LeadsUK Ltd t/a iHeat takes the privacy of personal data seriously and the legal and compliant treatment of this data is at the core of our operations.

We therefore ask you to please read the following important information which explains how we collect, store and use your personal data.

1. Who we are

Controller: LeadsUK Ltd t/a iHeat (Company No. 10884911), registered office: Building 18, Gateway 1000, Arlington Business Park, Whittle Way, Stevenage, England, SG1 2FP.

LeadsUK Ltd is authorised and regulated by the Financial Conduct Authority (FRN 843673) as a credit broker (not a lender). Credit is provided by a panel of lenders.

2. What we mean by personal data

Personal data is information that identifies or can identify you, either on its own or when combined with other information.

3. How we collect data & what we collect

We collect data when you use our website and forms, contact us, request quotes, place orders, enter finance applications, interact with our ads, or via referrals/partners.

Data we may collect includes: name, contact details (address, email, phone), property details, usage needs, installation photos, order history, payment status, communication preferences; identity/verification data (e.g., ID document details where required); finance-related application data handled with our lenders (they act as separate controllers); technical data (IP, device, log data) for security and analytics.

4. Our lawful bases

We process data where one or more of the following apply:

• Performance of a contract (e.g., providing quotes, supplying and installing products, servicing).
• Legal obligations (e.g., finance, tax, anti-money laundering, FCA requirements, warranties).
• Legitimate interests (e.g., running and improving our services, customer support, direct marketing to existing customers, fraud prevention). We balance these interests against your rights.
• Consent (e.g., optional email/SMS marketing where required). You can withdraw consent at any time.

5. How we use your information

• To provide quotes, supply/install products, manage orders, warranties and aftercare.
• To arrange finance via lenders you select (they will provide their own privacy notices).
• To communicate about your order, appointments, and service updates.
• To improve our website, services, and customer experience (analytics, testing).
• To comply with law and respond to regulators and lawful requests.

6. Marketing communications

We may use your details to tell you about products, services, promotions, and offers. We may contact you via:

• Email (newsletters, updates, offers)
• Telephone (customer care or sales calls)
• SMS/Text (appointment reminders, service updates, offers)
• Postal mail (service/offer letters)

We’ll only send electronic marketing where permitted (e.g., consent, or soft opt-in for similar products to existing customers). You can opt out at any time:

• Emails: use the unsubscribe link.
• SMS: reply STOP.
• Phone/post: contact us at [email protected] or 0333 305 6880.

If you withdraw consent or opt out, we’ll keep a minimal suppression record to ensure we don’t contact you again.

Profiling & finance decisions: for credit/affordability checks and fraud prevention, lenders and credit reference agencies may use automated decision-making. They provide separate notices explaining these processes.

7. Who we share data with & international transfers

We share data when necessary with trusted recipients, including:

• Installation partners and engineers (e.g., our sister company iHeating Solutions Ltd and vetted subcontractors) to fulfil your order.
• Technology providers (hosting, CRM, email/SMS platforms, analytics, payments, document e-signature).
• Finance partners/lenders (where you request finance), identity verification and fraud-prevention providers.
• Professional advisers, insurers, regulators and law enforcement where required.

Some providers may process data outside the UK. Where this happens, we use safeguards such as UK adequacy regulations or standard contractual clauses.

8. How we protect your information

We apply technical and organisational measures appropriate to the risk (access controls, encryption in transit, secure data centres, staff training, vendor due diligence). We test and review controls regularly.

9. Your rights

You have rights to access, rectification, erasure, restriction, portability, and to object (including to direct marketing). You can also withdraw consent where we rely on it. We will respond within one month (extendable by two months for complex requests).

To exercise your rights, contact: Mail: Hampson Street, Bolton, Greater Manchester, BL6 7JH | Tel: 0333 305 6880 | Email: [email protected].

You can complain to the UK Information Commissioner’s Office (ICO): 0303 123 1113 | ico.org.uk/global/contact-us/.

10. How long we keep data

We keep data only as long as needed for the purposes above, including legal, accounting, warranty and regulatory requirements. Typical periods:

• Orders, warranties and installation records: up to warranty expiry + 6 years.
• Finance records: per lender and legal retention requirements.
• Marketing data: until you opt out or after a defined inactivity period, then we suppress further contact.

11. Cookies & analytics

We use cookies and similar technologies for site functionality, performance, and marketing/analytics. For details and to manage preferences, see our Cookie Policy.

12. Contact

For privacy queries, contact our Data Protection lead at [email protected] or the postal address above.

13. Updates to this policy

We review this notice periodically. Latest update: 20 August 2025.