registration: 3808462
• Registered address: 1st Floor, 277 Farnham Road, Slough, England, SL2 1HA
• Email: info@experthousing.co.uk
• Telephone: 0800 246 1948 / 07931 658698

2. What personal data we collect

a) When you contact us by email or phone

We collect whatever you choose to send us. That typically means: your name, your email address, your phone number, your property's postcode or address, the contents of your message, and the date and time you contacted us. We do not currently operate a contact form on this website, you reach us directly by phone (0800 246 1948) or email (info@experthousing.co.uk).

b) When you use the eligibility check forms

Two pages of this website include a free, no-obligation eligibility check:

• The BUS quick check in the hero of the home page (asks property type, ownership status, current heating fuel, and whether the property is a new build).
• The full eligibility check further down the home page (asks property type, ownership status, EPC rating, banded household income, and whether you receive qualifying benefits).
• The 60-second wizard on the Heat Pumps page (asks country, current heating fuel, ownership, and new-build status).

When you submit any of these forms, your answers are sent to our server at /api/eligibility over an encrypted (HTTPS) connection. Our server runs the eligibility logic in memory, returns the result to your browser, and then discards the input. We do not store the answers in a database, write them to a file, or send them by email. The forms do not ask for your name, your email address, your telephone number, or your postal address, so we do not connect the result to an identifiable person at the form stage.

As with any web request, the standard web access log records the fact that a request was made (your IP address, the time, the URL, the HTTP response code, and your browser's user-agent), but it does not record the contents of the form. See section 2(d) below.

c) When you become a customer (survey, grant application, install)

If you ask us to proceed to a free survey or a grant application, we will need additional information to do that work: your full name, contact details, property address, ownership evidence, EPC details, benefit and income evidence where the relevant scheme requires it (e.g. ECO4), bank or payment details if any contribution is being collected, and the technical survey output produced by the visiting surveyor. We will tell you what is needed, why, and who will see it, before you provide it.

d) Server access logs

Like every website, our server automatically records technical information about each visit using standard "combined log format": the IP address you connect from, the date and time of the request, the page or file requested, the HTTP response status and size, the referring URL (if any), and your browser's user-agent string. This is held in short-term log files and is used only to keep the site running, troubleshoot errors, monitor performance, and detect abuse.

e) What we do NOT collect

• We do not run any third-party analytics, advertising, or tracking scripts (no Google Analytics, no Meta/Facebook Pixel, no LinkedIn Insight, no Hotjar, no TikTok pixel, no Microsoft Clarity).
• We do not set any first-party tracking cookies.
• We do not buy or enrich personal data from data brokers.
• We do not run automated decision-making or profiling within the meaning of UK GDPR Article 22.

3. Why we use your data and our lawful basis

We process your personal data for the following purposes only:

What we use it for	Lawful basis (UK GDPR Art. 6)
Replying to your enquiry, scheduling a survey, sending you a quote.	Steps taken at your request before entering into a contract (Art. 6(1)(b)) and our legitimate interest in responding to your enquiry (Art. 6(1)(f)).
Running the eligibility check forms (computing whether a scheme might apply to your circumstances and returning that result to you).	Steps taken at your request before entering into a contract (Art. 6(1)(b)). The processing happens only because you submitted the form, and the result is shown only to you.
Following up after an initial enquiry to keep you informed about an application we are coordinating for you.	Performance of a contract (Art. 6(1)(b)) where you have become a customer, or our legitimate interest in fulfilling the service you asked us about (Art. 6(1)(f)).
Submitting your application to a government scheme (BUS, ECO4, Warm Homes: Local Grant).	Performance of a contract with you (Art. 6(1)(b)) and compliance with the scheme's legal/regulatory requirements (Art. 6(1)(c)). For benefit and income evidence under ECO4 we rely on Art. 6(1)(c) to fulfil the scheme's eligibility rules.
Keeping the website online and secure: server access logs, rate limiting, abuse detection, HTTPS, security headers.	Legitimate interest in operating a secure service (Art. 6(1)(f)).
Complying with our legal and regulatory obligations (tax records, scheme audit trails, anti-fraud).	Legal obligation (Art. 6(1)(c)).
Sending you marketing material (newsletters, scheme updates).	Consent (Art. 6(1)(a)). We only do this if you have given us a clear, opt-in indication that you want it. You can withdraw consent at any time.

We do not sell your personal data to anyone. We do not use it for any purpose other than those listed above.

4. Who we share your data with

We share the minimum amount of data necessary, only with parties that need it to deliver the service you asked us about:

• Our hosting provider. The website is hosted on infrastructure provided by Namecheap, Inc., which operates the servers that deliver the site and run the small server-side endpoints (e.g. the eligibility check API). Namecheap processes the network requests that reach our site (including IP addresses and request metadata) on our behalf as a data processor.
• Our email host. Your enquiry email is delivered through our business email provider so we can read and reply.
• Government scheme administrators. If you proceed to a survey or installation under a UK government scheme (Boiler Upgrade Scheme via Ofgem, ECO4 via Ofgem and the relevant obligated supplier, Warm Homes: Local Grant via your local authority), we will share the application details required by that scheme. You will be told exactly what is being shared, with whom, and why, before any application is submitted.
• Our installer partners and surveyors. If we arrange a survey or installation for you, the local MCS-approved installer partner needs your name, contact details, and property address to carry out the visit.
• Our accountants and HMRC. Where required for tax and accounting compliance once you become a paying customer.
• Embedded map (Contact page). The Contact page embeds a Google Map. When you load that page, Google receives a request from your browser (and therefore sees your IP address). See our Cookie Policy for the detail.
• Content delivery networks. The website loads fonts from Google Fonts (fonts.googleapis.com, fonts.gstatic.com) and icons from cdnjs (cdnjs.cloudflare.com). These are content delivery requests; they do not set cookies on this domain, but as with any HTTP request the CDN sees your IP address and the URL of the page that loaded the asset.

