Privacy policy

Last updated - 02/03/2022

Estimated reading time - 12 minutes

Outline

This privacy policy outlines the way in which UK Boiler Company Ltd. (trading as Smart Plan) processes your information when using our websites, telephone lines or other contact sources, hereafter referred to as the "Services". We are wholly committed to protecting your personal information when using our Services, and want you to feel that your data is safe and secure with us.

In this policy, our objective is to improve your understand on the following:

  • Where we collect your personal information from
  • What personal information we collect
  • How we use your personal information
  • Who your personal information is shared with
  • The rights and choices that you have with your personal information

All of our services are carried out in compliance with the General Data Protection Regulation 2018 (GDPR) and the Information Commissioner's Office (ICO).

1. Who are we?

We are UK Boiler Company Ltd. ("Smart Plan", "we", "us"), the owner and operator of smart-plan.com and its subdomains. We are the controller responsible for personal information processed via our Services.

In order to further progress our commitment to your data protection, we have appointed a data protection officer (DPO) to manage our data protection and privacy practices. They remain at your disposition should you wish to exercise any of your legal rights set out in this privacy policy, or simply would like to ask us a question.

How to contact Smart Plan:

Smart Plan
2nd Floor, Melrose House
42 Dingwall Road
Croydon, England
CR0 2NE

Telephone: 0333 772 6247

Email: hello@smart-plan.com

How to contact our DPO

Email: dpo@smart-plan.com

2. What personal information we collect

2.1 Personal data (or personal information) means any information that is about an individual from which we can identify them. It does not include any data where the identity has been removed (anonymous data).

When you use our Services, we may collect, store, transfer or use different kinds of persoanl data about you which we have group together as follows:

  • Identity data - Including name(s) and salutation/title.
  • Contact data - Including email address, telephone number or similar.
  • Transaction data - Including details about payments that have transpired between us and you related to product and services that you have purchased through us.
  • Usage data - Including information about how you use the Services.
  • Technical data - Including internet protocol (IP) address, login data, browser type and version, time zone settings and location, browser plug-in types and versions, operating system (OS), and other technology on the devices that you use(d) to access our Services.
  • Marketing & communications data - including your preferences in receiving marketing from us and our authorised third parties and your communication preferences.

2.2 We also collect, use and share Aggregated Data, such as analytical or demographic data for any purpose. Aggregated Data can be derivative of your personal data but is not considered as such, due to its inability to identify you personally directly or indirectly. As an example, we may aggregate your Usage Data to calculate the number of users accessing a specific feature on our website. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

2.3 We do not collect Special Categories of Personal Data about you. This includes the following categorisations:

  • Race or ethnicity
  • Religious or philosophical beliefs
  • Sex life
  • Sexual orientation
  • Political opinions
  • Trade union membership
  • Health information
  • Genetic and biometric data
  • Criminal convictions and offences

2.4 We do not knowingly collect or store personal data relating to children under the age of 16. If you are under the age of 16 and wish to use our Services, please get your parent or guardian's permission before providing information to use.

2.5 If you are providing us with another person's information (for example if you are giving the details of a tenant, power of attorney or other secondary contact on your account), you should first seek their permission and request that they read through this Privacy Policy to ensure that they are happy with its terms. In providing us their information, you are confirming, on their behalf, that they are happy for you to provide this information to us and that they understand how their details will be stored and used.

2.6 It is your responsibility to ensure that all of the information that you have provided to us in pursuit of the Services is correct and accurate, not misleading or falsified, or belonging to someone else that has not given you the permission to give the information to us.

3. How we collect personal information

3.1 Directly from you - In filling in forms, speaking with our team, emailing us and using other forms of communication, you may be providing us personal information, including:

  • Signing up to one of our products or services
  • Requesting to receive marketing to be sent to you
  • Giving us feedback or contacting us

3.2 By automated technologies or interactions - When you interact with our websites and other softwares, we collect Technical Data about your usage automatically. This can include data about your equipment, browsing habits and patterns. We collect this personal data by using cookies (Please see cookies policy for more details) and other similar technologies.

3.3 From our partners - If you sign up to a third party partner product that we promote via our Services, or one of our products that is promoted through a third party partner, we may interchange information regarding your personal data where required to perform the requested order. This allows us to complete, track and improve our sales and customer service processes.

3.4 From third parties or publicly available sources - While carrying out administrative, marketing and analytical duties in pursuit of the Services, we may receive personal data from various third parties and public sources, including...

  • Technical Data from analytical providers
  • Contact and Transactional Data from provider of technical, payment and delivery services
  • Identity and Contact Data from data brokers or aggregators
  • Identity and ContactData from publicly available sources

4. How we use personal information

The primary basis on which we process your data is "Legitimate Interest"; however, we do have other legal obligations that mean our legal basis on which we process your data changes, and are stated on an individual basis below:

We may use your personal information for the following reasons:

4.1 To enable you to access and use the Services, including to:

4.1.1 confirm your identity and associated information that would allow us to perform any relevant checks and data requests that would be required to aid the Services.

4.1.2 transfer the information that you have provided us to our partners when you have purchased or contracted a product or service that we have promoted from third party partner in order for them to follow through with this request

4.1.3 enable us to respond to your enquiries, requests, questions and communications efficiently

4.1.4 prevent loss of time and enhance the user experience when accessing the Services again, following an initial and partial provision of information. Storing pre-contractual and pre-purchase data allows us continue from your last interaction with us without having to repeat previously provisioned information.

4.1.5 process a transaction between you and a third party service that we have promoted via our Services

4.1.6 track sales reconciliations with our third party partners for products promoted via our Services. This means that we can follow the sign up journey between you and our partner to ensure that the product or service requested goes through correctly without complications

4.1.7 enable distribution of our website content with others, for example by using the 'share this' functionality via social media integrations

4.2 To improve and personalise the way that you use our Services, including to:

4.2.1 improve the personalised website and communications content recommendations and insights that you receive. From time to time, we may conduct analytical profiling of our users which allows us to personalise the content, products and services, marketing materials and communications that are shared with you depending on your interests and demographic segment.

4.2.2 verify the data collected with data from other sources, by matching it against that of a third party. For example data validating the data that your provided through a national database.

4.2.3 monitor the quality and level of service given to our customers by our employees. We record all telephone calls, emails and other correspondence and are stored in a secure environment for 2 years before being destroyed as per GDPR law. Members of staff and authorised third parties may from time to time listen back to or read through logs of communications between you and us in order to monitor for quality and service levels given.

4.3 To communicate with you, including to:

4.3.1 send you information that may be of interest to you based on your preferences. We may contact you via email, post, telephone, sms or by other electronic means, such as social media, where you have indicated to us that this is your preference or where otherwise permitted by law.

4.3.2 send you confirmation of your transaction by restating some of the information that you have given us and the details of the product or services that you have requested. If you have signed up to a third party partner product that we have promoted through our Services, you will likely also receive similar confirmations from them.

4.3.3 follow up with any complaints, feedback or queries that you may have brought to our attention in any form of communication with us.

4.3.4 contact you if we require any additional information to process your requested product or service. Failure to provide such data may mean that we are no longer able to process the transaction.

4.3.5 carry out feedback, review or survey requests in order to improve our service and receive your feedback on how we can improve our Services.

4.4 to carry out research, such as analysing the performance and trends of our marketing, sales and PR activities, including to:

4.4.1 use aggregated, analytical data that you form a part of to better understand our marketing, operational and other units of our business.

4.4.2 use the data provided to us during the sign up or purchase process, including your personal information and information about the products you're interested in to understand trends.

4.5 to carry out our legal and regulatory obligations. Your personal information will also be used in order to ensure our compliance with our legal obligations in accordance with UK law and our Terms of Use, which can be found here.

5. Who we share personal information with

5.1 We share your personal information with selected third parties when we need to do so in order to provide you with the best possible service and to fulfil your requested service or product order. We share your data in different forms and disclosure levels depending on the purpose of the action. The parties and categories include:

5.1.1 our trusted resellers and product partners - Smart Plan works alongside a number of strategic partners in order to bring you both Smart Plan's products through a larger network, and to bring you other value-added products via Smart Plan's services. We share your information with these partners in varying capacities in order to process and follow up on orders and purchases.

5.1.2 our technical partners - In order to carry out business, we require the use of third party softwares and tools, such as Customer Relationship Management (CRM) software, Voice-over-IP (VoIP) software and Quality Control support. Your information is stored and processed via these technical partners under agreements held between our two parties with the sole purpose of supporting our business operations. All technical partners undergo stringent due diligence checks to ensure that your data is protected to the best possible degree.

