Privacy notice
Last updated: 10 July 2026
This notice explains how Coolhaven handles personal data under the UK GDPR and the Data Protection Act 2018. Plain English throughout; your rights at the end.
Who is responsible
Coolhaven Climate Ltd (pre-launch) is the data controller. Contact: [email protected] · 86-90 Paul Street, London EC2A 4NE. Before commercial launch we will complete ICO registration and appoint a privacy contact — noted here for transparency.
What we collect and why
| Data | Purpose | Lawful basis |
|---|---|---|
| Name, email, phone, postcode | Create and manage your reservation & account; contact you about it | Contract (taking steps at your request) |
| Property & room details, budget, timeframe, cooling problem | Size recommendations; plan stock and coverage (aggregated) | Contract & legitimate interests (service planning) |
| Payment status & references | Process the £10 reservation and refunds. Card details go to Stripe — we never see or store them | Contract; legal obligation (records) |
| Marketing preferences | Send availability alerts & tips only if you opted in | Consent (PECR) — withdraw anytime, one click |
| Security logs (IP, user agent on sign-in/limits) | Prevent abuse, rate-limit bots, investigate incidents | Legitimate interests (security) |
| Cookieless analytics (path, daily-rotating anonymous hash) | Understand which pages help people; no cross-day tracking, no ad networks | Legitimate interests (see Cookies page) |
Who we share with
- Stripe — payment processing (PCI-DSS Level 1).
- Email delivery provider — to send transactional and (if opted-in) marketing email.
- Hosting/database providers — to run the service.
- Installer partners — only when work is assigned for your reservation, and only the details needed to survey/deliver/install (name, contact, postcode, room requirements). Partners never receive unrelated customer data.
We never sell personal data. No advertising trackers run on this site.
International transfers
Our processors may store data outside the UK; where they do, transfers rely on UK adequacy regulations or the ICO's International Data Transfer Agreement/Addendum. Processor list available on request.
Retention
- Reservation & account data: while your account is active, then 24 months, then deleted or anonymised.
- Payment records: 6 years (tax and accounting law).
- Security logs: 12 months.
- Suppression list (so we don't email you again after unsubscribe): kept indefinitely — that's its job.
Your rights
You can ask for access, correction, deletion, restriction, portability, and object to legitimate-interest processing. Marketing consent can be withdrawn with one click in any marketing email or in your account. Email [email protected] — we respond within one month. Unhappy with us? You can complain to the ICO (ico.org.uk), though we'd appreciate the chance to fix it first.