We do not share your data with advertisers, data brokers, or analytics services. We do not run any third-party tracking scripts on this website.

5. How long we keep it

• Enquiries that do not become customers: kept for up to 2 years from the date of last contact, then deleted from our inbox and any internal records. This lets us recognise you if you come back to us later.
• Records relating to a completed installation or grant claim: kept for 6 years after the work is finished, in line with HMRC's record-keeping requirements and the audit obligations of the relevant government scheme.
• Eligibility check form submissions: not stored. The data lives only in the memory of your browser and our server for the few milliseconds needed to compute the result, then it is discarded.
• Server access logs: kept for up to 30 days, then automatically purged or rotated.
• Marketing consent (if any): kept until you withdraw consent, plus the time needed to evidence the original consent.

If you ask us to delete your data sooner, we will (see "Your rights" below), unless we have a legal obligation to keep it.

6. International transfers

Some of the providers we rely on (Namecheap for hosting, Google for fonts and the map embed, Cloudflare/cdnjs for icons) operate global networks. That means a request from your browser may be served by, or routed via, a server outside the UK, including in the European Economic Area and the United States.

Where personal data is transferred outside the UK to a country that the UK government has not formally recognised as offering an adequate level of data protection, the transfer takes place under an approved safeguard, typically the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs), together with the relevant provider's published supplementary measures. You can ask us for a copy of these safeguards.

7. Your rights

Under UK GDPR you have the following rights, free of charge, in relation to your personal data:

• Right of access: ask us for a copy of the personal data we hold about you (Art. 15).
• Right to rectification: ask us to correct anything that is inaccurate or incomplete (Art. 16).
• Right to erasure: ask us to delete your data ("right to be forgotten") where we no longer have a legal reason to keep it (Art. 17).
• Right to restriction: ask us to stop using your data temporarily while a query is investigated (Art. 18).
• Right to data portability: receive a copy of any data you provided to us in a portable, machine-readable format, where we processed it on the basis of consent or a contract (Art. 20).
• Right to object: object to our use of your data on legitimate-interest grounds, including for any marketing purpose (Art. 21).
• Right not to be subject to automated decision-making: we do not make decisions about you using solely automated processing, but if we ever did, you would have this right (Art. 22).
• Right to withdraw consent: where we relied on your consent, you can withdraw it at any time without affecting the lawfulness of earlier processing.

To exercise any of these rights, email info@experthousing.co.uk with the subject line "Data rights request" and tell us which right you are exercising. We will respond within one calendar month of receiving a valid request. We may need to verify your identity before acting on your request, especially for access or erasure requests.

8. Cookies and browser storage

This website does not set any tracking cookies. We do not use Google Analytics, Facebook Pixel, or any other tracking or advertising service. The site uses a single, named piece of browser localStorage (key: eh_theme) only when you click the light/dark theme toggle, to remember your chosen colour scheme on your next visit. This value is held only in your browser, is never sent back to us, and is considered strictly necessary because it stores a preference you have explicitly set. See our full Cookie Policy for detail.

9. Children's data

This website is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has sent us their data, please contact us and we will delete it.

10. Security

We protect your data with appropriate technical and organisational measures, including:

• HTTPS (TLS) encryption for all traffic to and from this website, with HSTS enforced.
• Security headers (Content Security Policy, X-Frame-Options, Referrer-Policy, X-Content-Type-Options) applied via Helmet middleware.
• Rate limiting on form submissions and global request rates to deter abuse.
• Strict input validation on all form submissions using express-validator.
• Access controls: only authorised employees of ExpertHousing have access to our inbox and internal records, all bound by confidentiality.
• Email-in-transit encryption: our email host enforces TLS for inbound and outbound mail where the receiving server supports it.

No system is 100% secure. If we ever experience a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and tell affected individuals where the law requires.

11. Complaints

If you are unhappy with how we have handled your personal data, please contact us first, and we will do our best to put it right. You also have the right to lodge a complaint at any time with the UK Information Commissioner's Office (ICO):

• ICO: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
• Helpline: 0303 123 1113
• Website: ico.org.uk

12. Changes to this policy

If we make material changes to this policy we will update the "Effective from" date and version at the top of the page and, where appropriate, notify you by email or a prominent notice on the website. The current version is always at experthousing.co.uk/privacy.

13. Contact us about your data

For any question about this policy, your data, or your rights, contact us at:

• Email: info@experthousing.co.uk
• Telephone: 0800 246 1948 / 07931 658698 (Mon–Fri 9:00am–5:00pm)
• Post: Data Protection, Ecohomesuk Ltd, 1st Floor, 277 Farnham Road, Slough SL2 1HA

Back to home Read the Cookie Policy