Privacy Policy
Maintaining the security of your data is a priority at Kensa, and we are committed to respecting your privacy rights. We pledge to always handle your data fairly and legally. Kensa is also dedicated to being transparent about what data we collect about you and how we use it. This policy may be subject to future change. Kensa is the data controller of any personal information as defined in Article 4(7) of the UK GDPR.1. What does this policy cover?
This notice applies to our current and former customers, including but not limited to individual persons, sole traders and businesses. This policy does not form part of any contract.
“Kensa” is a trading name of: Kensa Group Limited (No. 05367753), Kensa Heat Pumps Limited (No. 03739805), Kensa Contracting Limited (No. 08166502), Kensa Utilities Limited (No. 10044238). References to “we,” “our” or “us” in this privacy policy are to Kensa and any of its subsidiaries. Registered in England. VAT Group No. 945676771.
Our Data Protection Lead, Martin Williams, oversees our compliance with data protection legislation. Contact details are in the “Contacting Us” section.This privacy policy relates to retail customers and/or any individual consumers of our goods and/or services, including users of our application-based technology, including PREDICT, and those individuals who request/obtain quotes, utilise our services, purchase our products, enter into agreements with us, or individuals that we may otherwise interact with us during our business. It also applies to sole traders and business customers. We have a separate policy for employees, volunteers, contractors and associate working for or on behalf of Kensa.
This policy provides you with information about:
· What personal data we collect
· Where we get our information from
· How we use your data
· The legal basis for Kensa processing your data.
· Who we share your personal information with
· How long we keep your data.
· How we protect your data
· Your rights
· Contact information.
Kensa may change this policy by updating this page. You should regularly check this page to ensure that you are happy with any changes. This policy is effective from 01.01.2025.
2. About Us
This privacy policy applies to customers of ”Kensa”, (collectively referred to as “we or “us” in this policy).
For UKGDPR and the Data Protection Act 2018 we are the data controller for your personal data. Kensa are registered with the Information Commissioner’s Office in the UK with reference numbers:
· Kensa Heat Pumps: ZA163920
· Kensa Contracting: ZA163929
· Kensa Group: ZA163932
· Kensa Utilities: ZA513781
3. What personal data we collect
When we talk about personal information, we mean information about an individual that can identify them, like their name, address, e-mail address, telephone number and financial details. It can relate to customers (including prospective customers), their appointed representatives (e.g. powers of attorney or a nominated person who may act as a third party-
advocate. Any reference to “information” or “data” in this policy is a reference to personal information about a living individual.
Type of Data
Description
Examples of how we use it
4. How we might use your data
Purpose
Personal Information Used
Lawful Basis
Table
5. Where do we get your information from?
· Directly from you- when you request a quote, or estimate, place an order, fill out any forms on any of the Kensa websites, correspond with us, whether by phone, email, or chat facility, sign up for our newsletter, sign a contract, or connect via Wi-Fi or phone app to upload how the heat pump is operating to our secure Kensa Server.
· Information we collect from other sources- this could be information you provide to us electronically (through our website, via Wi-Fi or phone app to upload how the heat pump is operating to our secure Kensa Server, chat server or email.
· Information from a third party-tracing agencies, credit referencing agencies, or publicly available sources such a s social media platform or the electoral register; or if you have been introduced to us by another company such as a developer, housing association, registered social landlord or Management Company.
Additionally, if you are a Kensa Utilities customer we may offer you to register on our Priority Services Register. This is a register of people who qualify for additional support based the following situations:
· are age 65+.
· are disabled or have a long-term medical condition.
· are recovering from an injury.
· have a hearing or sight condition.
· have a mental health condition.
· are pregnant.
· have a child under the age of 5 years old.
· have extra communication needs, e.g., English is not your first language, or you do not read English well.
· have a condition which is affected by the cold or suffer from the effects of the cold more.
· would struggle to answer the door or get help in an emergency.
· have financial insecurity.
When you are asked if you would like to be added to the Priority Services Register due to any of the above criteria, you have the right to refuse to specify under which criteria you qualify. Kensa recognises that much of the data held in the Priority Services Register is Special Category Data. We use this data to be able to provide you with tailored services as a Kensa Utilities Customer e.g. large print billing, extra time to answer the door to an engineer, support with financial difficulties etc. We only share this data with specified third parties, for example.
a) with our contractors who perform tasks for us as part of operating and maintaining our ground array infrastructure, on a need-to-know basis to be able to ensure that you, the customer, are supported correctly.
b) in the unlikely event that another company should have to manage the infrastructure under ‘Step in Arrangements.’
You have the right to erase your Special Category Data from your customer file at any time by contacting Customer Services.
This list is not exhaustive, and, in specific instances, we may need to collect additional data for the purposes set out in this Policy.
