Baxi works

Privacy Notice

1. Our privacy commitments

Baxi Heating UK Limited (referred to in this document as “Baxi Heating”, “we”, “our”, “us”), take your privacy and the security of your personal data very seriously and want to be as clear and transparent as possible about what we do with it.

This is in line with our core company values which state that we will be reliable and responsive in the way in which we deal with people and also that we will treat everyone with trust and respect.

This privacy notice explains how we process your personal data. (“Processing” means everything we do with your data including when we collect, record, organise, structure, store, use, disclose, disseminate, restrict, erase or destroy data about you).

It also explains when we might disclose your data to others, how we keep it secure and also your rights regarding your data.

To fulfil our responsibilities and demonstrate compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), we are committed to the six principles of the regulation by:

  • Processing your personal data lawfully, fairly and in a transparent manner
  • Collecting your personal data for specified, explicit and legitimate purposes
  • Ensuring that your personal data is adequate, relevant and limited to what is necessary
  • Ensuring that your personal data is accurate and, where necessary, kept up to date
  • Retaining your personal data only for as long as necessary
  • Processing your personal data in an appropriate manner to maintain security

2. Information about us

The data controller is Baxi Heating UK Limited, Brooks House, Coventry Road, Warwick, CV34 4LL. We are registered in England & Wales as Baxi Heating UK Limited, registered number 03879156. In the Republic of Ireland we are registered as Potterton Myson (Ireland) Limited, registered number 26092.

Baxi Heating makes some of the best known heating and hot water brands in the UK and Ireland. Our principal brands, their websites and the addresses from which we operate are shown below. This privacy notice is applicable for all of our brands.


BrandWebsiteTrading addresses
Baxi Heatingwww.baxiheating.co.ukBrooks House, Coventry Road, Warwick CV34 4LL
Baxiwww.baxi.co.ukBrooks House, Coventry Road, Warwick CV34 4LL
Main Heatingwww.mainheating.co.ukBrooks House, Coventry Road, Warwick CV34 4LL
Pottertonwww.potterton.co.ukBrooks House, Coventry Road, Warwick CV34 4LL
Heatrae Sadiawww.heatraesadia.comHurricane Way, Norwich, Norfolk NR6 6EA
Megaflowww.heatraesadia.comHurricane Way, Norwich, Norfolk NR6 6EA
Santonwww.santon.co.ukHurricane Way, Norwich, Norfolk NR6 6EA
Elson Hot Waterwww.elsonhotwater.co.ukHurricane Way, Norwich, Norfolk NR6 6EA
Andrews Water Heaterswww.andrewswaterheaters.co.ukInnovation House, Oaklands Business Centre, Oaklands Park, Wokingham RG41 2FD
Potterton Commercialwww.pottertoncommercial.co.ukInnovation House, Oaklands Business Centre, Oaklands Park, Wokingham RG41 2FD
Remehawww.remeha.co.ukOaklands Business Centre, Oaklands Park, Wokingham RG41 2FD
Packaged Plant Solutionswww.packageplant.comUnit 8, Thornton Chase. Foxhunter drive, Linford Wood, Milton Keynes. MK14 6FD
Baxi Potterton Mysonwww.baxipottertonmyson.ieCalmount Park, Unit F 5&6, Calmount Road, Dublin 12, Ireland

3. When do we collect your personal data?

  • When you visit any of our websites to browse products and services.
  • When you register a product warranty online or with our call centre.
  • When you create an account with us.
  • When you purchase a product or service by phone.
  • When you engage with us on social media.
  • When you download or install one of our apps.
  • When you join a loyalty programme (such as Baxi Works).
  • When you contact us by any means with queries, complaints etc.
  • When you ask us to email you information about a product or service.
  • When you enter prize draws or competitions.
  • When you book any kind of appointment with us or book to attend an event. For example for our service engineers to visit you or to attend promotional events or training courses.
  • When you choose to complete any surveys we send you.
  • When you comment on or review our products and services.
  • When you’ve given a third party permission to share with us the information they hold about you (for example if you employ an installer to fit a Baxi product and they register the boiler for warranty on your behalf).
  • We collect data from publicly-available sources when you have given your consent to share information or where the information is made public as a matter of law.
  • When you visit any of our sites which have CCTV systems in operation for the security of both visitors and staff, these systems may record your image during your visit.

4. What information do we collect from you?

As part of our business we will process the data of people who fall into the following categories, whether we have had
a relationship in the past, have a relationship now or we are about to commence a relationship with you:

  • Employees
  • Customers
  • Installers of our products
  • Suppliers
  • 3rd Party Organisations we engage with such as consultants, advisers (legal and regulatory) and public bodies

We will collect and process the following data about you:

Information you give us. By filling in forms on our websites or by corresponding with us by phone, SMS (text message), email or otherwise. The information you give us may include your name, address, email address and phone number, and financial information such as payment card details and bank account details.

Information we collect from your use of our websites or social media sites. Every time you visit one of our websites or social media sites we will automatically collect technical information, such as the Internet protocol (IP) address used to connect your device to the Internet, where you connected to our service, your internet service provider (ISP), and what type of device you are using to access our service.

Information we collect throughout our relationship. This is information collected during meetings with our sales managers or engineers, from any purchase or sales transactions you may make with us and any warranty or service contracts we may have with you either directly or through a landlord. The information we hold may include your name, address, email address and phone number, and financial information such as payment card details and bank
account details.

Information we collect when you call us. If you telephone us we will automatically collect the phone number used to call us and we may also keep a recording of inbound and outbound calls for training and quality purposes.

Information we receive from other sources. We work closely with other organisations, including the following categories :

Providers of extended warranty services, for example, Domestic & General Services, Corgi and British Gas.

Housebuilders, housing associations, councils and private landlords.

Installers of our products.

Businesses that sell our products, builders merchants and electrical wholesalers.

The above organisations will provide personal data including, name, address, contact telephone numbers and email address.

For example, if you employ a third party installer to fit one of our products they may pass us your name and address when they register the product for warranty on your behalf. If you are a tenant, your landlord (or their appointed contractors) may also do this. If you are the purchaser of a new-build property the developer (or their appointed contractors) may also pass us your data for the same purpose.

In each case the installer/ landlord / developer is required under GDPR to notify you that they have shared your data with us and we will also inform you by issuing a privacy notice when we receive your data.

If you apply for a trade account with us we may pass your details to a credit reference agency, for example, Experian PLC, who may then share your financial data with us.

Providing us with your details online. This is information you may choose to provide us with when using our websites:
www.andrewswaterheaters.co.uk
www.baxi.co.uk
www.baxievents.co.uk
www.baxiheating.co.uk
www.baxipottertonmyson.ie
www.baxiworks.co.uk
www.baxiworks.ie
www.elsonhotwater.co.uk
www.heatraesadia.com
www.mainheating.co.uk
www.megaflorewards.co.uk
www.potterton.co.uk
www.pottertoncommercial.co.uk
www.pottertonhub.co.uk
www.remeha.co.uk
www.remehabim.co.uk
www.santon.co.uk
www.size-it.co.uk

It includes your name, address, telephone number, email address and preferences for receiving communications from us. Please let us know if any of this changes so we can keep our records up to date.

5. Why do we collect this information?

We process your personal information for the following reasons:
Pursuant to a contract in order to:

  • process information at your request to take steps to enter into a contract
  • provide you with our products and services
  • process payments
  • make deliveries
  • maintain business and service continuity
  • send service communications so that we can perform our obligations to you, for example to inform you about your annual service on one of our products. These may be sent by email or post or, if the circumstances require it, we may contact you by phone. These will include notifications about changes to our service;
  • record information to facilitate your rights under warranties or guarantees.

On the basis of your consent:

  • Where we rely on your consent for processing this will be brought to your attention when the information is collected from you;
  • We will only contact you with direct marketing communications if you consent to us doing so and you have the right to withdraw consent at any time. See the What are your rights? section below for more information.

In our legitimate interests of providing the best service and improving and growing our business we will process information in order to:

  • provide you with a personalised service
  • improve our products and services
  • keep our site and systems safe and secure
  • understand our customer base and purchasing trends
  • defend against or exercise legal claims and investigate complaints
  • understand the effectiveness of our marketing
  • carry out analytics to improve our products and services as set out above

You have the right to object to processing carried out for our legitimate interests. See the What are your rights? section below for more information.

To comply with legal requirements relating to:

  • the provision of products and services
  • data protection
  • health and safety
  • anti-bribery and corruption
  • fraud investigations
  • assisting law enforcement
  • any other legal obligations placed on us from time to time

6. Websites and Cookies

Our websites may use cookies. Cookies are small pieces of information sent by us to your computer and stored on your hard drive so that the website recognises you when you visit. We use cookies and similar technology to distinguish you from other users of our site. This helps us to provide you with a good experience when you use our site and also allows us to improve our site.

Please refer to the Cookie Policies for the websites you are visiting for full details about the types of cookies we use.

7. How long do we keep your information?

As a general principle we will hold your personal data only for as long as necessary in order to fulfil the purposes for which it was collected. Once these purposes have been achieved we will erase the data or anonymize it in such a way as to make it impossible to identify you, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

  • If your data relates to a financial transaction we will keep information about you for a maximum of 6 years after the end of our relationship with you (unless obligations to our regulators require otherwise or we are required to remove such data from our records). This is to enable us to comply with our legal obligations regarding record-keeping for tax and accounting purposes.
  • If you have one of our products installed at your address its location will be kept for the expected life span of the product so that we may continue to support it throughout its lifetime.

For more details on record retention please contact us.

8. Who might we share your information with?

For the purposes set out in the ‘Why do we collect this information?’ section above, we will share your personal
information with:

  • the following categories of third parties, some of whom we appoint to provide services, including:
    • business partners, subsidiaries, suppliers and sub-contractors for the performance of any contract we enter into with you
    • analytics and search engine providers that assist us in the improvement and optimisation of our site
    • regulatory bodies
    • customer survey providers in order to receive feedback and improve our services.

Third parties with whom we may share your information are listed below:
ADC Marketing
Adroit Data & Insight
Alphaquad
Beautiful Insights
Bilendi
BT Buynet / Safepay
Cognito
Connect Direct
Domestic & General Group Limited
Experion
Facebook
Falcon
Fernox
Freightroute
Gallagher Bassett
Gas Safe Register
InnerWorkings
Pollards
Reevoo
Sitecore
Survey Monkey
TextLocal
Twitter
UPS
Vignette Web Services
Watercoolers Direct

  • Any member of our group, which means our parent company and any subsidiaries of our parent company.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our customers, our regulator, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention of money laundering and credit risk reduction.

When disclosing your data to third parties we have an obligation to ensure that we have appropriate measures in place to ensure your data is protected. We will therefore do the following:

  • take steps to ensure the reliability of third parties with whom we share your personal data.
  • take measures to ensure that third parties who we authorise to process your data observe confidentiality, process data only based on documented instructions from us, take appropriate security measures and delete or return all personal data at the end of the service.
  • take steps to ensure only the data which is absolutely necessary for them to perform their processing is disclosed to third parties.
  • take steps to ensure that your data is not made accessible to an indefinite number of persons.
  • minimise the amount of personal data we disclose.
  • ensure Pseudonymisation of your personal data, where possible (“Pseudonymisation” means disguising or masking your data so that it cannot be read without additional information which we keep separately in a secure environment).

9. Confidentiality and security of your personal data

We are committed to protecting your personal and financial information. All information kept by us is stored on our secure servers.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We are committed to regularly testing, assessing and evaluating the effectiveness of our technical and organisational measures to manage the security of your personal data. Our Governance Framework is the system by which our organisation is directed and controlled and provides the rules and the structures to manage this. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
More information is available by contacting us.

We secure access to all transactional areas of our websites and apps using ‘https’ technology.

Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.

We may transfer your data outside the European Economic Area ("EEA"). We will only do so if adequate protection measures are in place in compliance with data protection legislation.

We use the following protection measures:

  • transferring to Commission approved countries
  • using Commission approved model contractual clauses
  • requiring companies we transfer data to in the USA to be signed up to Privacy Shield

10. What are your rights?

Where processing of your personal data is based on consent, you can withdraw that consent at any time.

You can exercise your rights at any time by contacting us. Our contact details are given below.

You have the right:

  • to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes
  • to ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing
  • to ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest
  • to request from us access to personal information held about you
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete
  • to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate grounds for processing, the data is unlawfully processed.The data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services
  • to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing)
  • to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract

Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us using the contact details below.

In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time.

The ICO’s contact details are available here: https://ico.org.uk/concerns/ . You can also call them on 0303 123 1113.

11. Contact details of our Privacy Compliance Manager

Our Privacy Compliance Manager is here to help. If you have any questions or concerns relating to the handling of your personal data, queries related to subject access requests, third parties whom we share your data with, your rights or want to make a complaint about how we are processing your data, you can get in touch.

Privacy Compliance Manager
Brooks House
Coventry Road
Warwick
CV34 4LL
Email: privacycompliancemanager@baxi.co.uk
Tel: +44 (0)1926 405405

12. Changes to this Privacy policy

We may amend this privacy policy from time to time to keep it up to date and to ensure we comply with regulatory
requirements. You should check this privacy policy regularly for updates.
This notice was last updated on 14th May 2018.