StepSoft Ltd is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website or services, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

StepSoft Ltd provides retrofit coordination, design, assessment, and energy efficiency consultancy services across the UK, including work under schemes such as ECO4 and GBIS.

📧 Email: info@stepsoft.co.uk

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

1. a) Contact Information

• Full name
• Email address
• Phone number
• Company name and job title

1. b) Project & Property Information

• Property address and details
• Retrofit measures and technical data
• Survey, assessment, and design information

1. c) Communication Data

• Emails, enquiries, and correspondence
• Feedback and support requests

1. d) Marketing Preferences

• Your preferences for receiving communications

1. e) Website Usage Data (if applicable)

• IP address
• Browser type and device information
• Pages visited and interaction data (via cookies)

3. How We Collect Your Data

We collect data through:

• Direct interactions (email, phone, website forms)
• Engagement in retrofit projects and services
• Information provided by authorised third parties (e.g., installers, managing agents, funding bodies)
• Website usage (via cookies and analytics tools)

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• To provide retrofit coordination, design, and consultancy services
• To manage and deliver projects under ECO4, GBIS, and other schemes
• To communicate with you regarding enquiries, services, or ongoing work
• To ensure compliance with PAS 2035 / PAS 2030 standards and TrustMark requirements
• To improve our services and operational efficiency
• To comply with legal, regulatory, and contractual obligations

5. Legal Basis for Processing

We process your personal data under the following lawful bases:

• Contractual necessity – to deliver agreed services
• Legal obligation – to meet regulatory and compliance requirements
• Legitimate interests – to operate and improve our business
• Consent – where required for marketing communications

6. Data Sharing

We may share your data with trusted third parties where necessary, including:

• Accreditation bodies (e.g., TrustMark, ECMK, Elmhurst)
• Managing agents and funding providers
• Installers, contractors, and project partners
• Regulatory authorities and auditors

All third parties are required to respect the security of your data and process it in accordance with data protection laws.

7. Data Retention

We retain personal data only for as long as necessary:

• To fulfil the purpose it was collected for
• To comply with legal, audit, and regulatory requirements
• For legitimate business and record-keeping purposes

Data may be retained longer where required for compliance with PAS standards, TrustMark audits, or funding scheme requirements.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Secure systems and controlled access
• Data encryption where appropriate
• Protection against unauthorised access, loss, or misuse

9. Marketing

We may send you information about our services where relevant to your business or where you have provided consent.

You can opt out at any time by contacting:
📧 info@stepsoft.co.uk

10. Your Data Protection Rights

Under UK GDPR, you have the following rights:

• Right to Access – request a copy of your personal data
• Right to Rectification – correct inaccurate or incomplete data
• Right to Erasure – request deletion of your data (where applicable)
• Right to Restrict Processing – limit how we use your data
• Right to Object – object to processing, including marketing
• Right to Data Portability – request transfer of your data

To exercise any of your rights, contact:
📧 info@stepsoft.co.uk

11. Cookies (Website Use)

Our website may use cookies to:

• Improve user experience
• Analyse website traffic
• Support website functionality

You can control or disable cookies through your browser settings.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be published on this page with a revised effective date.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact:

📧 info@stepsoft.co.uk