Privacy Policy

REFYT Ltd (“we”, “us”, “our”) is committed to protecting your personal data and complying with the UK GDPR and the Data Protection Act 2018. This Privacy Policy explains what personal information we collect via our website and contact form, why we collect it, how we use and share it, how long we keep it, and your rights under the law. It applies to all data you give us through our online form and how we handle it in our systems.

What Data We Collect

We only collect the personal information necessary to respond to your enquiry and provide retrofit services. Personal data means any information that identifies you as an individual. When you complete our online form, we typically collect:

• Full Name: to know who you are.

• Contact Details: your email address and phone number, so we can get in touch.

• Property Address: the address of the building to be assessed or upgraded.

• Benefits Information: the type of government benefits you receive (e.g. Universal Credit, Pension Credit, etc.), if any. This helps us check eligibility for funded retrofit programs.

We do not collect highly sensitive data (e.g. bank account or income details). You provide all information voluntarily. By keeping only this limited data, we follow the principle of collecting only what we need to serve you.

How We Use Your Data

We use your personal data for the specific purposes listed below, and we always have a lawful reason for each use:

• Responding to Enquiries: We use your name and contact details to respond to your question or request (for example, to provide a quote, advice, or schedule a survey).

• Service Delivery: We use your address and benefit details to assess eligibility for grants or schemes (such as energy-saving retrofit programs), and to organise and carry out the retrofit work if you become a customer.

• Contract Fulfilment: If you engage us for work, we use your data to perform that contract and keep a record of communications.

• Legal Compliance: We use some of your data to comply with laws (for example, keeping records for tax, insurance or building-regulation requirements).

• Customer Service: We may use your information to communicate about appointments, invoices or any technical questions.

• Improving Services: We use the data in anonymised form (without personal identifiers) to improve our processes.

We do not use your data for marketing or advertising. We will only contact you about our services or your request unless you specifically consent to receive other communications.

Legal Basis for Processing

Under UK GDPR, every use of personal data must have a lawful basis. In our case:

• Contract / Performance of Services: Processing is necessary to perform a contract you have with us, or to take steps at your request before a contract. For example, if you ask us to retrofit your home, we need to process your data to carry out that service.

• Legitimate Interests: We rely on legitimate interests to manage our relationship with you. For instance, it is in both our and your interests to use your contact details to carry out the retrofit services you request (e.g. communicating about appointments and installations).

• Legal Obligation: We may need to process data to comply with a legal duty (for example, keeping certain records for HMRC or for building regulations).

• Consent: Where you give your consent for a specific use (for example, consenting to receive customer feedback surveys), we rely on that consent for those purposes. You can withdraw consent at any time for future processing.

We will never ask for more data than necessary, and we will not process it in ways that conflict with the reasons you provided it.

Sharing Your Data

We will never sell your personal data. We share your information only with trusted third parties when necessary:

• Service Providers (Processors): We use Zoho CRM (a secure cloud-based customer relationship management system) to store and manage your data. Zoho CRM encrypts data in transit and at rest and is fully equipped to support GDPR compliance.

• Employees and Contractors: We may share your data with our own staff or subcontractors who need it to carry out work or communicate with you (for example, a surveyor or installer). They all have confidentiality obligations.

• Professional Advisors: We might share data with third parties such as our accountant or IT support if needed, always under strict confidentiality agreements.

• Legal and Regulatory: We will disclose your data to authorities if required by law (for example, to comply with a court order or regulatory requirement).

We ensure that any third party we use takes appropriate security measures. For example, Zoho uses robust encryption (AES-256) and two-factor authentication to protect stored data. We also vet our partners to make sure they handle data responsibly.

Data Security

We take technical and organisational measures to protect your personal data:

• Encryption: Personal data in our CRM and backups is encrypted at rest and in transit.

• Access Control: Only authorised staff have access to your data, and they use strong passwords and, where possible, two-factor authentication.

• Secure Systems: Our systems and devices are kept up to date with security patches. We use antivirus protection and firewalls.

• Regular Reviews: We regularly review our security practices (including data backups and incident response plans) to guard against loss, theft or misuse.

While we strive to keep your data safe, no system is completely infallible. If you suspect any security issue with your data, please contact us immediately (see below).

Cookies and Tracking

Our website does not use cookies or any tracking technologies. We do not use Google Analytics, advertising cookies, or any form of web tracking. We only collect personal data when you directly submit it via our contact form. We do not use your data for targeted advertising or share it for marketing.

Data Retention

We keep your personal data only for as long as necessary for the purposes we described.

• If your enquiry results in work, we may retain your data for up to 6–7 years to satisfy tax, warranty, and regulatory obligations.

• If your enquiry does not result in work, we usually retain the data for no longer than six months. We keep it during this short period in case your eligibility changes, new government schemes become available, or you re-engage with us.

When data is no longer needed, we securely delete or anonymise it.

Your Rights

Under UK GDPR you have the following rights in relation to your personal data:

• Right to be informed: You have the right to know how we collect and use your data. This privacy policy provides that information.

• Right of access: You can ask us for a copy of any personal data we hold about you. We will provide it (subject to legal exceptions) at no more than a nominal fee.

• Right to rectification: If your data is inaccurate or incomplete, you can ask us to correct or update it.

• Right to erasure (“right to be forgotten”): In certain situations (for example, if we no longer need your data), you can ask us to delete your personal data.

• Right to restrict processing: You can ask us to pause or limit how we use your data in specific situations (for example, while a dispute is being resolved).

• Right to data portability: You can ask us to provide your data in a structured, commonly used format so you can transfer it to another organisation.

• Right to object: You can object to our use of your data in certain cases (for example, if we were using it for direct marketing, which we do not do by default).

• Right to withdraw consent: If we process any of your data based on your consent, you can withdraw that consent at any time for future processing.

If you want to exercise any of these rights, please contact us as described below. We will promptly review your request and respond (usually within one month). You also have the right to complain to the UK Information Commissioner’s Office (ICO) if you believe we have mishandled your data.

How to Contact Us

REFYT Ltd is the data controller for your personal data. Our contact details are:

• Address: Millharbour Court, 6 Watergate Walk, London, E14 9XH

• Email: info@refyt.co.uk

• Phone: 020 4582 2636

If you have any questions about this policy or our data practices, or if you wish to exercise your rights, please get in touch using the above details. We will do our best to address your concerns.