Trustpilot
Find
For support call: 0330 100 3143
Return to homeowner

Vaillant Group UK ‘Contract Support Customers’ Privacy Notice

The controller for the processing of your personal data when you apply for Contract Support and we carry out due diligence on you and your business is Vaillant Group UK Limited, Nottingham Road, Belper, Derbyshire, DE56 1JT ("we", "us").

For full details of all other processing of personal data by Vaillant for our customers and suppliers, please see our main privacy notice on our website at vaillant.co.uk

This privacy notice relates solely to our indirect customers wishing to receive Contract Support Services.

Personal data we collect from you

You will initially complete a due diligence Submission provided by one of our sales teams, the data we collect to run our due diligence checks is as provided on the due diligence Submission:

  • Company Name
  • Company Registration Number
  • Company Address
  • Company Website
  • Trading Address
  • Gas Safe Number Director Name
  • Name of Admin or Contact
  • Contact email
  • VAT Reg No. & address
  • Bank details
  • Telephone number
  • Enforcement actions

Where else we obtain personal data about you

During Vaillant’s due diligence checks on you and your business, as well as the data you supply in the Submission, we will also obtain additional information from HMRC VAT Register, gas safe, companies house, and check against the official sanctions lists in order to determine the first stage of eligibility for our Contract Support Services. We will also independently check that the bank details you provide match the details you have provided and relate to a bona fide business account.

How we use the personal data about you

If our due diligence checks are successful, the due diligence team will notify the Vaillant salesperson for your area and they will contact you separately to discuss the possibility of a Contract Support agreement with you.

Annually after you have opened a Contract Support account with us, we will re-run our due diligence checks on you and your business based on the original due diligence Submission data you provided to us. The majority of the Submission data will not change but if for any reason our checks flag up an issue we will contact you to discuss and if any of the Submission data needs updating we will re-run the checks using the new data. You should also notify Vaillant as soon as possible if any information that you provide to us changes at any time, especially your bank details changes, as Vaillant cannot be responsible for payments made to the wrong bank account if you have failed to notify us of a change.

Who we share your personal data with

Our due diligence questionnaire is hosted in a database managed by Smartsheet located in Washington USA until such time as a contract is in place, once your Contract Support Account has been approved your details will be added to our customer database where we store your due diligence questionnaire, the due diligence outputs, and claims history for reference should you contact us or have any complaint or claims. Smartsheet do not have access to your personal details except in rare situations where there is a technical issue that requires them to remote on to our version of Smartsheet to resolve but they have no ability to save or stored the data and as soon as the remote link closes the access ceases. In such cases we will ensure that we have adequate protection for your personal data prior to any such transfer.

Our customer database is operated by a third party called Salesforce Inc based in California USA and the data is stored by Salesforce UK Limited in the UK and EU. Salesforce do not have access to your personal details except in rare situations where there is a technical issue that requires them to remote on to our version of Salesforce to resolve but they have no ability to save or stored the data and as soon as the remote link closes the access ceases. In such cases we will ensure that we have adequate protection for your personal data prior to any such transfer.

Our systems and processes are periodically audited for compliance purposes and in the course of an audit our internal or external auditors may view one or more Submissions but will not take a copy.

Our lawful basis for processing your personal data

Our lawful basis for processing your personal data throughout the due diligence process and for retaining this after completion is for the legitimate interests of Vaillant. Our legitimate interests are to ensure that the companies that we provide special terms contracts to for indirect purchases of our products are sound and reputable businesses that are not known to act irresponsibly or negligently and are not on a sanctions list that might otherwise cause unnecessary risk to the Vaillant Group.

If the lawfulness of our processing of personal data relies on the lawful basis of your consent, you also have the right to withdraw your consent at any time and we will make this easy for you to do, usually via an unsubscribe option in our emails or by emailing our data protection team on dataprotectionUK@vaillant-group.com.

How long we retain your personal data

Vaillant will continue to hold the personal details you supply in the due diligence Submission and any updates to that, for as long as you continue to renew your contract with us annually and your account remains active. If you do not renew your contract with us annually or your account remains inactive for 12 months or more, then we will delete your personal data no later than 6 years from the last claim that you submit to us, this is in order for us to manage complaints or rebate claims that could arise following closure of your account, to support or defend legal claims made against Vaillant or other parties and for statistical and archiving purposes.

Your Data Protection Rights

The following are your data protection rights in relation to personal data. Each of the links below will take you to the ICO website where you can find useful additional information on your rights and in what situations you can exercise them (please note that the ICO’s separate website Privacy Notice will apply to your use of their website):

Know about use of your personal data

Access to personal data

Correction of personal data

Erasure of personal data

Restrict the use of personal data

Object to processing of personal data

Portability of personal data

Use of automated decisions about you

Complaint

You can contact our data protection officer by emailing dataprotectionUK@vaillant-group.com to assert any of your data protection rights above.

You will not be charged for exercising your rights and, once we receive your request, we have one-month to respond to you, unless we let you know otherwise.

We reserve the right to change this privacy notice at any time.

Status: Published 12 February 2024