Policies

Privacy Notice

Last updated: 13 April 2026

ECO Providers Ltd (“ECO Providers”, “we”, “our”, or “us”) is committed to protecting and respecting your personal data.

This Privacy Notice explains how we collect, use, store, share and protect personal data when you:

  • visit our website;
  • contact us by phone, email, webform or social media;
  • ask us about our services;
  • request a survey, quotation, installation, service, repair or aftercare;
  • engage with us in relation to grant-funded or government-backed schemes;
  • work with us as a customer, lead, referrer, supplier, contractor, partner or representative of an organisation.

It also explains your rights and how to contact us if you have any questions or concerns.

 

1. Who we are

Data Controller: ECO Providers Ltd

Company number: 10799927

VAT number: 271253715

Website: ecoproviders.co.uk

For data protection queries, contact:

Email: [email protected]

Post: ECO Providers Ltd, Dutton Manor Mill, Clitheroe Road, Dutton, Preston, PR3 2YT

 

2. The personal data we collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

Information you provide directly

  • full name
  • home address and property address
  • email address
  • telephone number
  • company name and job title
  • details of your enquiry
  • information relating to your property, energy usage, eligibility, and service requirements
  • documents and evidence you provide to support an enquiry, quote, funding eligibility check, installation, complaint or aftercare request
  • records of your communications with us

 

Information we collect during service delivery

  • survey information
  • installation and project records
  • photographs, videos, notes and technical assessments relating to your property or project
  • appointment history
  • quotation, contract and invoice records
  • customer service and complaint records
  • service, maintenance and warranty-related information

 

Telephone and communication data

  • call recordings
  • call notes
  • time, date and duration of calls
  • records of inbound and outbound communications by phone, email, SMS, WhatsApp or other business communication channels we use

 

Website and technical data

  • IP address
  • browser type and version
  • device information
  • operating system
  • referral source
  • pages viewed and actions taken on our website
  • cookies and similar technologies data
  • analytics data relating to website usage and performance

 

Special category or sensitive data

In some cases, particularly where eligibility for funded schemes or support is being assessed, we may receive limited information that could be considered more sensitive. We will only process such information where we have a valid legal basis and, where required, an additional condition for processing under data protection law. The ICO makes clear that special category data requires additional handling and a separate condition beyond ordinary lawful basis.

 

3. How we collect personal data

We collect personal data:

  • directly from you;
  • from forms completed on our website;
  • when you contact us by phone, email or social media;
  • when you request a quote, survey, installation, service or support;
  • from trusted third parties working with you or on your behalf, where appropriate;
  • from publicly available sources where relevant to our services or business operations;
  • through cookies, analytics tools and similar technologies when you use our website.

 

4. How we use your personal data

We use personal data for the following purposes:

  • to respond to enquiries and provide information about our services;
  • to assess eligibility for schemes, grants or funded programmes;
  • to arrange surveys, quotations, installations, servicing, repairs and aftercare;
  • to manage projects, appointments, logistics and service delivery;
  • to communicate with you about your enquiry, account, booking or project;
  • to provide customer support and handle complaints;
  • to verify information provided to us;
  • to maintain business records, contracts, finance and administration;
  • to improve our services, processes, website and customer experience;
  • to monitor service quality and staff training;
  • to protect our business, staff, customers and systems from fraud, misuse or legal risk;
  • to comply with legal and regulatory obligations;
  • to send marketing communications where lawful.

 

5. Our lawful bases for processing

Under UK GDPR, every processing activity must have a lawful basis. The ICO requires organisations to identify the appropriate basis before processing personal data.

We generally rely on one or more of the following lawful bases:

 

Contract

Where processing is necessary to take steps at your request before entering into a contract, or to perform a contract with you. For example:

  • providing a quotation;
  • arranging surveys or installations;
  • delivering services you have requested;
  • managing warranties, service visits or aftercare. 

 

Legitimate interests

Where processing is necessary for our legitimate business interests and those interests are not overridden by your rights and freedoms. For example:

  • handling general enquiries;
  • maintaining records of customer interactions;
  • improving services and internal processes;
  • recording calls for quality assurance, training, complaint handling, security, fraud prevention, and the establishment, exercise or defence of legal claims;
  • administering business relationships;
  • protecting our business, systems and staff. Legitimate interests is a recognised lawful basis under UK GDPR, but it must be chosen deliberately and justified. 

 

Legal obligation

Where processing is necessary for us to comply with legal or regulatory obligations.

