Privacy Policy

Cookie Statement & Privacy Policy

This cookie statement and privacy policy sets out how Bumford Heating Ltd uses and protects any information that you give us when you use this website.

Privacy Policy


This privacy policy notice is for this website [] and served by [Bumford Heating Limited, Unit 2D Shortwood Business Park, Hoyland, Barnsley, South Yorkshire, S74 9LH] and governs the privacy of those who use it. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to cease viewing / using this website.

Any changes to our privacy policy will be published on this page.

Policy key definitions:
"I", "our", "us", or "we" refer to the business, [Bumford Heating Limited &].
"you", "the user" refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner's Office.
Cookies mean small files stored on a users computer or device.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

What we collect:

We may collect the following information if you place an order or utilise the enquiry form or email system :

  • Name and title.
  • Contact information including email address and phone numbers.
  • Demographic information such as postcode, preferences and interests.
  • Other information relevant to customer surveys and/or offers.

How we use your data:

Usage Data:
We process data from users visiting our website this is classed as usage data and is collected by Google Analytics and our LiveChat software.
The usage data may include your IP Address, location, browser type and version, browser language, operating system, referral source, length of visit, page views and website navigation paths, as well as information about usage patterns such as frequency and time spent on specific pages. You can read privacy policies from Google Analytics & LiveChat below.
Google Analytics -
LiveChat -

Account Data:
We process data from users registering or purchasing through our website this is known as account data. 
The account data may include your name, title, billing & delivery addresses, email address and phone number(s). This information is provided by data entered on our website on our registration and checkout pages. The account data is used to process your order to ensure the goods are delivered to correct correspondence and contact details are used to inform you of any delivery / order information such as invoices and delivery tracking information.

Enquiry Data:
We process enquiry data from users sending us enquiries through our web forms / emails sent to one of registered email addresses or by telephone. The data will include any information shared with us such as email addresses, phone numbers, address details and any other enquiry data that is shared with us. We only use this data to act upon any requests the user has requested and is not shared with any outside parties or subscribed to any marketing lists. 

Transaction Data:
We process transaction data for payments made through our website through either one of our payment processors SagePay or PayPal. The transaction data may include your name, address data, phone numbers, IP addresses, email addresses, card data and goods purchased. This data is used to process the payment of goods and services purchased on our website and keep transaction records for our accounting records.

Using Your Data:
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

Providing your personal data to other parties:

Account Data:
The account data provided may be passed on to our courier services or third party supplier for the purpose of delivering goods and keeping you informed about any information related to delivering your order. The data is supplied via a electronic format via their secure online order systems where applicable.

Order Data:
Your order data can be used by Google Customer Reviews with your consent to leave a review about our service. This process is optional and you will be contacted by email a number of days after placing your order. The information used by Google is your order ID, email address, country, order date and GTIN (Product Code Data). This information is used to leave your opinion about the corresponding order and/or products on Google Shopping pages. Email address data is not published online and is only used to contact you about a request to leave a review about services / products offered by our company.

Transaction Data:
Financial transactions relating to our website are handled by our payment services providers, SagePay & PayPal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at;

PayPal -
SagePay -

Retaining personal data:

Enquiry Data:
We keep data related to any email / website enquiries for a maximum of 12 months to ensure that any previous correspondence can be called upon when further information may be required for a future enquiry.

Transaction Data:
Data related to transactions are kept for a indefinite period on our payment systems SagePay & PayPal. 

Order Data:
We keep order data for a indefinite period for the details related to the order if any further enquiries or claims related to the order are needed. The nature of returns procedures related to certain products which carry long warranties means we need to keep records for an indefinite time.

Usage Data:
Data related to user actions is kept for the below periods of time by our third party systems.
Google Analytics: This data is kept for a period of 38 months
LiveChat: This data is kept for a period of 12 months

Your individual rights

Under the GDPR your rights are as follows. You can read more about your rights in details here;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

Email marketing messages & subscription

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "Processing of your personal date" above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.

Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.

