Get a Quote
  • Mon - Fri: 09:30 - 17:30
Get a Quote

Privacy Policy

General

The Heating Plan (“we” or “us”) takes the privacy of your information very seriously. This Privacy Notice is designed to inform you, the user of our services, about our practices regarding the collection, use, and disclosure of personal information. This may include information provided in person, over the phone, via our websites, associated apps, or through other means.

This notice applies to personal data provided by our customers and their families, as well as potential customers. In this notice, “you” refers to any individual whose personal data we hold or process (excluding our staff). References to the “Site” refer to our website.

This notice is governed by the EU General Data Protection Regulation (the “GDPR”).

Basis on Which We Process Personal Data

We process personal data for one or more of the following reasons:

  • Legitimate Interest: The processing is necessary in pursuit of a legitimate interest (ours or a third party’s), and this interest is not overridden by your interests in data privacy and security.

  • Consent: You have consented to the processing for specific purposes described in this notice.

  • Contractual Obligation: The processing is necessary to comply with our contractual obligations to you.

Personal Data We Process, Purpose, and Legal Basis

Below is a summary of the categories of personal data we may process, the reasons for doing so, and the legal basis for processing:

  • Set Up Information: Information provided when setting up an account.

    • Legal basis: Legitimate interest — to obtain necessary information to provide our services.

  • Account Information: Information relating to your account with us.

    • Legal basis: Contractual necessity — to monitor and administer your account.

  • Services Information: Data related to call-outs or orders, including services or products ordered.

    • Legal basis: Contractual necessity and legitimate interest — to deliver services and manage business operations.

  • Payment Information: Information related to payments. Credit/debit card data may be handled by third-party payment processors per their own privacy notices.

    • Legal basis: Contractual necessity and legitimate interest — to facilitate transactions.

  • Communication Information: Records of correspondence or complaints.

    • Legal basis: Contractual necessity and legitimate interest — to respond to queries and improve services.

  • Technical Information: Data on site visits, resources accessed, and searches.

    • Legal basis: Legitimate interest — to monitor and improve website performance and user experience.

  • Marketing Information: Data held for marketing purposes.

    • Legal basis: Legitimate interest or consent — to communicate with you about our services.

We will not collect any special category (sensitive) personal data (e.g., health-related data) without your explicit consent.

Generally, we collect data directly from you. Occasionally, we may obtain data from third parties (e.g., postcode databases) to enhance service delivery. If so, your rights under this notice still apply.

You may withdraw your consent or request restrictions on data processing at any time (see Clause 9). However, we may retain some data where required by law or to complete ongoing services.

Cookies and IP Address

A cookie is a small file stored on your device that records information about your use of the internet. Cookies on our Site help:

  • Track user behavior to improve services.

  • Keep you logged into online services.

  • Provide a customized experience.

Cookies do not contain personally identifiable information. Once you close your browser, our access to the cookie ends.

You can accept or decline cookies through your browser settings. We will request your consent to use cookies via a banner on your first visit.

Declining cookies will not restrict access to most content but may limit access to some services.

An Internet Protocol (IP) address is assigned to your computer by your Internet Service Provider (ISP). We may use your IP to:

  • Diagnose server issues,

  • Report aggregated data,

  • Optimize routing and performance,

  • Administer and improve the Site.

Data Retention

We retain personal data in accordance with the following guidelines:

Category of Personal DataRetention Period
Records relevant for tax purposes8 years from the end of the tax year to which the records relate
Data relating to contractual services7 years from contract end or last service/order
Marketing or business development records3 years from last interaction
Other categories not specified7 years from receipt or end of the related interaction

These periods may be extended or shortened depending on legal proceedings or investigations.

We regularly review our data to ensure it remains accurate and relevant. If data is no longer needed, we will securely delete or correct it.

To amend or delete your data, refer to Clause 9 of this notice.

Sharing Your Information

We do not share your personal data with third parties, except as follows:

  • Payment processors: for handling transactions securely.

