The Legal Bits

Our Privacy and Data Protection Policy

  1. Home
  2. »
  3. The Legal Bits
  4. »
  5. Our Privacy & Data Protection Policy


We handle personal data responsibly and in line with UK GDPR, the Data Protection Act 2018,
and the requirements of HIES, MCS, and the IAA. Protecting our customers’ information is a
legal obligation and a matter of trust.

1. Who We Are

Cosier Heat Ltd (trading as Cosier) is the data controller.

Address:
Cosier Heat Ltd
Kingsbury House
468 Church Lane
London
NW9 8UA

Email (data queries): hello@cosier.com

2. What Data We Collect

We may collect and process:

  • Contact information (name, address, phone, email)
  • Property and system details (survey notes, number of residents, design, installation, commissioning data)
  • Financial data (payments, invoices)
  • Certificates and warranty documents
  • Grant and administrative information
  • Performance data if the heat pump is remotely monitored (unless opted out)
  • Website usage data (cookies, analytics)
  • Customer feedback and review information (for example, whether we invited you to review us and any public reviews you leave on platforms such as Trustpilot)

We do not knowingly collect personal data relating to children.

3. Lawful Basis for Processing

We rely on the following bases:

  • Contract – to provide quotes, surveys, installations, and aftercare
  • Legal obligation – to register installations (MCS, Ofgem for the Boiler Upgrade Scheme) and issue certificates
  • Legitimate interests – to help us improve our services, request and manage customer reviews (including through Trustpilot), maintain records, or detect and prevent fraud.
  • Consent – for marketing or remote monitoring of installations

Where consent is relied on, you can withdraw it at any time.

4. How We Use Data

We use customer data to:

  • Design, deliver, and install heating systems
  • Provide quotes, surveys, and technical advice
  • Process payments
  • Manage contracts and warranties
  • Register installations with MCS, HIES, Ofgem (BUS), and the DNO
  • Provide deposit protection and insurance-backed guarantees
  • Apply for grant vouchers and certificates
  • Handle queries, complaints, and warranty claims
  • Monitor system performance where consent is given
  • Invite you to provide feedback or reviews (for example by email via Trustpilot) and to display those reviews on our website and marketing materials
  • Improve website and advertising performance

5. Cookies & Tracking

We use cookies to make our website function properly and to understand how visitors use it.

We also use:

  • Google Analytics
  • Google Ads (including remarketing)

These services track:

  • Pages visited
  • Time on site
  • Device and browser information
  • Source or medium (e.g. Google search, ads)

Google may process this data outside the UK/EU.
You can opt out via our cookie banner or browser settings.

You can reject non-essential cookies at any time.

For a full list of cookies we use, see
Cookies.

6. Marketing (Consent Statement)

We may contact you by email or phone about heat pumps and related services only if:

  • You are an existing customer, or
  • You have actively consented

You can unsubscribe or withdraw consent at any time via:

  • hello@cosier.com
  • Phone: 0208 050 4030

We do not sell or rent your data to third parties for marketing.

7. Who We Share Data With

We only share information where necessary and lawful. Typical recipients include:

  • HIES – deposit protection and insurance-backed guarantees
  • MCS – installation registration and certification
  • Ofgem – Boiler Upgrade Scheme grant vouchers and redemption
  • Local Distribution Network Operator (DNO)
  • IAA – MCS compliance audits
  • Insurers, certification bodies, and auditors (disputes and compliance)
  • Trustpilot A/S (and its UK affiliate) to send review invitations to our customers on our behalf. We normally share only your name, email address, an internal reference (such as job or invoice number) and basic details of the service you received so they can send you a review invitation.

We do not sell customer data.

Some services may transfer data outside the UK/EEA. Where they do, equivalent safeguards must be in place.

8. Data Retention

We retain information for a minimum of six years after installation to meet
MCS, HIES, and legal requirements.

Some records (such as certificates) may be kept longer.

9. Data Security

We take appropriate steps to protect data:

  • Secure digital storage
  • Access limited to necessary staff
  • Encrypted systems where supported
  • Regular backups

Any data breach is escalated to management and reported to the ICO where required.

10. Your Rights

You have the right to:

  • Access your data
  • Request correction
  • Request deletion (where permitted)
  • Restrict or object to processing
  • Withdraw consent
  • Request data portability
  • Complain to the ICO
  • Object to us using your details to send you review invitations (for example via Trustpilot)

We will respond within one month.

11. Contact

To exercise your rights or ask a question:

Email: hello@cosier.com
Address:

Cosier Heat Ltd
Kingsbury House
468 Church Lane
London
NW9 8UA

If you are unhappy, you can complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk/

12. Updates

We may update this policy from time to time.
The current version will always be published on our website.