Policy key definitions:
“I”, “our”, “us”, or “we” refer to the business, [Bumford Heating Limited & Bumfords.com].
“you”, “the user” refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner’s Office.
Cookies mean small files stored on a users computer or device.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
What we collect:
We may collect the following information if you contact us using the enquiry form or email system :
- Name and title.
- Contact information including email address and phone numbers.
- Demographic information such as postcode, preferences and interests.
- Any message content you provide
How we use your data:
We process data from users visiting our website this is classed as usage data and is collected by Google Analytics and our LiveChat software.
The usage data may include your IP Address, location, browser type and version, browser language, operating system, referral source, length of visit, page views and website navigation paths, as well as information about usage patterns such as frequency and time spent on specific pages. You can read privacy policies from Google Analytics & LiveChat below.
Google Analytics – https://support.google.com/analytics/answer/6004245?hl=en
LiveChat – https://www.livechatinc.com/privacy-policy/
We process data from registered customers whom we do one off or scheduled work this is known as account data.
The account data may include your name, title, billing & delivery addresses, email address and phone number(s). This information is provided by data entered on our website, telephone or mail correspondence. The account data is used to provide services are correct and are done at the stated premises, we will use this information to contact you regarding invoicing, queries and reminders.
We process enquiry data from users sending us enquiries through our web forms / emails sent to one of registered email addresses or by telephone. The data will include any information shared with us such as email addresses, phone numbers, address details and any other enquiry data that is shared with us. We only use this data to act upon any requests the user has requested and is not shared with any outside parties or subscribed to any marketing lists.
We process transaction data for payments made through our website through either one of our payment processors SagePay or PayPal. The transaction data may include your name, address data, phone numbers, IP addresses, email addresses, card data and goods purchased. This data is used to process the payment of goods and services purchased on our website and keep transaction records for our accounting records.
Using Your Data:
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
Providing your personal data to other parties:
The account data provided may be passed on to our courier services or third party supplier for the purpose of delivering goods and keeping you informed about any information related to delivering your order. The data is supplied via a electronic format via their secure online order systems where applicable.
Your installation / service order data may be shared to the boiler manufacturer, the relevant fuel appliance governing body (Gas Safe, OFTEC, HETAS) for registering the warranty and to notify them of work that has been carried out. This will include address and contact details, information about the installation and products used.
Financial transactions relating to payments made in person, telephone and online are handled by our payment services providers SagePay, PayPal & Hitachi Capital. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at;
PayPal – https://www.paypal.com/en/webapps/mpp/ua/privacy-full
SagePay – https://www.sagepay.co.uk/policies/privacy-policy
Htachi Capital – https://www.hitachicapital.co….
Retaining personal data:
We keep data related to any email / website enquiries for an indefinite amount of time due to record keeping for warranties and any queries that an outside governing body may have.
Data related to transactions are kept for a indefinite period on our payment systems SagePay & PayPal.
We keep order data for a indefinite period for the details related to the order if any further enquiries or claims related to the order are needed. The nature of returns procedures related to certain products which carry long warranties means we need to keep records for an indefinite time.
Data related to user actions is kept for the below periods of time by our third party systems.
Google Analytics: This data is kept for a period of 38 months
LiveChat: This data is kept for a period of 12 months
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal date” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.
Our EMS provider is MailChimp. We hold the following information about you within our EMS system;
- Email address
- Subscription time & date
Links to other websites:
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information:
You may choose to restrict the collection or use of your personal information in the following ways:
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at the email address on this website
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
You may request details of personal information which we hold about you under the Data Protection Act 1998.
If you would like a copy of the information held on you please write to the address found on this website.
If you believe that any information we are holding on you is incorrect or incomplete, please email us ([email protected]) as soon as possible, or by post at the address found on this website.
We will promptly correct any information found to be incorrect.
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective continuously until further notice.