+03333 333 333
Lancashire
01254 000 000
Contact us

Privacy Policy

Renova Group Privacy Policy: Comprehensive Data Protection Framework

1. Introduction:

Our Commitment to Data Protection

Renova Group LTD (“Renova Group,” “we,” “us,” or “our”) is a premier provider of integrated engineering services for energy-efficient homes and businesses nationwide across the United Kingdom. We recognise our fundamental responsibility to protect the privacy and security of all personal data entrusted to us by our clients, suppliers, employees, and website visitors. This Comprehensive Privacy Policy (“Policy”) articulates our unwavering commitment to transparency, compliance, and ethical data stewardship in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection legislation.

This document serves as the cornerstone of our data governance framework, detailing the what, why, and how of our data processing activities. It is designed to provide you with clear, comprehensive, and accessible information about your privacy rights and how the law protects you. By engaging with Renova Group—whether as a domestic homeowner, a commercial client, a supplier, or a visitor to our digital platforms—you acknowledge the practices described in this Policy, subject to your lawful rights.

2. Definitions and Interpretative Framework

To ensure absolute clarity, the following capitalized terms shall have the meanings ascribed to them throughout this Policy:

  • Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. For our operations, this includes, but is not limited to, client contact details, property addresses, financial transaction records, and technical system specifications linked to an individual.

  • Special Category Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation. Renova Group typically does not process such data unless strictly necessary for health and safety compliance (e.g., relevant health data of an employee or subcontractor).

  • Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

  • Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For most processing activities described herein, Renova Group Ltd is the Data Controller.

  • Data Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, under explicit instruction.

  • Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Scope and Application of This Policy

This Policy applies comprehensively to all personal data processed by Renova Group Limited and its operational divisions—including but not limited to Renova Gas, Renova Electrical, and any other subsidiary or affiliated service entity—across all operational channels. This encompasses:

  • Data collected through our primary corporate website (https://renovagroup.co.uk) and any associated microsites or digital portals.

  • Data gathered via direct interactions (e.g., consultation requests, service agreements, on-site assessments, telephone communications, email correspondence).

  • Data processed for the purposes of fulfilling contractual obligations for domestic and commercial clients across Lancashire (Accrington, Burnley, Blackburn, Preston, Rossendale, Chorley, etc.).

  • Data related to our suppliers, subcontractors, and business partners.

  • Data pertaining to current, prospective, and former employees (covered under a separate, internal Employee Privacy Notice).

  • Data obtained from third-party sources, such as credit reference agencies or publicly available registers, where legally permissible and necessary.

4. The Personal Data We Collect and Process

Renova Group collects and processes a structured portfolio of personal data to deliver our engineering services, maintain compliance, and operate our business. The data we collect can be categorised as follows:

4.1. Identity and Contact Data: Includes full name, title, billing and service address(s), email address(es), telephone number(s), and for commercial clients, business registration details and the identity of authorised signatories or facilities management contacts.

4.2. Property and Project Data: Detailed information about the property or portfolio requiring service, including address, property type (residential/commercial), system specifications (e.g., boiler model, electrical panel type, HVAC system details), historical maintenance records, energy performance data, and photographic evidence of installations or faults, as necessary for quotation and service delivery.

4.3. Financial and Transactional Data: Bank account details, payment card information (processed securely via third-party payment gateways), invoice history, credit status information (for credit checks where applicable), and records of services purchased, including quotations, service contracts, and warranty details.

4.4. Technical and Usage Data: Information automatically collected about your interaction with our website. This includes Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our site. We also collect information about your journey through our website, pages viewed, and resources accessed.

4.5. Marketing and Communications Data: Your preferences in receiving marketing, promotional, and non-essential service communications from us and our third-party partners, and your communication history with our customer service teams.

4.6. Professional and Employment Data (for suppliers/subcontractors): Business contact details, professional qualifications (e.g., Gas Safe registration number, NAPIT certification), insurance documentation, health and safety records, and performance history.

5. Lawful Bases for Processing Your Personal Data

The UK GDPR requires that we process all personal data under one or more defined lawful bases. The table below outlines the primary bases we rely upon for our varied processing activities.

Scroll horizontally to view full table →
Swipe →
Processing Activity Categories of Personal Data Lawful Basis for Processing (UK GDPR Article) Primary Purpose
Service Delivery & Contract Management Identity, Contact, Property, Financial Article 6(1)(b): Performance of a contract. To provide quotations, execute engineering works, manage service contracts, schedule appointments, and issue invoices.
Regulatory & Safety Compliance Identity, Contact, Property, Professional Article 6(1)(c): Legal obligation.
Article 9(2)(h): Health & Social Care (where applicable).		 To comply with Gas Safe regulations, building codes, electrical safety standards, and health & safety legislation, including maintaining audit-ready job reports and certifications.
Business Administration & Accounting Identity, Contact, Financial, Transactional Article 6(1)(c): Legal obligation.
Article 6(1)(f): Legitimate interests.		 To maintain financial records for HMRC, manage supplier payments, perform credit checks, and ensure the smooth administration of our business.
Direct Marketing (Postal/Email) Identity, Contact, Marketing Article 6(1)(a): Consent.
Article 6(1)(f): Legitimate interests (for existing customers regarding similar services – “soft opt-in”).		 To send promotional materials, service reminders, and newsletters about our offerings, subject to your explicit consent or where permitted under PECR.
Website Analytics & Improvement Technical, Usage Article 6(1)(f): Legitimate interests. To analyse website performance, improve user experience, ensure network security, and troubleshoot technical issues.
Establishment or Defence of Legal Claims All relevant categories Article 6(1)(f): Legitimate interests. To protect the legal rights of Renova Group, our clients, and our employees.

6. Detailed Purposes of Data Processing

We use the personal data we collect for the following specific, legitimate, and transparent purposes:

  1. Service Fulfilment: To assess your enquiry, provide a detailed quotation, schedule and perform engineering works (heating, electrical, air conditioning, renewable energy installations), and conduct post-service quality assurance.

  2. Client Relationship Management: To manage your account, provide customer support, send important service notifications (e.g., appointment confirmations, safety check reminders), and process payments.

  3. Compliance and Safety: To create and store mandatory safety certificates (e.g., Gas Safety Certificates, Electrical Installation Condition Reports), comply with warranty and insurance provider requirements, and meet our obligations to industry regulators and governmental authorities.

  4. Business Optimisation: To analyse operational trends, conduct internal research on service effectiveness, plan resource allocation for our engineering teams across Lancashire, and develop new services.

  5. Marketing and Business Development: To make tailored recommendations about energy efficiency improvements, promote new services, and inform you of special offers, where you have consented to receive such communications.

  6. Website and System Security: To monitor our digital infrastructure for fraudulent activity, cyber-attacks, or other security breaches, and to ensure the stable and secure operation of our IT systems.

  7. Professional Engagement: To vet, onboard, and manage relationships with qualified subcontractors and suppliers who are integral to our service delivery, ensuring they meet our stringent standards for accreditation and insurance.

7. Data Sharing and Third-Party Disclosures

Renova Group operates on the principle of data minimisation and will never sell your personal data. We may, however, share your data with trusted third parties under strict contractual safeguards and only where necessary. Categories of recipients include:

  • Subcontracted Engineers & Partners: Other accredited engineers or firms within our network, acting as Data Processors, to fulfil specific specialist aspects of a contract (e.g., a complex electrical integration for a renewable heating system).

  • Regulatory and Certification Bodies: Organisations such as Gas Safe Register, NAPIT, or local building control authorities, where we are legally required to submit notification or certification of works completed.

  • Financial Institutions and Payment Processors: Banks and secure online payment service providers to process transactions and, where necessary, conduct fraud prevention checks.

  • Professional Advisors: Our auditors, legal counsel, and insurance brokers, under duties of confidentiality.

  • Governmental and Law Enforcement Agencies: Where we are legally compelled to do so by court order, subpoena, or other valid legal process.

  • IT and Cloud Service Providers: Hosting providers, CRM software vendors, and email service providers who support our business operations, all of whom are bound by robust Data Processing Agreements (DPAs) to ensure UK GDPR compliance.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not permit them to use your personal data for their own purposes and only allow them to process it for specified purposes and in accordance with our documented instructions.

8. International Data Transfers

As a UK-focused organisation, Renova Group primarily stores and processes data within the United Kingdom and the European Economic Area (EEA). In the event that any processing requires transferring your data to a country outside the UK deemed not to provide an adequate level of data protection, we shall implement one of the following safeguard mechanisms to ensure your data remains protected:

  • UK Adequacy Regulations: Transferring to a country that has been deemed “adequate” by the UK Secretary of State.

  • Standard Contractual Clauses (SCCs): Using UK-approved model contract clauses for data transfers.

  • Binding Corporate Rules (BCRs): Where the recipient is part of our corporate group.

Details of specific transfers and safeguards can be provided upon request by contacting our Data Protection Officer.

9. Data Security and Integrity

Renova Group has implemented a robust regime of technical, organisational, and physical security measures designed to protect personal data from accidental loss, unauthorised access, use, alteration, or disclosure. Our security framework includes, but is not limited to:

  • Encryption: Use of encryption technologies for data both in transit (e.g., TLS for our website) and at rest (e.g., on our secure servers).

  • Access Controls: Strict, role-based access controls to our systems, ensuring employees and contractors only have access to personal data necessary for their job function. This is reinforced by multi-factor authentication where appropriate.

  • Security Training: Mandatory annual data protection and cybersecurity awareness training for all staff.

  • Physical Security: Secure premises for our offices and controlled access to our physical filing systems.

  • Business Continuity & Disaster Recovery: Procedures in place to ensure data resilience and the ability to restore access to personal data in a timely manner in the event of a physical or technical incident.

  • Vendor Security Assessments: Due diligence on all third-party processors to ensure they maintain security standards equivalent to our own.

We also have procedures in place to deal with any suspected personal data breach and will notify you and the Information Commissioner’s Office (ICO) of a breach where we are legally required to do so.

10. Data Retention and Disposal

We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory, or reporting requirements. Our retention periods are determined based on the nature of the data and the purpose for processing, taking into account legal limitation periods and industry best practices.

  • Financial and Transaction Records: Typically retained for 7 years from the end of the financial year in which the transaction occurred, in accordance with UK tax law.

  • Safety Certificates and Job Reports (e.g., Gas Safety Records): Retained for a minimum of 7 years, and often longer, to provide a history of work and for potential liability purposes.

  • Contractual Documents and Correspondence: Retained for 6 years after the termination or expiry of the contract, in line with standard contractual limitation periods in England and Wales.

  • Marketing Consent Records: Retained for as long as the consent is active, and evidence of consent is kept for a period after withdrawal to demonstrate compliance.

At the end of the applicable retention period, personal data is securely and permanently disposed of using certified deletion methods for electronic data and secure shredding for physical records.

11. Your Legal Rights as a Data Subject

Under data protection law, you have rights in relation to your personal data. To exercise any of these rights, please contact our office using the details in Section 14.

  • Right of Access: You have the right to request copies of the personal data we hold about you (a “Subject Access Request” or SAR).

  • Right to Rectification: You have the right to request correction of any information you believe is inaccurate or incomplete.

  • Right to Erasure (“Right to be Forgotten”): You have the right to request that we erase your personal data, under certain conditions (e.g., if the data is no longer necessary for the purpose it was collected).

  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions (e.g., while we verify the accuracy of contested data).

  • Right to Object to Processing: You have the right to object to our processing of your personal data, particularly where we rely on legitimate interest as the lawful basis.

  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organisation, or directly to you, in a structured, commonly used, machine-readable format, where the processing is based on consent or contract and is automated.

  • Rights Related to Automated Decision-Making: Renova Group does not engage in purely automated decision-making that produces legal or similarly significant effects. Should this change, we will inform you and outline your related rights.

We will respond to all legitimate requests within one calendar month. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

12. Use of Cookies and Similar Tracking Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users, enhance your browsing experience, and analyse site traffic. A cookie is a small file of letters and numbers that we store on your browser or device. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

We utilise both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period). Our use falls into the following categories:

  • Essential/Strictly Necessary Cookies: Required for the website to function and cannot be switched off.

  • Performance/Analytical Cookies: Allow us to count visits and traffic sources to measure and improve site performance.

  • Functionality Cookies: Enable enhanced functionality and personalisation (e.g., remembering your region).

We will always request your explicit consent for the use of non-essential cookies via our dedicated Cookie Consent Banner upon your first visit to our site.

13. Policy Updates and Version Control

We may update this Comprehensive Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The date of the last substantive revision will be clearly indicated at the top of this document. We encourage you to periodically review this page for the latest information on our privacy practices. Where changes are material, we will take appropriate steps to notify you, which may include posting a prominent notice on our website or, for significant changes affecting existing clients, direct communication.

Version History: This is Version 2.1, superseding all previous publications.

14. Contact Details and Raising Concerns

Renova Group Limited is registered in England and Wales (Company Number: 15993801). Our registered office address is: 3 Jupiter House, Mercury Rise Altham Business Park, Altham, Accrington, United Kingdom, BB5 5BY.

If you have any questions, comments, or requests regarding this Privacy Policy or our data protection practices, or if you wish to exercise any of your legal rights, please contact our office:

By Post: Renova Group Ltd, 3 Jupiter House, Mercury Rise Altham Business Park, Altham, Accrington, United Kingdom, BB5 5BY.  

By Email: privacy@renovagroup.co.uk

Image link
This website uses cookies.

Cookies allow us to personalize content and ads, provide social media-related features, and analyze our traffic. We also share information about your use of our site with our social media, advertising, and analytics partners, who may combine it with other information you've provided to them or they've collected from your use of their services.

Accept & close
Cookie policy
cookie By using this website, you agree to our cookie policy. Close