6. How we use your data
General
We require this information to understand your needs and provide you with a better service, and for the following reasons:
· To carry out our obligations arising from any contracts, business or commercial agreements entered between you and us and to provide you with the information, products, and services that you request from us, including the provision of an estimate and quote, and fulfilment of an order and after-sales support.
· To enable responses in the event of a system failure or installation query, carry out servicing or maintenance.
· To provide you with advice and marketing information about other goods and services we offer that are like those that you have already purchased or enquired about which we think may interest you. If you have opted in to receive marketing information, based on your marketing preferences we may deliver this information by post, telephone, e-mail, SMS, or personalised online marketing via our own systems such as social media platforms and/or other third-party websites e.g. YouTube. Please not that if you choose not to receive online marketing, you will not see personalised marketing messages using your personal data, however you may still see generic online advertising about our products and services. We will not sell your data to third parties for them to market to you.
· To ensure that content from our site is presented in the most effective manner for you and for your computer.
· To maintain the accuracy and consistency of your information for all your products across the Kensa group.
· To tell you about changes to our services and products.
· To comply with applicable legal or regulatory requirements (including ‘know your customer’ checks, or to comply with regulatory reporting or disclosure requirements.’
· Internal record keeping; and
· Where we have a legal right or duty to use or disclose your information (for example in relation to registration with the Microgeneration Certification Scheme (MCS).
· To run our business in an efficient and proper way. This includes testing our systems, managing our financial position, business capability, planning, communications, corporate governance, and audit.
When you apply for a product or to receive a service from us, the application form you fill out or the resulting contract may contain additional conditions relating to the way we use and process your personal information. These will apply in addition to the uses described in this document.
In some cases, we may use software or systems to make automated decisions (including profiling) based on the personal information we hold or collect from others. These may include:
· The prevention and detection of fraud and financial crime To perform transaction monitoring, identity verification, money laundering and sanctions checks, and to identify politically exposed individuals. We are required by law to perform these activities which may be achieved using solely automated means to make decisions about you or any individual related to your products or application. We may use these activities to decline the services you have requested or to stop providing existing services to you.
· Servicing activities such as (i) Personalising the content and design of communications and online services and (ii) Determining when to provide tailored communications about your Kensa products (e.g. as a result of changes in your personal circumstances or lifestyle) and the appropriate channels to use These may be achieved using profiling in order to predict certain characteristics about you (e.g. your economic situation, interests, personal preferences or health). The activities will not have a detrimental effect on you.
Marketing
Kensa aims to update you about news, products & services which are of interest and relevance to you as an individual or business with regards to Kensa ground source heat pumps.
If you have requested an estimate, quote or ordered with us, or if you have expressed a commercial interest or Kensa has identified a mutual interest, or you have opted in to receive marketing communications via our newsletter form, Kensa may send you emails and / or postal marketing on the basis of consent or legitimate interest, which may contain relevant advice, news and case studies to assist with your installation to ensure you make the most of your ground source heat pump, or assist with your selection of a ground source heat pump in instances where Kensa has identified you would be looking for a heating system.
Direct marketing will adhere where appropriate to the Privacy and Electronic Communications Regulations, UK Advertising Codes, and UK Data Protection Legislation.
Individuals have the right to withdraw consent at any time. We will cease to process data if consent is withdrawn.
If you have opted in to receive our newsletter, Kensa will send you monthly emails containing relevant advice, news, and case studies with regards to ground source heat pumps.
You have the right to opt out of marketing communications at any time, by:
· Making use of the simple “unsubscribe” link in emails; and/or · Making use of the simple “opt-out” form here; and/or
· Contacting Kensa via the contact channels set out in this Policy.
Direct e-marketing communications will automatically cease if no engagement is recorded over a period of 12 months.
7. The lawful basis for Kensa processing your data.
General
Depending on the processing activity, we rely on the following lawful basis for processing your personal data under the GDPR:
• Article 6(1)(a) for processing your personal data where we have your consent to do so.
• Article 6(1)(b) which relates to processing necessary for the performance of a contract.
• Article 6(1)(f) for the purposes of our legitimate interest.
• Article 9(2)(a) where processing Special Category Data with your Explicit Consent.
For some of your personal information you will have a legal, contractual, or other, requirement or obligation to provide us with your personal information. If you do not provide us with the requested personal information, we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate our contract. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our contract with you.
Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the "Contacting us" section below.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent, and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide certain services to you.
Our legitimate interests
The legitimate interests that we will rely upon to process your personal data include:
· Promotion of Kensa products, services and advice related to similar ground source heat pump applications to your own.
· Protecting customers, employees and other individuals and maintaining their safety, health, and welfare.
· To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
· Complying with our legal and regulatory obligations; - preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies; - handling customer contacts, queries, complaints or disputes;
- protecting Kensa, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Kensa; - effectively handling any legal claims or regulatory enforcement actions taken against Kensa; and - fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
Special category (sensitive) data: We may process medical and health, ethnicity, language and disability, pregnancy, financial situation, and bereavement status information you have provided, and any other sensitive information obtained. We will only process data that is needed for specific purposes, such as to register you on our Priority Services register if you are a Kensa Utilities customer so we can provide you with a tailored Customer Service provision. Our lawful basis for processing will be by obtaining your explicit consent or through identifying a need by physical sight, or data held such as knowing your date of birth and identifying that you meet criteria for the Priority Services register e.g. your date of birth tells us you are age 65 +.
Please be aware that the personal information you provide to us, and which we collect about you, is required for us to be able to provide our services to you and without it we may not be able to do so.
9. Protecting your data outside the UK
The data that we collect from you may be transferred to, and stored at, a destination outside the UK to third-party suppliers, delegates, or agents. We will take all necessary steps to make sure that your data is treated securely and in accordance with this privacy policy, to ensure your personal information is handled with the same protections that we apply ourselves.
We’ll only transfer your data to a recipient outside the UK where we’re permitted to do so by law (for instance, (A) where the transfer is based on standard data protection clauses adopted or approved by the UK’s Information Commissioner’s Office, (B) where the transfer is to a territory that is deemed ‘adequate’ by the UK, or (C) where the recipient is subject to an approved certification mechanism and the personal information is subject to appropriate safeguards, etc).
10. How do we protect your data?
Kensa is committed to keeping your personal data safe and secure.
Our security measures include:
· Kensa’s website is HTTPS with encrypted connection. We also protect the security of your data during transmission using Secure Sockets Layer (SSL) encryption software.
· Kensa’s website quote form, provided by Wufoo, is SSL encrypted.
· Security controls which protect the entire Kensa IT infrastructure from external attack and unauthorised access; and
· Internal policies setting out our data security approach and training for employees; detailed in our IT policy.
· All individual customers are asked to provide information as a form of security questions when accessing personal account information over the telephone e.g., name address, postcode, DOB, password, last bill amount, last 4 digits of bank account paid from.
11. How long do we keep your data?
We will keep your personal information in accordance with our internal retention policies. We will determine the length of time we keep it for based on the minimum retention periods required by law or regulation. We will only keep your personal information after this period if there is a legitimate and provable business reason to do so.
We will not retain your data for longer than necessary for the purposes set out in this Policy.
Different retention periods apply for different types of data: - for the purposes of MCS compliance we are required to keep data pertaining to estimates, quotes, and orders for 6 years.
If you are a Kensa Utilities Customer, when you cease to be an active customer, we will retain your personal data for a period of 7 years after you offboard. This does not include Special Category Data. Special Category data will be anonymised and used for statistical purposes only.
If your ground source heat pump, ground array or any part of your installation was funded or part funded through a government incentive, such as ERDF funding, we may need to retain your data for a longer period of up to 20 years. We will tell you before the onset of undertaking a project with you if this applies to you and highlight this in any customer service agreement or contract, we present to you.
You should always check the Privacy Policy and terms and conditions of your Customer Service Agreement for specific terms applicable to you.
12. Your rights
1. The right to be informed about how we process your personal information. This right is met by the provision of this document.
2. The right to obtain confirmation that we process personal data held about you, at any time, and if we do process your personal data, you have the right to access that data. This may be subject to a fee specified by law.
3. The right to ask us to correct any inaccurate personal data we hold about you, free of charge.
4. The right to ask us to erase any personal data we hold about you.
This right only applies where for example:
· We no longer need to use the personal data we hold about you to achieve the purpose it was originally collected for.
· You withdraw your consent if we are using your personal data based on that consent.
· Where you object to the way we use your data, and there is no overriding legitimate interest.
5. The right to restrict our processing of the personal data we hold about you.
This right only applies where for example:
· You dispute the accuracy of the personal data we hold about you.
· You would like your data erase, but we are required to hold it to stop its processing.
· You have the right to require us to erase the personal data but would prefer we restricted the processing of the data instead.
· Where we no longer need to process the personal data to achieve the purpose, we originally collected it for, but you need the data for legal claims.
6. The right to object to our processing of personal data we hold about you, including for the purposes of sending marketing materials to you or using your personal information for profiling purposes).
7. The right to receive personal data, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to make us transfer this personal data to another organisation.
8. The right to withdraw your consent. This only applies where we are relying on your consent to use your personal data (e.g. to provide you with marketing information about services or products).
9. For automated decisions (including profiling), you have the right to:
· Obtain an explanation of the decision and challenge it.
· Request for the decision to be reviewed by a human being.
Kensa does not currently perform any automated decision-making based on personal data that produces legal effects or similarly affects you.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them, and they may not apply to personal information recorded and stored by us.
If you have any questions about any aspect of the privacy policy or wish to exercise any of your rights, including your marketing preferences, please contact Kensa via the customer services team or use the contact us section on our website.