  • Independent contractors: for service delivery (e.g., name, location, boiler details).

  • Hosting providers: to store data securely.

  • Technical and marketing service providers: who support our business operations.

  • Legal obligations: such as compliance with court orders or fraud prevention.

  • Business transfers: in the event of a merger, sale, or restructuring.

  • Protection of rights: including fraud protection and credit risk reduction.

We take steps to ensure that any third party with access to your data complies with this Privacy Notice and protects your rights.

Email and Other Communications

If you have purchased services from us, we may contact you about similar products or services.

We may also send communications if:

  • You have subscribed to our newsletter.

  • You are a business customer.

All electronic communications comply with the Privacy and Electronic Communications Regulations 2003. We will clearly identify the sender and provide an opt-out option in each message.

You can opt out of receiving marketing communications at any time.

Security

We take appropriate technical and organisational measures to safeguard the personal data we collect and to protect it against unauthorised access, accidental loss, destruction, or damage. These measures may include:

  • Protecting our servers with firewalls.

  • Locating data processing and storage facilities in secure environments.

  • Encrypting all data stored on our servers using industry-standard encryption protocols.

  • Ensuring that all communication with our servers is encrypted via Secure Sockets Layer (SSL).

  • Securely disposing of or deleting data when no longer required.

  • Regularly backing up and encrypting all data we hold.

We ensure our employees are aware of their data protection obligations, and we take reasonable steps to ensure third-party staff handling your data also understand and comply with these obligations.

Please note that while we implement robust security measures, transmission of information over the internet is never entirely secure. Although we take steps to protect your data, we cannot guarantee the security of data transmitted to our Site. Once received, we apply our internal security procedures to safeguard it.

Your Privacy Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right to be informed: You have the right to be informed about how we collect, use, and share your personal data.

  • Right of access: You may request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month, free of charge (except for repeat or excessive requests).

  • Right to rectification: If the information we hold is incorrect or incomplete, you can request that we correct or complete it.

  • Right to erasure (right to be forgotten): You can request that we delete your personal data, subject to our legal or contractual obligations.

  • Right to restrict processing: You can ask us to stop processing your data without requiring its deletion.

  • Right to data portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format or ask that we transfer it to another provider.

  • Right to object: You can object to our processing of your data if it impacts your rights and freedoms. This includes objections to processing for direct marketing.

  • Rights related to automated decision-making: You have the right not to be subject to decisions made solely by automated means, including profiling, where those decisions have a significant effect on you.

  • Right to withdraw consent: If we rely on your consent to process data, you can withdraw that consent at any time.

To exercise any of these rights, please contact us in writing using the contact details at the end of this notice. We aim to respond to all valid requests within one month.

Data Breaches

If your personal data is compromised through a breach or unauthorised access, we will notify the Information Commissioner’s Office (ICO) without undue delay. If the breach poses a risk to your rights and freedoms, we will also inform you promptly.

Other Websites

Our Site may contain links to external websites. Please note that this privacy notice does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.

We are not responsible for the privacy practices of third-party websites, including those you accessed via links on our Site or those from which you arrived at our Site.

Transferring Your Information Outside of Europe

We do not routinely transfer your data outside of the European Economic Area (EEA). However, certain circumstances may require it, such as:

  • If you access our services from outside the EEA.

  • When communicating with you or with organisations outside the EEA during the delivery of our services.

  • When staff members access data remotely from outside the EEA, subject to strict security protocols.

In such cases, where the destination country does not have an adequacy decision from the EU, we will implement appropriate safeguards (e.g., standard contractual clauses) to ensure your data remains protected.

By using our services, you acknowledge and agree to such transfers where necessary.

Updates to This Notice

We may update this Privacy Notice from time to time. When we do, we will post the updated version on our Site and revise the “last updated” date. We encourage you to check this page regularly to stay informed about how we are protecting your data.

Contact Us

If you have any questions, concerns, or complaints about this Privacy Notice or the way your personal data is handled, please contact us at:

📧 Email: info@ukboilerexperts.co.uk

If you’re unsatisfied with our response, you may lodge a complaint with the UK’s Information Commissioner’s Office (ICO):
🌐 https://www.ico.org.uk

Privacy Policy

General

At UK Boiler Experts (“we” or “us”), we are committed to protecting your personal information. This Privacy Notice explains how we collect, use, and share your data. It covers any personal information you provide to us—whether in person, over the phone, on our website, through our apps, or via any other method of communication.

This notice is intended for our customers, potential customers, and their families. When we refer to “you” in this notice, we mean any individual whose personal data we collect or process—excluding our staff.

References to the “Site” in this notice refer specifically to our website.

This Privacy Notice is governed by the EU General Data Protection Regulation (GDPR).

Basis on Which We Process Personal Data

We process personal data for one or more of the following reasons:

  • Legitimate Interest: The processing is necessary in pursuit of a legitimate interest (ours or a third party’s), and this interest is not overridden by your interests in data privacy and security.
  • Consent: You have consented to the processing for specific purposes described in this notice.
  • Contractual Obligation: The processing is necessary to comply with our contractual obligations to you.

Data We Process, the Purpose, and Legal Reason

Below is a summary of the categories of personal data we may process, the reasons for doing so, and the legal basis for processing:

  • Set Up Information: Information provided when setting up an account.
  • Account Information: Information relating to your account with us.
  • Services Information: Data related to call-outs or orders, including services or products ordered.
  • Payment Information: Information related to payments. Credit/debit card data may be handled by third-party payment processors per their own privacy notices.
  • Communication Information: Records of correspondence or complaints.
  • Technical Information: Data on site visits, resources accessed, and searches.
  • Marketing Information: Data held for marketing purposes.

We will not collect any special category (sensitive) personal data (e.g., health-related data) without your explicit consent.

Generally, we collect data directly from you. Occasionally, we may obtain data from third parties (e.g., postcode databases) to enhance service delivery. If so, your rights under this notice still apply.

You may withdraw your consent or request restrictions on data processing at any time (see Clause 9). However, we may retain some data where required by law or to complete ongoing services.

Cookies and IP Address

A cookie is a small file stored on your device that records information about your use of the internet. Cookies on our Site help:

  • Track user behavior to improve services.
  • Keep you logged into online services.
  • Provide a customized experience.

Cookies do not contain personally identifiable information. Once you close your browser, our access to the cookie ends.

You can accept or decline cookies through your browser settings. We will request your consent to use cookies via a banner on your first visit.

Declining cookies will not restrict access to most content but may limit access to some services.

An Internet Protocol (IP) address is assigned to your computer by your Internet Service Provider (ISP). We may use your IP to:

  • Diagnose server issues,
  • Report aggregated data,
  • Optimize routing and performance,
  • Administer and improve the Site.

Data Retention

We retain personal data in accordance with the following guidelines:

Category of Personal DataRetention Period
Records relevant for tax purposes8 years from the end of the tax year to which the records relate
Data relating to contractual services7 years from contract end or last service/order
Marketing or business development records3 years from last interaction

These periods may be extended or shortened depending on legal proceedings or investigations.

We regularly review our data to ensure it remains accurate and relevant. If data is no longer needed, we will securely delete or correct it.

Sharing Your Information

We do not share your personal data with third parties, except as follows:

  • Payment processors: for handling transactions securely.
  • Independent contractors: for service delivery (e.g., name, location, boiler details).
  • Hosting providers: to store data securely.
  • Technical and marketing service providers: who support our business operations.
  • Legal obligations: such as compliance with court orders or fraud prevention.
  • Business transfers: in the event of a merger, sale, or restructuring.
  • Protection of rights: including fraud protection and credit risk reduction.

We take steps to ensure that any third party with access to your data complies with this Privacy Notice and protects your rights.

Email and Other Communications

If you have purchased services from us, we may contact you about similar products or services.

We may also send communications if:

  • You have subscribed to our newsletter.
  • You are a business customer.

All electronic communications comply with the Privacy and Electronic Communications Regulations 2003. We will clearly identify the sender and provide an opt-out option in each message.

You can opt out of receiving marketing communications at any time.

Security

We take appropriate technical and organisational measures to safeguard the personal data we collect and to protect it against unauthorised access, accidental loss, destruction, or damage. These measures may include:

  • Securing our servers using firewall protection.
  • Locating data processing and storage facilities in secure environments.
  • Encrypting all data stored on our servers using industry-standard encryption protocols.
  • Ensuring that all communication with our servers is encrypted via Secure Sockets Layer (SSL).
  • Securely disposing of or deleting data when no longer required.
  • Regularly backing up and encrypting all data we hold.

We ensure our employees are aware of their data protection obligations, and we take reasonable steps to ensure third-party staff handling your data also understand and comply with these obligations.

Please note that while we implement robust security measures, transmission of information over the internet is never entirely secure. Although we take steps to protect your data, we cannot guarantee the security of data transmitted to our Site. Once received, we apply our internal security procedures to safeguard it.

Your Privacy Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right to be informed: You have the right to be informed about how we collect, use, and share your personal data.
  • Right of access: You may request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month, free of charge (except for repeat or excessive requests).
  • Right to rectification: If the information we hold is incorrect or incomplete, you can request that we correct or complete it.
  • Right to erasure (right to be forgotten): You can request that we delete your personal data, subject to our legal or contractual obligations.
  • Right to restrict processing: You can ask us to stop processing your data without requiring its deletion.
  • Right to data portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format or ask that we transfer it to another provider.
  • Right to object: You can object to our processing of your data if it impacts your rights and freedoms. This includes objections to processing for direct marketing.
  • Rights related to automated decision-making: You have the right not to be subject to decisions made solely by automated means, including profiling, where those decisions have a significant effect on you.
  • Right to withdraw consent: If we rely on your consent to process data, you can withdraw that consent at any time.

To exercise any of these rights, please contact us in writing using the contact details at the end of this notice. We aim to respond to all valid requests within one month.

Data Breaches

If your personal data is compromised through a breach or unauthorised access, we will notify the Information Commissioner’s Office (ICO) without undue delay. If the breach poses a risk to your rights and freedoms, we will also inform you promptly.

Other Websites

Our Site may contain links to external websites. Please note that this privacy notice does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.

We are not responsible for the privacy practices of third-party websites, including those you accessed via links on our Site or those from which you arrived at our Site.

Transferring Your Information Outside of Europe

We do not routinely transfer your data outside of the European Economic Area (EEA). However, certain circumstances may require it, such as:

  • If you access our services from outside the EEA.
  • When communicating with you or with organisations outside the EEA during the delivery of our services.
  • When staff members access data remotely from outside the EEA, subject to strict security protocols.

In such cases, where the destination country does not have an adequacy decision from the EU, we will implement appropriate safeguards (e.g., standard contractual clauses) to ensure your data remains protected.

By using our services, you acknowledge and agree to such transfers where necessary.

Updates to This Notice

We may update this Privacy Notice from time to time. When we do, we will post the updated version on our Site and revise the “last updated” date. We encourage you to check this page regularly to stay informed about how we are protecting your data.

Contact Us

If you have any questions, concerns, or complaints about this Privacy Notice or the way your personal data is handled, please contact us at:

📧 Email: info@ukboilerexperts.co.uk

UK Boiler Experts LTD a company incorporated in England and Wales, Company Registration Number 16519426, ICO Registration Number ZB921024.

Contact Info

  • Unit 16 Laporte Way, Luton, England, LU4 8EF
  • 03331 889 634
  • info@ukboilerexperts.co.uk
  • Mon - Fri: 09:30 - 17:30

Our Services

Annual Service

Boiler Care

Radiator Care

Pipes & Drainage

Gas Safety Certificate

Support

Terms & Conditions

Refund Policy

Privacy Policy

Slavery Policy

Cookies Policy

Copyright © 2025 UK BOILER EXPERTS LTD