Privacy Policy

Privacy Policy

The Double Glazing & Conservatory Quality Assurance Ombudsman Scheme (DGCOS) (“We") are committed to protecting and respecting your privacy.

This policy sets out the basis on which we collect and process personal data.

For the purpose of the Data Protection legislation and rules (the Act), DGCOS is a consumer protection scheme and the entity and data controller responsible for holding and using your data. We may share data and information with other parties’, and this is explained in the policy below.

Information we may collect about you

We collect and process data about our current, past and prospective members, and their customers, for the installations they undertake, as well as from general enquiries or complaints about us, the fenestration industry, the scheme or its members or from other third-party sources, including publicly available data. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may, therefore, collect and process the following type of data:

For customers of our members or the public:

  • Information that our members provide about you via our on-line registration system or manually. This would include your name and address and contact details along with information about the work which has been undertaken. We hold and use this information as it is in ours and our members legitimate interests to do so. The information is used for the administration of the product offered and monitoring the conduct of our members.
  • If you contact us, by way of any enquiry, including to make a complaint, we will retain a record. Records may include call recordings if you contact us via telephone and other correspondence. We will usually take details of your name and address and contact details along with details of your enquiry and our reply. We hold and use this information as it is in our legitimate interests.

For current, past or prospective members or employees of current, past or prospective members:

  • Information that you or your employer provide either manually or through our on-line registration system, which may include your name, address and contact details along with information about your role in the installer firm. Information may be provided as part of an application to DGCOS or to enable us to administer the product (and the contract you enter for this). Where you are an employee of the installer, we hold and use the information as it is in our legitimate interests to do so.
  • If you contact us, by way of complaint or otherwise, we will keep a record of that which will include any correspondence and telephone calls. Where you are the member, we hold and use the information as part of your agreement with the scheme. Where you are an employee of the member, we hold and use the information as it is in our legitimate interests to do so.
  • We may obtain credit checks, identity checks and other due diligence checks carried out against you, your address(es) or your business(es) and copies of any references taken or this information is obtained from third parties such as credit reference agencies and publicly available information. We collect this information where you are the prospective member, applying to join DGCOS or have significant control of a prospective member. We hold and use this as part of our entry into a contract with a member.

Using the information

We use information held about you in the following ways:

  • To assess your application to become an Accredited DGCOS Member.
  • To carry out our obligations and enforce our Accredited Member obligations under the contract with DGCOS.
  • To provide you with information concerning your registration with DGCOS.
  • To obtain the insurance cover. We will share any details which the insurer requires of a member and their customers. The customer will be provided with an insurance policy confirming their cover. The insurer will process the information as data controller as they have a legitimate interest in this to provide the required cover.
  • To process membership information for member services and benefits and the administration and provision of those benefits and customer services for the customers of members.
  • To verify your identity and prevent fraud.
  • For legal and regulatory reasons.
  • In order to conduct inspections on the installations completed by members.
  • To provide members and their customers with information, products or services that they request from us.
  • We may send marketing communications to members about our products and services, and the products and services of other carefully selected third parties (unless you have opted out of marketing, or we are prevented by law from doing so). You do however have the right at any time to ask us not to contact you for marketing purposes. To opt out of marketing activity please contact [email protected] and allow 30 days for your request to be processed.

Who we share information with

  • Financial or fraud investigation authorities
  • Credit reference agencies
  • We may provide Data about you to our designated insurance broker(s) for the Scheme and they will provide it to any selected insurer. This data will be used by the broker and the insurer as it is in our and the members’ legitimate interests for this data to be used to provide insurance relating to the work which has been provided. We have carefully assessed this use of data to ensure that it will provide a benefit to the data subject as they will receive the benefit of the cover at no additional cost to themselves. If you require details of the insurer this will be included in the insurance policy provided to you when work is registered with us.
  • If you are a customer of a member and you make a complaint about a member or the products or services they have provided to you, we will pass details of you and your complaint to the member unless you ask us not to. However, please be aware, if you are a customer of a member of the scheme and your complaint is very specific to the installation or service you have received from a member, it may be impossible for us to pass on the complaint without disclosing your details. Where you have concerns about your details being passed to the scheme member in this context, we will work with you to agree what information can be passed to the member.
  • Service providers (including but not limited to Qualitymark Protection Ltd – Company Number 03230676) acting as processors who provide IT and system administration services and who administer the Scheme and/or who provide outsourced services to the Scheme.
  • HM Revenue & Customs and other government bodies , Trading Standards, consumer protection bodies, consumer advisory body (such as Citizens Advice), competent person schemes, standards bodies, regulators, fraud agencies, finance brokers and lenders, organisations within the fenestration industry with whom we wish to share data to enhance and support our member services and consumer protection and other organisations acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • Regulatory authorities
  • Organisations we’re legally obliged to share personal information with
  • External auditors or inspectors
  • Contractors
  • The purchaser or seller of or investor in any business or asset which we are selling or contemplating selling or purchasing and their advisors or service providers.
  • Suppliers and service providers

We have contracts in place with all third parties to whom we provide your data to, and they are required to ensure that all the requirements of the Data Protection legislation are met.

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

To make a data protection rights request, please contact us using the contact details at the bottom of this privacy notice.

Where we store your personal data

The data that we collect may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. We take all steps reasonably necessary to ensure that all data is treated securely and in accordance with this privacy policy including when it leaves the EEA. Where data leaves the EEA it is subject to contractual requirements to ensure the rules continue to apply. Data will at all times remain subject to the provisions of the Data Protection Act.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we keep information

We will retain your data for as long as it is reasonably required for our legitimate purposes and to meet our regulatory requirements, and for no longer than is necessary.

Call recordings are kept for a maximum of 13 months.

Changes to our privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated on 15th July 2025. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Contact us

If you have any questions about this privacy policy or our privacy practices, including any requests to exercise your legal rights, please contact our Data Protection Officer in the following ways:

Full name of legal entity: The Double Glazing & Conservatory Quality Assurance Ombudsman Scheme

Email address: [email protected]

Postal address: DGCOS, Solutions House, Chorley Business & Technology Centre, Euxton Lane, Chorley, Lancashire PR7 6TE

Telephone number: 0345 053 8975

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

The ICO’s address:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Your internet browser is not supported with this website. Download a free, up-to-date browser here. ×