Privacy & Cookies Policy

Published December 2018


Privacy Notice

This privacy notice explains in clear language, how BSW Heating Ltd. uses the personal information we collect from Data Subjects, either through using our website, or in any other way, electronically, verbally or in writing.


• Data controller
• Basis for collecting your data (Lawful processing)
• Recipients of data and data transfers
• Sensitive Information
• Categories and type of Personal Data collected
• Retention policy
• Data Storage and Security
• Cookies
• Your Rights as a data subject
• Automated decision making
• 3rd Party Websites

Data controller

BSW Heating Ltd. is the data controller. We can be contacted at or telephone number +44 (0)208 7635 300. Our Data Protection Officer can be contacted at

On what basis do we collect and process your data? (known as lawful processing)

Data Privacy law defines the basis by which we can lawfully collect and process personal data. For the data we act as data controller, we have determined the following:

To enter into or in pursuance of a contract:
We will collect personal data when engaging with individuals to enter into a contract, such as an employment contract or commercial agreement to supply services or goods. We will continue to process that data for the duration and often subsequently after the contract expires or is terminated.

Where we have a Legal obligation:
We will collect personal data when we are required to through a legal obligation, such as requirements from HMRC in relation to employment or conduct checks through the Disclosure and Barring service.

In our legitimate interest:
We will collect and process personal data where it is in the legitimate interest of BSW Heating Ltd. to do so. Specifically, we use legitimate interest in relation to our clients and in order to identify prospective clients and if engaged, we continue to process personal data to manage our commercial relationship. This will include but not limited to the continued processing (retention) of records of our transactions and interactions. We also consider our use of CCTV and the collection of images as a legitimate interest activity. A legitimate Interest Assessment has been conducted to ensure that the legitimate interests of the organisation does not outweigh that of the data subject. The data collected will not be used for any unlawful or unethical purpose.

Data recipients and data transfers

We do not sell any of your personal data to any third party – including your name, address, email address or credit card information.
Where required, BSW Heating Ltd. share personal data with service providers such as our auditors, accountants and insurance companies. We may, as required, share your personal information with printing and mailing companies, as well as email service providers and other delivery companies. Our email system is cloud based and personal data is held in Microsoft’s cloud environment.
Financial transactions are handled by our card payment service providers, Barclays Bank. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Data is transferred to by our email host and held in UK based accredited data centres. We utilise the service of secure off-site document storage facilities also based in the UK.

Sensitive information

BSW Heating Ltd. does process sensitive data as defined by Article 9 of the GDPR. This is employee health data and is used for the purposes of entering into a contract. We use this data to ensure we can comply with any relevant workplace legislation and to discharge our duty of care. In addition we process necessary health and vulnerability data in relation to end users in order to provide suitable and appropriate responses when carrying out our services.

Categories and types of data

For engagement of our Contractors we process:

• Name
• Address
• Phone number(s)
• Email Address
• Date of birth
• Gender
• CV
• References
• Sickness record
• Passport
• Signature
• Driving Licence
• Bank account
• Accreditation
• Disclosure and Barring Service check
• Location data

We process the following data of our customers:

• Name
• Address
• Phone number(s)
• Email address
• Signature
• Preferred name
• Bank Account/ Credit card details

We process the following data of our Clients:

• Name
• Address
• Phone number(s)
• Email Address(s)
• Signature
• Online identifier such as LinkedIn URL
• Fax. No
• Photo

We process the following personal data of our suppliers:

• Name
• Address
• Phone number
• Email address
• Preferred name

We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.

The data we collect as data controllers from our data subjects is obtained directly from the data subject themselves or is obtained from sources such as social media platforms. Please see our Cookie Policy for information on the data collected by our website.

Retention policy

The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted in accordance with legal obligations, such as HMRC rules. Outside of that BSW Heating Ltd. has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.

Generally, personal data required for financial transaction and audit purposes, including reporting to the HMRC will be retained for 6 years plus the current year it is collected.

Personal data processed for employment purposes will be held for 6 years after termination of employment or contract. Right to work verification will be retained for 2 years after termination of employment or contract. Employment application data will be retained for a period of 3 months following unsuccessful application. CCTV images will be deleted on rolling basis after 30 days.

Personal data collected for the purposes of engaging with suppliers will be maintained for the duration of the commercial relationship and for a further 7 years thereafter.

Data Storage and Security

BSW Heating Ltd. follows strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store data within our own physical network and via cloud services provided by Microsoft Office. Our data is subject to rigorous back up regimes to prevent data loss and continuance of service.

The servers storing personal information are kept in a secure environment with restricted physical access. We use secure firewalls and other measures to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.

The information we collect and process as data controllers is restricted to our offices, other than that required to be transmitted to electronic devices operated by our service engineers. Only persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.


Cookies from our website

To make our website work properly, we sometimes place small data files called cookies on your device.

What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?

A number of our pages use cookies to remember:
• your display preferences, such as contrast colour settings or font size
• if you have already replied to a survey pop-up that asks you if the content was helpful or not (so you won’t be asked again)
• if you have agreed (or not) to our use of cookies on this site
• analytical purposes
• to allow sharing of information across social media platforms

The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.

How to control cookies

You can control and/or delete cookies as you wish – for details, see You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Cookies we use are:

  • _gid        Performance Google Analytics used to store and update a unique value for each page visited.
  • _ga          Performance Used to calculate visitor, session and campaign data for the site’s analytics reports.
  • _gat        Performance Used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.
  • _unam   Functionality Social sharing widget to enable sharing of content across various social networks.
  • _stid       Functionality Tracks content you view and share across social media.

Your rights as a data subject

The regulations provide a number of rights to you as the Data Subject. BSW Heating Ltd. is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office A full and detailed explanation of all rights can be found at
The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
Right of Access – you have the right to know what personal information is held, by whom and why.
The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
Right to Object – You have the right to object to profiling and direct marketing
You also have rights in relation to automated decision making.

You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office

Automated decision making
BSW Heating Ltd. does not use automated decision making to process personal data.

Third party websites
Our website may contain links to other websites. This privacy policy only applies to BSW Heating Ltd., so if you follow a link to another website, you should read that organisations own privacy policy.

Changes to our privacy policy
We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in December 2018

How to contact us
You can write to us at this address:
BSW Heating Ltd. Ltd.
3 Old Barn Lane,
Surrey. CR8 5AT

You can telephone us on this number:
+44 (0)208 7635 300

You can email us by using this link:

Resident Log-in Client Log-in