1. About This Policy

1. 1.1.

   iknowa is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored and disclosed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

2. 1.2.

   By visiting https://www.iknowa.com/ (the “Website”) or using any services offered through or associated with our Website (our “Services”), you are deemed to have accepted and consented to the practices described in this policy. (the Website and our Services are referred to collectively as the “Platform”.)

3. 1.3.

   The Platform may contain links to and from the websites of our Service Providers, partners, advertisers and affiliates or to websites shared by other Users. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

2. About The Platform

iknowa is a property improvement marketplace. Our Platform connects and matches property owners (“Property Owners”) with individuals or companies who provide property services (“Service Providers”). (Service Providers and Property Owners are collectively referred to as “Users”.)

3. About Us

The Platform is owned and operated by iknowa Ltd, registered in England and Wales under company number 12249380 (“iknowa”, “we”, “us”, “our”). Our registered office is at Unit 206, 8 Lombard Rd, London, England, SW19 3TZ. iknowa processes personal data as a Data Controller, as defined in the Directive and the General Data Protection Regulation (“GDPR”).

4. What is “personal data”?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

5. How We Collect Personal Data

1. 5.1.

   Personal Data You Give Us. You give us information about you by filling in forms on our Platform or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use the Platform, request a quote, subscribe to our newsletter, search for a service, book a service, provide reviews or comments or participate in other interactive functions on our Platform.

2. 5.2.

   Data We Automatically Collect. Each time you visit or use our Platform, we automatically collect certain technical data and information about your visit, described in more detail below.

3. 5.3.

   Data We Receive From Third Parties. We use data that we receive from third parties, such as payment providers, identity checkers, property data providers, training providers and regulators. We also receive information from other Platform users, including Service Providers. For more information on how these companies handle your personal data, please refer to their privacy policies.

6. Personal Data We Collect About You

We collect and process personal data so we can provide Our Services to you. It’s important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. The information you give us may include:

1. 6.1.1.

   For all Users, we collect your full name, date of birth, email address and login details. This data is necessary for our legitimate interests in providing our Platform and Services to you.

2. 6.1.2.

   We collect additional information about Users depending on the type of account you sign up for, as described further below. This data is necessary for our legitimate interests in providing our Platform and Services to you.

   1. 6.1.2.1.

      If you have a Property Owner account, we collect your postcode when you request a quotation and your full address, phone number and payment information when you accept a quotation.

   2. 6.1.2.2.

      If you have a Service Provider account, we collect your company name (if applicable), business information (including what services you provide and which geographical areas you serve), employment information, education history, trade-specific skills and qualifications, bank details, credit history, insurance information, work samples and references.

   3. 6.1.2.3.

      We also ask Service Providers to submit the results of DBS checks, which may contain information about criminal offences. We will ask for your explicit consent to process information contained in your DBS check before you submit it to us.

3. 6.1.3.

   We also collect technical information and information about your visit from all Website visitors, as described further below.

   1. 6.1.3.1.

      Technical information includes the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, location, network data, browser plug-in types and versions, languages, operating system and platform.

   2. 6.1.3.2.

      Information about your visit includes the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.

   3. 6.1.3.3.

      We use this information as statistical data about your browsing actions and patterns, for system administration, and to evaluate, provide, protect or improve our Services (including by developing new products and services). Because we collect, use and share this information in the aggregate, it does not identify any individual.

4. 6.1.4.

   With your consent, we will collect your medical data (special category data) where you register for our training courses in order to fulfil our obligations in providing the relevant training course.

7. How We Use Your Data

1. 7.1.

   We use your data to carry out our Website, Platform and Our Services in the following ways:

   1. 7.1.1.

      To administer and manage your account, to provide you with information you request from us, and to carry out any other obligations arising from any contracts entered into between you and us.

   2. 7.1.2.

      To ensure that content from our Website is presented in the most effective manner for you and for your device.

