Privacy Policy

1. Introduction

Mend Your Home ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website mendyourhome.com or use our plumbing and heating services.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information You Provide

We may collect personal information that you voluntarily provide when you:

• Request a quote or book a service
• Contact us via phone, email, or contact form
• Sign up for our newsletter or updates
• Leave a review or testimonial
• Communicate with us via WhatsApp

This information may include:

• Full name
• Email address
• Phone number
• Postal address and postcode
• Property details (type, age, boiler information)
• Service requirements and preferences
• Payment information (processed securely by third parties)

2.2 Information Automatically Collected

When you visit our website, we automatically collect certain information:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Referring website/source
• Location data (approximate, based on IP address)

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience. See our Cookie Policy for detailed information.

3. How We Use Your Information

We use your personal information for the following legitimate business purposes. Each purpose has a legal basis under UK GDPR:

3.1 Service Delivery (Legal Basis: Contract Performance)

To provide you with our plumbing and heating services:

• Process and fulfill service requests
• Schedule appointments and send reminders
• Provide customer support
• Process payments and invoicing
• Issue Gas Safe certificates and documentation

3.2 Communication (Legal Basis: Legitimate Interest/Consent)

To communicate with you about our services and your account:

• Respond to inquiries and questions
• Send service updates and confirmations
• Provide emergency service information
• Send newsletters (with your consent)
• Request reviews and feedback

3.3 Business Operations (Legal Basis: Legitimate Interest)

To operate and improve our business efficiently and securely:

• Improve our services and website
• Analyze usage patterns and trends
• Prevent fraud and security issues
• Maintain business records
• Comply with legal obligations

3.4 Marketing (Legal Basis: Consent)

With your explicit consent, we may use your information for marketing purposes:

• Send promotional offers and service updates (with your consent)
• Targeted advertising on social media platforms

You can opt out of marketing communications at any time by clicking "unsubscribe" in our emails or contacting us directly.

4. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following:

• Consent: You have given clear consent for us to process your data for a specific purpose (e.g., marketing emails)
• Contract: Processing is necessary to fulfill a contract with you (e.g., providing plumbing services)
• Legal Obligation: Processing is necessary to comply with the law (e.g., Gas Safe record keeping)
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, improving services)

5. How We Share Your Information

We do not sell your personal information. We may share your information with the following parties when necessary to provide our services, comply with legal obligations, or protect our business interests:

5.1 Internal Personnel

We share information within our organization as needed:

• Employees: Our trained engineers and administrative staff who need access to provide services
• Contractors: Qualified professionals we work with on specific projects
• Subcontractors: Specialists (e.g., electricians, structural engineers) when required for complex jobs

All personnel are bound by confidentiality obligations.

5.2 Regulatory and Professional Bodies

We share necessary information with regulatory and professional organizations to ensure compliance and safety:

• Gas Safe Register: For Gas Safe certification, CP12 certificates, and compliance reporting
• Industry Accreditation Bodies: City & Guilds and other professional memberships
• Building Control: For notifiable work under Building Regulations
• Health and Safety Executive (HSE): If we identify dangerous gas installations

5.3 Manufacturers and Warranty Providers

We share information to register products and activate warranties:

• Boiler Manufacturers: Worcester Bosch, Vaillant, Ideal, Baxi, etc., for product registration and warranty activation
• Parts Suppliers: For ordering replacement parts and tracking serial numbers
• Extended Warranty Providers: When you purchase extended warranty coverage

5.4 Emergency and Utility Services

We may share information with utility companies when required for emergency situations or service delivery:

• Water Suppliers: When dealing with water supply issues, leaks affecting mains, or emergency shut-offs
• Gas Suppliers: When dealing with gas emergencies, meter issues, or supply problems
• Electricity Suppliers: When electrical work is required in conjunction with heating systems
• Emergency Services: Fire brigade, ambulance, or police in emergency situations

5.5 Property and Letting Agents

When you use property management services, we share information as necessary:

• Letting Agents: For landlord services, CP12 certificates, and property maintenance
• Estate Agents: When providing pre-sale boiler reports or property surveys
• Property Management Companies: For maintenance contracts and communal heating systems
• Landlords: When tenants request our services (with appropriate consent)

5.6 Insurance Companies

We may share information with insurance providers:

• Your Insurance Provider: If you're making a claim related to our work
• Our Insurance Provider: For professional indemnity and public liability purposes
• Home Emergency Cover Providers: When you use breakdown cover services

5.7 Technology and Business Service Providers

We work with trusted third-party service providers who help us operate our business:

• Payment Processors: To process payments securely (bank transfer services, card processors)
• Email Service Providers: To send appointment confirmations, invoices, and communications
• SMS Providers: To send appointment reminders and service notifications
• Website Hosting: To host our website and secure customer databases
• Cloud Storage Providers: To securely store documents and certificates
• Analytics Providers: Google Analytics (anonymized data) for website improvement
• CRM Systems: Customer relationship management software for booking and scheduling
• Accounting Software: For invoicing, bookkeeping, and tax compliance

5.8 Review and Rating Platforms

With your consent, we may share information for review purposes:

• Review Sites: Yell, MyBuilder, Checkatrade, TrustPilot
• Social Media: Facebook, Google Business Profile (for reviews and testimonials)

We will only share your name and location with your explicit consent.

