top of page

Privacy Policy

Effective Date: 27 May 2026

Last Updated: 27 May 2026

 

1. Introduction

Makerfield Heating LTD (“we”, “us”, “our”) is committed to protecting and respecting your

privacy.

​

This Privacy & Cookie Notice explains how we collect, use, disclose, store, and protect personal data when you:

ï‚· visit our website;

ï‚· contact us;

ï‚· purchase products or services;

ï‚· subscribe to communications;

ï‚· interact with us on social media;

ï‚· attend events;

ï‚· make enquiries;

ï‚· engage with us as a customer, supplier, contractor, candidate, supporter, or

member of the public.

​

This Notice is intended to comply with:

ï‚· UK General Data Protection Regulation (“UK GDPR”);

ï‚· Data Protection Act 2018;

ï‚· Data Use and Access Act 2025 (“DUAA 2025”);

ï‚· Privacy and Electronic Communications Regulations 2003 (“PECR”);

ï‚· Consumer Protection from Unfair Trading Regulations 2008;

ï‚· applicable guidance issued by the Information Commissioner’s Office (“ICO”).

 

​

2. Data Controller Details

 

Data Controller

Organisation Name: Makerfield Heating LTD

Company Number: 17014370

Registered Office: 30 Hamilton Road, Ashton-in-Makerfield, Wigan, England, WN40SU

Email Address: dpo.makerfieldheating@gmail.com

Website: makerfieldheating.com

​​

​

3. Data Protection Contact

​

If you have any questions regarding this Notice or your personal data, please

contact:

​

Data Protection Contact: Robert Kenyon

Email: dpo.makerfieldheating@gmail.com

Postal Address: 30 Hamilton Road, Ashton-in-Makerfield, Wigan, England, WN40SU

​

​

4. The Personal Data We Collect

​

Depending on how you interact with us, we may collect and process the following

categories of personal data:

​

Identity Data

ï‚· name;

ï‚· title;

ï‚· date of birth;

ï‚· username or account identifiers.

​

Contact Data

ï‚· postal address;

ï‚· email address;

ï‚· telephone numbers.

​

Financial Data

ï‚· payment details;

ï‚· billing information;

ï‚· transaction history.

 

Technical Data

ï‚· IP address;

ï‚· browser type and version;

ï‚· operating system;

ï‚· device identifiers;

ï‚· cookies and tracking data;

ï‚· website usage statistics.

​

Marketing & Communications Data

ï‚· communication preferences;

ï‚· newsletter subscriptions;

ï‚· marketing engagement history.

​

Customer Relationship Data

ï‚· enquiries;

ï‚· complaints;

ï‚· correspondence;

ï‚· service history;

ï‚· support interactions.

​

Recruitment or Contractor Data

Where applicable:

ï‚· CVs;

ï‚· employment history;

ï‚· qualifications;

ï‚· references;

ï‚· right to work information.

​

Special Category Data

We do not intentionally collect special category data unless necessary and lawful to

do so.

 

Where special category data is processed, we will identify an additional lawful

condition under Article 9 UK GDPR and Schedule 1 Data Protection Act 2018.

​

​

5. How We Collect Personal Data

​

We may collect personal data:

ï‚· directly from you;

ï‚· through website forms;

ï‚· through email or telephone communications;

ï‚· through contracts or transactions;

ï‚· from publicly available sources;

ï‚· from social media interactions;

ï‚· via cookies and analytics technologies;

ï‚· from suppliers, advisers, or business partners;

ï‚· from recruitment processes;

ï‚· from lawful third-party referrals or introductions.

​​

​

6. Lawful Bases for Processing

Under UK GDPR, we rely on one or more of the following lawful bases:

Contractual Necessity

​

Where processing is necessary:

ï‚· to provide goods or services;

ï‚· to fulfil contractual obligations;

ï‚· to manage customer relationships.

 

Legitimate Interests

Including:

ï‚· operating and improving our business;

ï‚· responding to enquiries;

ï‚· fraud prevention;

ï‚· network and information security;

ï‚· direct marketing where lawful;

ï‚· maintaining records;

ï‚· defending legal claims.

​

We conduct balancing assessments where appropriate.

​

Legal Obligation

Where processing is necessary to comply with:

ï‚· taxation obligations;

ï‚· accounting requirements;

ï‚· consumer law;

ï‚· employment law;

ï‚· regulatory obligations.

​

Consent

Where legally required, including:

ï‚· certain electronic marketing activities;

ï‚· non-essential cookies;

ï‚· optional marketing communications.

​

You may withdraw consent at any time.

​

Vital Interests

In limited emergency circumstances where necessary to protect individuals.

​

​

7. How We Use Your Personal Data

​

We may use personal data to:

ï‚· provide products and services;

ï‚· manage customer accounts;

ï‚· process payments;

ï‚· communicate with you;

ï‚· respond to enquiries or complaints;

ï‚· manage bookings or appointments;

ï‚· improve website performance;

ï‚· undertake analytics and reporting;

ï‚· comply with legal obligations;

ï‚· protect business systems and data;

ï‚· prevent fraud or misuse;

ï‚· manage recruitment activities;

ï‚· maintain business records;

ï‚· send lawful marketing communications.

