Menu

Privacy Policy

1. Lawful Basis for Processing

  • GDPR requires you to state on what legal basis you process personal data (e.g., consent, contract performance, legal obligation, legitimate interest).
  • Your Terms simply state that you may collect personal information but don’t say why or under which lawful ground.

2. Data Subject Rights

  • GDPR mandates informing users of their rights:
    • Right to access their data
    • Right to rectification
    • Right to erasure (“right to be forgotten”)
    • Right to restrict processing
    • Right to data portability
    • Right to object to processing
    • Right to lodge a complaint with a supervisory authority
  • These are not listed anywhere in the Terms or linked Privacy Statement.

3. Data Retention Policy

  • You must specify how long you keep personal data and the criteria for deciding retention periods.
  • This is absent.

4. Data Transfers Outside the EU/EEA

  • If you transfer data to non-EU/EEA countries (e.g., if Mailchimp or other US-based tools are used), you must explain:
    • Where the data is going
    • What safeguards are in place (e.g., Standard Contractual Clauses)
  • This is not mentioned.

5. Processor/Third-Party Data Sharing

  • GDPR requires naming categories of third parties who will receive data, and the purpose for sharing.
  • You only have a generic “third-party websites” disclaimer but no list or description of processors.

6. Cookie & Tracking Transparency

  • GDPR + ePrivacy Directive require clear disclosure of:
    • What cookies/tracking tools are used
    • Purposes (analytics, marketing, etc.)
    • Ability to opt in/opt out (except strictly necessary cookies)
  • You reference a “Cookie Policy” but do not link to it here or summarise it.

7. Privacy Policy Link & Integration

You mention a “Privacy Statement” but do not provide a direct link in the relevant sections.

GDPR requires a dedicated Privacy Policy with the above details, separate from Terms & Conditions.

Newsletter Subscriptions

If you subscribe to our newsletter, your personal data (such as name, email address, and marketing preferences) will be collected and processed for the sole purpose of sending you updates and information about our activities.
We use Mailchimp as our email marketing platform. Mailchimp acts as our data processor and handles all newsletter subscription data in accordance with the GDPR and their own privacy policy. Your data will be stored on Mailchimp’s secure servers and will not be used for any other purpose. You can unsubscribe at any time via the link in the footer of our emails.

Contact Form Submissions

When you submit a message through our website’s contact form, the information you provide (including your name, email address, and message) is processed for the purpose of responding to your inquiry.
This website is hosted by our hosting provider, which acts as a data processor and may store form submission data on our behalf. You may contact us at info@chase4heat.eu for more information about our hosting provider and data handling practices. We do not share this data with third parties except where legally required.