Customer privacy notice

Skilled Mapping Ltd.

This privacy notice tells you what to expect us to do with your personal information.

• Contact details

• What information we collect, use, and why

• Lawful bases and data protection rights

• Where we get personal information from

• How long we keep information

• Who we share information with

• How to complain

Contact details

Controller. Skilled Mapping Ltd (“Skilled Mapping”, “we”, “us”) is the controller of personal data processed in connection with our website and services.

Registered address: Maxi House, Halesfield 20, Telford, England, TF7 4QU

Privacy contact / Data Protection Officer: Alex Wrigglesworth — contact@skilledmapping.com

Scope. This notice covers our website (enquiry/quote forms) and our surveying and reporting services (on‑street/mobile mapping and authorised site work). We do not operate a mobile app.

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:

• Thermal images of properties (see detail below)

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.

• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.

• Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.

• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.

• Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.

• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• We process only the minimum information needed so that we can pinpoint avoidable heat loss, recommend upgrades, and track results over time. This processing is necessary to deliver accurate efficiency reports. The expected benefits outweigh any residual privacy risk: occupants save on energy bills, homes consume less fuel, and society gains from lower CO₂ emissions. All imagery is anonymised and access is strictly controlled, ensuring the individual’s rights and freedoms are not overridden by our environmental and economic objectives.

Further detail on lawful bases :

• Purpose : Provide surveys and reports; manage projects and support you (Contract or legitimate interests where appropriate)

• Purpose : Quality assurance and service improvement (Legitimate interests)

• Purpose : Scientific research and statistics (Legitimate interests)

• Purpose : Licensing/sale of building‑level datasets (Legitimate interests with safeguards and opt-out)

• Purpose : Record‑keeping and legal compliance (Legal obligation)

• Purpose : Website security and responding to enquiries (Legitimate interests)

• Purpose : Business‑to‑business updates (Legitimate interests under PECR)

How we capture images

• No drones over residential property. We do not use drones for residential capture.

• Commercial drone operations only. We may deploy drones solely over commercial property, under appropriate consents and flight permissions.

• Façades‑only capture. For all capture methods (handheld, vehicle/tripod systems and, where applicable, commercial drones), surveyors are instructed to capture building façades only and to avoid people, vehicles and number plates.

• Incidental capture. If people or number plates are captured incidentally, we blur or crop those areas prior to storage and such imagery is not used in analysis or reports.

• Residential proximity in flight plans. If an authorised commercial flight plan passes near residential areas, any residential imagery collected inadvertently is discarded and not retained.

• We collect data from sensors but do not seek to identify individuals and are interested in the built environment, not people.

What we collect

Survey and project data (services)

• Imaging: thermal images, standard RGB photographs of façades, and LiDAR/point‑cloud data.

• Capture metadata: date/time, approximate location/route traces, device settings, environmental notes.

• Building characteristics: up to ~45 attributes to contextualise heat loss (e.g. property type and classification, fabric/materials, window/door condition, roof condition).

• Property identifiers: UPRN or equivalent property reference to align datasets and obtain top‑line EPC classification where relevant.

• Client/project records: commissioning organisation details, site addresses, instructions, scheduling and correspondence.

• We do not ingest occupant or tenant contact details and do not receive client CCTV.

Website data

• Enquiry/quote forms: name, email, phone, company, message, postcode and address.

• Cookies/analytics: we do not run analytics and do not set non‑essential cookies. Basic security/server logs may record IP addresses and limited technical data to keep the site secure.

When we collect

We conduct planned collection campaigns from time to time. We publish a map of planned driving routes each November on our website. You may opt out at any time (see Property‑level opt‑out)

How long we keep information

Raw façade images (thermal/RGB), LiDAR and capture metadata : We aim to process within 36 months of capture. We retain raw datasets for up to 36 months to support reporting, QA, route validation and model calibration. In limited, documented cases, we may retain specific raw datasets for longer to support multi‑year scientific research under legitimate interests, with strict access controls and biennial review. You may object to extended retention.

Other types of data: 

• Anonymised/aggregated research datasets and statistical outputs : May be kept indefinitely as they no longer identify individuals.

• Final reports and derived datasets for clients : 7 years (comparisons over time, warranties and accounting).

• Client/project correspondence and contracts : 7 years (legal/accounting).

• Property opt‑out suppression list :As long as needed to honour the opt‑out.

• Website enquiry submissions :12 months (unless we subsequently contract with you).

• Security/server logs: Up to 12 months.

• Financial records: 7 years (legal).

• Back‑ups :Typically up to 90 days on rolling cycles.

Who we share information with

• Service providers (processors). Secure cloud hosting, communications and professional service providers acting under our instructions and subject to confidentiality and security obligations.

• Data licence recipients (controllers). We may license or sell building‑level datasets to organisations (e.g. utilities, retrofit solution providers, insurers, local authorities, not‑for‑profits and academic partners) to identify use cases that can support fuel‑poverty alleviation and retrofit planning, or otherwise further our legitimate aims.

• We do not license datasets for advertising targeted at individuals.

• We apply safeguards, including de‑identification/aggregation where appropriate, contractual restrictions on re‑identification, and access controls.

• You may object to this processing and licensing (see Your rights).

• Authorities. We may disclose information where required by law, regulation or court order.

We do not sell personal data in the consumer‑marketing sense. Any licensing of building‑level datasets is conducted under contractual safeguards and our legitimate interests as described above.

International transfers. Some providers or licence recipients may process data outside the UK/EEA. Where this occurs, we implement appropriate safeguards (e.g. the UK International Data Transfer Agreement or Standard Contractual Clauses) and additional measures where necessary.

Property‑level opt‑out and removal

Do not capture my property: Email contact@skilledmapping.com with subject “Property opt‑out”, your address and (if available) UPRN. We will add the property to our suppression list and exclude it from future capture routes.

Remove previously captured home data: You may request deletion of façade imagery and associated raw sensor data relating to your property. We will honour valid requests unless we must retain certain records to comply with law or can demonstrate overriding legitimate grounds (we will explain these if they apply).

Security

We apply appropriate technical and organisational measures, including encryption in transit and at rest, multi‑factor authentication/SSO, role‑based access with least‑privilege, audit logging and access reviews, secure development and vulnerability management, and staff confidentiality and training. No system is perfectly secure, but we work to prevent unauthorised access, use or disclosure.

Incidents. Where required, we will notify the ICO within 72 hours of becoming aware of a personal‑data breach and inform affected individuals where there is a high risk.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Changes to this notice

We review this notice regularly and will post updates here. If we make material changes affecting how we process personal data, we will take reasonable steps to inform clients.

Last updated: 30 July 2025