Submit

Privacy Policy

Learn how Heat Pump Installer Directory collects, uses, and protects your personal data in accordance with UK GDPR.

Last updated: March 2026

1. Who We Are

Heat Pump Installer Directory is operated by KRO PROJECTS LTD, a company registered in England and Wales.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, KRO PROJECTS LTD is the data controller.

2. What Data We Collect

We collect the following types of personal data:

Lead Form Submissions

When you submit a request through our lead form to be connected with heat pump installers, we collect:

  • Your name
  • Email address
  • Phone number
  • Postcode
  • Property details (such as property type and current heating system)

Newsletter Signups

If you subscribe to our newsletter, we collect your email address.

Analytics Data

We use Plausible Analytics, a privacy-friendly analytics service that does not use cookies and does not collect personal data. Plausible collects anonymous usage statistics such as page views, referral sources, and device types. No personally identifiable information is gathered through analytics.

Cookies

We use a minimal number of cookies:

  • Session cookies: Used for authentication when you sign into your account. These are essential for the site to function and expire when you close your browser or after a set period.

We do not use advertising cookies or third-party tracking cookies.

Installer Data

Our directory contains information about MCS certified heat pump installers sourced from the publicly available MCS certified installer database. This includes business names, addresses, certification details, and other publicly available information.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you submit a lead form or sign up for our newsletter, you give us your consent to process your data for those specific purposes. You can withdraw consent at any time by contacting us.
  • Legitimate interest: We use anonymous analytics data to improve our website and service. This processing is minimal, privacy-friendly, and does not override your rights.
  • Public task / Publicly available data: Installer listings are based on publicly available MCS certification data.

4. How We Use Your Data

We use the data we collect to:

  • Match homeowners with suitable MCS certified heat pump installers in their area
  • Pass your lead form details to relevant installers so they can contact you with quotes
  • Send you our newsletter if you have subscribed
  • Improve our website and the services we offer
  • Respond to your enquiries or support requests

5. Who We Share Your Data With

We share your personal data with the following third parties:

  • Heat pump installers: When you submit a lead form, your details (name, email, phone, postcode, and property information) are shared with relevant MCS certified heat pump installers so they can contact you with quotes.
  • Google: We use Google Maps API to display maps on our site. Google may collect data in accordance with their own privacy policy when you interact with embedded maps.
  • Email service provider: We use a third-party email service to send newsletters and transactional emails.
  • CRM provider: We may use a customer relationship management platform to manage and process leads.

We do not sell your personal data to any third party. We only share data as described above and as necessary to provide our services.

6. Data Retention

  • Lead form data: We retain your lead form submissions for up to 24 months, after which your data is securely deleted.
  • Newsletter subscriptions: We retain your email address until you unsubscribe. You can unsubscribe at any time using the link in any newsletter email.
  • Analytics data: Plausible Analytics data is aggregated and anonymised. No personal data is retained through analytics.
  • Session cookies: These expire when you close your browser or after a set session period.

7. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct any inaccurate or incomplete data.
  • Right to erasure: You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.
  • Right to restrict processing: You can ask us to limit how we use your data.
  • Right to data portability: You can request that we transfer your data to another organisation or directly to you in a machine-readable format.
  • Right to object: You can object to us processing your data where we are relying on legitimate interest.
  • Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

8. How to Exercise Your Rights

To exercise any of your rights, or if you have any questions about how we handle your data, please contact us at:

We will respond to your request within one month. If your request is complex, we may extend this by a further two months, and we will inform you if this is the case.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached. You can contact the ICO at ico.org.uk or by calling 0303 123 1113.

9. Third-Party Services

  • Google Maps & Google Places:We embed Google Maps and use Google Places API to display installer locations and enrich business information. Google's privacy policy applies to data processed by Google through these services.
  • Plausible Analytics: We use Plausible for website analytics. Plausible is a privacy-friendly, cookie-free analytics service that does not collect personal data or track individual users.

10. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes using encrypted connections (HTTPS) and secure hosting infrastructure.

11. International Transfers

Some of our third-party service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

13. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us: