Statutory Specification

Privacy Policy &
Data Protection Notice.

Aura Vent Ltd is firmly committed to absolute operational transparency and rigorous structural data security. This document details our systematic frameworks for harvesting, processing, securing, and retaining your personal data in complete conformance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Document Attributes

Reference: AVL-POL-PRIV-01

Effective Date: 14 May 2024

Review Cycle: Annual Specification

Jurisdiction: UK (ICO Regulated)

Data Controller

Aura Vent Ltd
Incorporated in England & Wales
Company Registration Number: 15467890
Registered Office: Charles House, 46 Station Road, Waltham Abbey, Essex, EN9 1FP

Direct Escalation

For data inquiries or statutory requests, reach our Privacy Coordinator directly:
contact@auravent.co.uk

security

ICO Registration Notice

Aura Vent Ltd is formally registered as a recognised Data Controller with the Information Commissioner's Office (ICO). We comply fully with statutory guidance regarding data harvesting minimisation and persistent record protection.

01 //

Operational Principles & Scope

This Privacy Policy sets out how Aura Vent Ltd ("we", "us", "our") handles the Personal Data of our prospective clients, existing customers, web visitors, and project collaborators. We operate under a central mandate of Data Minimisation: we collect only the precise informational vectors required to calibrate, construct, and maintain optimal residential ventilation systems.

By utilising our website, commissioning our technical specification quotes, or entering into formal residential maintenance contracts, you acknowledge the processing parameters detailed within this framework.

02 //

Categorisation of Harvested Data

To ensure mechanical precision in our client delivery, we categorise and process the following specific subsets of data:

Identity Vectors: Full names, professional titles, organisational affiliations (for developers/architects), and client signatures.
Contact Matrices: Email addresses, telephone routing numbers, site billing addresses, and physical project site coordinates.
Engineering & Site Parameters: Architectural floor plans, calculated volumetric airflow requirements, MVHR/MEV unit serial numbers, existing HVAC ductwork layouts, access configurations, and historical physical site surveys.
Financial Logistics: Invoicing histories, formal quotation records, and milestone transaction identifiers. (Note: Direct payment gateway details are tokenised and processed securely by authorised banking partners; we do not store raw cardholder parameters directly).
Technical Telemetry: Timestamped IP addresses, user-agent HTTP headers, session durations, and browser interaction patterns mapped during visits to our primary web domain.

03 //

Methodologies of Capture

We capture data streams via transparent, identifiable pathways:

DIRECT INTERACTIONS

Data entered directly into our high-conversion Request Quote endpoints, technical query contact interfaces, direct email correspondences, telephone scoping logs, and physical commissioning paperwork completed on site.

AUTOMATED RECORDING

Functional logging technologies, session monitoring scripts, and standard authentication cookies deployed across our infrastructure to ensure structural website reliability, guard against brute-force inquiries, and maintain site responsiveness.

04 //

Lawful Processing Frameworks

Under Article 6 of the UK GDPR, we route every processing instance through a verified legal mandate:

Contract Performance

Processing necessary for delivering bespoke quotations, scheduling engineering deployment, manufacturing physical duct layouts, executing field installations, and running ongoing operational maintenance.

Legitimate Interests

Evaluating web telemetry to enhance loading speeds, communicating critical system safety or filter replacement intervals to existing asset holders, defending our network against malicious injection attacks, and maintaining corporate accounts.

Statutory Compliance

Adhering to persistent accounting mandates (e.g., HMRC audit tracking), maintaining health and safety incident reports, and satisfying regulatory verification audits under NICEIC and BESA codes.

Explicit Consent

Governing direct consumer newsletter subscriptions and elective marketing communications. Consent can be revoked instantly at any phase via integrated opt-out pathways.

05 //

Third-Party Interfacing & Transmission

Aura Vent Ltd strictly rejects the monetisation or leasing of client databases. Data vectors are shared exclusively under rigorous, contractually bound confidentiality pacts with verified support partners:

Form Processing Nodes: Direct messaging inputs pass through encrypted transit layers (e.g., Web3Forms API endpoints) to instantly alert our centralised estimation command queue.
Cloud Architecture Hosting: Encrypted data storage on secure UK/EEA tier-1 server infrastructure.
Regulatory Compliance Bodies: Limited sharing of site inspection metrics with accreditation networks (NICEIC, BESA, Building Control officers) to officially register fully commissioned building mechanical works.
Professional Advisory Panels: Certified external accountants, insurers, and legal representatives bound by permanent non-disclosure mandates.

06 //

Storage Protocols & Data Permanence

Data records are stored physically and logically within data centers bound by ISO 27001 certification standards located primarily within the United Kingdom and EEA jurisdictions. We apply advanced cryptographic transit layers (TLS 1.3) to prevent intermediate listening during transmission.

Data Persistence Lifecycles:

Commissioned Installation Assets: Retained securely for a 10-year base timeline to satisfy structural defect liability verification, long-term unit component tracking, and multi-year maintenance service cycles.

General Inquiries & Quotations: Records of preliminary site specifications that do not advance to an active build contract are systematically purged from primary storage nodes after 24 continuous calendar months.

Statutory Fiscal Ledgers: Retained for 6 years post-transaction to maintain strict alignment with UK HM Revenue & Customs (HMRC) audit standards.

07 //

Statutory Data Subject Rights

Under the Data Protection Act 2018, data subjects exercise unilateral rights over their documented profiles. To initiate any specific request, submit instructions directly to our privacy desk. We verify and action valid inquiries within 30 statutory days.

Subject Access Request (SAR)

Obtain a transparent, complete digital record of all personal vectors logged under your identity.

Right to Rectification

Command the immediate correction of inaccurate or incomplete property survey or contact matrices.

Right to Erasure

Request the complete logical purging of your records (subject to overrides for ongoing contract liability or statutory HMRC audit storage).

Right to Restriction / Objection

Temporarily halt processing during disputes or object directly to data utilisation for secondary business analysis.

08 //

Statutory Escalation & Regulatory Recourse

Should you deem our operational handling of your data matrices to be out of alignment with statutory protections, we request immediate internal communication to allow targeted engineering remediation.

Furthermore, you retain the persistent statutory right to lodge formal enforcement notices directly with the national independent regulatory authority:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone Hotline: 0303 123 1113
Statutory Gateway: https://ico.org.uk

Secure Specifications. Guaranteed.

Ready to begin your project design with absolute confidence in structural data integrity? Consult our specialised engineers today.

Consultation arrow_forward

Privacy Policy & Data Protection Notice.