5.9 Financial and Professional Advisors

We may share information with professional advisors:

• Accountants: For tax and financial reporting
• Legal Advisors: For legal advice and dispute resolution
• Business Consultants: For business improvement (anonymized where possible)
• Auditors: For financial and compliance audits

5.10 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes or government requests
• Enforce our terms and conditions
• Protect our rights, property, or safety
• Prevent fraud or security issues

6. Data Retention

We retain your personal information only for as long as necessary:

• Service Records: 6 years (in line with Gas Safe regulations and UK tax law)
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months (Google Analytics default)
• Inquiry Data: 1 year if no service is booked
• Financial Records: 6 years (UK legal requirement)

After these periods, we will securely delete or anonymize your data.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

7.1 Right to Access

You can request a copy of the personal data we hold about you (Subject Access Request).

7.2 Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances. However, we may be unable to delete some data due to legal obligations.

Important Legal Exceptions:

We cannot delete the following records, as we are legally required to retain them:

• Gas Safe Records: Under Gas Safe Register regulations, we must keep records of all gas work for a minimum of 6 years. This includes:
  • Gas Safety Certificates (CP12)
  • Boiler installation records
  • Gas appliance servicing records
  • Emergency gas work documentation
• Financial Records: Under UK tax law (HMRC requirements), we must retain financial records for 6 years, including:
  • Invoices and receipts
  • Payment records
  • VAT documentation
  • Contract records
• Product Registration Records: Boiler and heating system registrations with manufacturers must be kept for warranty purposes (typically 2-10 years depending on warranty terms)
• Insurance Records: We must retain records related to insurance claims or potential liability claims for 6 years after completion of work
• Building Regulations Compliance: Records of notifiable work under Building Regulations must be kept indefinitely as proof of compliance
• Health & Safety Records: Records relating to health and safety incidents or dangerous installations must be retained as required by law

What We Can Delete:

We can delete or anonymize the following data upon request:

• Marketing communications and preferences
• Website browsing history and cookies
• Newsletter subscriptions
• Non-essential contact information after retention periods expire
• Social media interactions and reviews (with your consent)

Note: Even when legal retention periods end, we may anonymize your data rather than delete it entirely, so it can no longer identify you but can still be used for statistical or business analysis purposes.

7.4 Right to Restrict Processing

You can ask us to temporarily stop processing your data in certain situations.

7.5 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

7.6 Rights Related to Automated Decision Making

We do not use automated decision making or profiling.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL encryption for data transmission
• Secure hosting with regular backups
• Access controls and password protection
• Regular security audits and updates
• Staff training on data protection
• Secure disposal of paper records

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Your data is primarily stored and processed within the United Kingdom. However, some of our third-party service providers may store or process data outside the UK, including in the European Economic Area (EEA) or other countries.

9.1 Service Providers That May Transfer Data Internationally

The following services we use may involve international data transfers:

• Cloud Storage Services: Amazon Web Services (AWS), Google Cloud, Microsoft Azure - may store data in UK, EU, or international data centers
• Email Services: Google Workspace (Gmail) - operates globally with data centers in multiple countries
• Communication Tools: WhatsApp (Meta), SMS providers - may route messages internationally
• Website Hosting: Hostinger or other hosting providers - may use international servers
• Payment Processors: PayPal, Stripe, banking services - may process payments through international networks
• Analytics Tools: Google Analytics - processes data in international Google data centers
• Customer Relationship Management (CRM): Cloud-based CRM systems may store data internationally

9.2 Safeguards We Have in Place

When we transfer your data outside the UK, we ensure appropriate legal safeguards are in place:

• Adequacy Decisions: We use providers in countries deemed "adequate" by the UK Government (e.g., EU/EEA countries, which have similar data protection standards)
• Standard Contractual Clauses (SCCs): We use UK-approved Standard Contractual Clauses with providers in countries without adequacy decisions
• UK GDPR Compliance: All third-party processors are contractually required to comply with UK GDPR standards
• Data Processing Agreements (DPAs): We have written agreements with all data processors specifying how your data must be protected
• Encryption: Data is encrypted both in transit and at rest to protect it during international transfers

9.3 Your Right to Information

You have the right to request information about where your data is stored and which countries it may be transferred to. Contact us using the details at the end of this policy.

10. Third-Party Links

Our website may contain links to third-party websites (e.g., review platforms, social media). We are not responsible for the privacy practices of these sites. Please review their privacy policies.

11. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be notified via email or website notice.

Please review this policy periodically for any updates.

13. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first. We will investigate and respond promptly.

You also have the right to lodge a complaint with the UK supervisory authority:

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: