Introduction

Maintaining the security of your data is a priority at Kensa, and we are committed to respecting your privacy rights. We pledge to always handle your data fairly and legally. Kensa is also dedicated to being transparent about what data we collect about you and how we use it. This policy may be subject to future change. Kensa is the data controller of any personal information as defined in Article 4(7) of the UK GDPR.

This notice applies to our current and former customers, including but not limited to individual persons, sole traders and businesses. This policy does not form part of any contract.

References to “we,” “our” or “us” in this privacy policy are to The Kensa Group and any of its subsidiaries, Mount Wellington, Chacewater, Truro, Cornwall, TR4 8RJ.

What does this policy cover?

This privacy policy relates to retail customers and/or any individual consumers of our goods and/or services, including users of our application-based technology, including PREDICT, and those individuals who request/obtain quotes, utilise our services, purchase our products, enter into agreements with us, or individuals that we may otherwise interact with us during our business. It also applies to sole traders and business customers. We have a separate policy for employees, volunteers, contractors and associate working for or on behalf of Kensa.

This policy provides you with information about:

  • What personal data we collect
  • Where we get our information from
  • How we use your data
  • The legal basis for Kensa processing your data.
  • Who we share your personal information with
  • How long we keep your data.
  • How we protect your data
  • Your rights
  • Contact information.

Kensa may change this policy by updating this page. You should regularly check this page to ensure that you are happy with any changes. This policy is effective from 01.09.2024.

About us

This privacy policy applies to customers of Kensa Utilities, Kensa Heat Pumps and Kensa Contracting, which are part of the Kensa Group of companies (collectively referred to as “Kensa,” “we or “us” in this policy).

Our websites are operated by their respective company.

www.kensautilities.com is operated by Kensa Utilities, Kensa House, Mount Wellington, Chacewater, Truro, TR4 8RJ registered in England and Wales under company number 10044238.

www.kensaheatpumps.com is operated by Kensa Heat Pumps, Kensa House, Mount Wellington, Chacewater, Truro, TR4 8RJ registered in England and Wales under company number 03739805.

www.kensacontracting.com is operated by Kensa Contracting, Kensa House, Mount Wellington, Chacewater, Truro, TR4 8RJ registered in England and Wales under company number 08166502.

www.thekensagroup.com is operated by The Kensa Group, Kensa House, Mount Wellington, Chacewater, Truro, TR4 8RJ registered in England and Wales under company number 05367753.

For UKGDPR and the Data Protection Act 2018 we are the data controller for your personal data. Kensa are registered with the Information Commissioner’s Office in the UK with reference numbers:

  • Kensa Heat Pumps: ZA163920
  • Kensa Contracting: ZA163929
  • Kensa Group: ZA163932
  • Kensa Utilities: ZA513781

What personal data we collect

When we talk about personal information, we mean information about an individual that can identify them, like their name, address, e-mail address, telephone number and financial details. It can relate to customers (including prospective customers), their appointed representatives (e.g. powers of attorney or a nominated person who may act as a third party-advocate. Any reference to “information” or “data” in this policy is a reference to personal information about a living individual.

Type of Data

Description

Examples of how we use it

Contact

  • Names
  • Address
  • Contact details.
  • Third party contacts (family member or nominated advocate)
  • Business address
  • Business name

• Servicing your products
• Marketing
• Analysis and profiling
• Enhancing our product and service offering
• Maintaining the accuracy and consistency of your information for all your products and services across the Kensa Group
• Follow up calls for customer feedback
• Managing our business relationship with you
• Business to business marketing (Business customers only)
• Seeking investment opportunities (Business customers only)

Personal Details

• Age
• Gender
• Family details
• Visual images
• Financial details
• Lifestyle and social circumstances
• Health details

• Marketing
• Analysis and profiling
• Provision of financial advice, including billing and statementing
• Provision of advice for energy saving or community schemes

Vulnerability Details
(Individual persons/households only)

• Capability/capacity
• Financial Circumstances
• Life Events
• Health details
• Pregnancy
• Disability Status
• Language needs

• Ensuring accessibility
• Servicing your products
• Making sure our products and services meet our customers’ needs.’
• Maintaining customer and staff safety and wellbeing
• Offering Priority Services Register to Kensa Utilities Customers

Transactional

• Bank and/or card details.
• How you use your products
• Changes you make to your products or account

• Servicing your products
• Provision of financial advice, including billing and statementing
• Making sure our products are fit for purpose.
• Prevention of fraud and money laundering

Contractual

• Identity
• Anti-fraud
• Creditworthiness

• An identity check through a credit reference agency
• Bank account verification for anti-money laundering, PEPs, and sanctions.
• Making sure the product and service is right for you
• Credit referencing (Business customers only)

Consent and preferences

• Ways we can communicate and market to you.
• Information we obtain from third parties acting on your behalf

• Marketing
• Prevention of direct marketing to those who have opted out

Technical

• Details on the devices and technology you use.
• Building and property information relevant to your query
• Your heat pump serial number and how the heat pump operates
• IP address

• Making sure our products and services are fit for purpose.
• To provide quotes and plan/design for installation
• To provide services and maintenance to you for your product
• For direct users of the PREDICT system

Open data and public records

• Electoral register
• Land register.
• Other information about you that is openly available

• Financial recovery
• Provision of financial advice
• Product and service administration

Documentary data and national identifiers

• Details about you that are stored in documents like:
• Passport
• Driver’s licence
• Birth certificate.

• Identification and verification- Know Your Customer Checking
• Prevention of financial crime

Location data

• Your device or product’s current location, including serial number.
• Use of location services of your operating system or browser, sensor data from your device (e.g. Bluetooth data, beacon data, Wi-Fi access points, GPS data and cell tower data.)
• IP address

• Technical information about how you access and use our websites, including your IP address browser type and operating system. For further information about the use of your IP address and technical information please see our cookies policy.
• For direct users of the PREDICT system

Other

• Feedback, complaints, and survey responses
• Your correspondence and communications with Kensa

• To improve our services
• To remediate issues
• For reporting and legal obligations to the Ombudsman

How we might use your personal data

Purpose

Personal Information Used

Lawful Basis

To negotiate with you to enter a contract as a customer with us

Name, address, email, telephone, title

Contract

To communicate with you as one of our customers

Name, address, email, telephone, title

Contract

To send you marketing communications

Name, address, email, telephone, title

Contract

To monitor your activity on our website

IP address

Legitimate Interest

To respond to enquiries made through our website

Name, email address

Consent
Legitimate Interest

To fulfil our obligations to you as one of our customers in relation to your contract with us

Name, home address, personal email, personal telephone number, title, personal bank account/payment details

Contract

To monitor your use of the PREDICT platform and system (business users)

Name, address, telephone number, email address, bank account/payment details

Contract

To monitor your use of the PREDICT platform and system (business users’ customers)

Name, address, telephone number, email address

Legitimate Interest

To monitor your use of the PREDICT platform and system (direct users)

Name, address, telephone number, email address, bank account/payment details

Contract

To tailor our services to you based on an individual need for Priority Services Register or Customers in Vulnerable Situation

Name, home address, personal telephone number, personal email address, title, personal bank account/payment details, third party nominee/advocate details, priority services register/health data/special category data, entry password

Explicit Consent

Where do we get your information from?

  • Directly from you– when you request a quote, or estimate, place an order, fill out any forms on any of the Kensa websites, correspond with us, whether by phone, email, or chat facility, sign up for our newsletter, sign a contract, or connect via Wi-Fi or phone app to upload how the heat pump is operating to our secure Kensa Server.
  • Information we collect from other sources– this could be information you provide to us electronically (through our website, via Wi-Fi or phone app to upload how the heat pump is operating to our secure Kensa Server, chat server or email.
  • Information from a third party-tracing agencies, credit referencing agencies, or publicly available sources such a s social media platform or the electoral register; or if you have been introduced to us by another company such as a developer, housing association, registered social landlord or Management Company.

Additionally, if you are a Kensa Utilities customer we may offer you to register on our Priority Services Register. This is a register of people who qualify for additional support based the following situations:

  • are age 65+.
  • are disabled or have a long-term medical condition.
  • are recovering from an injury.
  • have a hearing or sight condition.
  • have a mental health condition.
  • are pregnant.
  • have a child under the age of 5 years old.
  • have extra communication needs, e.g., English is not your first language, or you do not read English well.
  • have a condition which is affected by the cold or suffer from the effects of the cold more.
  • would struggle to answer the door or get help in an emergency.
  • have financial insecurity.

 

When you are asked if you would like to be added to the Priority Services Register due to any of the above criteria, you have the right to refuse to specify under which criteria you qualify. Kensa recognises that much of the data held in the Priority Services Register is Special Category Data. We use this data to be able to provide you with tailored services as a Kensa Utilities Customer e.g. large print billing, extra time to answer the door to an engineer, support with financial difficulties etc. We only share this data with specified third parties, for example.

  1. a) with our contractors who perform tasks for us as part of operating and maintaining our ground array infrastructure, on a need-to-know basis to be able to ensure that you, the customer, are supported correctly.
  2. b) in the unlikely event that another company should have to manage the infrastructure under ‘Step in Arrangements.’

You have the right to erase your Special Category Data from your customer file at any time by contacting Customer Services.

This list is not exhaustive, and, in specific instances, we may need to collect additional data for the purposes set out in this Policy.

How we use your data

General

We require this information to understand your needs and provide you with a better service, and for the following reasons:

  • To carry out our obligations arising from any contracts, business or commercial agreements entered between you and us and to provide you with the information, products, and services that you request from us, including the provision of an estimate and quote, and fulfilment of an order and after-sales support.
  • To enable responses in the event of a system failure or installation query, carry out servicing or maintenance.
  • To provide you with advice and marketing information about other goods and services we offer that are like those that you have already purchased or enquired about which we think may interest you. If you have opted in to receive marketing information, based on your marketing preferences we may deliver this information by post, telephone, e-mail, SMS, or personalised online marketing via our own systems such as social media platforms and/or other third-party websites e.g. YouTube. Please not that if you choose not to receive online marketing, you will not see personalised marketing messages using your personal data, however you may still see generic online advertising about our products and services. We will not sell your data to third parties for them to market to you.
  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To maintain the accuracy and consistency of your information for all your products across the Kensa group.
  • To tell you about changes to our services and products.
  • To comply with applicable legal or regulatory requirements (including ‘know your customer’ checks, or to comply with regulatory reporting or disclosure requirements.’
  • Internal record keeping; and
  • Where we have a legal right or duty to use or disclose your information (for example in relation to registration with the Microgeneration Certification Scheme (MCS).
  • To run our business in an efficient and proper way. This includes testing our systems, managing our financial position, business capability, planning, communications, corporate governance, and audit.

 

When you apply for a product or to receive a service from us, the application form you fill out or the resulting contract may contain additional conditions relating to the way we use and process your personal information. These will apply in addition to the uses described in this document.

In some cases, we may use software or systems to make automated decisions (including profiling) based on the personal information we hold or collect from others. These may include:

  • The prevention and detection of fraud and financial crime
    To perform transaction monitoring, identity verification, money laundering and sanctions checks, and to identify politically exposed individuals. We are required by law to perform these activities which may be achieved using solely automated means to make decisions about you or any individual related to your products or application. We may use these activities to decline the services you have requested or to stop providing existing services to you.
  • Servicing activities such as
    (i) Personalising the content and design of communications and online services and
    (ii) Determining when to provide tailored communications about your Kensa products (e.g. as a result of changes in your personal circumstances or lifestyle) and the appropriate channels to use
    These may be achieved using profiling in order to predict certain characteristics about you (e.g. your economic situation, interests, personal preferences or health). The activities will not have a detrimental effect on you.

Marketing

Kensa aims to update you about news, products & services which are of interest and relevance to you as an individual or business with regards to Kensa ground source heat pumps.

If you have requested an estimate, quote or ordered with us, or if you have expressed a commercial interest or Kensa has identified a mutual interest, or you have opted in to receive marketing communications via our newsletter form, Kensa may send you emails and / or postal marketing on the basis of consent or legitimate interest, which may contain relevant advice, news and case studies to assist with your installation to ensure you make the most of your ground source heat pump, or assist with your selection of a ground source heat pump in instances where Kensa has identified you would be looking for a heating system.

Direct marketing will adhere where appropriate to the Privacy and Electronic Communications Regulations, UK Advertising Codes, and UK Data Protection Legislation.

Individuals have the right to withdraw consent at any time. We will cease to process data if consent is withdrawn.

If you have opted in to receive our newsletter, Kensa will send you monthly emails containing relevant advice, news, and case studies with regards to ground source heat pumps.

You have the right to opt out of marketing communications at any time, by:

  • Making use of the simple “unsubscribe” link in emails; and/or
  • Making use of the simple “opt-out” form here; and/or
  • Contacting Kensa via the contact channels set out in this Policy.

Direct e-marketing communications will automatically cease if no engagement is recorded over a period of 12 months.

The lawful basis for Kensa processing your data.

General

Depending on the processing activity, we rely on the following lawful basis for processing your personal data under the GDPR:

  • Article 6(1)(a) for processing your personal data where we have your consent to do so.
  • Article 6(1)(b) which relates to processing necessary for the performance of a contract.
  • Article 6(1)(f) for the purposes of our legitimate interest.
  • Article 9(2)(a) where processing Special Category Data with your Explicit Consent.

 

For some of your personal information you will have a legal, contractual, or other, requirement or obligation to provide us with your personal information. If you do not provide us with the requested personal information, we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate our contract. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our contract with you.

Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below.

Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent, and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide certain services to you.

Our legitimate interests

The legitimate interests that we will rely upon to process your personal data include:

  • Promotion of Kensa products, services and advice related to similar ground source heat pump applications to your own.
  • Protecting customers, employees and other individuals and maintaining their safety, health, and welfare.
  • To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
  • Complying with our legal and regulatory obligations;
    – preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
    – handling customer contacts, queries, complaints or disputes;
    – protecting Kensa, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Kensa;
    – effectively handling any legal claims or regulatory enforcement actions taken against Kensa; and
    – fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.

Special category (sensitive) data: We may process medical and health, ethnicity, language and disability, pregnancy, financial situation, and bereavement status information you have provided, and any other sensitive information obtained. We will only process data that is needed for specific purposes, such as to register you on our Priority Services register if you are a Kensa Utilities customer so we can provide you with a tailored Customer Service provision. Our lawful basis for processing will be by obtaining your explicit consent or through identifying a need by physical sight, or data held such as knowing your date of birth and identifying that you meet criteria for the Priority Services register e.g. your date of birth tells us you are age 65 +.

Please be aware that the personal information you provide to us, and which we collect about you, is required for us to be able to provide our services to you and without it we may not be able to do so.

Who do we share your personal information with?

Our service providers and suppliers

Kensa has the right to share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

To make certain services available to you and to deliver our contractual obligations to you, we may need to share your personal data with some of our trusted service partners, see Annex A.

These include IT, delivery, installation, and surveying service providers, namely Kensa approved partner installers, heat loss consultants and groundwork contractors.

These service providers may use servers located in secure data centres around the world, and personal data may be stored in any one of them.

Kensa only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Kensa and to you, and for no other purposes.

Examples of service providers and their use of data are included below:

  • Data for marketing emails will be processed by Mailchimp. This includes the collection (via sign-up forms) and storage of personal data within Kensa’s Mailchimp account to allow Kensa to create and use distribution lists and send marketing email campaigns, and the transfer of personal data to certain Mailchimp sub-processors for some critical services e.g. abuse prevention. Data in Kensa’s Mailchimp account will be removed if no history of interaction within 12 months. You can read Mailchimp’s Data Processing Agreement here.
  • Data input via Kensa’s website quote form is processed by Wufoo and JotForm. This includes the collection and storage of personal data within Kensa’s Wufoo account to allow Kensa to collate information to produce an estimate and quote. Data in Kensa’s Wufoo account will be deleted after 12 months. You can read Wufoo’s Privacy Policy here. You can read JotForm’s Privacy Policy here.

Other third parties

Aside from our service providers, Kensa will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes.

We may share your data with:

  • Accreditation bodies for product and installation compliance with MCS requirements.
  • Credit reference agencies where necessary for card payments, identity checking and anti-money laundering.
  • Governmental bodies, regulators, law enforcement agencies, courts/tribunals, and insurers where we are required to do so:
    – to comply with our legal obligations;
    – to exercise our legal rights (for example in court cases);
    – for the prevention, detection, investigation of crime or prosecution of offenders; and
    – for the protection of our employees and customers.
  • Examples include the HMRC, credit reference agencies, data verification and tracing agencies, fraud prevention agencies.

Special Category Data

We may share your Special Category Data, collected from you if you are a Priority Services Register Customer with Kensa Utilities, with some of our trusted service partners. This is to enable us to make certain services available to you and to deliver our contractual obligations to you, including tailored services to your specified needs including but not limited to; large print billing, extra time to answer the door to an engineer, support with financial difficulties etc. We will only share your Special category Data with our joint Data Controllers (namely Legal and General Heat Pumps and Sky Ground Heat Pumps) should Kensa Utilities cease operation of the ground array infrastructure and ‘Step in Arrangements’ be activated.

Links to other websites

Our website may contain links to other websites of interest. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these websites’ privacy policies before you submit any personal information to them.

Protecting your data outside the UK

The data that we collect from you may be transferred to, and stored at, a destination outside the UK to third-party suppliers, delegates, or agents. We will take all necessary steps to make sure that your data is treated securely and in accordance with this privacy policy, to ensure your personal information is handled with the same protections that we apply ourselves.

We’ll only transfer your data to a recipient outside the UK where we’re permitted to do so by law (for instance, (A) where the transfer is based on standard data protection clauses adopted or approved by the UK’s Information Commissioner’s Office, (B) where the transfer is to a territory that is deemed ‘adequate’ by the UK, or (C) where the recipient is subject to an approved certification mechanism and the personal information is subject to appropriate safeguards, etc).

How do we protect your data?

Kensa is committed to keeping your personal data safe and secure.

Our security measures include:

  • Kensa’s website is HTTPS with encrypted connection. We also protect the security of your data during transmission using Secure Sockets Layer (SSL) encryption software.
  • Kensa’s website quote form, provided by Wufoo, is SSL encrypted.
  • Security controls which protect the entire Kensa IT infrastructure from external attack and unauthorised access; and
  • Internal policies setting out our data security approach and training for employees; detailed in our IT policy.
  • All individual customers are asked to provide information as a form of security questions when accessing personal account information over the telephone e.g., name address, postcode, DOB, password, last bill amount, last 4 digits of bank account paid from.

 

 

How long do we keep your data?

We will keep your personal information in accordance with our internal retention policies. We will determine the length of time we keep it for based on the minimum retention periods required by law or regulation. We will only keep your personal information after this period if there is a legitimate and provable business reason to do so.

We will not retain your data for longer than necessary for the purposes set out in this Policy.

Different retention periods apply for different types of data:
– for the purposes of MCS compliance we are required to keep data pertaining to estimates, quotes, and orders for 6 years.

If you are a Kensa Utilities Customer, when you cease to be an active customer, we will retain your personal data for a period of 7 years after you offboard. This does not include Special Category Data. Special Category data will be anonymised and used for statistical purposes only.

If your ground source heat pump, ground array or any part of your installation was funded or part funded through a government incentive, such as ERDF funding, we may need to retain your data for a longer period of up to 20 years. We will tell you before the onset of undertaking a project with you if this applies to you and highlight this in any customer service agreement or contract, we present to you.

You should always check the Privacy Policy and terms and conditions of your Customer Service Agreement for specific terms applicable to you.

Your rights

  1. The right to be informed about how we process your personal information. This right is met by the provision of this document.
  2. The right to obtain confirmation that we process personal data held about you, at any time, and if we do process your personal data, you have the right to access that data. This may be subject to a fee specified by law.
  3. The right to ask us to correct any inaccurate personal data we hold about you, free of charge.
  4. The right to ask us to erase any personal data we hold about you.

This right only applies where for example:

  • We no longer need to use the personal data we hold about you to achieve the purpose it was originally collected for.
  • You withdraw your consent if we are using your personal data based on that consent.
  • Where you object to the way we use your data, and there is no overriding legitimate interest.
  1. The right to restrict our processing of the personal data we hold about you.

This right only applies where for example:

  • You dispute the accuracy of the personal data we hold about you.
  • You would like your data erase, but we are required to hold it to stop its processing.
  • You have the right to require us to erase the personal data but would prefer we restricted the processing of the data instead.
  • Where we no longer need to process the personal data to achieve the purpose, we originally collected it for, but you need the data for legal claims.
  1. The right to object to our processing of personal data we hold about you, including for the purposes of sending marketing materials to you or using your personal information for profiling purposes).
  2. The right to receive personal data, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to make us transfer this personal data to another organisation.
  3. The right to withdraw your consent. This only applies where we are relying on your consent to use your personal data (e.g. to provide you with marketing information about services or products).
  4. For automated decisions (including profiling), you have the right to:
  • Obtain an explanation of the decision and challenge it.
  • Request for the decision to be reviewed by a human being.

The Kensa Group does not currently perform any automated decision-making based on personal data that produces legal effects or similarly affects you.

You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them, and they may not apply to personal information recorded and stored by us.

If you have any questions about any aspect of the privacy policy or wish to exercise any of your rights, including your marketing preferences, please contact the Kensa Group via the customer services team or use the Contact Us section on the relevant website.

Contact Information

If you have any questions about how Kensa uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:

Phone us on 0345 222 4328.

E-mail us at: [email protected]; or

Write to us at: The Kensa Group, Kensa House, Mount Wellington, Chacewater, Truro, TR4 8RJ.

If you have any concerns about the way we process your personal data or are not happy with the way we have handled a request by you in relation to your rights, you have the right to make a complaint to the Information Commissioner’s Office.

First Contact Team
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Annex A- Data Processors

Data processors are third parties who provide certain parts of our staff services for us. We have contracts in place with them and they cannot do anything with your personal information unless we have instructed them to do so. More information can be found here.