5.1.3 subsidiary, affiliated and holding entities - Smart Plan is a trading style of UK Boiler Company Ltd., which forms the part of Switchboard Group Ltd. a group of companies under common ownership and with the common goal of helping customer across the UK. Your information may be shared in aggregated or granular form in order to support our operations and analysis.

5.1.4 mergers and joint ventures - If UK Boiler Company Ltd. or Switchboard Group Ltd. enters a joint venture, buys, sells to or merges with another business entity, your personal information may be disclosed or transferred to the new entity and be subject to a new, revised privacy policy.

5.1.5 legal, government and regulatory bodies - If we are ever legally required to share your personal information we must do so for the following reasons:

(a). To comply with applicable laws or regulations;

(b). To exercise, establish or defend our legal rights; or

(c). To protect your vital interests or those of another person.

5.2 We will never sell, distribute, trade or loan your personal information to a third party unless we have your consent to do so or the law requires us to do so.

6. Sending your personal information outside the European Economic Area (EEA)

We will only ever send your personal information to a trusted third party outside of the EEA if the third party is required to protect your personal information in exactly the same way they would be required to do so if they were based within the EEA. This means that we wil only send personal information to a non-EEA country under the following circumstances:

(a). If the European Commission has determined that the relevant non-EEA country afford an adequate level of data protection for your personal information.

(b). If there is an agreement in place between us and the trusted third party based in the non-EEA country that contains protection clauses and requirements adopted or approved by the European Commission; or

(c). If we are sending the data to the United States of America pursuant of the Privacy Shield.

7. How personal information is stored

The security of your personal information is of the utmost importance to us, which is why we have taken all possible precautions to ensure that your data is completed protected. Our commitment to you is to employ all necessary physical and technical security measures to prevent unauthorised parties from accessing your data and being accidentally or unlawfully processed, disclosed, destroyed, lost, altered or damaged.

We store your personal information for varying lengths depending on what is required of us for each data category by law, or that is otherwise laid out to you regarding a specific element of our business. Below you can see the main instances where we will retain your information:

(a). If you use our Services, your personal information will be retained for a total of three years after you cease to become a customer of Smart Plan, by default.

(b). Recordings of the conversations between you and us, wether electronic or telephone, will be stored for a duration of two years; and

(c). Your anonymous aggregated data will be stored for as long as the service provider retains their information according to their individual policies

If you would like us to remove your data before then, please contact us via information in Section 1, pursuant of your rights in Section 8

8. Your personal information rights

You have rights under data protection legislation relating to your personal data and how it is handled by companies. This includes:

8.1 Right to access - You have the right to a copy of the personal information that a company holds about you. In order to access this, you will need to verify your identity with us by answering a number of questions based on the data we hold on you, that you would know, such as your full name, address or date of birth. Requests for copies of personal information will be handled in a one month SLA. If we require more than one month to process your request we will inform you of this via email or post, depending on your preference.

8.2 Right to correct - If the information that a company holds about you is incorrect or outdated, you have the right to correct this. Requests for correction of personal information will be dealt with within 2 weeks. If we require longer than two weeks to process your request, we will inform you of this via email or post, depending on your preference.

8.3 Right to erasure - You have the right to have your personal information deleted, destroyed or removed from a company's records. There are some instances where this is not possible under data protection laws. If this is the case in your instance we will let you know on a case by case basis.

8.4 Right to restrict use of your information - You have the right, in some instances, to ‘block’ or limit the way that we use your information.

8.5 Right to data portability - You have the right to request that we move, copy or transfer your personal data.

8.6 Right to object - You have the right to object to the way that we use your information for our legitimate interests. If you raise an objection, we will, except in exceptional circumstances, stop processing your personal information in the way detailed.

9. How we use cookies

Our Site uses certain cookies, pixels, beacons, log files and other technologies of which you should be aware. You can delete or restrict the use of these via your browser and device settings, however this may interfere with the use of the Platform.

You can read more about our use of cookies in our Cookies Policy

10. Changes to this Privacy Policy

We reserve the right to make changes and amendments to this Privacy Policy at any time. Changes will be published across of our locations where this Privacy Policy is relevant and displayed.

The date of the most recent revision will appear at the top of this page to ensure that you are aware of any version changes. If we make significant changes to this policy, we may also communicate this to you by other means, such as email. Where required to by law we will also obtain your consent to make these changes. If you do not agree with the most recent changes, please do not continue to use our Services.