Data Protection Policy

Effective date: 14 April 2026  |  Last reviewed: 14 April 2026

The Stove and Fire Company is committed to protecting the personal information of everyone who shops with us, enquires about our products, or uses our installation services. This policy explains how we collect, use and safeguard your data in line with UK data protection law — including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

The Stove and Fire Company is a family-run business selling wood burning stoves, multi-fuel stoves and electric fires online, with installation services available across the North West and wider UK. We are the data controller responsible for the personal information collected through this website.

The Stove and Fire Company

Email: [email protected]

Phone: 07400 322 583

Our data protection principles

We process all personal data in accordance with the seven principles of UK GDPR:

01
Lawfulness & fairness
Data is processed on a clear legal basis and never in a way that is deceptive or harmful.
02
Purpose limitation
Data is collected for specific, stated purposes and not used in incompatible ways.
03
Data minimisation
We only collect what is genuinely needed — nothing more.
04
Accuracy
We take reasonable steps to keep personal data accurate and up to date.
05
Storage limitation
Data is not kept longer than necessary for the purpose it was collected.
06
Security
Appropriate technical and organisational measures protect against unauthorised access or loss.
07
Accountability
We take responsibility for compliance and can demonstrate how we meet these principles.

What data we hold and why

Online orders and purchases

When you place an order through our website we collect your name, delivery address, billing address, email address, phone number and payment details. This information is used to process and fulfil your order, arrange delivery, handle returns or refunds, and communicate with you about your purchase. Payment card data is processed securely by our payment provider and is not stored by us.

Installation enquiries and bookings

When you enquire about or book one of our installation services, we collect your name, contact details and property address. This is used to arrange a survey or installation visit, confirm appointments, and keep a record of work carried out at your property. Installation records may include details of the stove model fitted, flue system used, and any relevant building or safety information.

Product enquiries and contact

If you contact us by email or phone with a question about a product, we will use the information you provide solely to respond to your query.

Klarna payments

We offer Klarna as a payment option. If you choose to pay using Klarna, your personal and financial information will be shared with Klarna to enable their buy now, pay later or spread the cost service. Klarna acts as an independent data controller for information it processes. Please refer to Klarna’s privacy policy for details of how they handle your data.

Marketing communications

If you have opted in to receive marketing emails from us, we will use your email address to send you information about new products, offers and promotions. You can unsubscribe at any time by clicking the link in any of our emails or by contacting us directly.

Property and installation safety records

Where we carry out installation work, we may retain records relating to the property, the work completed, and any certificates issued (such as HETAS or building regulation compliance documentation). These records may be necessary to meet our legal obligations as a certified installer and to support any future warranty or safety queries.

Lawful bases for processing

  • Contract performance — to process your order, arrange delivery, and carry out installation work
  • Legitimate interests — to respond to enquiries, manage customer relationships, and improve our service
  • Legal obligation — to retain installation and financial records as required by law
  • Consent — for marketing emails and any optional data processing

How long we keep data

  • Order and customer account data — up to 3 years from your last purchase
  • Installation records and compliance certificates — up to 10 years, in line with building regulation obligations
  • Financial and invoicing records — up to 7 years (HMRC requirement)
  • Marketing preferences — until you unsubscribe or withdraw consent
  • General enquiry data — up to 2 years

Data is securely deleted or anonymised once it is no longer needed.

Who we share data with

We do not sell personal data. We may share it in limited circumstances with:

  • Delivery and logistics providers, to fulfil your order
  • Klarna, where you choose their payment service
  • Our certified installation team or approved sub-contractors, to carry out installation work
  • Our website and IT service providers, who process data on our behalf under appropriate agreements
  • HETAS or other regulatory bodies, where installation certification is required
  • Authorities or regulators, where required by law

We do not transfer personal data outside the UK or European Economic Area without appropriate safeguards in place.

Data security

We take appropriate steps to protect your personal data from loss, misuse or unauthorised access. Our website uses SSL encryption for all transactions, and access to customer records is restricted to authorised personnel only. In the unlikely event of a personal data breach that poses a risk to individuals, we will notify the ICO within 72 hours as required by law and will inform affected individuals where necessary.

Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access — request a copy of the data we hold about you
Right to rectification — ask us to correct inaccurate information
Right to erasure — request deletion of your data in certain circumstances
Right to restrict processing — ask us to limit how we use your data
Right to data portability — receive your data in a structured, readable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — at any time, where consent is our legal basis

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month.

ICO registration and complaints

ICO

The Stove and Fire Company is registered with the Information Commissioner’s Office (ICO) as required under UK data protection law.

If you have a concern about how we handle your personal data and we have not been able to resolve it to your satisfaction, you have the right to lodge a complaint with the ICO:

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk

Changes to this policy

We may update this policy from time to time to reflect changes in the law or the way we work. The date at the top of this page will always show when it was last reviewed.

Share This