Ideal Heating Limited (referred to in this document as ‘Ideal Heating’, ‘data controller’, ‘we’, ‘our’ or ‘us’), is committed to protecting and respecting your privacy and the security of your personal data. We aim to be clear and transparent about what we do with the personal data we collect. (‘Personal data’ means any information relating to an identifiable person). This policy:
- Sets out how we process your personal data. (‘Processing’ means anything we do with your data, and includes collecting, using, storing and deleting it);
- Sets out where we might send your personal data to others, how we protect it and your privacy rights;
Who we are and how to contact us
Ideal Heating is part of Groupe Atlantic. With over 100 years’ experience in the UK heating industry, Ideal Heating is a market leader in the supply and servicing of domestic and commercial boilers.
In respect of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communication Regulations (PECR), the data controller is Ideal Heating Ltd, registered office, National Avenue, Hull, East Yorkshire, HU5 4JB.
The personal data we collect from you
We may collect personal data from you in the following circumstances, when you:
- Fill in a form on our site www.idealheating.com. This includes information provided at the time of registering to use our site, subscribing to a service, requesting further services and completing the Contact Form;
- Visit our site, we may automatically collect traffic data, location data, weblogs, browser, usage and other communications data;
- Report a problem with our site;
- Contact us by phone;
- Register a product warranty online or through our call centre;
- Interact with us via social media;
- Complete any surveys we send to you;
- From the Gas Safe Register (if you are an installer and/or reseller)
- Respond to our marketing activities
- From third party database providers of business lists (not consumers or sole traders) if they are a potential B2B relevant incorporated business who we wish to trade with.
IP Addresses and Cookies
How we use your personal data including legal basis
When you contact us using the Contact Form, we may store your personal data. The legal basis for this is ‘legitimate interest’. Where we process your personal data under this basis, we perform an assessment (LIA) that balances your rights and freedoms alongside our interests, to ensure that what we do with your personal data is what you would reasonably expect.
Products and Services
There are three legal bases under which we process personal data for product and services:
- When you register a product. The legal basis for this is ‘performance of a contract’;
- Where we keep your personal data for the purpose of product recall requirements, the basis is ‘vital interests’.
- After the expiry of a warranty for example, we may also keep your personal data under the basis of ‘legal obligation’ re’ gas safety, and health and safety regulations;
We may send you relevant marketing messages by email, text message (SMS), telephone or post about us and our products and offers where you are a business-to-business customer or potential business-to-business customer. For example, you may already install our equipment and/or provide servicing, are a product reseller, or have registered for one of our promotions or competitions. Alternatively, you may have had a dialogue with our sales team. If you are an incorporated business, you may currently have no relationship with us, but are one of the trade suppliers we wish to target.
For consumers we will only send marketing material to you if you meet at least one of the following categories:
- You have enquired about our products or services
- Have one of our products already installed (which could have been fitted by a third party)
- Have or have had a product warranty registration with Ideal Heating
- Use one of our Apps to manage your boiler and/or heating
For email and SMS messages, the legal basis for processing is normally legitimate interests, although in certain circumstances we may seek your consent. If you want us to stop sending you information by email or SMS, you can opt out at any time by selecting the ‘unsubscribe’ link on any email or SMS we send you. You can also email us at email@example.com. or write to us at: The Data Protection Officer, Ideal Heating Limited, National Avenue, Hull, HU5 4JB.
We may ask you to complete surveys for research purposes. The legal basis for these is legitimate interest or performance of a contract. Where legitimate interest is relied on, you have the right to opt out at any time.
How we share your personal data
We may disclose your information to third parties if we:
- Sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of those assets;
- Have a duty to disclose your personal data to comply with any legal obligation. This includes sharing information with other organisations for the purposes of fraud prevention.
We are required to have written contracts in place with any third parties we use to process your personal data. This is to ensure that third party processors only act on the documented instructions of the data controller, and to ensure that both parties understand their responsibilities, especially in regard to safeguarding personal data.