 

Consent

Where consent is required by law, or where we choose to rely on consent for a specific activity, such as certain marketing activities or certain cookies. Where consent is the lawful basis, you can withdraw it at any time, although that will not affect processing carried out before withdrawal. The ICO states that your privacy notice should explain this where consent is relied upon.

 

6. Telephone call recording

Telephone calls to and from ECO Providers may be recorded.

We record calls for legitimate business purposes, including:

  • quality assurance;
  • staff training;
  • customer service monitoring;
  • complaint handling and resolution;
  • service improvement;
  • security;
  • fraud prevention;
  • and, where necessary, the establishment, exercise or defence of legal claims.

Call recordings, call notes, and related metadata are only accessible to authorised personnel and approved service providers acting on our behalf where necessary. They are handled securely and retained only for as long as necessary in line with our retention practices.

Where a call is recorded, we aim to inform callers at the start of the call, or as early as reasonably possible. The ICO requires transparency about purposes, sharing and retention as part of the right to be informed.

 

7. Marketing communications

We may send you marketing communications about our services where we are permitted to do so by law.

You can ask us to stop sending marketing communications at any time by:

  • using the unsubscribe link in an email;
  • replying STOP where applicable;
  • contacting us using the details in this Privacy Notice.

 

8. Cookies and analytics

Our website may use cookies and similar technologies to:

  • keep the website functioning properly;
  • understand how visitors use the site;
  • improve website performance and usability;
  • measure the effectiveness of our content and campaigns.

We may use analytics tools such as Google Analytics 4 or equivalent services to help us understand website usage and improve the site. Website and cookie disclosures should be clear and easy to access.

Where consent is required for non-essential cookies or tracking technologies, we will request it through our cookie tools or banner. You can also manage cookie preferences through your browser settings and any consent tools made available on our website.

 

9. Who we may share personal data with

We may share personal data, where necessary and lawful, with:

  • employees, agents and contractors of ECO Providers;
  • group companies or affiliated business units, where relevant to service delivery;
  • surveyors, installers, subcontractors, engineers and service providers acting on our behalf;
  • CRM, telephony, hosting, analytics, form, email, customer support and software providers;
  • finance, legal, compliance and professional advisers;
  • funding bodies, scheme administrators, accreditation bodies, regulators or government-related entities where relevant to scheme participation or compliance;
  • insurers, auditors and dispute resolution bodies;
  • law enforcement or regulatory authorities where required by law or where necessary to protect legal rights.

We require third parties processing personal data on our behalf to act only on our instructions and to apply appropriate security measures.

 

10. International transfers

We primarily aim to process and store personal data within the UK or in countries recognised as providing an adequate level of protection.

Where personal data is transferred outside the UK and an adequacy decision does not apply, we will ensure appropriate safeguards are in place, such as approved contractual protections, and that the transfer is carried out in accordance with applicable data protection law.

 

11. How long we keep personal data

We will not keep personal data for longer than necessary for the purposes for which it was collected, including to satisfy legal, regulatory, tax, insurance, accounting, complaint handling, warranty and dispute-resolution requirements.

Retention periods may vary depending on the type of information and the reason we hold it. When determining how long to retain personal data, we consider:

  • the nature, sensitivity and volume of the data;
  • the purpose for which we collected it;
  • operational and legal requirements;
  • complaint, warranty and dispute timelines;
  • and whether we need the information to establish, exercise or defend legal claims.

 

12. Data security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures may include:

  • restricted access controls;
  • system permissions;
  • secure storage;
  • staff training;
  • device and account security controls;
  • monitoring and review of our systems and providers.

No method of transmission or storage is completely secure, but we work to maintain appropriate safeguards proportionate to the risks involved.

 

13. Your rights

Under UK data protection law, you may have the right to:

  • be informed about how your personal data is used;
  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request erasure of your personal data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to processing in certain circumstances, including where we rely on legitimate interests;
  • request transfer of certain personal data to you or another provider, where applicable;
  • withdraw consent at any time, where consent is the lawful basis.

To exercise your rights, contact us using the details in section 1.

 

14. Complaints

If you have any concerns about how we handle personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters. The ICO explains that privacy notices should tell people how they can complain if they have concerns.

 

15. Third-party links

Our website may contain links to third-party websites, plug-ins or services. If you follow a link to any third-party site, please note that those sites have their own privacy notices and practices. We do not accept responsibility or liability for those third-party policies or activities.

 

16. Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our services, systems, legal obligations or data practices. Any changes will be posted on this page and, where appropriate, notified to you by other means.