Policy key definitions:
"I", "our", "us", or "we" refer to the business, [Bumford Heating Limited & BHL.co.uk].
"you", "the user" refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner's Office.
Cookies mean small files stored on a users computer or device.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
We may collect the following information if you place an order or utilise the enquiry form or email system :
We process data from users visiting our website this is classed as usage data and is collected by Google Analytics and our LiveChat software.
The usage data may include your IP Address, location, browser type and version, browser language, operating system, referral source, length of visit, page views and website navigation paths, as well as information about usage patterns such as frequency and time spent on specific pages. You can read privacy policies from Google Analytics & LiveChat below.
Google Analytics - https://support.google.com/analytics/answer/6004245?hl=en
LiveChat - https://www.livechatinc.com/privacy-policy/
We process data from users registering or purchasing through our website this is known as account data.
The account data may include your name, title, billing & delivery addresses, email address and phone number(s). This information is provided by data entered on our website on our registration and checkout pages. The account data is used to process your order to ensure the goods are delivered to correct correspondence and contact details are used to inform you of any delivery / order information such as invoices and delivery tracking information.
We process enquiry data from users sending us enquiries through our web forms / emails sent to one of registered email addresses or by telephone. The data will include any information shared with us such as email addresses, phone numbers, address details and any other enquiry data that is shared with us. We only use this data to act upon any requests the user has requested and is not shared with any outside parties or subscribed to any marketing lists.
We process transaction data for payments made through our website through either one of our payment processors SagePay or PayPal. The transaction data may include your name, address data, phone numbers, IP addresses, email addresses, card data and goods purchased. This data is used to process the payment of goods and services purchased on our website and keep transaction records for our accounting records.
Using Your Data:
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
The account data provided may be passed on to our courier services or third party supplier for the purpose of delivering goods and keeping you informed about any information related to delivering your order. The data is supplied via a electronic format via their secure online order systems where applicable.
Your order data can be used by Google Customer Reviews with your consent to leave a review about our service. This process is optional and you will be contacted by email a number of days after placing your order. The information used by Google is your order ID, email address, country, order date and GTIN (Product Code Data). This information is used to leave your opinion about the corresponding order and/or products on Google Shopping pages. Email address data is not published online and is only used to contact you about a request to leave a review about services / products offered by our company.
Financial transactions relating to our website are handled by our payment services providers, SagePay & PayPal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at;
We keep data related to any email / website enquiries for a maximum of 12 months to ensure that any previous correspondence can be called upon when further information may be required for a future enquiry.
Under the GDPR your rights are as follows. You can read more about your rights in details here;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal date" above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.
Our EMS provider is Sendy. We hold the following information about you within our EMS system;
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
You may choose to restrict the collection or use of your personal information in the following ways:
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at the email address on this website
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
You may request details of personal information which we hold about you under the Data Protection Act 1998.
If you would like a copy of the information held on you please write to the address found on this website.
If you believe that any information we are holding on you is incorrect or incomplete, please email us (firstname.lastname@example.org) as soon as possible, or by post at the address found on this website.
We will promptly correct any information found to be incorrect.
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective continuously until further notice.
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. This website does NOT deploy ANY third party affiliate marketing cookies. All cookies deployed form part of the following:
Any cookies that have the sole purpose of making the website work. They will always be first party, and for the most part session cookies. They would usually be used solely to enable site navigation, like maintaining a persistent user session across pages. They are cookies that would fall under the 'strictly necessary' exemption for consent in the regulations.
These are cookies that are designed to enhance the core user experience on the site, or help with measuring site performance. Google Analytics cookies, fall into this category which is a technology that allows for the tracking of website visitor numbers and areas of the website that are utilised by visitors. This information is provided by software that is provided by Google. This category is always first party and may include both session and persistent cookies. These cookies have a longer life span than 30 days and can be cleared from your browser at any time.
This website uses Google Analytics cookies that are “Intrusively Low” to inform the website owners of traffic and visitor numbers and related information such as webpage content usage
These are cookies that might be used to store more personally identifiable information, or can be used for limited cross-site tracking. This category would also include first party cookies that track or control the user experience within a site, in a way that might not be obvious to the user or under their control. Especially if it is a persistent cookie that can do this across multiple visits. A cookie that enables a website to present content based on previous visits by that user, or based on personal information would be good examples. Cookies used by many types of social networking services, and set by sharing buttons, would fall into this category. This is because they are only able to track a user if they have previously signed in and agreed to their terms and conditions, so they don't affect all visitors. This would also include third party cookies that enable certain types of plug-ins and widgets to be added to a site to enhance user functionality, but are not identifying visitors or tracking behaviour across other domains, unless they have otherwise opted-in or signed up directly with that provider. Cookies used by many types of social networking services, and set by sharing buttons, would fall into this category. This is because they are only able to track a user if they have previously signed in and agreed to their terms and conditions, so they don't affect all visitors. The Twitter Follow button is a good example of this. It can set cookies used for tracking and user profiling, but only if that user has a Twitter account.
Any cookies that are mainly intended to track and record visitor interests, without any kind of prior consent, and to aggregate that data across sites for the benefit of third parties would fall into this category. This would include all types of cookies served by online advertising and also cookies set through the provision of embedded content that is not directly advertising related. Embedded YouTube videos, or Google Maps set and retrieve cookies which could be used to track users across sites, even if they are not used to then serve up adverts. The vast majority of third party cookies would fall into this category.
This website does not directly deploy cookies that are “Intrusively High” within its source code. We do not deploy any third party cookies that are sold or supplied directly to third parties. Any third party embed technology such as a YouTube video has been set to “enable privacy enhanced mode” which means that no intrusive cookies are deployed.