Third parties we share your personal data with are listed below:
- Agency TK
- Domestic & General
- First Event
- Flaunt Digital
- Gas Safe Register
- Google Analytics
- Square Owl
- Ideal Energy
- SPS Group
Where we store your personal data
Some data that we collect listed below, is transferred and stored outside the EEA. All other personal data is processed within the EEA.
Processed outside the EEA:
- Google Tag Manager (website analytics) – EU-US Privacy Shield.
- Salesforce (in certain circumstances)
How long we keep your personal data for
This depends on the type of personal data and what it is used for. We only keep personal data for as long as we have a legal basis to do so, and we adhere to the principle of data minimisation. This means that we only keep the minimum amount of information necessary for specific processing.
- We keep personal data you provide by filling in forms on our site unless or until you unsubscribe. If you unsubscribe, we retain minimal information about you to ensure that we know you have unsubscribed;
- Financial transaction data is kept for a maximum of seven years. This is due to legal obligations in relation to accounting and tax;
- Where there is a contract between us, and in case of any legal action, personal data is retained for 8 years after the end of the contract.
- A Data Retention Schedule listing how long different documents are retained is available on request, by using the contact details below.
How we secure personal data
We use a combination of physical, technical and organisational controls to safeguard your personal data. We are also committed to regularly evaluating our data protection security.
- Personal data is stored on secure servers;
- Payment transactions such as card transactions are encrypted using SSL technology;
- Emails are scanned for malware and viruses;
- Data sent between our website and your browser is protected using industry standard protocol such as Transport Layer Security;
- Data processed by third parties is safeguarded by contracts containing audit rights of inspection and warranties;
- Personal data is stored within secured networks, and is only accessible by a limited number of people. Access rights and other policies and procedures forming part of our Information Security Management System (ISMS) further secure your information.
Our security procedures mean that we may occasionally request proof of i.d. before we are able to disclose personal information to you.
Unfortunately, the transmission of information via the Internet is not always secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Once received however, we will use our procedures and security to prevent unauthorised access.
You have certain rights (detailed below) under data protection law, and you can make requests to us about any personal data we hold about you.
Requests must be submitted via firstname.lastname@example.org or using the postal address listed further below.
We will also need to verify your identity and we will email you a Data Subject Access form for you to complete. Once this has been submitted, we have 30 days from the date of receipt to provide the information requested, and will not ordinarily charge a fee. If further copies are required, and / or the request is deemed vexatious, we can charge a reasonable fee.
Your rights include:
- Right to access. You have the right to request a copy of the information we hold about you. If you want to request a copy you can contact us as detailed above;
- Right to rectification. We want to make sure that your personal information is accurate and up to date. You have the right to ask us to correct or remove information you think is inaccurate.
- Right to erasure. You have the right to ask us to delete your personal data. You can ask us to erase your personal data where there is no good reason for us to continue to process it. This will apply for example where the purpose we collected your information for is no longer relevant, or where you withdraw consent, if consent was given to start with;
- Right to restriction. You have the right to request the restriction or suppression of your personal data under certain circumstances. This means you can limit how we use your personal data. This might apply if for example you believe the processing is unlawful;
- Right to data portability. You have the right to ask for a copy of your personal data in a form that lets you copy or transfer it to another IT system in a machine readable way, and / or another organisation. This will apply where the processing is based on consent or a contract, and the processing is by automated means;
- Right to object. You have the right to object to the processing of your personal data in some circumstances. You have the right to stop your data being used for direct marketing purposes;
- Right not to be subject to automated decision making including profiling. Where such processing produces legal effects or similarly significantly affects;
- Right to withdraw consent. Where our processing is based on your consent, you have the right to withdraw this consent at any time;
If you have any questions, requests or are unhappy how we have handled your personal data you should raise a complaint via: email@example.com
Or you can write to us at: Ideal Heating Ltd, National Avenue, Hull, East Yorkshire, HU5 4JB. We have a duty to respond within 30 days.
If after 30 days you have not received a response from Ideal Heating you have the right to complain to the Information Commissioners Office (click here https://ico.org.uk/make-a-complaint/handling/ to visit the ICO’s website).
Postal address: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF