

GDPR Statement
Last Updated 16/6/26
At Isca Energy Limited, we are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Isca Energy Limited provides Energy Performance Certificate (EPC) assessments and related property energy services.
Data Controller:
Isca Energy Limited
Address: 5 Den Road, Teignmouth, Devon. TQ14 8AR
Email: richard@iscaenergy.co.uk
Phone: 07709 587814
2. What Personal Data We Collect
We may collect and process the following information:
• Name
• Postal address
• Email address
• Telephone number
• Property details relevant to the EPC assessment
• Billing and payment information
• Communications between you and us
• Any information required to carry out our legal obligations in the production of EPC’s
3. How We Use Your Data
We use your personal data to:
• Arrange and carry out EPC surveys
• Produce and lodge Energy Performance Certificates
• Contact you regarding appointments or enquiries
• Issue invoices and process payments
• Maintain business records and comply with legal obligations
• Respond to customer service requests
• Improve our services and manage our business operations
4. Lawful Basis for Processing
We process your personal data under one or more of the following lawful bases:
• Performance of a contract – to provide the EPC service you have requested.
• Legal obligation – to comply with statutory requirements relating to EPC production and record keeping.
• Legitimate interests – for business administration, customer support, and fraud prevention.
• Consent – where you have explicitly agreed to receive marketing communications (which you may withdraw at any time).
5. Sharing Your Information
We may share your data with:
• Government-approved EPC accreditation and lodgement schemes
• Payment processors
• Professional advisers or accountants
• Regulatory authorities where required by law
We do not sell your personal data to third parties.
6. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, accounting, and regulatory requirements. EPC-related records may be retained for the periods required by applicable legislation or accreditation rules.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, or disclosure. These measures include secure storage, password protection, and restricted access to only authorised personnel.
8. Your Rights
Under UK GDPR, you have the right to:
• Access your personal data
• Request correction of inaccurate information
• Request erasure of your data where applicable
• Request restriction of processing
• Object to certain types of processing
• Request data portability where applicable
• Withdraw consent where processing is based on consent
To exercise these rights, please contact us using the details above.
9. Complaints
If you have concerns about how we handle your personal data, please contact us first so we can address the issue.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
10. Cookies and Website Data
If you visit our website, we may use cookies or similar technologies to improve functionality and analyse website usage. Where required, you will be asked for your consent before non-essential cookies are used.
11. Changes to This Privacy Statement
We may update this Privacy Statement from time to time. Any changes will be published on our website or made available upon request, with the updated effective date shown at the top of this document.