​

​

8. Marketing Communications

​

We may send:

ï‚· newsletters;

ï‚· service updates;

ï‚· promotional offers;

ï‚· event invitations;

ï‚· product or service announcements.

​

We will only send electronic marketing communications where permitted under

PECR.

​

You may opt out at any time by:

ï‚· using unsubscribe links;

ï‚· contacting us directly;

ï‚· updating your communication preferences.

​

We do not sell personal data to third parties.

​

​

9. Cookies & Tracking Technologies

​

Our website may use cookies and similar technologies.

 

Cookies are small text files stored on your device to improve website functionality,

analytics, and user experience.

​

Types of Cookies We May Use

Strictly Necessary Cookies

Required for core website functionality.

Performance & Analytics Cookies

Help us understand website usage and improve performance.

Functionality Cookies

Remember preferences and settings.

Advertising or Marketing Cookies

Used to measure marketing effectiveness and tailor content.

​

​

10. Cookie Consent

​

Where required by PECR and UK GDPR:

ï‚· non-essential cookies will only be deployed with your consent;

ï‚· you may manage cookie preferences through our cookie banner or browser

settings;

ï‚· you can withdraw consent at any time.

​

​

11. Third-Party Services

​

We may use third-party providers for:

ï‚· website hosting;

ï‚· payment processing;

ï‚· analytics;

ï‚· customer support;

ï‚· CRM systems;

ï‚· cloud storage;

ï‚· marketing services;

ï‚· email distribution;

ï‚· event management;

ï‚· IT support.

Such providers may process personal data on our behalf under contractual

safeguards compliant with Article 28 UK GDPR.

​

​

12. International Transfers

​

In the unlikely event personal data is transferred outside the United Kingdom, we will

ensure appropriate safeguards are in place, including:

ï‚· adequacy regulations;

ï‚· International Data Transfer Agreements (IDTAs);

ï‚· UK Addendum to EU SCCs;

ï‚· equivalent lawful transfer mechanisms.

​

​

13. Data Retention

​

We retain personal data only for as long as necessary for:

ï‚· contractual purposes;

ï‚· legal obligations;

ï‚· legitimate business needs;

ï‚· dispute resolution;

ï‚· regulatory compliance.

Retention periods may vary depending on:

ï‚· the nature of the data;

ï‚· applicable legal requirements;

ï‚· limitation periods;

ï‚· operational necessity.

Data no longer required will be securely deleted or anonymised.

​

​

14. Data Security

​

We implement appropriate technical and organisational measures designed to

protect personal data against:

ï‚· unauthorised access;

ï‚· accidental loss;

ï‚· destruction;

ï‚· misuse;

ï‚· disclosure;

ï‚· alteration.

​

Measures may include:

ï‚· access controls;

ï‚· encryption;

ï‚· password protection;

ï‚· multi-factor authentication;

ï‚· secure backups;

ï‚· staff training;

ï‚· monitoring and audit controls.

​

​

15. Your Rights

​

Under UK GDPR, you may have the right to:

ï‚· access your personal data;

ï‚· request rectification;

ï‚· request erasure;

ï‚· restrict processing;

ï‚· object to processing;

ï‚· data portability;

ï‚· withdraw consent;

ï‚· object to direct marketing;

ï‚· lodge a complaint with the ICO.

These rights are subject to legal exemptions and limitations.

 

​

16. Subject Access Requests

​

Requests relating to personal data rights may be submitted via:

Email: dpo.makerfieldheating@gmail.com

Postal Address: 30 Hamilton Road, Ashton-in-Makerfield, Wigan, England, WN40SU

We may request reasonable identity verification before responding.

We aim to respond within one calendar month from the date your identity has been

verified, unless an extension is lawfully permitted.

​

​

17. Complaints

​

If you are unhappy with how we process your personal data, please contact us first

so we can attempt to resolve the issue.

You also have the right to complain to the ICO:

Information Commissioner’s Office

ICO Website

​

​

18. Automated Decision-Making

​

We do not generally undertake solely automated decision-making producing legal or

similarly significant effects.

If this changes, we will update this Notice accordingly.

​

 

19. External Links

​

Our website may contain links to third-party websites.

We are not responsible for the privacy practices or content of external sites.

Users should review third-party privacy notices separately.

​

​

20. Changes to This Notice

​

We reserve the right to amend this Privacy & Cookie Notice from time to time.

Updated versions will be published on our website with revised effective dates.

​

​

22. Annex A — Example Categories of Third-Party Processors

​

The organisation may utilise providers in categories such as:

ï‚· cloud hosting providers;

ï‚· payment gateways;

ï‚· website developers;

ï‚· CRM platforms;

ï‚· accounting software providers;

ï‚· marketing platforms;

ï‚· analytics providers;

ï‚· customer support systems;

ï‚· telecommunications providers;

ï‚· professional advisers;

ï‚· legal advisers;

ï‚· insurers;

ï‚· IT managed service providers.

bottom of page