Privacy Policy

Rrev Ltd

Effective date:

13 June 2026

Last reviewed:

13 June 2026

Version:

1.0



1. Who We Are

Rrev Ltd is a UK-based business specialising in electric vehicle (EV) charger installation, solar panel, battery storage, and electrical services, operating within approximately 30 miles of Andover, Hampshire. Throughout this policy, “we”, “us”, and “our” refer to Rrev Ltd.

Data Controller: Rrev Ltd

Contact: For all data protection queries, please email us at the address published on our website or write to our registered business address.

2. What This Policy Covers

This privacy policy explains how Rrev Ltd collects, uses, stores, and shares your personal data when you enquire about, purchase, or receive our services. It applies to customers, prospective customers, suppliers, and anyone who contacts us.

This policy is issued under, and complies with, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Identity and Contact Data

  • Full name

  • Postal address (including installation site address)

  • Email address

  • Telephone number(s)

3.2 Property and Technical Data

  • Property details relevant to quotation and installation (roof type, orientation, electrical supply configuration, meter details, DNO/IDNO information)

  • Photographs of the property, electrical installations, and meter arrangements

  • Existing electrical installation condition and any defects identified during survey

3.3 Financial and Transactional Data

  • Quotation and invoice details

  • Payment information (processed via Xero; we do not store full payment card details)

3.4 Communications Data

  • Emails, messages, and correspondence between you and Rrev Ltd

  • Records of enquiries, site surveys, and job-related discussions

4. How and Why We Use Your Data

Under the UK GDPR we must have a lawful basis for processing your personal data. We rely on the following:

Purpose

Lawful Basis

Details

Providing quotations and carrying out site surveys

Pre-contractual steps / Contract performance (Art. 6(1)(b))

Processing your enquiry and preparing a tailored quotation for solar, battery, or EV charger installation

Performing installation work and aftercare

Contract performance (Art. 6(1)(b))

Delivering the services you have contracted us to provide, including commissioning, handover documentation, and warranty support

Invoicing and payment processing

Contract performance (Art. 6(1)(b))

Issuing invoices via Xero and managing payments

Job scheduling and management

Legitimate interests (Art. 6(1)(f))

Using Tradify to schedule, track, and manage jobs efficiently

Complying with electrical regulations

Legal obligation (Art. 6(1)(c))

Meeting requirements under BS 7671 (IET Wiring Regulations), building regulations, MCS standards, and DNO/IDNO notifications

Business communications

Legitimate interests (Art. 6(1)(f))

Responding to enquiries and managing customer relationships via Gmail

Preparing technical documentation and customer correspondence

Legitimate interests (Art. 6(1)(f))

Using AI tools (Claude by Anthropic) to draft technical notes, quotation supporting documents, and customer communications

Tax, accounting, and legal compliance

Legal obligation (Art. 6(1)(c))

Maintaining financial records as required by HMRC and Companies House



5. Third-Party Data Processors

We use the following third-party services to process personal data on our behalf. Each acts as a data processor under the UK GDPR, and we have satisfied ourselves that appropriate safeguards are in place:

Processor

Purpose

Data Processed

Location & Safeguards

Tradify

Job management, scheduling, quoting, and invoicing

Customer name, address, contact details, job notes, photographs

Cloud-hosted (New Zealand / international). Appropriate safeguards under UK GDPR international transfer provisions

Xero (Xero Ltd)

Accounting, invoicing, and financial record-keeping

Customer name, address, contact details, invoice and payment data

Cloud-hosted (New Zealand / international). UK GDPR-compliant international transfer mechanisms in place

Google Gmail (Google LLC)

Business email communication

Name, email address, content of correspondence

US-based. UK GDPR-compliant transfer mechanisms (UK International Data Transfer Agreement / addendum)

Claude (Anthropic)

AI-assisted drafting of technical documentation, customer communications, and quotation materials

May include customer name, address, property details, and job-specific technical information as needed for document preparation

US-based. Data processed in accordance with Anthropic’s data processing terms. No personal data is used to train AI models when using the business API



We do not sell your personal data to any third party. We may also share data with DNOs, IDNOs (such as GTC), MCS, local authority building control, or other regulatory bodies where legally required.

6. International Data Transfers

Some of our third-party processors are based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that at least one of the following safeguards is in place:

  • The receiving country has been deemed to provide an adequate level of data protection by the UK Secretary of State

  • UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU Standard Contractual Clauses is in place

  • The processor has binding corporate rules approved by a supervisory authority

  • Another appropriate safeguard recognised under UK GDPR Article 46 applies

You may request details of the specific safeguards applied to any international transfer by contacting us.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by law. Our general retention periods are:

  • Quotation records (where no work is carried out): 2 years from the date of the quotation

  • Customer and job records: 7 years from completion of the work, to satisfy HMRC requirements and support warranty claims

  • Electrical installation certificates and compliance documentation: indefinitely, in line with industry best practice and BS 7671 requirements

  • Financial and accounting records: 7 years, as required by HMRC

  • General correspondence: 3 years from last contact, unless related to an active contract or dispute

After the applicable retention period, personal data is securely deleted or anonymised.

8. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access — You can request a copy of the personal data we hold about you (a “subject access request”).

  • Right to rectification — You can ask us to correct any inaccurate or incomplete data.

  • Right to erasure — You can ask us to delete your data where there is no compelling reason for us to continue processing it. This right does not apply where we are required by law to retain the data.

  • Right to restrict processing — You can ask us to suspend processing of your data in certain circumstances.

  • Right to data portability — You can request that we provide your data in a structured, commonly used, machine-readable format.

  • Right to object — You can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.

  • Rights related to automated decision-making — We do not carry out any automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, please contact us using the details in Section 1. We will respond within one month of receiving your request. There is no fee for making a request unless it is manifestly unfounded or excessive.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk or by calling 0303 123 1113.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

  • Use of password-protected devices and accounts

  • Encrypted email communications where appropriate

  • Limiting access to personal data to only those who need it for legitimate business purposes (in practice, the business owner)

  • Selecting third-party processors that demonstrate appropriate security standards

  • Regular review of data handling practices

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly without undue delay.

10. Cookies and Website

If we operate a website, a separate cookie notice will be provided where applicable. This privacy policy covers personal data collected through all channels, including in-person site surveys, telephone, email, and online enquiries.

11. Children’s Data

Our services are directed at property owners and are not intended for children under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, the services we use, or legal requirements. The “last reviewed” date at the top of this document will be updated accordingly. Where changes are significant, we will make reasonable efforts to notify affected individuals.

13. Contact Us

If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact:

Rrev Ltd

Email: info@rrev.uk



End of Policy —