Our EMS provider is Sendy. We hold the following information about you within our EMS system;

  • Email address
  • Name
  • Subscription time & date

Links to other websites:

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information:

You may choose to restrict the collection or use of your personal information in the following ways:
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at the email address on this website
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

You may request details of personal information which we hold about you under the Data Protection Act 1998. 
If you would like a copy of the information held on you please write to the address found on this website.
If you believe that any information we are holding on you is incorrect or incomplete, please email us ([email protected]) as soon as possible, or by post at the address found on this website.

We will promptly correct any information found to be incorrect.

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective continuously until further notice.

Cookie Statement

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. This website does NOT deploy ANY third party affiliate marketing cookies. All cookies deployed form part of the following:

  1. Essential Usage cookies to allow the website to function.
  2. Non Essential cookies to allow us to track visitor numbers and related information such as popular webpage content.
  3. We do not use any website cookies to track your activity in the generation of third party revenues or anything else that would be classed as intrusive to your activity on this website.
  4. A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
  5. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
  6. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
  7. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

There are four classifications of Cookies as set out by their level of “Intrusiveness”

Intrusiveness Level: ZERO

Any cookies that have the sole purpose of making the website work. They will always be first party, and for the most part session cookies. They would usually be used solely to enable site navigation, like maintaining a persistent user session across pages. They are cookies that would fall under the 'strictly necessary' exemption for consent in the regulations.

This website uses cookies that are “Strictly Necessary” to make the website function

Intrusiveness Level: LOW

These are cookies that are designed to enhance the core user experience on the site, or help with measuring site performance. Google Analytics cookies, fall into this category which is a technology that allows for the tracking of website visitor numbers and areas of the website that are utilised by visitors. This information is provided by software that is provided by Google. This category is always first party and may include both session and persistent cookies. These cookies have a longer life span than 30 days and can be cleared from your browser at any time.

This website uses Google Analytics cookies that are “Intrusively Low” to inform the website owners of traffic and visitor numbers and related information such as webpage content usage

Intrusiveness Level: MEDIUM

These are cookies that might be used to store more personally identifiable information, or can be used for limited cross-site tracking. This category would also include first party cookies that track or control the user experience within a site, in a way that might not be obvious to the user or under their control. Especially if it is a persistent cookie that can do this across multiple visits. A cookie that enables a website to present content based on previous visits by that user, or based on personal information would be good examples. Cookies used by many types of social networking services, and set by sharing buttons, would fall into this category. This is because they are only able to track a user if they have previously signed in and agreed to their terms and conditions, so they don't affect all visitors. This would also include third party cookies that enable certain types of plug-ins and widgets to be added to a site to enhance user functionality, but are not identifying visitors or tracking behaviour across other domains, unless they have otherwise opted-in or signed up directly with that provider. Cookies used by many types of social networking services, and set by sharing buttons, would fall into this category. This is because they are only able to track a user if they have previously signed in and agreed to their terms and conditions, so they don't affect all visitors. The Twitter Follow button is a good example of this. It can set cookies used for tracking and user profiling, but only if that user has a Twitter account.

This website uses cookies that are “Intrusively Medium” to inform the visitor of previous pages viewed. This information is anonymous to the website owners and is a feature to allow easier navigation of the website. In addition any third party links to social networking services throughout our website (Facebook, Twitter Google+ & YouTube for example) only deploy third party cookies if you have already signed up to these services and are signed into these services.

Intrusiveness Level: HIGH

Any cookies that are mainly intended to track and record visitor interests, without any kind of prior consent, and to aggregate that data across sites for the benefit of third parties would fall into this category. This would include all types of cookies served by online advertising and also cookies set through the provision of embedded content that is not directly advertising related. Embedded YouTube videos, or Google Maps set and retrieve cookies which could be used to track users across sites, even if they are not used to then serve up adverts. The vast majority of third party cookies would fall into this category.

This website does not directly deploy cookies that are “Intrusively High” within its source code. We do not deploy any third party cookies that are sold or supplied directly to third parties. Any third party embed technology such as a YouTube video has been set to “enable privacy enhanced mode” which means that no intrusive cookies are deployed.

Changing Cookie Settings on Your Computer

You can set up your website browser to refuse cookies or to alert you to their presence and thereby allow you to remove them from your computer by clicking any of the links below: