top of page

Privacy Policy

Last updated: 14 November 2025

This Privacy Policy explains how Heatio Limited (“Heatio”, “we”, “us” or “our”) collects, uses and protects your personal data when you use our website and related online services.
We are committed to protecting your privacy and handling your personal data in a fair and transparent manner.

1. Who we are and how to contact us

Heatio Limited is the controller of your personal data when you use our website and when we communicate with you about our products and services.

 

Legal entity: Heatio Limited

Registered office: Edward Pavilion, Royal Albert Dock, Liverpool, Merseyside, England, L3 4AF

Company number: 14044906

VAT number: GB 428 4677 63

Email: hello@heatio.com

Telephone: 0151 540 3998
 

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

You also have the right to raise concerns at any time with the UK data protection regulator, the Information Commissioner’s Office (ICO), but we would welcome the chance to deal with your concerns first.

 

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • Visitors to our website and landing pages;

  • Homeowners and occupiers who submit information through our online forms or journeys;

  • Installers, partners and other business users who interact with us via the website or our digital tools;

  • People who receive our marketing communications or contact us with enquiries.
     

This Privacy Policy does not cover how our business customers (for example, installers or partners) handle personal data in their own systems. In those cases, they are responsible for providing their own privacy information.

In some projects we may act as a processor on behalf of a business customer. Where that is the case, our processing of personal data is governed by our contract with that customer and their privacy notice will apply.

 

3. The data we collect about you

The personal data we collect depends on how you use our website and services. We may collect and process the following categories of data:


3.1 Data you provide directly

  • Contact details – name, email address, telephone number, company name, job title.

  • Account details – login credentials (username, password) and profile information if you create an account.

  • Property information – address, property type, size, construction details and other information about your home or building that you provide through our forms or tools.

  • Enquiry details – information you enter when you request a demo, ask for a quote, register interest in a pilot or submit questions through our website.

  • Marketing preferences – your choices about receiving marketing communications from us.

  • Feedback and survey responses – information you provide when giving feedback, participating in surveys or providing testimonials.
     

3.2 Data we collect automatically
When you use our website, we may automatically collect:

  • Technical data – IP address, browser type and version, device type, operating system, time zone setting and similar technical information.

  • Usage data – information about how you use our website, such as pages viewed, links clicked, time spent on pages and referral sources.

  • Log data – error logs and diagnostic information to help us maintain and secure the website.

This information is typically collected using cookies and similar technologies. For more details, please see our Cookie Policy.
 

3.3 Data from third parties

We may receive personal data about you from third parties, for example:

  • Our business partners (such as installers, finance providers or energy businesses) where you have interacted with them and they refer you to us or invite you into a Heatio journey;

  • Analytics and advertising partners, who may provide aggregated insights about how users interact with our website;

  • Public sources, such as property datasets and registers, where permitted by law.

 

4. How we use your personal data and legal bases

We only use your personal data when we have a valid legal basis to do so under UK data protection law. The main purposes and legal bases are:

 

4.1 To provide our website, tools and services

Allow you to access and use our website, tools and any account you create.

 

  • Responding to your enquiries, demo requests or support questions.

  • Legal basis: performance of a contract or taking steps at your request before entering into a contract; our legitimate interests in operating our business and providing services.

4.2 To run homeowner and business journeys

Collecting information about your property to generate indicative insights, scores or simulations.

  • Sharing your enquiry and relevant property information with a participating installer or partner, where you ask us to connect you.

  • Legal basis: performance of a contract or taking steps at your request; our legitimate interests in enabling low-carbon and energy-efficiency projects.

4.3 To improve and develop our products

Analysing how our website and tools are used to improve design and usability.

  • Developing and testing new features, models and services.

  • Producing aggregated and anonymised statistics for reporting and research.

  • Legal basis: our legitimate interests in improving our products and understanding how they are used.

 

4.4 Marketing and communications

Sending you information about our products, pilots, events and insights that we think may be relevant to you.

 

  • Managing your communication preferences and unsubscribes.

  • Legal basis: your consent (where required by law, for example, for certain email marketing); our legitimate interests in promoting and growing our business, where consent is not required and you have not opted out.

  • You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us.

 

4.5 Security, fraud prevention and legal compliance

Monitoring and protecting our website, systems and data against fraud, misuse and security incidents.
 

  • Complying with legal and regulatory obligations, including tax, accounting and reporting requirements.

  • Establishing, exercising or defending legal claims.

  • Legal basis: compliance with legal obligations; our legitimate interests in protecting our business, customers and systems.

 

If we rely on your consent to process personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

 

5. Sharing your personal data

We may share your personal data with:

 

  • Service providers who help us operate our website and services (for example, hosting providers, customer relationship management tools, analytics providers, email and communication platforms).

  • Installers, lenders or other partners where you have asked us to connect you or where a journey is clearly co-branded and you submit information for their review.

  • Professional advisers such as lawyers, accountants and auditors.

  • Regulators and authorities where we are required to do so by law or in order to protect our rights or the rights of others.

  • Potential buyers or investors in the event of a merger, acquisition, corporate restructuring or similar transaction, where appropriate safeguards are in place.
     

We require our service providers to handle your personal data securely and only in accordance with our instructions and applicable law.

We do not sell your personal data.

 

6. International transfers

Some of our service providers or partners may be based outside the United Kingdom or the European Economic Area (EEA), so their processing of your personal data may involve a transfer of data to countries that have different data protection laws.

Where we transfer personal data outside the UK/EEA, we take steps to ensure an appropriate level of protection, for example by:

  • Relying on an adequacy decision (where the destination country is recognised as providing an adequate level of protection); or

  • Putting in place standard contractual clauses or equivalent safeguards approved under data protection law.
     

You can contact us if you would like more information about the safeguards we use for international transfers.

 

7. Data retention – how long we keep your data

We will keep your personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

In determining the appropriate retention periods, we consider:

  • The amount, nature and sensitivity of the personal data;

  • The potential risk of harm from unauthorised use or disclosure;

  • The purposes for which we process the data and whether we can achieve those purposes by other means;

  • Legal and regulatory requirements.
     

By way of example:

  • Basic contact and enquiry records are typically kept for up to 6 years after our last meaningful interaction with you (to manage our relationship and handle any claims).

  • Technical and analytics data is typically kept for shorter periods and may be anonymised or aggregated sooner.
     

We may retain anonymised or aggregated data indefinitely, as it no longer identifies you.

 

8. Security of your personal data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration or disclosure.

  • These measures include, where appropriate:

  • Access controls and authentication;

  • Encryption in transit and/or at rest;

  • Regular monitoring, logging and back-ups;

  • Internal policies and staff training.
     

However, no system can be completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

 

9. Your data protection rights

Under data protection law, you may have the following rights in relation to your personal data (subject to certain conditions and exceptions):

  • Right of access – to obtain a copy of your personal data and information about how we process it.

  • Right to rectification – to have inaccurate or incomplete data corrected.

  • Right to erasure – to ask us to delete your personal data in certain circumstances.

  • Right to restriction – to ask us to restrict the processing of your personal data in certain circumstances.

  • Right to data portability – to receive personal data you provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible.

  • Right to object – to object to our processing of your personal data where we rely on legitimate interests (including profiling), and to object at any time to direct marketing.

  • Right to withdraw consent – where we rely on consent, you can withdraw it at any time.
     

To exercise any of these rights, please contact us using the details in section 1. We may need to request specific information from you to help us confirm your identity and ensure your right to access your data (or to exercise any of your other rights).

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data. Further information is available on the ICO’s website.

 

10. Cookies and similar technologies

We use cookies and similar technologies to:

  • Make our website work and keep it secure;

  • Understand how our website is used;

  • Improve performance and user experience;

  • Support analytics and, where applicable, marketing activities.
     

For detailed information about the cookies we use, the purposes for which we use them and how you can manage your preferences, please see our Cookie Policy.

 

11. Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

 

12. Children

Our website and services are not directed at children and we do not knowingly collect personal data from children under 16 without appropriate consent. If you believe that a child has provided us with personal data without proper consent, please contact us and we will take appropriate steps to delete that data.

 

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors.

When we make changes, we will update the “Last updated” date at the top of this page. In the case of significant changes, we may also notify you by email (where appropriate) or by a notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

bottom of page