Full Privacy Statement/Notice
Boilers R Us’s registered office is 344 Footscray Road, SE9 2EB
This policy applies to information we collect about:
- visitors to our website;
- visitors to our website who complete our enquiry form, providing their personal details;
- people who do business with us, place orders from us or register for our service
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information you tell us when submitting an enquiry form
When you provide us with contact details (including Identity Data, Contract Data and Financial Data as referred to below) on an enquiry form on this website, you are agreeing for us to contact you regarding the question you submitted and you are consenting to us using that information as set out in this policy.
After helping you with your enquiry, if you do not ask us to provide you with services/products (which will involve us retaining and using the information you have provided as set out in this policy below), we would like to retain your Identity Data and Contact Data so that we can keep in touch with you regarding offers, promotions and other information that we feel you may find useful.
To inform us that you would like us to keep in touch, please tick the checkbox on our contact and enquiry forms on this website.
If you agree to us retaining your data for our mailing lists, you can opt out at any time. When we send you any emails there will always be the option for you to ask to be removed from our mailing list. Alternatively, you can get in touch via email, phone or in person, and ask to be removed from our mailing lists.
Other information we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your preferences and feedback.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we collect your personal information
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms (including our enquiry form) or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- create an account on our website;
- subscribe to our service;
- request marketing to be sent to you; or
- give us some feedback.
- Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies (see “Cookies” section below).
- Third parties or publicly available sources. We may receive personal data about you from various third parties as set out below:
- Technical Data from the following parties:
- analytics providers such as Google based outside the EU (see “Google Analytics” section below);
- advertising networks, such as LEADS2TRADE, TWITTER and FACEBOOK based inside the EU; and
- search information providers, such as GOOGLE based outside the EU.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services, such as GOCARDLESS, QUICKBOOKS based inside the EU.
- Identity and Contact Data from data brokers or aggregators, such as COMMUSOFT DATABASE based inside the EU.
- Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
How we use your personal information
We gather this information to allow us to provide the products/services requested and document customers information in regards. The relevant information is then used by us to communicate with you on any matter relating to the conduct of your instructions in general. As detailed above, if you agree, we may also contact you about other products and services we think may be of interest to you.
Our Reasons to Process (Use) Your Personal Information
The piece of legislation that defines what your rights are over us processing (using) your personal information is called the “General Data Protection Regulation”, or “GDPR” for short.
This piece of legislation states six “lawful reasons” that would deem processing (using) someone’s personal details as lawful.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. The table below explains what we use (process) your personal information for and our reasons for doing so:
|What we use your personal information for||Our reasons|
|To provide services to you||For the performance of our contract with you or to take steps at your request before entering into a contract.|
|To prevent and detect fraud against you or us||For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for us and for you.|
|Conducting checks to identify our customers and verify their identity
Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator.
|To comply with our legal and regulatory obligations.|
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies||To comply with our legal and regulatory obligations.|
|Ensuring business policies are adhered to, e.g. policies covering security and internet use||For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you.|
|Operational reasons, such as improving efficiency, training and quality control||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price.|
|Ensuring the confidentiality of commercially sensitive information||For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information.
To comply with our legal and regulatory obligations.
|Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price.|
|Preventing unauthorised access and modifications to systems||For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you.
To comply with our legal and regulatory obligations.
|Updating and enhancing customer records||For the performance of our contract with you or to take steps at your request before entering into a contract.
To comply with our legal and regulatory obligations.
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products.
|Statutory returns||To comply with our legal and regulatory obligations.|
|Ensuring safe working practices, staff administration and assessments||To comply with our legal and regulatory obligations.
For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you.
|Marketing our services:
||For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers.|
|External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts||For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards.
To comply with our legal and regulatory obligations.
Who we share your personal information with
We routinely share personal information with:
- third parties we use to help deliver our services to you, e.g. payment service providers, warehouses and delivery companies;
- other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
- third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers;
- Our accountants
- our bank;
- our databases
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors, e.g. in relation to ISO or Investors in People accreditation and the audit of our accounts.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We will not share your personal information with any other third party.
How long we keep your personal information for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Google provides a web analysis service (Google Analytics) which collects data to track and examine the use of websites. Google utilises this data to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualise and personalise the ads of its own advertising network.
In order to produce the analysis stated above, Google collects personal information from Cookies and Usage Data. This data is then processed in the USA.
Website users can opt-out of Google Analytics for Display Advertising and also customise Google Display Network ads using the Ads Settings.
How We Use Google Analytics and Adwords
We use Google Analytics to monitor how our website is being used so we can improve it as best we can.
We use Google AdWords and Tag Manager for advertising and analytical purposes.
In order for us to ask Google to prepare site usage reports for us, we need to pass them each IP address that is accessing our site.
[However, when we pass an IP address to Google, we take advantage of the anonymisation feature which means we DO NOT send Google any details that can then be traced back to source IP address.
WE DO NOT PASS ANY OTHER PERSONAL INFORMATION TO GOOGLE.
As described in the section above, Google may also share the data from the site usage report with other Google services. In particular, Google may use the data to contextualise and personalise the ads of its own advertising network.
For information on how Google uses the information it collects, please click here.
Payments via Third Party
We process personal data in order to facilitate order fulfilment and support customer enquiries. Payment card information is not stored on our servers or website and is securely handled by one of our third party providers.
Payments on our site are completed via www.PayPal.com and all payment details are stored and processed via their site. We DO NOT store any payment information on our site.
Payments on our site are completed via www.Stripe.com and all payment details are stored and processed via their site. We DO NOT store any payment information on our site.
Twitter, LinkedIn and Facebook Buttons
We have the Twitter, LinkedIn and Facebook buttons on our website to allow our website users to share our website and services with their followers/links/friends.
Other Third Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
How we protect your information
We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.:
- with your and our service providers located outside the EEA;
- if you are based outside the EEA;
- where there is an international dimension to the services we are providing to you.
These transfers are subject to special rules under European and UK data protection law.
We will not transfer your personal data outside of the [United Kingdom OR European Economic Area] or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Access to your information and updating and correcting your information
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please send an email to Louise Querec firstname.lastname@example.org or send a letter to Louise Querec 344 Footscray Road, SE9 2EB. We may make a small charge for this service.
We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided to us changes, for example if you change your email address or name, please let us know the correct details by sending an email to Louise Querec 344 Footscray Road, SE9 2EB or send a letter to Louise Querec 344 Footscray Road, SE9 2EB. You may ask us, or we may ask you, to correct information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate.
You have the following rights, which you can exercise free of charge:
|Access||The right to be provided with a copy of your personal information (the right of access).|
|Rectification||The right to require us to correct any mistakes in your personal information.|
|To be forgotten||The right to require us to delete your personal information – in certain situations.|
|Restriction of processing||The right to require us to restrict processing of your personal information – in certain circumstances, e.g. if you contest the accuracy of the data.|
|Data portability||The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.|
|To object||The right to object:
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.|
For further information on each of those rights, including the circumstances in which they apply, please contact us.
This privacy notice was published on 30TH May 2018 and last updated on 15th June 2018.
We may change this privacy notice from time to time – when we do we will inform you via email and website updates.