How we handle your data
Welcome to the HEART Privacy Notice
This Privacy Notice is designed to help you understand everything you need to know about our data gathering and processing operations, and what your legal rights are.
We hope you’ll take some time to read this document. We’ve tried to keep it all as simple as possible and we will keep you informed if there are any changes to the way we process your personal data in the future, before making them.
HEART takes its responsibility of protecting your data very seriously and we do advise you get to know our practices – If there’s anything in this policy you don’t understand or if you want to ask any questions, please feel free to contact us using any of the details below.
Who are we?
We are HEART, a free of charge service which supports fuel poor and vulnerable households through the replacement of old, inefficient fridges, fridge/freezers, washing machines and cookers with modern, efficient alternatives. This service is arranged by Agility Eco Services Ltd, registered in England and Wales at 168 Church Road, Hove, East Sussex BN3 2DL, Company registration number 08304360. In this document HEART will sometimes be referred to as “we”.
What kind of personal data might we ask you to provide?
HEART will only ever ask for personal data if it is required for a specific purpose; with that in mind we have created a full list of all the kinds of personal data that we may ask you to provide in order to achieve those purposes. The kinds of personal data we may collect are:
Why do we collect personal data?
We will use personal data firstly to fulfil any contractual obligations that exist between us and yourself; where we request personal data be provided to meet the terms of any such contract you will be required to provide the relevant personal data or we will not be able to deliver the goods and/or services you want. In such cases the lawful basis of us processing the personal data is that it is necessary for the performance of a contract.
We may also process your personal data in accordance with our legitimate business interests; this is on the basis that we need the personal data to achieve the various purposes and that it could be reasonable for an individual to expect their data to be used for those purposes.
Our data processing activities conducted on the lawful basis of ‘legitimate interests' are:
To assess your eligibility for the goods and services you are looking for
Where eligible, to offer you goods and services you are looking for
To send notifications on subjects you have subscribed to, or otherwise asked us to keep you informed of
To improve the quality of the services we offer, and to better understand our customers’ needs by requesting feedback, or requesting you review the services we have provided, or we may send survey forms that we ask you to complete
To notify you of any changes to the goods and/or services we provide, or have provided, that may affect you
To recognise when customers re-engage with our services
To provide reference information to third party organisations where requested or where necessary.
We may also process your personal data for HEART to comply with our various legal obligations; this might include:
Complying with industry regulatory requirements and any self-regulatory schemes
Cooperating with relevant authorities for reporting criminal activity, or to detect and prevent fraud.
Where we have received your consent to do so we will process your personal data to inform you of the goods and services provided by our partners or other third-party organisations.
You may withdraw your consent for us to process your personal data for these purposes at any time. After a withdrawal of consent request is received, we may contact you to verify the request. Withdrawing your consent for us to process your personal data will not affect the lawfulness of the processing beforehand.
Where did we obtain your personal data?
Other than collecting data directly from you;
We may gather personal data from sources including:
Technical sources that gather data over time when you visit our online platforms. These are known as “internet cookies” If you would like more information about how HEART uses internet cookies, please see our cookies policy.
From third party organisations, which can mean your personal data has been provided directly by another company for a specific purpose, or where you may have accessed our platforms through a third party online service
Local or national authorities provided for specific purposes
Who might we share your information with?
In order to achieve the above stated purposes for which we process your personal data, we may need to share your personal data with various third-party service providers who act as data processors.
We may share your personal data with third party organisations acting as data controllers or with specific individuals, groups or other organisations who act as neither data controllers nor data processors, but only where we are either legally required to do so by law or where doing so is necessary to achieve the intended stated purpose of processing the data.
In the event that we sell or reorganise our business, or if otherwise required by law or by an authorised regulator, we may transfer your personal data as a part of the general business data to the relevant parties.
Will my personal data be transferred outside the European Union?
HEART will not transfer your personal data to any country outside the European Union (EU) other than those that have been granted an adequacy decision under the General Data Protection Regulation (GDPR).
We may be required to transfer your personal data to organisations who intend to transfer the data outside the EU. Where such transfers of data take place, we shall ensure that contracts are in place between the parties involved that ensure the recipient organisation has a suitable standard of data protection in place
How long will we keep your data for?
We will keep your personal data only for as long as required in order to achieve the purposes for which it was gathered, in line with this privacy notice, this will generally be between 12-24 months.
Where you go on to receive goods or services funded through grant funding and we have confirmed your eligibility for that grant funding through the data you provided, we may need to retain elements of your personal data, required to confirm your eligibility to the Government or industry regulator (Ofgem), for much longer periods, of up to eight years.
For determining when personal data should be erased, we shall take into consideration the amount of and sensitivity of the personal data we have, the amount of harm that could be caused by a data breach, the benefits of the purposes the data is being used for and any legal requirements that we are bound to.
You may request that we erase your personal data at any time, though in cases where there is a remaining relevant or legal reason why we are required to keep the data we may do so, but we will then restrict the amount of processing being conducted to what is absolutely necessary in line with your legal rights in order to minimise the impact the processing will have.
Your Rights, Our Responsibility
There are several rights granted to you immediately upon providing us with your personal information; some of these are mentioned above. We’d like you to know that at HEART we take your rights seriously and will always conduct ourselves in a way that is considerate of our responsibility to serve your legal rights.
You have the Right of Access
This grants you the right to confirm whether or not your personal data is being processed, and to be provided with relevant details of what those processing operations are and what personal data of yours is being processed. If you would like access to the personal data we have about you, we ask that you contact us by using any of the details below.
The Right to Rectification
This one is straightforward; if you notice that the data we have about you is inaccurate or incomplete, you may request we rectify the mistake. We will make every effort to respond to requests of this type immediately.
The Right to Objection
The right to object is a basic freedom all democracies enjoy. If you wish to object to the way we use, or have used, your personal data you may do so freely.
The Right to Portability
This is a legal right afforded to you that states we must pass on all of the details you have provided to us in a machine-readable format, either to your or to another provider of your choosing.
The Right to Complain
We will always try to maintain the highest standards and encourage the confidence our customers have in us as an organisation. In order that we can achieve this we do request that any complaints be first brought to our attention so we can properly investigate matters; if however you would like to complain about HEART to a supervisory authority you may do so by contacting the Information Commissioners Office on 0303 123 1113, or anyone of the other reporting methods listed on their website - https://ico.org.uk/concerns
Our contact details
If you wish to get in touch with HEART please do so with any of the following contact details:
2nd Floor Chancery House,
St Nicholas Way,
T: 01372 738952