   3. 7.1.3.

      To allow you to participate in interactive features of our Platform when you choose to do so.

   4. 7.1.4.

      To respond to communications from you and to provide you with information about our Services, including notifying you about changes to our Website or Services.

   5. 7.1.5.

      To ensure that the correct payments have been made.

2. 7.2.

   We also use your data to make our Website and Services better in the following ways:

   1. 7.2.1.

      To measure or understand the effectiveness of advertising we serve to you and others, deliver relevant advertising to you and make suggestions and recommendations to you and other users of the Website about goods or services that may interest you or them.

   2. 7.2.2.

      To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

   3. 7.2.3.

      As part of our efforts to keep the Website safe and secure, e.g. by conducting analysis required to detect malicious data and understand how this may affect your IT system.

3. 7.3.

   We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable data protection laws. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous enquiry by you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have expressly consented to this.

4. 7.4.

   You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please notify us in writing or by email at support@iknowa.com.

8. How We Secure Your Data

1. 8.1.

   All of your personal data is protected and we have put in place appropriate physical, electronic, and management procedures to safeguard and secure the data we collect. Your information is stored on secure cloud databases, internal servers, and on third party softwares. Your information is only accessible by those who have authorised access rights to such information. All of your payment information is encrypted using SSL technology.

2. 8.2.

   Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we use strict procedures and the security features described above to try to prevent unauthorised access.

9. How Long We Store Your Data

We only keep your personal data for as long as it’s necessary for our original legitimate purpose for collecting the information and for as long as we have your permission to keep it. We will delete your personal data when you delete your account or otherwise request deletion by emailing us at support@iknowa.com.

10. Disclosure To Third Parties

1. 10.1.

   Parties We Share Your Data With

   1. 10.1.1.

      We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We share personal data with third parties such as payment processors, credit and DBS check providers (if you are registering as a Service Provider). These third parties have access to data we share with their platforms. Please note that your profile and service information will also be viewable by other Platform Users.

   2. 10.1.2.

      The only other circumstances under which we would share your personal data are:

      1. 10.1.2.1.

         If the third party is a member of our group (which means any subsidiaries or ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006).

      2. 10.1.2.2.

         In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

      3. 10.1.2.3.

         If iknowa or substantially all of its assets are acquired by a third party, in which case personal data will be one of the transferred assets and the purchaser will be permitted to use the data for the purposes for which it was originally collected by us.

      4. 10.1.2.4.

         If we’re under a duty to disclose or share your personal data in order to comply with any legal obligation, enforce or apply our Terms and other agreements, or to protect the rights, property, or safety of iknowa, our customers, or others (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

2. 10.2.

   Parties You Choose To Share Your Information With

   1. 10.2.1.

      You may choose to share any information, photographs or other content that you voluntarily submit to the Website either on public areas of the Website or within private messages with other Users. Such data will become available and viewable by other users as applicable. Once you have shared your content or made it public, that content may be re-shared by others.

   2. 10.2.2.

      If you choose to connect to social media networks from our Website or post any of your content on our Website to those networks, then in accordance with your social media privacy settings, the personal data that you post, transmit, or otherwise make available on the social media platform may be viewed and/or used by other users of those networks and we have no control over such viewing and use and cannot prevent further use of such information by third parties. When you interact with us through social media networks, you acknowledge that we may access your information that is held by that account, solely in accordance with your social media privacy settings. Any links to social media are not under our control and remain solely your responsibility. You acknowledge that any information posted via social media through our Website, or any third party you allow to access your content, is done entirely at your own risk and that by posting to a public platform you make that information visible to third-parties who can use that information at their discretion.

   3. 10.2.3.

      You may review, modify, update, correct or remove any personal data you have submitted to the Website at any time. If you remove information that you posted to the Website, copies may remain viewable in cached and archived pages of the Website, or if other users or third party APIs have copied or saved that information.

   4. 10.2.4.

