Privacy Policy

This policy relates to the privacy of your personal data at Aura Heating Limited

Under the new General Data Protection Regulation (GDPR) which governs Data Protection, we are required to give you a clear understanding of how and why we process your data, and what our position is, in this relationship

We are the Data Controller

As we set the rules and reasons for collecting data from you, we are classed as the Controller of your personal data.  This means it is our responsibility to ensure that the data we collect is controlled effectively, and protected at all times.  Should you have any questions about the processing of your data contact us directly using the following methods:

[Post] Aura Heating Limited, Aura House, New Road, Havant, Hampshire, PO9 1DE. 


Why we need your personal data and what we need to do with it

Your personal data will be managed in accordance with the new General Data Protection Regulation (GDPR) under the following principles:

1. Lawfulness, Fairness and Transparency:

  • We are required to process your personal data as part of the performance of your contract with Aura Heating Limited.

2. Purpose Limitation:

  • Your data will only be collected for specified, contractual and legitimate purposes meaning that as well as using the data to perform your contract, we may use it for:
    • Marketing
    • Newsletter subscriptions
    • Other products/services provided by Aura Heating limited that we may offer to you unless you tell us not to do so

3. Data Minimisation:

  • We will not ask for more information than we need for the purposes for which we are collecting it

4. Data Accuracy:

  • We will update our records when you inform us that your details have changed

5. Storage Limitation:

  • We will retain your personal data for the length of time needed to complete the initial request and for a maximum of 3 years should you terminate the request.

6. Integrity and Confidentiality:

  • We have implemented  processes to protect the integrity and confidentiality of your personal data

Policies and processes we have to protect your rights as the ‘Data Subject’

Under the GDPR you have a number of ‘rights’ which you can exercise at any time.  Should you wish to do so, please contact  These rights might include:

  • the right to access all of the data we process on you.  This will be supplied to you within 1 month from the request being received.
  • the right for any inaccurate data we hold on you to be corrected.  We will make your amendments without undue delay
  • Where the contract has ended but consent has been obtained to process your data, you may have the right to be forgotten and your personal data to be erased without undue delay.  Where we require your data (for contractual reasons), your data will be removed once the term of the contract has expired
  • the right to restrict us from processing your personal data, which can be reversed by you
  • the right in certain circumstances to object to automated decision making, whereby we may use your data for profiling purposes to make a decision.

Transferring personal data

Due to the nature of the business, we work with a variety of GDPR compliant businesses who act as our processors which store and process your personal data on our instructions.  Below is a list of the types of processors that we share your data with:

  • Website hosting companies
  • Customer Relationship Management Platforms
  • Marketing platforms
  • Engineers/Surveyors
  • Finance companies
  • Information Technology companies
  • Secured servers

International Transfers

At no time does your personal information leave the EU.

Use of Cookies

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer/device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer/device.


Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.


This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information


Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

Privacy and Personal Data for the Aura Heating Mobile Application

  • Our mobile application helps you to manage your account and subscription services with Aura Heating. Our application allows you to manage your Google Nest thermostat device, as an alternative to using the Google Home or Nest devices directly.
  • In order to perform this function, we require you to login through Google API Services using your Google login. This will allow us to access limited information about your account in order to provide you with information about your Nest thermostat and heating information from your home.
  • We request only the minimal amount of information that we need in order to help you have control of your Nest heating devices from our mobile application. We do not transfer your information to any other parties, and do not use any information from your Nest Thermostat to identify you personally.
  • When you login, we have access to only an authentication token, which we store on our servers to allow us to support the operations of our Google Nest management services purely within our mobile application.  We store this token to ensure that you do not have to log in every time you open the application.
  • Our application and services are only available in the UK, and we are registered with the Information Commissioners Office, and abide by all relevant local Data Protection laws. All information is stored within the UK on our secure servers.

How you can opt out of the storage of the service

At any time, you can opt out of this service by using the ‘Log Out’ functionality. This will remove the token from our servers, and any access that we have to your Google services.

Who is requesting your data

All permission requests clearly show that Aura Heating Limited is requesting your client credentials in order to access Google API Services, and at no time maintain a record of the entered credentials.

Information We Store About You

We do not store your Google user name, password or personal information at any time. We do not store information about your home or Nest Devices on our servers. Each time that you use our mobile application in order to manage your Nest Devices, we use your stored authentication token to request the live data from the Google Nest API.


This data is stored temporarily within the session storage of your mobile device for the duration the mobile application is open, and no data is transferred to our servers.

Why we are requesting your Google User Data

We are requesting access to your Google User Data in order to help provide information about your Nest devices within our mobile application. This data is not stored on our servers or used for any identified or anomyised reporting purposes. We will record anonmyously that you have opened this area of the application and made a request to the Google API Services, but we do not store or record any contents of the request or its response.

Talking to us about your rights or this Notice

Should you wish to speak to us about the way we process your data, or wish to exercise your rights as listed above, please contact us on or 02392 252171  

However if you wish to direct your questions to the ICO, you can find their details at