Privacy notice

Last updated: 10 July 2026

Pre-launch document. This policy is written in good faith for Coolhaven's demand-validation phase and will be reviewed by a qualified UK solicitor before commercial launch. If anything here is unclear, email [email protected] and we'll answer plainly.

This notice explains how Coolhaven handles personal data under the UK GDPR and the Data Protection Act 2018. Plain English throughout; your rights at the end.

Who is responsible

Coolhaven Climate Ltd (pre-launch) is the data controller. Contact: [email protected] · 86-90 Paul Street, London EC2A 4NE. Before commercial launch we will complete ICO registration and appoint a privacy contact — noted here for transparency.

What we collect and why

DataPurposeLawful basis
Name, email, phone, postcodeCreate and manage your reservation & account; contact you about itContract (taking steps at your request)
Property & room details, budget, timeframe, cooling problemSize recommendations; plan stock and coverage (aggregated)Contract & legitimate interests (service planning)
Payment status & referencesProcess the £10 reservation and refunds. Card details go to Stripe — we never see or store themContract; legal obligation (records)
Marketing preferencesSend availability alerts & tips only if you opted inConsent (PECR) — withdraw anytime, one click
Security logs (IP, user agent on sign-in/limits)Prevent abuse, rate-limit bots, investigate incidentsLegitimate interests (security)
Cookieless analytics (path, daily-rotating anonymous hash)Understand which pages help people; no cross-day tracking, no ad networksLegitimate interests (see Cookies page)

Who we share with

  • Stripe — payment processing (PCI-DSS Level 1).
  • Email delivery provider — to send transactional and (if opted-in) marketing email.
  • Hosting/database providers — to run the service.
  • Installer partners — only when work is assigned for your reservation, and only the details needed to survey/deliver/install (name, contact, postcode, room requirements). Partners never receive unrelated customer data.

We never sell personal data. No advertising trackers run on this site.

International transfers

Our processors may store data outside the UK; where they do, transfers rely on UK adequacy regulations or the ICO's International Data Transfer Agreement/Addendum. Processor list available on request.

Retention

  • Reservation & account data: while your account is active, then 24 months, then deleted or anonymised.
  • Payment records: 6 years (tax and accounting law).
  • Security logs: 12 months.
  • Suppression list (so we don't email you again after unsubscribe): kept indefinitely — that's its job.

Your rights

You can ask for access, correction, deletion, restriction, portability, and object to legitimate-interest processing. Marketing consent can be withdrawn with one click in any marketing email or in your account. Email [email protected] — we respond within one month. Unhappy with us? You can complain to the ICO (ico.org.uk), though we'd appreciate the chance to fix it first.