Legal

Privacy Policy

How we collect, use, store, and protect your personal data. Last updated March 2026.

1. Who we are

We are Barlow Heating Limited, trading as Abode — Heating & Renewables. We are the data controller responsible for your personal data.

  • Company number: 12813076
  • Registered address: The Warehouse, Rear of 25 Southcote Road, Bournemouth, Dorset, BH1 3SH
  • VAT number: 378687424
  • Phone: 01202 022735
  • Email: [email protected]
  • Website: chooseabode.com

If you have any questions about this policy or how we handle your data, please contact us using the details above.

2. What data we collect

We collect personal data through several channels on our website and during the course of providing our services. The types of data we collect depend on how you interact with us.

Estimate tool

When you use our online estimate tool to get an instant heat pump quote, we collect:

  • Your name, email address, and phone number
  • Your property address and postcode
  • Property details (type, age, size, number of bedrooms/bathrooms)
  • Current heating system and fuel type
  • Information about your radiators and insulation

Contact forms

When you submit a contact or enquiry form, we collect:

  • Your name, email address, and phone number
  • Your message and any details you choose to provide

Survey and installation booking

When you book a survey or proceed with an installation, we additionally collect:

  • Your full address and property access details
  • EPC data and energy performance information
  • Payment and billing information
  • Photos of your property (taken during surveys)
  • Details needed for grant applications (e.g. Boiler Upgrade Scheme)

Website usage

When you browse our website, we automatically collect:

  • IP address (anonymised in analytics)
  • Browser type and operating system
  • Pages visited, time on site, and referral source
  • Cookie data (see our Cookie Policy for full details)

3. How we use your data

We use your personal data for the following purposes, each with a lawful basis under UK GDPR:

Performance of a contract (Article 6(1)(b))

  • Providing you with estimates and quotations
  • Scheduling surveys and installations
  • Managing your installation project
  • Processing payments
  • Applying for grants on your behalf (e.g. Boiler Upgrade Scheme)
  • Providing aftercare, warranties, and servicing

Legitimate interests (Article 6(1)(f))

  • Responding to your enquiries
  • Improving our website, services, and customer experience
  • Analysing website traffic and usage patterns
  • Preventing fraud and ensuring security

Legal obligation (Article 6(1)(c))

  • Maintaining financial records for HMRC
  • Gas Safe and MCS regulatory compliance
  • Health and safety record-keeping

Consent (Article 6(1)(a))

  • Sending you marketing communications (email, SMS)
  • Setting non-essential cookies (e.g. Facebook Pixel)

Where we rely on your consent, you can withdraw it at any time by contacting us or using the unsubscribe link in any marketing email.

4. Who we share your data with

We do not sell your personal data to anyone. We share your data only with trusted third-party processors who help us deliver our services:

Service providers

  • Supabase — Database hosting (USA, operating under the EU-US Data Privacy Framework)
  • Resend — Email delivery (USA)
  • Twilio — SMS delivery (USA)
  • Vercel — Website hosting (USA)
  • Stripe — Payment processing (USA, PCI DSS compliant)

Analytics and advertising

  • Google — Google Analytics GA4, for website analytics (USA)
  • Meta — Facebook Pixel, for advertising measurement (USA, requires your consent)

Other disclosures

We may also share your data with:

  • HMRC, as required by law for tax purposes
  • Ofgem / MCS, for Boiler Upgrade Scheme grant applications
  • Equipment manufacturers, for warranty registration
  • Gas Safe Register, for regulatory compliance
  • Professional advisors (accountants, solicitors), where necessary

International transfers

Several of our processors are based in the USA. Where data is transferred outside the UK, we ensure adequate safeguards are in place, including the EU-US Data Privacy Framework, Standard Contractual Clauses, or equivalent protections as required by UK GDPR.

5. How long we keep your data

We retain your personal data only for as long as necessary for the purposes set out in this policy:

  • Customer and contract data: 7 years from the end of the contract, as required for tax and legal compliance
  • Marketing data: Until you unsubscribe or withdraw consent
  • Analytics data: 26 months (Google Analytics retention period)
  • Enquiry data (no contract): 2 years from last contact, then deleted
  • Survey photos: Duration of the project plus 7 years

After the relevant retention period, your data is securely deleted or anonymised.

6. Your rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of the personal data we hold about you (a subject access request)
  • Right to rectification — You can ask us to correct any inaccurate or incomplete data
  • Right to erasure — You can ask us to delete your personal data, subject to legal retention requirements
  • Right to restrict processing — You can ask us to limit how we use your data in certain circumstances
  • Right to data portability — You can request your data in a structured, commonly used, machine-readable format
  • Right to object — You can object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at [email protected] or write to us at our registered address. We will respond within one month.

7. Data security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Access controls limiting data access to authorised personnel only
  • Regular security reviews of our systems and processors
  • PCI-compliant payment processing through Stripe (we never see or store your full card details)

8. Cookies

Our website uses cookies and similar technologies. For full details on which cookies we use, their purpose, duration, and how to manage them, please see our Cookie Policy.

9. Children's data

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

10. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any significant changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

11. Complaints

If you are unhappy with how we have handled your personal data, we would like the opportunity to resolve it. Please contact us first at [email protected].

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF