Privacy Policy


This Privacy Policy applies to operated by MultiCerts of First Floor, 85 Great Portland Street, London, W1W 7LT, (“we”, “us”, “our”). 

This Privacy Policy applies to Personal Data that we collect from our clients and from our website and other online users (hereinafter “you”), as well as information that we collect automatically during your visits to our website (e.g., information collected via cookies). Doing so, we act as the Datta controller in accordance with the UK`s Data Protection Act 2018 (“DPA”) and the General Data Protection Regulation (“GDPR”).

For purposes of this Privacy Policy, “business partners” means any subcontractors, contractors or other legal entities with whom we have an ongoing business relationship to provide services or information. 

“Personal Data” means any data, such as your name, telephone number, email address, IP (“Internet Protocol”) address or location data.

Legal basis for processing

Our legal basis for collecting and using your Personal Data as described in this Privacy Policy depends on the Personal Data involved and the specific context in which we collect it. Generally, your Personal Data will be collected and processed by us on one or more of the following legal bases:

  • Your consent,
  • Compliance with contractual obligations, 
  • Compliance with legal obligations, and
  • On the basis of our legitimate interests.

If you have any questions or need more information about the legal basis for the collection of your Personal Data, you can reach us at or call 0800 001 6363.

Information we collect

We may ask you for Personal Data when you:

  • use our website and services,
  • book required services whether CP12, EICR or EPC,
  • request quotes, services, support, concepts, or information,
  • place orders for services,
  • participate online or otherwise in marketing and advertising activities,
  • subscribe to our marketing and promotional emails or other materials,
  • interact with us on third-party social networking sites (subject to the terms of use and privacy policies of said third parties), or
  • contact us.

Categories of Personal Data we collect may include your name, email address, address, and contact telephone numbers. We may also ask you for other information that we need to process payment for our services. If you make a payment your Payment Data will be processed via the payment service provider Stripe Payments UK, Ltd., 7th Floor, The Bower Warehouse, 211 Old Street, London EC1V 9NR, United Kingdom, and we have no access to any Payment Data you may submit. 

In order to provide you with a more consistent and personalised user experience in your interactions with MultiCerts, data collected through one source may also be linked to other data collected by MultiCerts through other sources. This may include data that helps us identify you when you access our website through several different devices. We may also enrich the data we collect with data obtained from other parties, such as our business partners or other third parties, to create individual profiles about you. Examples of how we may use this data include using it to improve your user experience when visiting our website, displaying options tailored to your preferences, and for targeted advertising.

For more information about our use of cookies and similar tracking technologies, including how to opt out of targeted advertising, please contact us or declare your objection via the US page or the EU page

Data Automatically Collected by Us

We may automatically collect information about user behaviour and usage regarding your visits to our websites, such as the pages you view, the links you click, and other actions you take in connection with our website. 

We may also collect certain information about the browser you use to access our website, such as your IP address, device identifier, location data, browser type and language, your access times, the URL ("Uniform Resource Locator") of the website from which you arrived at our website, and the URL to which you are directed after leaving our website if you clicked on a link on our website.

To provide our website, we use the services of SiteGround Hosting Ltd of 7th Floor, 50 Broadway, SW1H 0DB, London, United Kingdom who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. 

Data from third-party sources

We may obtain data about you from third-party sources, such as social networks, and other third parties. We may use this data to better analyse your user behaviour to improve our ability to provide you with relevant marketing information and services, and to prevent and combat fraud.


We use so-called cookies on our website. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. 

Our use of Personal Data

We may use your Personal Data for the following purposes:

  • providing you with services, and support, and conducting transactions you request,
  • sending notifications to you, including information about the status of your transaction, including information about the services as well as order confirmations,
  • enabling you to use our website,
  • providing support to respond to your online inquiries,
  • customise, analyse, and optimise our services (including content to gauge usage trends and determine the effectiveness of our marketing and advertising campaigns), notifications and business relationships with you,
  • better understanding of our clients and website users, 
  • personalising content and implementing your preferences,
  • enforcing our terms and conditions, and separate contracts (if any) with you,
  • prevention of fraud and other prohibited or unlawful activities,
  • protecting the security and integrity of our websites, businesses, and services; and
  • other functions and purposes disclosed to you at the time of collection or as required or permitted by law.

Retention of your data

We will retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy, for as long as you are actively working with us, and in accordance with the UK`s Retention Periods and other applicable laws for up to 6 years.

International transfers

We may transfer your Personal Data to other companies and/or business partners as necessary for the purposes described in this Privacy Policy. In doing so, your Personal Data may be transferred to countries outside the UK or EEA. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organisational measures to protect the Personal Data we transfer.

Sharing of Personal Data by us

We may share your Personal Data with business partners for the purposes described in this Privacy Policy, including, without limitation, the operation and optimisation of our website and for the processing of contracts, various service companies work for us, e.g., for IT services or the hosting of our website, to carry out transactions you request or to respond more quickly to your needs in our operations. 

Our affiliates and/or business partners may contact you with information about services and offerings. We will only share your Personal Data with affiliates and business partners who have agreed to protect your Personal Data and to use it only for the purposes we have specified.

With your consent, we may disclose your Personal Data for any purpose.

In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if MultiCerts (or a part of MultiCerts) is sold to or merged with another company; or if we have reason to believe that disclosure is necessary to protect MultiCerts, its clients or the public.

In all cases other than those described above, Personal Data will not be disclosed by us to third parties for their own marketing purposes without your consent.

External services and content on our website

We include external services or content on our website. When content or services are displayed to you, communication data including your IP address is exchanged between you and the respective provider for technical reasons.

In addition, the provider may process your Personal Data for further, own purposes. We have selected services or content from providers carefully and in line with the DPA and GDPR requirements, however, we have no control over the Personal Data collected by third parties and its processing by them.

For further information on the purpose and scope of the processing of your Personal Data, please refer to the privacy policies of the respective providers responsible under data protection law for the services or content we integrate:

  • Analytics: Google Analytics by Google LLC of 1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the EU and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Elfsight by Elfsight, LLC of 0015, Armenia, Yerevan, Paronyana str., 19/3, 201
  • Tag Management: Google Tag Manager and Google Site Tag by Google LLC
  • Fonts: Google Font API by Google LLC. 
  • Content Management System: WordPress by Automatic Inc of 60 29th Street Suite 343 San Francisco, CA 94107 United States
  • Spam protection: reCAPTCHA by Google LLC
  • Cookie Consent Tool: CookieYes by CookieYes Limited of 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, United Kingdom, MK12 5NW.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us. 

Access Request and updating your Personal Data

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. 

We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days of receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).

Your rights 

Under the DPA and GDPR, you can exercise the following rights:

  • Right to information
  • Right to rectification
  • Right to object to processing
  • Right to deletion
  • Right to information
  • Right to data portability
  • Right of objection
  • Right to withdraw consent
  • Right to complain to a supervisory authority
  • Right not to be subject to a decision based solely on automated processing.

If you have any questions about the nature of the Personal Data we hold about you, or if you wish to request the erasure or rectification of Personal Data we hold about you, or to exercise any of your other rights as a data subject, please contact us. 

The Supervisory Authority

The competent data protection authority in the UK is:

The Information Commissioner`s Office (ICO)
Wycliffe House, Water Ln,
Wilmslow SK9 5AF, UK

How we protect your Personal Data

Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.

All transmitted data is protected by HTTPS encryption. Hyper Text Transfer Protocol Secure (HTTPS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.

We also use technical and organisational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. 

Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Collection and Use of Children's Personal Information

MultiCerts takes the privacy of children very seriously. We do not knowingly collect Personal Data from children through our website. 

Does this policy change?

We may update this Privacy Policy from time to time. If we make changes to this Privacy Policy or materially change our use of your Personal Data, we will revise this Privacy Policy accordingly and also change the effective date at the end of this section. We encourage you to periodically review this Privacy Policy to be informed of how we use and protect your Personal Data.

Who should I contact for more information?

If you would like to contact us regarding our privacy practices for any reason, please email us.

Effective Date

Saturday, 21 January 2023