This privacy policy explains how Boiler Fit Direct Kent collects, uses, stores and protects your personal data when you use our website or contact us about our services. We are committed to handling your information responsibly and in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
The data controller for this website is:
As the data controller, we determine the purposes and means of processing your personal data. If you have any questions about how we use your information, please contact us using the details above.
What Personal Data We Collect
We only collect information that is necessary to respond to your enquiry or provide our services. The types of personal data we may collect include:
Contact Information
- — Your name
- — Telephone number
- — Email address
- — Property address (where relevant to your enquiry)
Enquiry Details
- — Description of the work you require
- — Preferred dates or times for a visit
- — Details about your boiler or heating system
- — Any additional information you provide voluntarily
Website Usage Data
- — IP address (anonymised where possible)
- — Browser type and version
- — Pages visited and time spent on site
- — Referring website or search term
Communications
- — Records of emails or messages exchanged
- — Notes from telephone conversations (if you consent)
- — Feedback or reviews you submit
We do not collect sensitive personal data (such as health information or financial details) unless you specifically provide it in the context of your enquiry and we have a clear lawful basis for processing it.
How We Use Your Data
We process your personal data only where we have a lawful basis to do so under UK GDPR. The table below explains what we use your data for and the legal basis for each purpose.
| Purpose | Lawful Basis |
|---|---|
| Responding to a quote request or general enquiry you submit via the contact form | Legitimate interests / pre-contractual steps |
| Arranging a site visit or booking in repair or installation work | Contract performance |
| Sending a quote, invoice or service confirmation | Contract performance |
| Following up on an open enquiry where you have not yet responded | Legitimate interests |
| Analysing website usage to improve the site (via anonymised analytics) | Legitimate interests |
| Complying with a legal obligation (e.g. tax records, Gas Safe registration requirements) | Legal obligation |
We do not use your personal data for automated decision-making or profiling. We do not sell, rent or trade your personal data to any third party for their own marketing purposes.
Cookies
Our website uses cookies — small text files placed on your device — to help the site function correctly and to understand how visitors use it. The cookies we use fall into two categories:
Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be switched off. They are usually set in response to actions you take, such as submitting the contact form. They do not store any personally identifiable information.
Analytics Cookies (Optional)
If we use a website analytics tool (such as Google Analytics), anonymised data about your visit — including pages viewed, time on site, and general location — may be collected. This data helps us understand which pages are most useful so we can improve the site. No personally identifiable information is stored in these cookies. Where consent is required under the Privacy and Electronic Communications Regulations (PECR), we will ask for it before placing analytics cookies.
You can manage or disable cookies through your browser settings at any time. Most browsers allow you to refuse new cookies, delete existing cookies, or browse in a private mode. Please note that disabling certain cookies may affect the functionality of this website.
Sharing Your Data with Third Parties
We do not sell your personal data. We share it only in the limited circumstances described below, and only with parties who handle it responsibly:
Website hosting and technical providers
Our website is hosted on third-party infrastructure. Hosting providers may have incidental access to server logs that include IP addresses. Any such provider is bound by appropriate data processing agreements.
Email and communication tools
Emails sent through our contact form or to our business email address are processed by our email service provider. We select providers that meet UK/EU data protection standards.
Analytics providers
If analytics software is in use, anonymised usage data may be processed by that provider (e.g. Google Analytics). This does not include your name, email address or contact details.
Legal and regulatory authorities
We may be required to disclose data to comply with a legal obligation — for example, in response to a court order, or to comply with Gas Safe Register reporting requirements.
Where we use third-party processors, we ensure that appropriate data processing agreements are in place and that those parties process your data only on our instructions and in accordance with UK data protection law.
How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected. The table below gives a guide to our typical retention periods:
| Type of Data | Retention Period |
|---|---|
| Enquiry that did not progress to a job | 12 months from last contact |
| Customer records for completed work | 6 years (in line with HMRC requirements) |
| Gas safety certificates and related records | 2 years minimum (in line with Gas Safe requirements); we recommend longer for your records |
| Email correspondence | 2 years from the date of last contact, unless related to a completed contract (see above) |
| Website analytics data | Anonymised data may be retained indefinitely; no personally identifiable data is retained beyond session level |
After the relevant retention period, personal data is securely deleted or anonymised. If you would like us to delete your data sooner, please see the section on Your Rights below.
Your Rights Under UK GDPR
You have several rights in relation to the personal data we hold about you. These rights apply in most circumstances, though some are subject to conditions or exceptions under UK GDPR.
Right of Access
You can ask us for a copy of the personal data we hold about you. This is called a Subject Access Request (SAR). We will respond within one calendar month.
Right to Rectification
If we hold inaccurate or incomplete data about you, you have the right to ask us to correct it. We will do so promptly.
Right to Erasure
In certain circumstances, you can ask us to delete your personal data. We will comply unless we have a legal obligation to retain it (e.g. tax records).
Right to Restrict Processing
You can ask us to limit how we use your data — for example, while a dispute about its accuracy is resolved.
Right to Data Portability
Where processing is based on consent or contract, you can ask us to provide your data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object to processing based on legitimate interests. We will stop unless we can demonstrate compelling grounds that override your interests.
Right to Withdraw Consent
Where we rely on your consent to process data (e.g. optional marketing), you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
Right to Complain
If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
To exercise any of these rights, please contact us at info@boilerfitdirectkent.com or by telephone on 01732 905513. We will respond within one calendar month. We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.
Data Security
We take the security of your personal data seriously. We put in place appropriate technical and organisational measures to protect your information against unauthorised access, loss, destruction or disclosure. These include:
- This website is served over HTTPS, encrypting data in transit between your browser and our server.
- Access to contact form submissions and customer records is restricted to authorised staff only.
- We do not store credit or debit card details — all payments are handled through secure, PCI-compliant payment providers where applicable.
- We keep software and systems updated to reduce the risk of security vulnerabilities.
No method of electronic transmission or storage is completely secure. While we do our best to protect your personal data, we cannot guarantee absolute security. In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals as required by law.
Links to External Websites
Our website may include links to external websites — for example, links to the Gas Safe Register or to manufacturer warranty information. This privacy policy applies only to this website. If you follow a link to another site, you should read the privacy policy of that site, as we have no control over and accept no responsibility for the way it handles your data.
External links are included for your convenience and do not imply any endorsement of the linked site or its operators beyond what is stated on the page containing the link.
Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes to how we work, the services we provide, or our legal obligations. The date at the top of this page shows when it was last revised. Where a change is material, we will take reasonable steps to bring it to your attention — for example, by displaying a notice on our website.
We encourage you to check this page periodically to stay informed about how we protect your personal data.
Questions or Concerns?
If you have any questions about this privacy policy, or if you would like to exercise any of your data protection rights, please get in touch with us directly. We will do our best to address your concern promptly and clearly.
Right to complain to the ICO: If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the UK's data protection regulator, the Information Commissioner's Office (ICO). Visit ico.org.uk or call the ICO helpline on 0303 123 1113.