Legal

Privacy Policy

How Thermophi Solutions collects, uses, and protects your personal data in accordance with UK GDPR.

Last updated: 26 March 2026 Thermophi Solutions Ltd Scotland, UK

Who We Are

Thermophi Solutions Ltd ("Thermophi", "we", "us", "our") is a company registered in Scotland, United Kingdom. Our registered address is:

  • 30 Beaton Drive, Winchburgh, Broxburn, Scotland, EH52 6FS

We are the data controller for personal data collected through this website (thermophi.com). For all data-related enquiries, please contact us at: a.chapoy@thermophi.com

Data We Collect

We may collect the following categories of personal data:

  • Contact form data: your name, email address, phone number, organisation name, subject, and message content when you submit our contact form.
  • Technical data: IP address, browser type, operating system, pages visited, and time stamps — collected automatically when you visit our site.
  • Communications: any personal information you voluntarily provide when corresponding with us by email.
  • Cookie data: your cookie consent preferences, stored locally in your browser. See our Cookie Policy for full details.

We do not collect special category data (health, biometric, religious, etc.) through this website.

Legal Basis for Processing

Under UK GDPR Article 6, we rely on the following lawful bases:

  • Consent (Art. 6(1)(a)): for non-essential cookies, analytics, and any marketing communications. You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)): to respond to enquiries, maintain website security, and prevent fraudulent submissions — where these interests are not overridden by your rights.
  • Contractual necessity (Art. 6(1)(b)): where processing is required to fulfil a service you have requested from us.
  • Legal obligation (Art. 6(1)(c)): where we are required to process data to comply with applicable law.

How We Use Your Data

  • To respond to your enquiries and provide the services you have requested.
  • To improve our website and user experience (with analytics consent).
  • To maintain the security of our website and prevent spam or fraud.
  • To comply with our legal and regulatory obligations.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

Cookies

We use cookies to operate this website and, with your consent, to analyse usage patterns. You can manage your cookie preferences at any time:

Open Cookie Settings

For full details of which cookies we use and why, please see our Cookie Policy.

Third-Party Services

This website uses the following third-party services which may process personal data:

We carefully select third-party services and only share the minimum data necessary.

International Data Transfers

Some of our third-party service providers (e.g. Google) may transfer and process data outside the UK / European Economic Area. Where this occurs, we ensure appropriate safeguards are in place (such as UK adequacy decisions or Standard Contractual Clauses) in accordance with UK GDPR Chapter V.

Data Retention

  • Contact form submissions: retained in email systems for up to 3 years from the date of last contact, unless an ongoing business relationship requires longer retention.
  • Server logs (technical data): retained for up to 90 days for security purposes.
  • Cookie consent records: stored in your browser for up to 12 months.

We review retention periods regularly and delete data when it is no longer necessary.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your data ("right to be forgotten"), subject to certain legal exceptions.
  • Right to restrict processing: request that we limit how we use your data in certain circumstances.
  • Right to data portability: receive your data in a structured, machine-readable format (where applicable).
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: where processing is consent-based, you may withdraw at any time without affecting prior processing.
  • Right to lodge a complaint: you may complain to the Information Commissioner's Office (ICO) at any time.

To exercise any of these rights, please email us at a.chapoy@thermophi.com. We will respond within 30 days as required by UK GDPR.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data, including:

  • CSRF (Cross-Site Request Forgery) token protection on all forms.
  • Input sanitisation and validation to prevent injection attacks.
  • TLS/STARTTLS encryption for all email transmission via SMTP.
  • Google reCAPTCHA v3 to prevent automated form submissions.
  • Honeypot fields to detect and block spam bots.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR Article 33–34.

Children's Privacy

This website is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "last updated" date at the top of this page will reflect any revisions. For material changes, we will take reasonable steps to notify users. Continued use of the website after changes are posted constitutes your acknowledgement of the updated policy.

Contact Us

For any questions, concerns, or to exercise your rights under this policy, please contact: