1. Introduction

1.1    Grant Engineering (UK) Ltd (also referred to as “we”, “us” and “our”) is committed to safeguarding the privacy of our website visitors and service users; in this policy we explain how we gather and process personal information in accordance with this policy and in compliance with the relevant data protection laws.

1.2    This policy provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

1.3    It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

1.4    This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

 

2. How we use your personal data

2.1    In this Section 2 we have set out:

(a)    the general categories of personal data that we may process;

(b)    in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;

(c)     the purposes for which we may process personal data; and

(d)    the legal bases of the processing.

2.2    We may process data about your use of our website ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your website use. The source of the usage data is via Google analytics. This usage data may be processed for the purposes of analysing the use of our website and the services offered via it. The lawful basis for this processing is our legitimate interests, namely monitoring and improving our website and services. You can find out more about Google’s position on privacy as regards its analytics service at http://www.google.com/intl/en_uk/analytics/privacyoverview.html

2.3    We will process personal data that is provided during the use of our product registration services, including through installation packages provided via the G-Cert Scheme ("service data"). This service data will include your name, address, email, telephone number, and product and installation details which are necessary to enable Grant Engineering (UK) Ltd to provide you with a product guarantee. The lawful basis for this processing is performance of a contract and legal obligation’.

         As part of our product registration services, we provide an annual service reminder by post, email, telephone call or text message for any ‘in warranty’ products. The lawful basis for processing this data is ‘legitimate interest’, to ensure the correct administration and continuation of your product guarantee e.g. those with the additional benefit of an extended guarantee through our G1 Installer Scheme. You can choose to ‘opt out’ of this service at any time by post, telephone or email, although it must be stated that annual product servicing is a requirement under the Terms of the Guarantee. Failure to do so will result in the product guarantee becoming invalid. This does not affect your statutory rights.

         We provide an annual service reminder by post, email, telephone call or text message for all installations under a Renewable Heat Incentive (RHI) via the Grant G-CERT Scheme. The lawful basis for processing this data is ‘legitimate interest’. You can choose to ‘opt out’ of this service at any time by post, telephone or email, although it must be stated that there is a contractual obligation for the end user to have their Grant renewable product serviced annually in order to maintain their RHI payments. Failure to do so will result in RHI payments being ceased.

         We also provide an additional annual service reminder for ‘out of warranty products’ and you can choose to ‘opt in’ for this service during the online registration of your product, by email or telephone at any point in time. The lawful basis for this processing is ‘consent’. You can choose to ‘opt out’ of this service at any time by post, telephone or email.

2.4    We may process information that you provide to us for the purpose of subscribing to our email notifications and/or marketing communications ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and/or marketing communications. The lawful basis for this processing is consent.

2.5    We may process information contained in or relating to any communication that you send to us ("correspondence data"), whether by post, email, telephone or our website. The correspondence data may include your name, email address, additional contact details (if you choose to provide them), the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of responding to your enquiry, communicating with you and record-keeping. The lawful basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.

2.6    We may capture and process video recordings and/or photos of you for promotional purposes (from this point on referred to as “image data”) which will represent personal data if you can be personally identified from the images. A consent form must be completed by those captured within the image data in order for us to process them for marketing and publicity purposes or, for any other stated purpose. Providing consent is granted, your image data will be held in addition to any personal contact information provided in the consent form. We request that you give optional contact information e.g. an email address in case there is a need to seek consent in the future to use images in another way to that previously specified. The lawful basis for this processing is consent.

2.7    We will process personal data that is provided by professionals when signing up for our G-Cert MCS Certification Scheme or using our other professional services, such as the UFH Design Services (“professional services data”). This professional services data may include information such as your name, address, email, telephone number, company details, liability insurance details, references, qualifications and professional registrations. The lawful basis for this processing is performance of a contract and to comply with our legal obligations.

2.8    We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

2.9    Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

2.10  Please do not supply any other person's personal data to us, unless we prompt you to do so and you have consent from the data subject.

2.11  Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

 

3. Providing your personal data to others

3.1    We may disclose your personal data to any member of our group of companies this means our subsidiaries, our ultimate holding company and all its subsidiaries insofar as reasonably necessary for the purposes set out in this policy.

3.2    We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.

3.3    Financial transactions relating to our website and services such as purchasing extended warranties are handled by our payment services provider PayPal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

3.4    If you are a homeowner we may disclose your personal data to one or more of our approved service providers (3rd party service engineer) for the purpose of any in-warranty service call out on your Grant product.

3.5    If you are a professional and have given us permission, we will share your contact details with homeowners looking for local engineers via our website or via direct correspondence with us.

3.6    We may disclose your personal data to our review service provider TrustPilot, which is limited to the extent necessary for the purposes of reviewing Grant Engineering UK Ltd’s products and services, helping us improve customer satisfaction. Information that is collected through the registration of a product for its guarantee (online, over the telephone or in person) may be passed to TrustPilot including: name, email address, product type and serial number. We may also pass personal information relating to services provided i.e. training courses attended through our Academy, including: name, email address and course name and date. To find out how TrustPilot ensure the security of data for individuals who use their review platform, see: https://uk.legal.trustpilot.com/end-user-privacy-terms

3.7    Our website is managed and hosted by digital agency 16 Interactive Ltd, therefore any personal information that is submitted via the website, is also visible to our digital agency when accessing the site for updating and monitoring purposes only. To view their commitment to privacy, view their privacy policy: https://www.16i.co.uk/privacy-policy/

3.8    We may share your personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy .

3.9    In addition to the specific disclosures of personal data set out in this Section 3, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

3.10  We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

4. Marketing

4.1   By subscribing to our email notifications and/or marketing communications ("notification data"), we may pass your personal data to our third party email provider MailChimp for the purpose of distributing the aforementioned communications. You can find more information on how MailChimp handle personal information by viewing their privacy policy https://mailchimp.com/legal/privacy/

4.2   If you are a professional (rather than a homeowner) then we may also share hashed portions of your personal data with certain strategic partners to make our business more responsive to your interests. For example, we may locally hash your email address and transmit the resulting hashed data to Facebook for the purpose of creating “Custom Audiences” (where targeted ads are sent to people on Facebook who already use our services). If you wish to opt-out of this use of certain hashed portions of your personal data, please email us at marketing@grantuk.com, and we will begin the process of removing your personal data from our Custom Audience list.

4.3   We will not share your personal data with any third party companies for their own marketing purposes.

 

5. International transfers of your personal data

5.1    In this Section 5, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).

5.2    We and our other group companies have offices and facilities in the Republic of Ireland and France. The European Commission has made an "adequacy decision" with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.

5.3    You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

5.4    Some of our external third party processors are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

         (a) We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

         (b) Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

         (c) Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

         Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

 

6. Retaining and deleting personal data

6.1    This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

6.2    Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you..

6.3    We will retain and delete your personal data as follows:

(a)    Service data will be retained for the lifespan of the product or for a minimum of 10 years in any event, following the registration of the product.

(b)    Image data will be retained for no longer than five years from the date the photograph or recording is taken. However, it is important to note that any photos, videos or information we publish outside of Grant UK will be in the public domain and therefore such material can be accessed, reproduced or altered beyond the control of Grant UK.

(c)     The period of retention of Correspondence data will be determined based on the length of time we are in communication. We will delete old correspondence data after a period of two years unless the communication is still ongoing. If the correspondence relates to a Grant product installation it will be treated as ‘Service data’ and retained for the lifespan of the product.

6.4    In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

6.5    In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

7. Amendments

7.1    We may update this policy from time to time by publishing a new version on our website.

7.2    You should check this page occasionally to ensure you are happy with any changes to this policy.

7.3    It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

 

8. Your rights

8.1    In this Section 8, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

8.2    Your principal rights under data protection law are:

(a)    the right to access;

(b)    the right to rectification;

(c)     the right to erasure;

(d)    the right to restrict processing;

(e)    the right to object to processing;

(f)     the right to data portability;

(g)    the right to complain to a supervisory authority; and

(h)    the right to withdraw consent.

8.3    You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

8.4    You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

8.5    In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

8.6    In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

8.7    You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the lawful basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

8.8    You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

8.9    You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

8.10  To the extent that the lawful basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

8.11  You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.  

8.12  To the extent that the lawful basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

8.13  You may exercise any of your rights in relation to your personal data by written notice to us.

 

9. About cookies

9.1    You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Portal may become inaccessible or not function properly. For more information about the cookies we use, please see https://www.grantuk.com/cookie-policy/

 

10. Our details

10.1  This website is owned and operated by Grant Engineering (UK) Ltd.

10.2  We are registered in England under registration number 3196757, and our registered office is at Hopton House, Hopton Industrial Estate, Devizes, Wiltshire, SN10 2EU.

10.3  Our principal place of business is at Hopton House, Hopton Industrial Estate, Devizes, Wiltshire, SN10 2EU.

10.4  You can contact us:

(a)    by post, using the postal address given above;

(b)    using our website contact form;

(d)   by email, using info@grantuk.com

10.5    We are registered with the Information Commissioners Office as a data controller.

Registration number: Z2992579

 

11. Data protection manager

11.1  Our data protection manager can be contacted at our registered office address.