      Always think carefully before disclosing personal data or other information to other users or otherwise posting personal data on the Website. It’s important that you’re aware that any data you choose to disclose on the Website may then be viewed and even used by other users (in accordance with your settings and this Privacy Policy). We do not control the contents of communications made between users (although you can make a complaint about another user by contacting us using the information provided in the Contact section below).

   5. 10.2.5.

      You must respect the privacy of others and you must not disclose any personal details about other people including your family, friends, acquaintances, or other persons that may be misleading or cause them harm or offence. It is your responsibility to obtain their prior express permission in respect of any submission of their data at any time.

11. International Transfers

1. 11.1.

   Because we use third parties who are located outside of the European Economic Area (EEA), your information may be transferred to and stored at a destination outside of the EEA. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated as securely as it would be within the EEA and under the GDPR. Such steps may include our entering into contracts with any third parties we engage and the use of approved Model Contractual Clauses. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

2. 11.2.

   You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting us at support@iknowa.com.

12. Your Rights

1. 12.1.

   Lawful Bases. We will ensure that your personal data is processed lawfully, fairly, and transparently and that it will only be processed if at least one of the following bases applies:

   1. 12.1.1.

      You have given your clear consent to the processing of your personal data for a specific purpose.

   2. 12.1.2.

      Processing is necessary for the performance of a contract to which you are a party (or for us to take steps at your request prior to entering into a contract with you).

   3. 12.1.3.

      Processing is necessary for our compliance with the law.

   4. 12.1.4.

      Processing is necessary to protect someone’s life.

   5. 12.1.5.

      Processing is necessary for us to perform a task in the public interest or in the exercise of official authority and the task/function has a clear basis in law.

   6. 12.1.6.

      Processing is necessary for our legitimate interests or the legitimate interests of a third party, except where there is a good reason to protect your personal data which overrides those legitimate interests, such as allowing us to effectively and efficiently manage and administer the operation of our business, maintaining compliance with internal policies and procedures, monitoring the use of our copyrighted materials, offering optimal, up-to-date security and obtaining further knowledge of current threats to network security in order to update our security.

2. 12.2.

   Data Subject Rights. Under the Data Protection Act 2018, the GDPR and/or the Privacy and Electronic Communications Regulations ("PECR"), you have the right to:

   1. 12.2.1.

      Withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so (such as to comply with a legal obligation).

   2. 12.2.2.

      Be informed of what data we hold and the purpose for processing the data, as a whole or in parts.

   3. 12.2.3.

      Be forgotten and, in some circumstances, have your data erased by ourselves and our affiliates (although this is not an absolute right and there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it).

   4. 12.2.4.

      Correct or supplement any information we hold about you that is incorrect or incomplete.

   5. 12.2.5.

      Restrict processing of the information we hold about you (for example, so that inaccuracies may be corrected—but again, there may be circumstances where you ask us to restrict processing of your personal data but we are legally entitled to refuse that request).

   6. 12.2.6.

      Object to the processing of your data.

   7. 12.2.7.

      Obtain your data in a portable manner and reuse the information we hold about you.

   8. 12.2.8.

      Challenge any data we use for the purposes of automated decision-making and profiling (in certain circumstances—as above, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request).

   9. 12.2.9.

      Be notified when your personal data has been breached in a way that is breach is likely to result in a risk to your rights and freedoms.

   10. 12.2.10.

       Ask us not to process your personal data for marketing purposes (but you will always be able to unsubscribe from marketing emails via an unsubscribe link and we will get your express opt-in consent before we use your data or share it with any third parties for marketing purposes).

   11. 12.2.11.

       Complain to a supervisory authority (e.g. the Information Commissioner’s Office in the UK) if you think any of your rights have been infringed by us. (We would, however, appreciate the chance to address your concerns, so please contact us prior to taking this step).

3. 12.3.

   You will not have to pay an unreasonable fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

4. 12.4.

   You may revoke your consent for us to use your personal data as described in this Privacy Policy or enforce any of the other rights above at any time by emailing us at support@iknowa.com.

13. Cookies

1. 13.1.

   A cookie is a small file of letters and numbers that we store on your browser. Cookies contain information that is transferred to your computer's hard drive (or the hard drive of another relevant device). We use cookies to distinguish you from other users on the Website, to tailor your experience to your preferences, and to help us improve the Website.

2. 13.2.

   Some of the cookies we use are essential for the Website to operate. If you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Website.

3. 13.3.

   Before any non-essential cookies are placed on your device, you will be shown a pop-up message requesting your consent to setting those cookies. By default, most internet browsers accept cookies, but you can choose to enable or disable some or all cookies via the settings on your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. For further details, please consult the help menu in your internet browser.

4. 13.4.

   We use the following types of cookies:

   1. 13.4.1.

      Strictly necessary cookies. These cookies are required to save your session and to carry out other activities that are strictly necessary for the operation of the Website. They include, by way of general example, cookies that enable you to log into secure areas of the Website, use a shopping cart, or make use of e-billing services. These cookies are session cookies, which means they’re temporary and will expire when you close your browser.

   2. 13.4.2.

      Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the Website when they’re using it. These cookies help us improve the way the Website works by, for example, ensuring that users are finding what they’re looking for easily.

   3. 13.4.3.

      Functionality cookies. These cookies are used to recognise you when you return to the Website. They enable us to personalise our content for you, greet you by name and remember your preferences.

   4. 13.4.4.

      Targeting cookies. These cookies record your visit to the Website, the pages you visit, and the links you follow. We use this information to make the Website and the advertising displayed on it more relevant to your interests. We also share this information with third parties for the same purpose.

   5. 13.4.5.

      Social Media cookies. These cookies work together with social media plug-ins. For example, when we embed photos, video and other content from social media websites, the embedded pages contain cookies from these websites. Similarly, if you choose to share our content on social media, a cookie may be set by the service you have chosen to share content through.

   6. 13.4.6.

      Third Party cookies. We use third party cookies from Google Analytics to provide data on how users interact with our Website. Please note that we do not control cookies placed by third parties and our Website does not block them. Please check the relevant third-party website for more information about these cookies.

5. 13.5.

   You have the right to opt out of social media cookies and third-party cookies and to object to automated profiling. To enforce either of these rights please contact us at support@iknowa.com.

14. Changes To Our Privacy & Cookie Policy

Any changes we may make to our Privacy & Cookie Policy in the future will be posted on this page and, where appropriate, notified to you by email. You will be deemed to have accepted the terms of the updated Privacy & Cookie Policy on your first use of the Website following the alterations. Please check back frequently to see any updates or changes to our Privacy & Cookie Policy.

15. Contact

Questions, comments and requests regarding this Privacy & Cookie Policy are welcomed and should be emailed to us at support@iknowa.com.

Last revision: February 2024

1. Who We Are

Insured Windows Guarantees Limited (“IWG”, “we”, “us”, “our”) is an FCA authorised insurance intermediary providing Insurance Backed Guarantees and related services.

• Organisation: Insured Windows Guarantees Limited
• Registered Address: 20 Gills Yard, Wakefield
• Company Registration Number: 3159675
• ICO Registration Number: Z7876477
• Contact Email:info@iwgltd.com

IWG processes personal data in accordance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)

2. Data Protection Officer

Our Data Protection Officer is:

Susan Oates, contact email: sue@iwgltd.com.

The Data Protection Officer can be contacted regarding any queries relating to this Privacy Notice or the processing of personal data.

3. Categories of Personal Data We Process

We may collect and process the following categories of personal data where necessary to provide our services and operate our membership scheme:

4. How We Obtain Personal Data

We obtain personal data from:

• Individuals directly (for example when applying for membership)
• Installers or Members of our scheme
• Insurers providing Insurance Backed Guarantees
• Credit reference agencies
• Fraud prevention agencies
• Publicly available sources

5. Credit Reference and Affordability Checks

To help us assess applications for membership, prevent fraud and meet legal and regulatory obligations, we may obtain information about individuals from credit reference agencies (CRAs). We only conduct soft searches.

We obtain this information via:

Creditsafe obtains consumer credit and identity data from:

The information we receive may include:

• Identity verification information
• Credit commitments and borrowing history
• Payment history
• Public record information (such as CCJs or insolvency records)

This information is used solely for legitimate business purposes including:

• Assessing financial stability and suitability for membership
• Meeting insurer requirements
• Verifying identity
• Preventing fraud
• Managing business risk
• Complying with legal and regulatory obligations

Further information about how Creditsafe and TransUnion process personal data can be found in their respective privacy notices:

• Creditsafe Transparency Notice: https://www.creditsafe.com/gb/en/legal/transparency-notice.html
• TransUnion Credit Reference Agency Information Notice (CRAIN): https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
• TransUnion Bureau Privacy Notice: https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

Credit reference agencies may retain information about searches carried out and may share that information with other organisations in accordance with their own privacy notices and the Credit Reference Agency Information Notice.

6. Legal Basis for Processing Personal Data

We process personal data in accordance with the UK GDPR and Data Protection Act 2018. Depending on the activity, we rely on the following lawful bases:

7. Our Legitimate Interests

Our legitimate interests include:

• Operating our business and membership scheme
• Assessing financial risk
• Ensuring system and data security
• Preventing fraud and financial crime
• Supporting audit and compliance requirements
• Protecting the integrity of data obtained from TransUnion and other providers

These interests are carefully balanced against the rights and freedoms of individuals.

8. Who We Share Personal Data With

We may share personal data with:

• Insurers providing Insurance Backed Guarantees
• Credit reference agencies
• Fraud prevention agencies
• IT and technology providers
• Professional advisers
• Regulatory authorities (including the Financial Conduct Authority)
• Law enforcement agencies where required

Where third parties process personal data on our behalf, they are required to implement appropriate security and confidentiality measures.

9. International Transfers

IWG does not routinely transfer personal data outside the United Kingdom.

All personal data processed by IWG is stored and processed within the UK.

10. How Long We Keep Personal Data

We retain personal data only for as long as necessary for the purposes for which it was collected and to meet legal, regulatory and contractual obligations.

Records relating to installations and Insurance Backed Guarantees are typically retained for up to 10 years, or longer where required by law.

11. Provision of Personal Data

The provision of certain personal data is primarily contractual and may also be required to meet legal and regulatory obligations.

Personal data may be required to:

• Enter into and perform contracts
• Assess applications for membership
• Verify identity
• Conduct credit and fraud checks
• Comply with regulatory, accounting and tax requirements

If required personal data is not provided, we may be unable to process applications, enter into contracts, or provide services.

Providing data for optional purposes, such as marketing communications, is voluntary and consent may be withdrawn at any time.

12. Automated Decision Making and Profiling

IWG may use automated tools to assist with certain processes such as risk assessment, fraud detection and identity verification.

However, we do not make decisions that have legal or similarly significant effects based solely on automated processing.

All applications and decisions relating to membership are subject to meaningful human review.

13. Your Data Protection Rights

Under UK GDPR, you have the right to:

• Request access to your personal data
• Request correction of inaccurate data
• Request deletion of personal data where appropriate
• Restrict processing in certain circumstances
• Object to processing where we rely on legitimate interests
• Request data portability
• Withdraw consent where processing is based on consent

Requests can be made using the contact details above.

We aim to respond within one calendar month.

14. Complaints

If you are dissatisfied with how we process your personal data, please contact us first so we can resolve the issue.

You also have the right to lodge a complaint with: