Privacy Policy

1. Who we are and how to contact us

This Privacy Policy explains how JMF collects, uses, shares and protects your personal data when you visit https://www.jmf-plumbing.co.uk, contact us, or use our services. JMF is the “controller” of your personal data for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have questions about this policy or your data, you can contact us using the contact details published on our website (for example, the email address or phone number shown in the site header or footer). We will respond to privacy enquiries promptly.

2. Scope of this policy

This policy covers personal data processed by JMF in relation to:

  • Visitors to our website
  • People who contact us (by phone, email, form or otherwise)
  • Customers and prospective customers
  • Suppliers, contractors and business partners

It does not cover third-party websites or services that may be referenced on our site.

3. The data we collect

3.1 Data you provide directly

  • Identity and contact details (name, email address, phone number)
  • Service and property details (service address, access instructions, photos you provide, job descriptions)
  • Correspondence and feedback (enquiries, quotes, messages, reviews)
  • Billing and transaction information (invoice details, payment amount and method; we do not store full card numbers if you pay by card)
  • Marketing preferences and consents

3.2 Data we collect automatically

  • Technical data (IP address, device and browser type, operating system, approximate location derived from IP)
  • Usage data (pages viewed, time on page, navigation paths, interactions)
  • Cookie and similar tracking data (see section 7)

3.3 Data from third parties

  • Referrals from comparison sites, directories or social media where you have interacted with our listings
  • Publicly available information (for example, property details that help us plan a visit)
  • Information from service partners needed to complete your job (for example, specialist suppliers or subcontractors)

We do not intentionally collect special category data (such as health information) or children’s data. Please do not provide such information unless we specifically ask for it and explain why it is needed.

4. Purposes and legal bases for processing

We process your personal data only when we have a lawful basis under the UK GDPR:

  • To provide quotations, schedule visits, perform services, manage accounts and fulfil our contract with you (contract necessity)
  • To respond to enquiries, provide customer support and communicate about your requests (contract necessity or legitimate interests)
  • To send service-related updates, appointment reminders and important notices (contract necessity or legitimate interests)
  • To take and keep job photos for record-keeping, quality assurance and insurance purposes (legitimate interests). We will ask for your consent before using such photos for marketing.
  • To issue invoices, process payments, keep financial records and comply with tax and accounting obligations (legal obligation)
  • To improve our website, services and user experience through analytics (legitimate interests; consent where required by PECR/cookie rules)
  • To send marketing communications by email or SMS (consent, or soft opt-in where permitted by PECR for similar products/services). You can opt out at any time.
  • To maintain the security of our website, systems and data, prevent fraud and comply with applicable laws (legitimate interests and/or legal obligation)

Where we rely on consent, you can withdraw it at any time (see section 10) without affecting the lawfulness of processing before withdrawal.

5. Who we share your data with

We share personal data only as necessary and with appropriate safeguards:

  • Service providers acting as our processors (for example, website hosting, IT support, email and SMS providers, scheduling and invoicing platforms, payment processors)
  • Engineers, subcontractors and suppliers involved in delivering your service
  • Professional advisers, insurers and insurance intermediaries
  • Regulators, law enforcement or courts where required by law or to protect our legal rights
  • Prospective buyers or investors in connection with a business transaction, subject to confidentiality

We do not sell your personal data.

6. International data transfers

Some of our service providers may be located, or may store data, outside the UK and the European Economic Area (EEA). Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as adequacy regulations, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses. You can request further information about these safeguards using the contact details on our website.

7. Cookies and similar technologies

7.1 What cookies we use

Our website uses:

  • Strictly necessary cookies to make the site work (for example, to load pages, keep you logged in to any account area, or remember your privacy choices)
  • Performance/analytics cookies to understand site usage and improve our services
  • Functionality cookies to remember choices and enhance your experience
  • Advertising or social media cookies if we run ads or embed third-party content

Non-essential cookies are used only with your consent, in line with the Privacy and Electronic Communications Regulations (PECR). Cookie durations vary: some expire when you close your browser (session cookies), others remain for a defined period (persistent cookies).

7.2 Managing cookies

  • You can accept or reject non-essential cookies using the cookie controls provided on the site (if presented)
  • You can also block or delete cookies via your browser settings. Doing so may affect site functionality

8. Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy, and to meet legal, accounting or reporting requirements. Typical retention periods are:

  • Enquiries and quotes not leading to a job: up to 24 months
  • Customer records, job files and related communications: for the duration of our relationship and up to 6 years after the last job
  • Invoices, payment records and tax-related data: 6 years from the end of the relevant financial year (or longer if legally required)
  • Warranty and safety records: for the warranty period and up to 10 years if necessary to establish or defend legal claims
  • Marketing preferences: until you opt out or your consent is withdrawn
  • Cookies: as described in section 7 and your browser settings

We may retain data for longer where necessary to establish, exercise or defend legal claims, handle complaints, or comply with statutory obligations.

9. Data security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit, access controls and authentication
  • Least-privilege access and staff training on data protection
  • Vendor due diligence and contracts with processors
  • Regular updates and security monitoring
  • Data minimisation and retention controls

No system is completely secure. If we suspect a personal data breach that poses a risk to you, we will assess and, where legally required, notify you and the UK Information Commissioner’s Office (ICO).

10. Your rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Access – to obtain a copy of your data and other information about how we use it
  • Rectification – to correct inaccurate or incomplete data
  • Erasure – to request deletion of your data, in certain circumstances
  • Restriction – to limit how we use your data, in certain circumstances
  • Portability – to receive your data in a portable format and have it transmitted to another controller where technically feasible
  • Objection – to object to processing based on our legitimate interests or for direct marketing
  • Withdraw consent – where we rely on consent, you can withdraw it at any time

To exercise your rights, contact us using the contact details published on our website. We may need to verify your identity before responding. There is no fee to exercise your rights unless your request is manifestly unfounded or excessive.

11. Marketing communications

We may send you marketing communications about our services:

  • With your consent; or
  • Based on the “soft opt-in” under PECR if you are an existing customer or enquired previously about similar services. You can opt out at any time.

To stop receiving marketing, use the unsubscribe instructions in the message or contact us. Service messages and important account or safety notices are not marketing and you will continue to receive those as needed.

12. Automated decision-making

We do not use personal data for decisions based solely on automated processing that produce legal or similarly significant effects for you.

13. Children

Our services are intended for adults. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

14. Data Protection Officer (DPO) and privacy contact

We are not required to appoint a Data Protection Officer under the UK GDPR. For any questions about this policy or to exercise your data protection rights, please contact our privacy lead using the contact details published on our website. We aim to respond within one month.

15. Complaints

If you have concerns about how we handle your data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113.

16. International users

Our website and services are primarily directed at customers in the United Kingdom. If you access our site from outside the UK, you do so at your own initiative and are responsible for compliance with local laws where applicable.

17. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. We will post the updated version on this page and update the “Last updated” date below. We encourage you to review this policy periodically.

Last updated: 14 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2025 JMF