Octopus Cosy Accredited Installer Contact us
Octopus Cosy Accredited Installer Contact us

Privacy Policy

The Improveasy Group (Improveasy) is group of companies registered in England and Wales comprising of the following entities:

Improveasy (Installs) Limited (Company No. 10833883), ICO Registration ZB391882.
Improveasy (GCS) Limited (Company No. 13976640) ICO Registration ZB572192.
Improveasy (ECO) Limited (Company No. 13976663), ICO Registration ZB405329.
Improveasy (Services) Limited (Company No. 13976673), ICO Registration ZB422900.
Improveasy Ltd (Company No. 07807352) is authorised and regulated by the Financial Conduct Authority (FRN 708623) ICO Registration Z3542991.
Registered Office: Station House, Stamford New Road, Altrincham, Cheshire, WA14 1EP.  Tel: 0800 024 8505. Website: www.improveasy.com.

We provide a range of services aimed at providing home improvement and energy efficiency measures to households in the UK via able to pay routes including finance, and through government grant initiatives such as ECO funding where we act as an installer and a managing agent for the installation of energy efficiency measures to the highest standards across the United Kingdom through a network of contracted installers.

1. Privacy Notice

The Improveasy Group is committed to protecting the privacy of your personal information. Each company within our group is registered with the Information Commissioners Office (ICO), in order to make transparent our data handling practices, and complies with the UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018.

Good information handling makes good business sense. By doing this we believe we will enhance our business’s reputation, increase customer and employee confidence, and by making sure personal information is accurate, relevant and safe, save both time and money.

Our organisation act as a Data Controller as we keep or process information about living people and must comply with certain important rules about how we collect and use personal information.

We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your payments, personal data and your data protection rights, including your right to object, is available at Privacy Centre

2. Lawful Basis for Processing

Our firm must have a valid lawful basis in order to process a person’s data and be able to demonstrate the processing of data is “necessary” in order to provide our products and services. There are six lawful bases and our organisation process on the basis of the following:

CONTRACT – We may have to process information to fulfil our contractual obligations for an installation, or provide a quotation, or enter into a finance agreement, or provide a warranty. In this instance the processing is necessary for the performance of the contract.

LEGAL OBLIGATION – We may have to check data against the HMT Sanctions List which is a legal obligation or process information for health and safety reasons. In this instance Health and Safety is legislation.

LEGITIMATE INTERESTS – In many instances the processing is necessary, for example to create a Retrofit Assessment, Energy Performance Certificate, act as a credit intermediary in order to arrange Privacy Notice FCAP020d a Finance Plan, access or check ECO Funding eligibility, carry out a Customer Survey Report, technical monitoring, provide other marketing information that may benefit a customer providing they agree to this.

CONSENT – We ask person’s to positively opt in if they want to receive further information on a product or service that we market separately.

We process special category data where this is necessary. For example, we have a number of contracts with Utilities where Special Data is processed as part of the Government Energy Company Obligation scheme where health information (Benefit entitlement payment) is an essential part of scheme eligibility which we have to evidence and process.

3. Collection of Information – Your consent

We may collect personal information from you if you provide it voluntarily. If you do provide personal information to use, we will assume that you have read this Privacy Notice and have consented to us using your personal information in the ways described in this Policy and at the point where you give us your personal information. If, after providing us with personal information, you later decide that you do not want us to use it for particular purposes, then please write to us at the address shown.

4. Collection of your Information. What information do we collect and when?

We may collect and process the following data:

  • Information you provide when buying products or services.
  • Information you provide to us by filling in our forms.
  • Information collected through correspondence with our Sales and/or Customer Relations teams.
  • Information you provide to us through the recruitment process.
  • Information you provide to us in order to register for alerts.
  • Information you provide to us in order to carry out e-learning training courses and quizzes.
  • Social media interaction.
  • Statistical data about your browsing actions and patterns for the administration of your application for employment.
  • We may monitor or record any communications between you and us including telephone calls. We will use these recordings to check your instructions to us, to analyse, assess and improve our services to customers, complaints handling, and for training and quality purposes.
  • We may require you to submit personally identifiable information in order for you to make use of our services. You confirm that any information you enter or provide will be true. We Privacy Notice FCAP020d will only request and collect information which is necessary or reasonable in order to provide you with your requested services and to improve the services that we provide. It will not be a requirement to provide any additional information which is not needed to provide the services.
  • Credit or debit card information when making purchases via this method.
  • Profile information and insight from organisations that already hold information on you, such as credit reference agencies and “customer insight companies”. They give us their views on your household, your status, as well as your possible preferences and behaviours.

5. Reasons for Collection of your Information and how we use your information

In the course of our dealing with you we may collect and process certain information about you, including your name, date of birth, address, contact details (including your email address and contact telephone number), employment details, medical history, payment details (where applicable), any benefits you receive or are entitled to (including disability benefits) (where applicable), and other information about you and your property in respect of which services and products may be provided. Your personal information may be used by us, our employees, lenders, contractors or agents to:

  • Identify you during any communication between you and us.
  • Provide you with our websites, mobile apps and Wi-Fi networks.
  • Assess eligibility for services and products (whether provided by us or on our behalf).
  • Manage your Consumer Credit Agreement.
  • Carry out regulatory checks and meet our obligations to our regulators.
  • Cross reference and screen your data against the HMT Sanctions List.
  • Communicate with you to arrange the provision of such services and products.
  • Administer and provide such services and products.
  • Detect and prevent loss, fraud and other criminal activity.
  • Carry out credit reference checks.
  • Carry out market research and to help us review, develop and improve the services and products we offer; and understand you better and, in particular, your habits, where you are from time to time, your personal circumstances and those of your family or household, and the things you may like, dislike and be interested in. If we hold accurate information about you, we are better placed to send you tailored offers, news and information that we think you may be interested in. Privacy Notice FCAP020d
  • Carry out DBS Checks and processing data about criminal convictions, criminal offences or related security measures as required, where persons acting in a sales position for or on behalf of our firm and where visiting a consumer in their home. No register of criminal convictions would be kept.
  • Contact you (in accordance with your preferences), by post, telephone, SMS, email and other electronic means with information about products, services, promotions, and offers that may be of interest to you.
  • Keep legal certificates and work records relating to the services we have provided to you including details relating to:
    • Warranty and guarantee information.
    • Workmanship guarantees on work done by us or our contracted partners.
    • Insurance Backed Guarantees.
    • Installation Certificates to include installing, commissioning and servicing.
    • Records of any Legal or statutory notices we may have issued or supplied to include Gas Safe Certificates, Building Regulations Notifications, Warning Notices, At Risk, Not to Current Standard labelling by us or our contracted partners.
    • Any information which we consider may be required by the Health and Safety notice, product recall or modification.
    • Industry Body Documentation and installation records to include Gas Safe and OFTEC; Audit Bodies such as UKAS Accreditation Bodies for PAS:2030.
    • Government Bodies or appointed agencies such as Gemserv, TrustMark, Assessor or Installer Organisations.
    • Records of Advice given to include Energy Performance Certificates (EPC’s) which remain legally valid for 10 years after generation and may influence decisions to install or buy certain equipment.
    • Occupancy Assessments and Retrofit Assessments.
    • Any data we consider may be required by any Government Body such as OFGEM who retain the right of Audit on schemes they administer on behalf of the government for at least six years after installation.
    • Utilities such as those we provide services to in order to enable them to discharge their Energy Company Obligation.
    • Domestic customers and their heirs and successors in title who may ask for copy of records of works done at a property to enable property sales.
    • Waste and Environmental records and evidence which may be required by the Environmental Agency relating to our Waste Carrier Licence and Disposal records.

In the event that we sell or buy any business or assets, we may disclose personal information held by us to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party, personal information held by us will be one of the transferred assets.

Your personal information may also be used by us, our employees or agents if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce any agreement we have with or otherwise concerning you, or to protect our rights, property or safety or those of our customers, employees or other third parties.

6. With whom do we share your personal information?

We cannot run our business or provide many of the services and benefits you expect to receive without involving other people and businesses. We only share information in accordance with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.

We share the information we collect with third parties such as:

  • The Financial Conduct Authority (FCA).
  • Green Deal Oversight and Registration Body.
  • A finance lender (where applying for a finance option where we act as a credit broker).
  • Retrofit Assessors.
  • Retrofit Coordinators.
  • Other Installers.
  • Appointed Representatives and Introducer Appointed Representatives where we act as their Principal.
  • Energy Suppliers. Please note under ECO we may have to take photographs in the home to evidence the installation of a certain measure that is eligible under ECO and so images and sometimes persons may be captured and transferred to third parties as part of our obligation.
  • Credit reference agencies (who may check the information against other databases, public or private to which they have access), or fraud prevention agencies. This information may come Privacy Notice FCAP020d from your interactions with us or them through applying for a finance product; or ascertain from the way in which the loan is administered and managed, for example, information relating to the payments which are made.
  • Debt Collection Agencies.
  • Fraud Prevention Agencies.
  • Other people and businesses who help us provide our websites, mobile apps, Wi FI networks and related services to you, for example, information technology companies who design and host our website, independent software firms that provide services to help our ECO submissions, payment services companies who enable you to use credit or payment cards with us, and data insight specialists.
  • Any new business partners we may have over time, for example if we enter into a joint venture, reorganisation, business merger or sale of part of our business, the other party may receive some or all of your information.
  • Our professional advisors for example our lawyers, compliance officers, insurers and insurance brokers when they need it to provide advice or help us obtain insurance.
  • Other people who make a subject access request to us, where we are allowed to do so by law.
  • Third parties involved in the handling of a complaint.

In connection with the above purposes, your personal information may be transferred to, or otherwise processed by third party service providers acting on our behalf, our agents and law enforcement authorities (including the police).

7. Data Retention

We only retain personal information for as long as necessary to fulfil the purposes for which it was collected, to meet our legal, regulatory, contractual, auditing and compliance obligations, and to support the establishment, exercise or defence of legal claims. This includes obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Financial Conduct Authority (FCA) rules, and sector‑specific requirements relating to installation, ECO funding, warranties and recordkeeping.

Our organisation operates a comprehensive internal Data Retention and Disposal Policy and Retention Schedule, which set out the specific retention periods and disposal actions applied to each category of data we process. These internal schedules govern how long records are kept and ensure that information is reviewed, anonymised, archived, or securely destroyed when it is no longer required.

Where no statutory or contractual period applies, we determine retention based on defined criteria, including the type of information, the lawful basis for processing, operational requirements, regulatory guidance, potential audit needs, and applicable limitation periods. In all cases, we do not retain personal data for longer than necessary and regularly review our records to ensure continued compliance.

A copy of our Retention Schedule is available upon request.

8. Access to Information

The UK GDPR gives you the right to access information held about you. You have the right to ask for a copy of the personal information held about you. You also have the right to ask for inaccuracies in information to be corrected. Any access request is not subject to a fee unless the requests are unreasonable in which case a fee may be charged and will be disclosed at the time of request. A copy of the information held about you by us can be requested by writing to us at the address shown.

9. Transfer of Information Abroad

In certain circumstances, your personal information may be transferred outside of the United Kingdom, including to countries within the European Union and the United States. This may occur where our external service providers support functions such as analytics, marketing, customer engagement, or website optimisation. Whenever your data is transferred internationally, we ensure that appropriate safeguards are in place, including the use of the UK Addendum to the EU Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms recognised under the UK GDPR. These measures require the recipient to maintain equivalent levels of security and data protection. While some of these service providers use automated technologies, any decisions or actions that could significantly affect you are never made without meaningful human involvement, ensuring your rights and freedoms are fully protected.

10. Change of Policy

We may occasionally change the Privacy Notice to reflect customer and company feedback. Any changes will be shown on this page.

11. Breach Notification

Our business has the effective processes to identify, report, manage and resolve any personal data breaches.

12. Dealing with Data Protection Complaints

We aim to comply fully with our obligations under the UK General Data Protection Regulations and Data Protection Act 2018. If a customer has any questions or concerns regarding the management of personal data by a member of the group including their right to access data about themselves, then they should contact Austin Barcley, the Chief Executive Officer (CEO), who is responsible for ensuring our group of companies is compliant with data protection and is the nominated data protection lead or Data Protection Officer (DPO).

If a member of our group holds inaccurate information, then the customer should write to our firm at the address shown providing the CEO with any evidence to show what the information should say keeping copies of the correspondence. If after a reasonable amount of time (28 days is recommended) the information has not been corrected, then the customer can make a complaint.

There are two courses of action:

  1. Contact the CEO to process the complaint.
  2. If the customer is still dissatisfied, they can go directly to the Information Commissioner, the independent body that oversees data protection and the GDPR. They can be contacted on 0303 123 1113 or their website is www.ico.org.uk.

13. Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

14. How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

15. Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

16. Microsoft Clarity

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Ready to improve your home’s energy rating?

Check your EPC See if you qualify for grants