Who We Are
Quoteboiler LTD is the data controller for personal data collected through quoteboiler.com. We are registered in England and Wales (Company No. [XXXXXXXX]) and registered with the Information Commissioner's Office (ICO Registration No. [XXXXXXXX]).
Contact: privacy@quoteboiler.com
Address: [Registered address]
What Data We Collect
We collect only what we need to run the service:
- Identity data: Your name and, for engineers, your business name and Gas Safe registration number
- Contact data: Email address and phone number
- Property data: Your postcode and details about your boiler and property (for homeowners)
- Usage data: Pages visited, quote requests submitted, and how you interact with the platform
- Payment data: For engineers, payment processing data handled securely by Stripe. We do not store card details on our servers
- Communications data: Messages sent through the platform between homeowners and engineers
Why We Collect It (Legal Basis)
- To perform our service (contract): Matching homeowners with engineers, delivering quotes, processing payments
- Legitimate interests: Improving the platform, preventing fraud, sending service-related communications
- Legal obligation: Maintaining records for tax and compliance purposes
- Consent: Marketing emails β only if you opt in. You can withdraw consent at any time
Who We Share Your Data With
We share your data only where necessary:
- Gas Safe registered engineers: Your name, postcode, and job details are shared with matched engineers so they can provide quotes
- Stripe: For secure payment processing (engineers only). Stripe is PCI DSS compliant
- Analytics providers: Google Analytics and Microsoft Clarity for site usage data (anonymised where possible)
- Hosting and infrastructure providers: Under data processing agreements that require them to protect your data
We never sell your data to third parties. We never share it for advertising purposes.
How Long We Keep Your Data
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. The table below sets out our specific retention periods:
- Homeowner account data (name, email, phone): Retained while your account is active, plus 2 years after closure or last login, whichever is later. You may request deletion at any time (see Your Rights below).
- Quote requests and job details: 6 years from the date of submission, in accordance with the UK Limitation Act 1980 and HMRC record-keeping obligations.
- Engineer registration data (including Gas Safe documents): For the duration of the engineer's registration on the platform, plus 6 years following deregistration.
- Financial transaction records (wallet credits, lead purchases): 7 years, as required by UK tax and accounting law.
- Marketing consent and preferences: Until you withdraw consent or unsubscribe. Withdrawal does not affect the lawfulness of any processing prior to withdrawal.
- Customer support communications: 3 years from the date of the last communication.
- Session and authentication tokens: 8 hours (automatically invalidated; no persistent storage).
- Cookie consent records: 12 months from the date consent was given. We will ask for renewed consent after this period.
- Server and access logs: 90 days, retained for security and fraud prevention purposes only.
At the end of the relevant retention period, data is securely deleted or anonymised so that it can no longer be associated with an individual.
Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
Access
Request a copy of all personal data we hold about you
Correction
Ask us to correct inaccurate or incomplete data
Deletion
Request deletion of your data ("right to be forgotten")
Restriction
Ask us to restrict processing in certain circumstances
Portability
Receive your data in a portable, machine-readable format
Objection
Object to processing for marketing or legitimate interests
To exercise any of these rights, email privacy@quoteboiler.com. We will respond within 30 days. There is no charge for making a request.
Cookies
We use two types of cookies:
- Essential cookies: Required for the website to function (login sessions, form security). These cannot be disabled.
- Analytics cookies: Google Analytics and Microsoft Clarity help us understand how visitors use the site. These are only set with your consent via our cookie banner.
You can manage your cookie preferences at any time by clicking the "Cookie Settings" link in the website footer.
Data Security
We take security seriously:
- All data is stored in encrypted databases with restricted access
- Our website uses HTTPS (SSL encryption) throughout
- We do not store payment card details β Stripe handles all payment data
- Access to personal data is limited to authorised personnel only
- We have a data breach response plan in place and will notify the ICO within 72 hours of any breach, as required by law
International Transfers
Your data is stored and processed within the UK and European Economic Area (EEA). Where any processing occurs outside the EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by email or by displaying a prominent notice on the website. The "last updated" date at the top of this page will always reflect the most recent version.
Complaints
If you are unhappy with how we handle your personal data, please contact us first at privacy@quoteboiler.com β we'd like the chance to put things right.
If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF