This Privacy Notice explains how BOXT Limited processes the personal data of our customers and users of our website and App.
BOXT Limited is a company registered in England and Wales (registered company number 08086606). Our registered office is at 3320 Century Way Thorpe Park, Leeds, West Yorkshire, England, LS15 8ZB. We are the data controller of your personal data and we process your personal data in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation.
At BOXT we understand how critical it is to keep your personal data safe. We are committed to ensuring that you receive the first class service you expect from us, and that your privacy is protected when you shop with us and use our website and our App.
This Privacy Notice explains what personal data we collect about you, how we use it and what your rights are in respect of your personal data. Please read this Privacy Notice carefully and get in touch with us (using the contact information provided below) if you have any questions or concerns.
We may update and amend this Privacy Notice from time to time. When we do so, we’ll publish the revised version on our website and our App. This Privacy Notice was last updated in February 2023.
1. How do we collect your personal data?
We may collect your personal data in a number of ways, for example:
- when you access and navigate around our website or App;
- when you make an enquiry about or request a quote for one of our products or services;
- when you communicate with us by email, phone or via our website or mobile application; and
- when you sign up to receive our emails and other updates.
2. What types of personal data do we collect about you?
We may collect the following types of personal data about you:
- your name and contact details, including your postal address, telephone number, and email address;
- records of your communications and correspondence with us, for example your messages to our customer service team;
- financial and wealth related information, including your payment details and, if you are purchasing a product via our Boxt Life subscription service, information about your financial history and creditworthiness;
- property related information, including your property type (i.e. whether you live in a flat or detached house and the number of bedrooms and bathrooms you have), and photos of your property (before and after product installation or when joining one of our cover plans), a limited amount of which may be your personal data.
3. What are our legal bases and purposes for processing your personal data?
We may process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract with you - namely a contract for the purchase of one of our products or services.
In this respect, we may use your personal data for the following:
- answering your enquiries about our products and services;
- processing your request for a quote;
- setting you up and liaising with you as a customer;
- managing your purchase, pre- and post-installation;
- outsourcing the installation of our products, including by independent contractors and engineers; and
- collecting payment from you.
We may process your personal data because it is necessary for our or a third party’s legitimate interests. Our “legitimate interests” include our interests in operating our business and our website in a commercial and user-friendly way.
In this respect, we may use your personal data for the following:
- keeping records of your communications with us, so that we have a record of the enquiries that we receive through our website and of our correspondence in respect of your purchase;
- outsourcing selected website and service functions to third parties for the purposes of the efficient management of our website; and
- monitoring, evaluating and improving the performance and effectiveness of our website and our services, including by training our staff and engineers and monitoring their performance.
We may process your personal data because it is necessary for compliance with our legal and regulatory obligations.
In this respect, we may use your personal data for:
- regulatory compliance and associated record keeping purposes, for example with Building Control, Gas Safe and NICEIC;
- compliance with our obligations under all laws applicable to our business, including tax laws and directions from HM Revenue and Customs; and
- compliance with applicable regulatory rules, including Financial Conduct Authority rules and building regulations.
We may also process your personal data for other reasons where:
- it is necessary for the establishment, exercise or defense of legal claims (for example, to protect and defend our rights or property including intellectual property rights in and to our brand, the website, the App and any of its content and/or when enforcing contractual rights or bringing claims under any of our contracts with you, other customers or our staff or engineers); and
- we have your specific or, where necessary, explicit consent to do so (for example, where we need your consent to send you our marketing communications by email).
Given the volume of customers we deal with, we use automated systems to:
- match you with an engineer, for example based on their availability and proximity; and
- communicate with you via our chat service.
You have the right to express your point of view (including providing any additional information that you want us to consider) and to contest any automated decisions by contacting us using the details set out in this Privacy Notice. A member of our team will then consider the matter.
4. How long do we store your personal data?
When you start the checkout process we also store your information securely in our database for a period of 3 months in case you start a finance application and come back to us later to complete your purchase. After 3 months, if you choose not to continue with your purchase, we automatically delete this information.
If you purchase one of our products or services we may ask for photos of your property. Our engineers use these photos to review your order and check that the product and/or service you’ve purchased will work for your property. We need to store these photos so that we can send them to the engineer who will be installing, maintaining or repairing the product. We will continue to store these photos and all information relating to the installation securely for 10 years after your installation date.
We will retain your other personal data for as long as we are interacting with you via our website, our App and/or under our agreement for the sale of our products or services to you; for as long as necessary to keep in touch with you, where you have asked for us to do so (for example if you sign up for our mailing lists); and for as long as permitted or required for legal and regulatory purposes after the last interaction we have with you.
Subject to any other notices that we may provide to you, we may retain your personal data for a period of 10 years after your last interaction with us. However, some information may be retained for longer than this, for example in order to defend legal claims or for other specific regulatory compliance purposes (including Building Control Regulations) or legal requirements.
5. Who do we share your personal data with?
For the purposes referred to in this Privacy Notice and relying on the bases for processing as set out above, we may share your personal data with certain third parties, including:
- our independent contractors and engineers who will install your product or deliver the services;
- if you choose to pay for our products by finance, with our third party finance provider Divido (who will require additional information from you, which will also be shared with our lenders Allium Money Limited and/or Novuna Consumer Finance to assess your suitability for our finance products);
- if you choose to apply for a product installation through our subscription service BOXT Life:
- with Equifax, a third party credit reference and fraud prevention agency. (They will provide us with certain information about you, such as your financial history so that we can assess your creditworthiness, verify your identity and prevent criminal activity);
- with BrightOffice, who provide us with software which helps us manage your application and, if successful, your product hire;
- with GoCardless, to create a direct debit mandate; and
- with other credit reference and fraud prevention agencies to prevent fraud and money laundering and to verify your identity;
- product manufacturers (such as Bosch), in order to register your product warranty;
- our suppliers (such as Plumbing Trade Supplies) and our delivery companies to enable your products to be delivered to your home on your chosen day of the installation;
- providers of outsourced services to us (for example any third party we engage to administer our website and App on our behalf, and the providers of ‘back office’ functions and tools);
- Intercom, to track website usage statistics, to support customer conversations and to store customer contact information in order to help us deliver the best possible customer support;
- Segment.io, Inc., which documents your interactions on our website and mobile application to capture marketing and product-related customer information in order to offer the best digital experience to our customers;
- Google APIs, to identify individuals who share similar characteristics and interests to our customers, but who are not currently customers, in order to generate new leads;
- other third parties who enable us to better understand our customers and to create the best customer experience. These third parties may combine the personal information our customers provide about themselves with information that can be obtained from other sources, in order to classify our customers (for example using shopping habits, information regarding their personal or professional interests, demographics, and experiences with our products);
- HomeServe Group, if you choose to opt-in to receive emails including quotes for our products, recommended products or incomplete orders;
- Twilio, to communicate with you via SMS about your purchase and other products and services which may be of interest to you, before and after installation;
- Yieldify, if you choose to opt-in to receive emails including quotes for our products, recommended products or incomplete orders;
- our internal and external auditors and our professional advisors; and
- our regulators, including Gas Safe, NICEIC, Building Control and the Financial Conduct Authority.
- If you register your interest in a Solar PV and battery storage installation we will also need to share your personal information with OpenSolar, who provide software which helps us manage your proposal and if you agree to go ahead, your payments for the installation.
If you would like information about how these third parties use your personal data, please contact them or ask us to help you locate their Privacy Notices.
6. Do we transfer your personal data internationally?
Your personal data may be shared within the European Economic Area (EEA), to the extent required for business management purposes. As a matter of course, we do not transfer your personal data outside the EEA. We may, however, transfer your personal data around the world on an ad hoc basis. In such circumstances, we will consider whether any additional measures are required in order to give adequate protection for the information when it is transferred outside of the EEA and further, specific information will be provided to affected individuals as needed.
7. When and how will we contact you?
During the process of organising, installing and registering your product we may contact you by phone, email or text message in order to check your details, let you know important information about your product and its installation and also to check that you are happy with our service after the installation has been completed.
If you choose to opt-in to receive marketing from us (by clicking the relevant checkbox in the checkout process) we may get in touch with you by phone or email to let you know about new products and services. You can unsubscribe at any time from these marketing emails by clicking “Unsubscribe” at the bottom of any email from us. If you unsubscribe from marketing emails please note that you may still receive service emails from us about the product(s) you have purchased.
If you visit our website, you may receive personalised ads via interest-based advertising whilst browsing other websites and social media networks. Any ads you see will be related to products and services you have viewed whilst browsing our website on your computer/devices. These advertisements are provided by us via Google, Facebook, Bing and Yahoo using 'cookies' placed on your computer/devices. Please see our Cookies Policy for more information, including how to deactivate cookies.
8. What are your rights in respect of your personal data?
You have the following rights in relation to our processing of your personal data:
- to obtain access to, and copies of, the personal data that we hold about you;
- to require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data in certain circumstances;
- to require us to restrict our data processing activities in certain circumstances;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and
- where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.
Please note that these rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
If you have given your consent (e.g. to receive our newsletters) and you wish to withdraw it, please contact [email protected]. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
If you are not satisfied with how we are processing your personal data, you can raise a concern with the UK Information Commissioner. You can also find out more about your rights under data protection legislation from the Information Commissioner's Office website available at: www.ico.org.uk.
9. How can you contact us?
- By post: BOXT Limited, 3320 Century Way, Thorpe Park, Colton, Leeds LS15 8ZB; or
- By email: [email protected].