Our priority at Heatable is keeping your data secure and treating it with respect. We aim to handle your data fairly and lawfully at all times. We're also committed to being transparent about what we do. This statement explains how we collect, use, transfer and store your personal data. We know that there's a lot of information here, but it's important that you understand your rights as a customer. We’ve tried to make it as easy as possible to navigate.
It’s likely that we'll update this notice from time to time in order to reflect changes in the law and/or to our privacy practices, but we'll notify you of any significant changes. Our website will always show the most up to date version.
General
1. Who are we
When we refer to Heatable or the Company, this means Heatable Limited, whose registered office is Glebe Business Park, Widnes, Cheshire, WA8 5SQ.
Heatable is the 'Data Controller' for your personal data. This means we have the legal responsibility for how we collect, handle, and process your data.
Heatable complies with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), which came into effect following the UK's departure from the EU. The UK GDPR governs the processing of personal data within the UK and aligns closely with the EU GDPR, ensuring that your data is protected and handled lawfully.
As our products and services may be provided to you by different companies or contractors with whom we have commercial arrangements, it may be necessary to share your personal information with the relevant company or companies.
2. Contacting us
You can contact us via our Contact Us section of this website.
Who does this statement apply to?
• Customers and prospective customers;
• Individuals, sole traders, partnerships and companies (to the extent that the relevant company provides us with any personal data - for example employee names and email addresses);
• People we wish to promote products and services to;
• People who contact us on social media;
• People who visit our website;
• People who have responsibility for managing, or being a point of contact, for another person’s account.
1. What we collect
Personal Data
Such as your name, address, date of birth, and other contact details such as your email address and telephone number.
Vulnerability information
Such as health or disability issues. Having this data helps us provide you with the right services for you and to ensure your safety.
Financial information
Such as your payment details and financial circumstances as detailed on any finance applications by lenders or brokers we may introduce you to.
Information about your property
Such as house type, number of bedrooms, number of bathrooms or showers etc and any other data provided when you use the online quoting tool.
Records of conversations/interactions with us
Such as records of your discussions with our customer support teams, including call recordings, webchat and emails for training and monitoring purposes. When you share comments and opinions with us, ask us questions or make a complaint we may keep a record of this. This includes when you send us emails, phone our support team or contact us via webchat or through social media such as through Twitter or on Facebook.
Marketing preferences
We will record your advertising and marketing preferences including any requests for these communications to stop.
Exercising your rights
If you exercise any of your statutory rights under data protection law, we will keep a record of this and how we respond.
Device and machine information
Your smartphone or computer's IP address may tell us an approximate location when you connect to our website, but this will be no more precise than the city, state or country you are using your device in.
Lifestyle and demographic insight information
Information about how you use our services and other information about your demographic in order for us to offer you personalised energy products and services.
Company data
With regards to companies, data such as names, phone numbers and email addresses of representatives of your company.
2. Data we may collect from other people or organisations
In some circumstances other organisations may share personal data with us such as;
Affiliates who we are in partnership with to provide traffic or promotional offerings
Finance brokers or lenders who will arrange funding, loans or finance facilities for products and services we sell
Card merchants who collect card payments for products and services we sell
Product manufactures who provide aftercare services, warranty cover or extended services
Social media platforms
Landlords or property agents
3. How we use your data - the legal basis and purposes
We can only use your personal information in compliance with data protection laws. Those laws require that where we use your personal information, we must have the required legal basis to do so.
Set out below are the different legal bases we use at Heatable as well as examples of the types of processing we carry out:
Legal basis for processing: Performance of a contract with you or in readiness for such a contract.
Processing activities: (purpose)
To assess your needs, provide you with a quotation and agree a contract with you.
To register products with manufactures or warranty providers.
To arrange finance products through nominated lenders.
To process payments, refunds and set up payment plans.
Legal basis for processing: Consent
Processing activities: (purpose)
Where you have provided consent, we will rely on that to process your information for the purposes set out at the time that the request for consent was made.
Where you have provided consent to a partner organisation for us to contact you, we will rely on that consent to process your information for marketing purposes. This includes sending you marketing messages about our products and services via email, text, telephone, and other methods.
You can change that consent at any time by contacting us.
Health Data
If you have any vulnerabilities, we'll ask for your explicit consent before we add your details to our Priority Services Register and share with the relevant network operator. This enables us to take extra steps to ensure your safety and offer you additional services.
Promotion of products and services
We'd like to use your personal data to communicate with you by email, text, letter, telephone, social media and via our website. With your consent, including consent obtained through our partner organisations, we will tell you about products and services, promotions, tailored special offers and discounts that we think are likely to interest you. If you’ve given us (or our partner) permission to send you marketing information, we will respect your choices as to how you would like to receive this. You can change your consent preferences or opt-out at any time by contacting us.
We may send you letters or call you without your prior agreement when we have a legitimate interest in doing this - please refer to legitimate interest section.
Legal basis for processing: Legal obligations
As a Data Controller we have various rules and obligations we must abide by. The majority of these are set out in the GDPR and DPA policies. There are numerous other regulatory and legal obligations that as a business we must follow.
Processing activities (purpose)
Regulatory reporting is a legal requirement we have to do and will involve us processing your data for this purpose.
Managing your complaint or dispute will require us to process your information and in certain circumstances require us to share it with bodies like Gas Safe or the Financial Conduct Authority.
Orders made by a Court, for example where we are ordered to disclose information to law enforcement agencies.
Legal basis for processing: Legitimate interest
Where we or someone else has a legitimate interest, we'll ensure that our interest has been balanced against your rights and freedoms as an individual.
Processing activities (purpose)
We may want to use your details to contact you about your order, to discuss things such as unpaid invoices or to check information relating to your finance agreement (where applicable).
We may want to pass your information to organisations we work with who deliver a service for us, such as third parties we contract with directly to help us deliver services such as installers, trades people and manufacturers.
Advertising organisations including social media and entertainment service providers, which allows them to provide you with more relevant adverts.
For good governance, accounting, managing and auditing our business operations so that our business is effective and performs well.
Monitoring and recording our dealings with you, for example to prove you've agreed a contract with us, to help train our staff, or to help us give better service.
To manage our bad debt risk, including:
Taking legal action against you if you do not pay for goods or services provided.
Performing credit and anti-fraud checks to assess your application for credit and offer suitable payment terms
4. Who we share your data with
Regulators such as Gas Safe
Manufacturers of products which we have installed in your property
Finance providers such as V12 Retail Finance
Card merchants such as Stripe
In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.
Other people you have authorised us to share data with, such as family members, energy brokers, solicitors and debt management companies, so we can fulfil your requirements.
Debt collection agencies and other organisations assisting us with debt recovery (for example, bailiffs, courts, private investigators and our solicitors).
Network Operators, for example so they can keep you informed about disruptions and reconnections to your energy supply if there's a loss of supply, an emergency oran event happening that will cause disruption to your energy supply.
Law enforcement organisations working on the detection, investigation and prevention of crime and enforcement of legislation.
Organisations which offer referral and reward schemes on our behalf, and/or organisations which offer you cash back for joining us.
Advertising organisations including social media and entertainment service providers to show you advertising about our products and services.
5. How do we protect your personal data
Any personal information we collect, record, or use in any way, be it on computer, hard copy or in any other form, is secured through our safeguarding processes to ensure that we meet our obligations under the UK General Data Protection Regulation (UK GDPR).
6. What are your rights surrounding your personal information?
The GDPR enhances your rights surrounding your personal data. This includes:
The right to be informed – we will provide you with a copy of this privacy policy before seeking your consent to store/process your personal data.
The right of access – you have the right to request a copy of any personal information we hold on you. This will be provided in a structured format, free of charge, within 30 days of your request. Requests can be made in writing, by phone or by email, to any of the contact details of our Data Protection Officer provided below.
Tel: 0330 113 1333
Email: [email protected]
The right to rectification – you have the right to request us to rectify any of your personal data which you believe is inaccurate or incomplete. We will respond within one month (this can be extended by two months where the request for rectification is complex). Requests can be made in writing, by phone or by email, to any of our contact details provided above.
The right to erasure – you have the right to request ‘to be forgotten’, i.e. for us to delete all records of your personal data. We will comply with your request, unless we have a legal obligation to continue to hold your personal data, in which case we will inform you of the reason we are unable to complete your request.
The right to restrict processing – you have the right to ‘block’ or suppress processing of personal data – in this case we will retain just enough information about you to ensure that the restriction is respected in future.
The right to data portability – you may request a copy of your personal data, in order to use it for your own purposes across different services, e.g. moving it from one IT environment to another in a safe and secure way. We will provide the data in a structured, commonly used and machine-readable form, e.g. CSV files. This will be provided free of charge and within one month (this can be extended by two months where the request is complex).
The right to object – you have the right to object to us processing your personal data for direct marketing purposes, and historical or statistical purposes, and we will respect this request as soon as we receive it (by post / email / phone, details of which are provided above).
The right to complain: If you wish to request further information about any of the above rights, or if you are unhappy with how we have handled your information, contact the Data Protection Officer (see section 7.2 for contact details). If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office: https://ico.org.uk/global/contact-us/ 0303 123 1113.
If we collect or handle your personal data, you have rights as an individual which you can exercise in relation to the information we hold about you.
If you'd like to express one of your rights, please email [email protected]
7. Right of access to your personal data
You can find out if we hold any personal data about you, and access that data, by making a ‘subject access request’ under the Data Protection Act 2018 and the UK General Data Protection Regulation. If we do hold your personal data, we will provide you with a copy and information about what we do with it. Unless you ask us to provide it in a different way, we will email this to you where you have given us an email address.
You can request access to our data by using any of the methods on our contact us page.
If you only want to see certain items and you agree, we will try to deal with your request informally, for example, by providing you with the specific information you need over the telephone.
8. Other rights you have
If you’ve given us (or a partner organisation) consent to process your personal data, you have the right to withdraw that consent at any time by contacting us.
You can request that we correct any mistakes, restrict or stop processing your data, or delete it. It’s worth noting that in some cases if you do ask us to correct, delete or stop processing it, we won’t always be required to do so – for example we may need to continue in order to keep records for regulators. If this is the case, we'll explain why.
9. Your right to contact the Information Commissioner
If you're unhappy with any aspect of how we handle your personal data you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK.
You can contact them by going to their website phoning them on 0303 123 1113 or by post to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
1. How we use cookies
Most internet browsers, like Firefox, Safari or Google Chrome, let websites store simple text files called 'cookies' on your computer.
Cookies let websites remember things like your username or password, so you don't need to re-type them every time you visit. They also help websites see how you use them, and this can be used to improve how websites work.
We've a legal responsibility to tell you about the kind of cookies we use, what they're for and how to turn them off. We strongly suggest you accept our cookies though, to get the best possible service from our website.
2. What cookies can’t do
There are quite a few myths about cookies out there, so to put your mind at rest, here's what cookies can't do:
Read your hard disk.
Get your login email address or other personal info unless you provide it.
Create viruses or destructive programmes that could harm your computer.
Instantly fill up your hard drive.
We use cookies on Heatable for tracking and marketing purposes these cookies include;
Category | Cookie |
Intercom | Live chat software, you can learn more about Intercom on their website. |
Re-marketing | |
Google Analytics | You can read more about the cookies Google generates |
Google AdWords | Re-marketing |
By using Heatable, you are consenting to the use of cookies. If you wish to disable and/or delete cookies, you can do this from your web browser.
Note, disabling and/or deleting cookies may effect the usability of the website.