Privacy Policy

1. Who we are

HomeGrants.ie is the data controller for personal data processed through homegrants.ie, including the public homepage and SEAI Windows and Doors grant estimator.

Contact for privacy requests: info@homegrants.ie.

2. Personal data we process

Estimator and eligibility checks

Eircode, build-year band, insulation answers, derived area attributes (for example county, local authority, small area code), and technical metadata such as request ID, device ID, IP address, and user-agent.

Homeowner callback lead requests

Full name, phone number, optional email, notes, house type, upgrade plan, homeowner intent, consent fields, checked Eircode, lead scoring/routing fields, and operational metadata (IP address, user-agent, UI version, journey context).

Public analytics and anti-abuse controls

Event telemetry (event name, timestamp, payload, request ID, device ID, variant IDs), plus daily anti-abuse counters keyed by IP/device and Eircode usage.

3. How we collect data

We collect personal data directly from form submissions, and automatically through security/telemetry controls. We also derive eligibility context from geocoding and BER area datasets.

4. Purposes and legal bases (GDPR Article 6)

We process personal data for the following purposes and legal bases:

• Provide estimator responses and requested callback matching services: Article 6(1)(b) (steps at your request / service delivery).
• Share lead details with local SEAI-registered contractors where you request contact: Article 6(1)(b) and Article 6(1)(a) (consent signal in lead flow).
• Operate, secure, and defend the service (rate-limiting, fraud/abuse prevention, and incident analysis): Article 6(1)(f) (legitimate interests).
• Maintain records and comply with legal/regulatory obligations where applicable: Article 6(1)(c).
• Run measurement/advertising technologies (for example Meta Pixel) only where enabled: Article 6(1)(f) and, where required by applicable law, Article 6(1)(a).

5. Who we share data with

We share personal data only where needed to run the service:

• Approved local SEAI-registered contractors (for callback leads you request).
• Hosting, infrastructure, and technical service providers.
• Geocoding/map providers used by the platform (for example Google Maps Platform, ArcGIS, and OpenStreetMap/Nominatim flows configured in service).
• Analytics/marketing providers where enabled (for example Meta).
• Webhook/CRM endpoints where configured by us for lead operations.
• Professional advisers, law enforcement, or regulators where legally required.

Where you ask to be connected with a contractor, we share your lead details with relevant SEAI-registered contractors so they can contact you. This lead supply service can operate on a paid commercial basis.

6. International transfers

Some providers we use may process data outside the EEA. Where this happens, we rely on GDPR transfer mechanisms such as adequacy decisions and/or appropriate safeguards (including standard contractual clauses) as required.

7. Retention

We keep data only as long as needed for the purpose collected, including:

• Public check token validity: up to 30 minutes.
• Public anti-abuse day counters: reset daily.
• Lead duplicate window: 14 days (for duplicate checks).
• Leads and event records are retained for operational, support, and compliance purposes and reviewed for deletion/anonymisation when no longer necessary.

8. Cookies and similar technologies

We use essential cookies for security and platform operation, including a signed device identifier cookie for anti-abuse controls. Optional third-party tracking technologies may be used where configured.

9. Automated decision support

The estimator produces an area-based likelihood result using BER area data, Eircode mapping, and your submitted answers. This supports decision-making only. It is not a grant approval decision and does not produce legal or similarly significant effects by itself.

10. Your GDPR rights

Subject to applicable law, you may request:

• Access to your personal data.
• Rectification of inaccurate data.
• Erasure of data in relevant circumstances.
• Restriction of processing.
• Data portability (where applicable).
• Objection to processing based on legitimate interests.
• Withdrawal of consent where processing is based on consent.

To exercise rights, email info@homegrants.ie. We may request information to verify identity before acting on a request and will respond within GDPR timelines (normally within one month).

11. Complaints

Please contact us first at info@homegrants.ie so we can try to resolve your concern quickly.

If you are not satisfied with our response, you can then lodge a complaint with the Irish Data Protection Commission (DPC): dataprotection.ie.

12. Children

This service is intended for adults and business users. We do not knowingly collect personal data from children.

13. Security

We apply technical and organisational controls including access controls, signed cookies, and rate limiting.

14. Changes to this notice

We may update this notice from time to time. The latest version is published on this page with the revision date shown above.