S&A Heating Ltd requires the use of certain information about individuals to be able to carry out its business. In doing so we will take all necessary steps to protect your privacy and ensure that we are compliant with the General Data Protection Regulation (GDPR). We are registered with the Information Commissioners Office (ICO) - Reg No: ZA125485.
We will ensure your data is always kept secure and that we will never share your data with third parties for marketing purposes. We will only contact you via the contact methods you have provided us for legitimate business purposes such as booking acknowledgments, confirmations, receipts, invoices, service reminders, and engineer tracking. We will not use your data to try and sell or promote any products or services that you are not subscribed to. We will only hold information about you that is volunteered to us by you via any of our communication methods including [but not limited to] our website, telephone, e-mail, postal letter or via a third party through which you have sought our services.
This policy sets out the basis on which we will process any personal data or personal information that you provide to us, in connection with your use of our website and/or our services.
About this Policy
S&A Heating carry out central heating installations, boiler replacements, boiler repairs and expert plumbing and heating services in Torbay and the South West of England. This means we come into contact with a wide variety of individuals including customers, suppliers, business contacts and other organisations that require contact in order to carry out our day to day business.
- "Website" means the S&A Heating Ltd website www.saheating.co.uk
- “Account” means a user account which is required to access and/or use certain features of the website.
- "Personal data" is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. It is any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
- “Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003
How to contact us
Address: S&A Heating Ltd, Unit 7 Chatto Way, Torquay, Devon TQ1 4UE
Data Controller: James Frost
Telephone number: 01803 323 950
Your rights under the GDPR
- To access the personal data we hold about you.
- To have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- To be forgotten, i.e. you can ask us to delete or otherwise dispose of any of your personal data that we have.
- To restrict (i.e. prevent) the processing of your personal data.
- To object to us using your personal data for a particular purpose i.e, market research.
- To data portability. This means that you can reuse your personal data held by us with another service or business in many cases.
- To safeguards relating to automated decision-making and profiling but we do not use your personal data in this way.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us as above
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
The type data we may collect
- Date of birth
- Email addresses
- Telephone numbers
- Financial information
- IP address
- Web browser type and version
- Operating system
- URLs including referral sites, your activity on our website, the website to which you exit
How your data may be used
We only collect your data for a specific, explicit, and legitimate purpose i.e. to perform a service or for the performance of a contract, and to which you have consented to our use, or because it is in our legitimate business operations to use it. Your personal data may be used for the following purposes:
- Personalising and tailoring your experience on our website
- Supplying our products and services to you.
- Personalising and tailoring our products and services for you.
- Communicating with you. This may include responding to emails or calls from you.
- Supplying you with information by email that you have opted-in to (you may unsubscribe or opt-out at any time by following the automatic unsubscribe link on emails).
- Analysing your use of our website and gathering feedback to enable us to continually improve your user experience.
- Providing and managing your access to our website
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes. This may include contacting you by email, telephone and post with information, news, and offers on our products and services. You will always be able to opt out.
We will not keep your personal data for any longer than is reasonably necessary and all data that we hold about you will have an expiry date. Your personal data will, therefore, be retained for 7 years, or if a warranty has been provided in excess of this period, then your data will be retained for the length of the warranty period. The periods for retention will be determined on the following basis;
- By our partner organisations providing funding solutions i.e. ECO funding or finance
- By the lifetime of the warranty period provided service i.e. extended boiler warranty's
- By the reasonable determination of S&A Heating Ltd in order to provide a continuity of services.
Your personal data and third parties
From time to time we may contract with third parties to supply products and services on our behalf. These may include;
- Payment processing
- Materials delivery
- Sales & Marketing
- Cloud storage providers
- IT service providers
- Warranty providers
- Registration bodies
In some cases, third parties may require access to some or all of your personal data that we hold. If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely and securely.
If any personal data is transferred outside of the European Economic Area, we will take suitable steps in order to ensure that your personal data is treated just as securely as it would be within the UK and under the GDPR.
We may be legally required to share certain personal data, such as in legal proceedings or compliance with legal obligations (i.e. a court order or the instructions of a government authority).
Controlling the use of your personal data
You can access our website without providing any personal data. However, to take advantage of all the features and functions available, you may be required to submit or allow for the collection of certain data.
When you submit personal data at our website, you may have options to control our use of your data i.e. you may be given options to restrict our use of your personal data for direct marketing purposes. This will also include the ability to opt-out from receiving emails from us which you may do by un-subscribing using the links provided in the email.
Accessing your personal data
You can ask us for details of the personal data that we hold about you and for a copy of it (where and when personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email or postal addresses shown in the "How to contact us" section of this policy.
There is not normally any charge for a subject access request but under some circumstances, we may charge a fee where the request is ‘manifestly unfounded or excessive.’
We will respond to your subject access request within one month and, in any case, not more than one month of receiving it. We aim to provide a complete response, including a copy of your personal data within that time. Some cases, particularly if a request is complex, more time may be required up to a maximum of three months from the date received. We will keep you informed of progress at every stage.
Changes to this policy