Privacy Policy

This Privacy Policy describes how Heatio collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Heatio is revolutionising home energy usage and energy demand management, optimising renewable technologies to create affordable energy controls for homes in the UK. We aim to make renewable energy reliable, affordable, and accessible for all and in doing this we also ensure that we value your privacy and protect your personal data.

We are Heatio Limited (“Heatio”, ”our”, “us” or “we”). We are a company registered in England and Wales with company number 14044906  with its registered office at Helix Building, Edmund Street, Liverpool L3 9NG.

You can also contact us at: info@heatio.com.

We are registered with the Information Commissioner's Office (“ICO”) under reference number ZB746607.

Heatio will be the controller of your personal data unless otherwise specified.

The purpose of this privacy policy is to explain how Heatio handles your personal data. We respect your privacy and want to be transparent about how your personal data will be processed, stored and used when you visit our website at www.heatio.com, use our services, our Heatio Platform at energy.heatio.com or use any of our products (together “our Services”).

Please read this policy to understand how we collect and treat your personal data. This policy, together with our website terms of use, user agreement and any other documents referred to in them, applies your use of any of our Services which are accessible through our website, platforms or any other website of ours. This policy:

  • sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
  • explains how and why we collect and use your personal data;
  • explains how long we keep your personal data for;
  • explains when, why and with who we will share your personal data;
  • explains the effect of refusing to provide the personal data requested;
  • explains where we store your personal data and whether we transfer your data outside of the UK;
  • explains the different rights and choices you have when it comes to your personal data; and
  • explains how you can contact us.

Compliance with Data Protection Laws

All personal information that we collect or are provided with will only be held and stored in accordance with this policy and the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and any other legislation relating to the protection of personal information (data protection laws).

Information we may hold about you

Personal information or personal data means any information about an individual from which that person can be identified and is generally referred to throughout this policy as “personal data”. It does not include data where the identity has been removed (anonymous data).

We may collect and process the following data about you:

Identity Data: which includes your name, age/date of birth, address, email address, phone number, username, property description or similar identifier.

Contact Information: which includes postal address including billing and delivery addresses, your location, telephone numbers (including mobile numbers) and email address. We also collect information about your property occupation dates.

Registration Information: This includes information you provide when you register to use our Services, participate in discussion boards or other social media functions on our Services, or when you contribute to our energy top tips. It may include your name, address, email address and phone number, username, personal description, photograph, smart energy meter data; property information, energy provider data and any other information you provide.

Technical data: which includes your online browsing activities on our website, and / or our Heatio Platform, profile and device information including IP address, browser type, version and language, identifiers associated with cookies or other technologies that may uniquely identify your device or browser. It also includes information in relation to your energy usage through your meter and / or smart meter and data from any Smart Home technologies you may have installed such as EV Charger, Heat Pump, Solar PV System.

Special category data, also known as sensitive personal data, which includes information about your physical or mental health, health conditions, and environmental, socio-economic, and relevant behavioural information.

Marketing Preferences: You may give us information about you by filling in forms on our service, completing questionnaires about your property, or by corresponding with us by phone, email or otherwise. This includes your preferences in receiving marketing from us and any third parties connected with us. You or other users may provide us with information about you when you or they share a referral code with you.

Financial Data. Financial and credit card information,

Transaction Data: Includes details about any transactions made by you, purchases and/or orders which are made by you and your payment card or bank transfer details. We also collect information about the energy you use.

Other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).

This list is not exhaustive, and, in specific instances, we may need to collect additional data for the purposes set out in this policy.

How we collect your personal data

We use different methods to collect information from and about you.

We collect personal information to provide you with our Services. We also collect personal data when you visit our website or contact us by email or social media.

We also collect personal data when you are a supplier or retailer, or we have a commercial contract with you.

If you fail to provide personal data  

Where we need to collect personal data by law, legitimate interest or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the requested Services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

Support and how to tell us about problems

If you think the Services are faulty or misdescribed or wish to contact us for any other reason, please email our customer service team at info@heatio.com

How do we use your data?

We will only use your personal data when the law allows us to. 

Most commonly, we will use your personal data where it is necessary for us to perform a contract we have with you, or where it is necessary for our legitimate interests (or those of a third party), and your interests, rights and freedoms do not override those interests. 

We may also use your personal data where you have consented before the processing, for reasons of substantial public interests, or where we need to comply with a legal or regulatory obligation. 

Examples of why we process your personal data includes where: 

  • we provide you with access to our service and the ability to register as a new service user, including granting you access, allowing you to access all of the services we agree to provide to you;
  • we carry out any other obligations arising from the contract entered into between you and us, including providing you with customer support;
  • we enable you to participate in the winter cashback programme or complete a survey;
  • we use your smart energy meter data to regularly update the page which shows data usage on our service;
  • we administer and protect our business and our service, including troubleshooting, data analysis and system testing; and
  • we use your personal data to regularly update and rectify any personal data we hold in relation to you and to notify you of any changes to our service or any other services.

The table below sets out all the ways in which we plan to use your personal data, which are the legal bases on which we rely to do so and, where relevant, what the legitimate business interests are. (There may be more than one lawful basis depending on the specific purpose for which we are using your data.)

The personal data we collect Why we use this personal data The lawful basis relied upon:
Your Identity information, registration information, financial and technical information. We use this information to provide you with our Services and adhere to our regulatory reporting obligations. We rely on to process your personal data is article 6(1)(b) and (f) of the UK GDPR, which allows us to process personal information when this is necessary for the performance of a contract with you and where the processing is necessary for the purposes of a legitimate interest pursued by us. We also rely on article 6(1) (c) which allows us to process your personal data when we have a legal and / or regulatory obligation.
Your Identity information, registration information, financial and technical information. We use this information to register you as a new user and enable you to use your account and the Heatio platform. We rely on to process your personal data is article 6(1)(b) and (f) of the UK GDPR, which allows us to process personal information when this is necessary for the performance of a contract with you and where the processing is necessary for the purposes of a legitimate interest pursued by us.
Your Identity information, registration information, financial and technical information. We use this information to assess your applications and suitability to participate in a project. We rely on to process your personal data is article 6(1)(e) and (f) which allows us to process personal data when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Heatio and where the processing is necessary for the purposes of a legitimate interest pursued by us.
Special category personal data We use information about health to ensure that we provide you with the correct services and ensure your safety. Where the information contains health information the lawful basis, we rely on to process it is article 9(2)(a) and your explicit consent.
Your Identity information, registration information and contact information. We use this information to manage our relationship with you, including notifying you of changes to the website or any our Services We rely on to process your personal data is article 6(1)(b) and (f) of the UK GDPR, which allows us to process personal information when this is necessary for the performance of a contract with you and where the processing is necessary for the purposes of a legitimate interest pursued by us.
Your identity and contact information. We use this information to tell you about our Services, products, projects, promotions, offers, and discounts We rely on to process your personal data is article 6(1)(a) and (f) of the UK GDPR which allows us to process personal information when we have your consent or where the processing is necessary for the purposes of a legitimate interest pursued by us.
Your Identity information, registration information, financial and technical information. We use this information to administer and protect our business and this website, including troubleshooting, data analysis and system testing We rely on to process your personal data is article 6(1)(b) and (f) of the UK GDPR, which allows us to process personal information when this is necessary for the performance of a contract with you and where the processing is necessary for the purposes of a legitimate interest pursued by us.


Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. However, this will not affect the lawfulness of any processing conducted before you withdraw your consent.

Disclosure of your personal data

We only ever share your personal data where we have a reason to, and we only share your personal data with trusted third parties.

We may share your information with selected external third parties, including:

  • third-party managed service providers or supplier that assist us in providing you with our Services, help to carrying out our obligations and where necessary help in exercising our rights;
  • third party providers of SmartMeter data (provided you have asked us to obtain such SmartMeter data from them), in particular, we may need to provide them with sufficient information to allow them to verify your identity and the fact that we are authorised to access your SmartMeter data;
  • third parties to help develop and improve propositions for example with an energy supplier to improve tariffs; and 
  • E.ON and the Department of Energy Security Net Zero where we will share your contact details (name, home address, contact details and technical data).  

Where personal data is shared with a managed service provider or other third-party supplier, we work closely with them to ensure that your personal data is secure and protected at all times. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

Our contracts with third parties make it clear that they must hold personal data securely, abide by the principles and provisions of data protection rules, and only use information as we instruct them to. In all instances where we disclose your information to third parties, we will ensure that your information is appropriately protected. If we stop using their services, any of your personal data held by them will either be deleted or rendered anonymous.

We may disclose your personal data to comply with a regulatory or legal duty, or if it is necessary to disclose personal data in connection with an investigation of suspected or actual fraudulent activity or is based on a lawful disclosure request. 

We may also share your personal data with any member of our company, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. 

Projects

Heatio does conduct research projects or programmes which seek to optimise energy efficiency using smart home technologies, and also to reduce carbon emissions and energy costs. 

To conduct these research projects or programmes we often work with organisations such as E.ON Energy Solutions and UK Government’s Department for Energy Security & Net Zero or other organisations and will share personal data with the organisations. 

To assess whether you are eligible to participate in a research project or programme we will share some of your personal data, including identification information, contact information and technical information, with the relevant third party. This information is required to carry out research on the chosen activities and is usually undertaken with public funding, with the resulting evidence and / or information of the consumers experience used to inform Government policy. 

Where we share personal data with third parties as part of the research projects, those organisations will also be a controller of your personal data under data protection laws.

The third party (and/or an external research organisation contracted by the third party), may also contact you and invite you to participate in the research and evaluation activity being carried out. 

For more information about the Department for Energy Security and Net Zero’s Privacy Notice, click here

Smart Home technology data 

Where you have smart home technology for example, a SmartMeter, EV Charger, Heat Pump, and / or a Solar PV System we will receive information from the meters which records your energy consumption and will be able to see what energy you are using at any point in time. 

We use the information collected to provide you with information about your energy consumption and provide you with advice about energy consumptions. 

We may also use anonymised information to analyse energy consumption. 

Marketing 

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. 

If you have given your consent to receive marketing emails you can withdraw this at any time, or if we are relying on our legitimate interests to send you marketing you can object. In either case, just let us know. If you have received a direct marketing email from us and no longer wish to do so, the easiest way to let us know is to click on the unsubscribe link at the bottom of our marketing emails.

Cookies

When you visit our website, we may collect certain information by automated means, such as using cookies. 

A cookie is a piece of data stored locally on your computer containing information about your activities on the Internet. Each website can send its own cookie to your web browser if your browser's preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. 

We use the following types of cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or make use of services.

Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website, and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

If you use your browser settings to block all cookies (including necessary cookies) you may not be able to access all or parts of our website.

Third parties may also use cookies, over which we have no control. To deactivate the use of third-party advertising cookies, you may visit the consumer page to manage the use of these types of cookies.

These are the cookies we use and why:

Cookies We Use Why We Use Them
Google Analytics cookies ( _ga)
  • Used to monitor traffic levels, search queries and visits to the website. These cookies enable Google to determine whether you are a return visitor to the site, and to track the pages that you visit during your session.
_secure_session_id -
  • Used in connection with navigation through a storefront.
_ab -
  • Used in connection with admin access
_hjsession
  • Used to ensure subsequent requests in the session window are attributed to the same session. 30 minutes duration, extended on user activity.
__hssc
  • Used to track sessions.
  • Determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
  • It contains the domain, viewCount (increments each page view in a session), and session start timestamp.
  • It expires in 30 minutes.
__hssrc
  • Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.
  • If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
  • It contains the value "1" when present.
  • It expires at the end of the session.
__hstc
  • This cookie stores the time of the session for marketing purposes
  • It contains the domain, hubspotutk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
  • It expires after 6months
hubspotutk
  • This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
  • It contains an opaque GUID to represent the current visitor.
  • It expires in 6 months.
_fbp
  • used to help measure the performance of ad campaigns for businesses that use the Meta Products.
  • identifies browsers for the purposes of providing advertising and site analytics services and has a lifespan of 90 days.
_hjSessionUser
  • Set when a user first lands on a page.
  • Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites.
  • Ensures data from subsequent visits to the same site are attributed to the same user ID.
  • 365 days duration.
  • JSON data type.
_hjSession
  • Holds current session data.
  • Ensures subsequent requests in the session window are attributed to the same session.
  • 30 minutes duration, extended on user activity.
  • JSON data type.
ajs_anonymous_id
  • The functionality is to store last visit for statistics.
  • Expiration period: 1 year


If you use your browser settings to block all cookies (including necessary cookies) you may not be able to access all or parts of our website.

Third parties may also use cookies, over which we have no control. To deactivate the use of third-party advertising cookies, you may visit their consumer page to manage the use of these types of cookies.

Data Security

Heatio works hard to keep your information and personal data safe. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In particular:

  • we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know;
  • all personal data is stored on secure servers;
  • we comply with any third party protocols relating to the supply and sharing of energy usage and SmartMeter data.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our service, and any transmission is at your own risk.  Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our service, you are responsible for keeping this password confidential.  We ask you not to share a password with anyone.

Where we process your personal data 

Your personal data will be stored on systems with technical and organisational security measures and controls located within the UK. 

Sometimes we will need to share your personal data with third parties and suppliers outside the UK such as Europe and the USA.

If we do this, we have procedures in place to ensure your personal data receives the same protection as if it were being processed inside the UK. For example, our contracts with third parties stipulate the standards they must follow at all times.

Any transfer of your personal data will follow applicable laws, and we will follow the guiding principles of this policy.

Retention of your personal data

We retain your personal data for as long as necessary to fulfil the purposes we collected it for. In determining the appropriate retention periods, we consider the following criteria:

  • our legal and regulatory obligations,
  • any relevant industry standards or codes,
  • the nature and sensitivity of the personal data and
  • the potential risk of harm from any unauthorised or unlawful processing, accidental loss, destruction of or damage to the personal data.

Please note that in some circumstances, we will anonymise your data (so that it can no longer be associated with you) for research, analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.

If you do not use your account for a period of two (2) years then we will treat the account as expired and your data will be archived and may be deleted.

Your Rights

You have several rights afforded to you under data protection laws. You have the right to: 

Withdraw your consent
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent, we will stop processing your personal data for that purpose.

Your Right to be Informed
We aim to be transparent within our privacy policy and provide you with information about how we use your personal data.

Your Right to Object
In some circumstances you can stop the processing of your personal data for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data. 

Where your details are used for marketing, you can opt out at any time. You are able to unsubscribe from marketing on each contact or you can contact us to object to any processing.

Your Right to Rectification
You have the right to request the correction of your personal data when it is incorrect, out of date or incomplete. If you notify us that the personal information, we hold is complete or inaccurate we will correct or complete the information as soon as possible. 

Your Right to Erasure or the Right to be Forgotten
You have the right to request that your personal data be deleted; including if we no longer need it for the purpose we collected it, you withdraw your consent or you object to its processing.

Following your request, we will erase your personal data without undue delay unless the continued retention is necessary and permitted by law. If we make the personal data public, we shall take reasonable steps to inform other data controllers processing about your erasure request.

Your Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data. This can be done in circumstances where we need to verify the accuracy of the information, if you do not wish to have the information erased or you have objected to the processing of the information, and we are considering this request. Once the processing is restricted, we will only continue to process your personal data if you consent, or we have another legal basis for doing so.

Your Right to Access
You have the right to access the personal data we hold about you. Any access request will usually be free of charge and responded to within one month. We will endeavour to provide information in the format requested, but we may charge you a reasonable fee for additional copies. 

Your Right to Data Portability
You have the right to receive a copy of your personal data which you gave to us. The copy will be provided in a commonly used and machine-readable format. You can also have it transmitted directly from us to another data controller, where technically possible.

The right not to be subject to automated decision making and profiling.
You have the right to not be subject to solely automatic decisions (i.e., decisions that are made about you by computer without any human input) in relation to any processes that have a legal or similarly significant effect on you. You will be notified if we make a solely automated decision which produces a legal effect or significantly affects you.

When you request to exercise your rights

If you would like to exercise any of your rights, please contact us at info@heatio.com.

You will not have to pay a fee to exercise any of the rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded or excessive, including where requests are repetitive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How can we help you?

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to info@heatio.com.

For further information on data protection, please visit the Information Commissioners Office website.

The Information Commissioners Office regulates data protection. If you feel that your information has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to lodge a complaint with the Information Commissioners Office.

You can contact them by calling 0303 123 1113 or visit the website.

Changes to Our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

HEATIO IS DRIVING TRUE ENERGY INDEPENDENCE AND SECURITY FOR UK HOMES

Ready to be a part of this smart connected network?

Join Heatio
Join Heatio
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Preferences

Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. Read Privacy Policy

Accept all cookiesClose icon

These items are required to enable basic website functionality.

Always active

These items are used to deliver advertising that is more relevant to you and your interests.

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cookie icon