Privacy Policy – Mars Heating
Last updated: 21-12-24
Mars Heating (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy sets out how we collect, use, disclose, and safeguard your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable data protection laws.
By using our website or engaging with our services, you consent to the practices described in this policy.
1. Data Controller
Mars Heating is the data controller for the purposes of UK data protection legislation. If you have any queries about this policy or how we process your data, please contact us:
EMAIL: info@mars-heating.co.uk
PHONE: 0147-359-8475
OFFICE: 50 Princes Street, Ipswich, Suffolk, IP1 1RJ
2. Information We Collect
We may collect, use, store, and transfer different kinds of personal data about you, including:
Identity Data – full name, title, date of birth.
Contact Data – postal address, email address, telephone number.
Property Data – details about your property necessary for surveys, heating assessments, and installation services.
Financial Data – payment details where required for invoicing and refunds.
Transaction Data – records of products and services purchased from us.
Technical Data – IP address, browser type, operating system, and cookies.
Marketing & Communications Data – preferences in receiving communications from us.
3. How We Collect Your Data
We collect personal data in the following ways:
Directly from you when you contact us via phone, email, website form, or in person.
Automatically, through cookies and analytics when you browse our website.
From third parties, including government bodies (e.g. Ofgem for the Boiler Upgrade Scheme), subcontractors, or service providers.
4. How We Use Your Information
We process your personal data only where lawful and necessary, including:
To respond to enquiries and provide quotes.
To carry out site surveys and installations.
To process Boiler Upgrade Scheme (BUS) applications on your behalf.
To manage billing, payments, and accounts.
To send service updates, reminders, and aftercare information.
To comply with legal, regulatory, and tax obligations.
To improve our website, products, and services through analytics.
5. Legal Bases for Processing
We rely on the following lawful bases to process personal data under UK GDPR:
Performance of a contract – where processing is necessary to deliver services requested.
Legal obligation – where processing is necessary to comply with tax, regulatory, or other legal requirements.
Legitimate interests – where processing is necessary for the efficient operation of our business, provided it does not override your fundamental rights.
Consent – where you have given clear consent, e.g. for marketing communications.
6. Sharing Your Information
We may share your personal data with trusted third parties, including:
Government authorities (e.g. Ofgem, Department for Energy Security and Net Zero) for BUS grant processing.
Accredited subcontractors involved in installation or maintenance work.
Professional advisers such as accountants, insurers, or legal consultants.
IT and website providers for hosting, security, and support.
We require all third parties to respect the security of your data and process it lawfully. They are not permitted to use your data for their own purposes.
7. International Transfers
We do not routinely transfer your personal data outside the UK. If this becomes necessary (for example, through cloud-based service providers), we will ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption, secure servers, and restricted access protocols. Despite these measures, please note that no system can guarantee absolute security.
9. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, and reporting requirements.
Customer records are generally retained for 7 years after the end of our relationship, in line with HMRC requirements.
Marketing data is retained until you opt out or withdraw consent.
Data relevant to BUS applications may be retained longer to satisfy government audit requirements.
10. Your Rights
Under UK GDPR, you have the right to:
Request access to the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request erasure of your personal data where there is no lawful basis for us to continue processing it.
Object to the processing of your data where we rely on legitimate interests.
Request restriction of processing in certain circumstances.
Request the transfer of your personal data (data portability).
Withdraw consent where consent was the lawful basis for processing.
To exercise these rights, please contact us using the details provided above.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not handled your data correctly: www.ico.org.uk.
11. Cookies
Our website uses cookies and similar technologies to improve your browsing experience and analyse traffic. You can manage or disable cookies through your browser settings. For more detail, see our separate Cookie Policy.
12. Third-Party Links
Our website may contain links to third-party websites, including government portals for grant applications. Please note that we are not responsible for the privacy practices of those websites.
13. Updates to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website with the effective date noted above.