Privacy Policy

For UBS Renewables and Retrofit & Coordination

Last updated: 27 February 2026

This Privacy Policy explains how Retrofit & Coordination Ltd (trading as "UBS Renewables" and "Retrofit & Coordination") collects, uses, stores and shares personal data when you visit our websites, contact us, or respond to our adverts (including Meta/Facebook/Instagram Lead Ads).

1. Who we are

Data Controller: Retrofit & Coordination Ltd

Trading names: UBS Renewables; Retrofit & Coordination

Websites: www.ubs-renewables.co.uk and retrofit-coordination website

Contact email for privacy matters: retrofit@retrofit-coordination.co.uk

Postal address: [Insert registered/business address]

2. Personal data we collect

• Identity and contact details (name, phone number, email address, postal address).
• Property and project details (postcode, property type, current heating/energy setup, survey notes, retrofit measures).
• Communication records (emails, calls, messages, appointment notes).
• Marketing and lead data (ad source, campaign/form ID, consent status, website form submissions).
• Technical website data (IP address, browser/device data, cookies and analytics events).

3. How we collect data

• Directly from you (website forms, calls, emails, surveys, consultations).
• Through advertising platforms such as Meta Lead Ads when you submit a lead form.
• From trusted partners or referral sources where lawful.
• Automatically via cookies and analytics tools on our websites.

4. Why we use your data (and legal bases)

• To respond to enquiries, provide quotations, surveys and project delivery — Performance of a contract / steps before contract
• To arrange installations, compliance evidence and aftercare — Performance of a contract; legal obligation
• To send service updates and essential communications — Contract; legitimate interests
• To send marketing messages where permitted — Consent or legitimate interests (with opt-out rights)
• To improve services, training and business operations — Legitimate interests
• To prevent fraud, enforce terms and keep systems secure — Legitimate interests; legal obligation
• To meet PAS/MCS/TrustMark or other regulatory requirements — Legal obligation

5. Meta/Facebook/Instagram advertising and lead forms

Where you submit information through Meta lead forms, your data is processed in line with this policy and Meta’s own terms. We use this information only for legitimate sales/service follow-up related to your enquiry.

• We do not request or infer prohibited sensitive personal attributes in ad copy or lead handling.
• We avoid misleading, deceptive or non-transparent ad claims and keep ad-to-landing/form messaging consistent.
• We only use submitted lead data for the stated purpose and keep clear records of source and consent where required.
• You can review Meta privacy controls and ad preferences directly within your Meta account settings.

6. Sharing your data

We only share personal data where necessary, for example with:

• Installation, surveying and compliance partners needed to deliver your project.
• Technology providers (CRM, telephony, email, analytics, document storage, automation platforms).
• Finance, warranty, accreditation or regulatory bodies where required.
• Professional advisers and authorities where legally necessary.

We do not sell personal data to third parties.

7. International transfers

Some providers may process data outside the UK. Where this happens, we use appropriate safeguards (such as adequacy decisions or standard contractual clauses) to protect personal data.

8. Data retention

We retain personal data only for as long as necessary for the purposes above, including legal/compliance records. Typical retention periods include:

• Enquiry and customer records: up to 6 years after final interaction/contract (unless longer required).
• Compliance and certification records: as required by applicable scheme/regulatory rules.
• Marketing suppression records (opt-outs): as needed to honour your preferences.

9. Your rights

Under UK data protection law, you may have rights to:

• Access your personal data.
• Correct inaccurate data.
• Request erasure (where applicable).
• Restrict or object to processing.
• Data portability (where applicable).
• Withdraw consent at any time (for consent-based processing).

To exercise these rights, contact: retrofit@retrofit-coordination.co.uk

You also have the right to complain to the Information Commissioner’s Office (ICO): https://ico.org.uk

10. Cookies and website analytics

Our websites may use cookies/analytics to understand traffic and improve services. Where required, we request consent for non-essential cookies. You can manage cookie settings in your browser and on our cookie banner.

11. Security

We use appropriate technical and organisational controls to protect personal data against unauthorised access, loss or misuse, including access controls, audit trails and secure cloud services.

12. Updates to this policy

We may update this policy from time to time. The latest version will always be available on our websites with the revision date shown above.

---

If you want a version with your registered office, company number, and exact website URLs hard-coded, we can finalise those details and reissue this document.