What makes reverse osmosis better than standard filters for cafés and restaurants?

Reverse osmosis removes up to 99% of dissolved solids — including the calcium and magnesium that cause limescale — allowing precise remineralisation for perfect coffee extraction and full equipment protection.

How does the uWater rental model work?

Pay a small one-time setup fee, then a fixed monthly rental by direct debit. uWater owns and maintains the machine. Installation, servicing, consumables, and breakdown cover are all included.

Is installation included with the rental?

Yes. Nationwide UK delivery and professional installation are included. No capital expenditure required.

What if my RO system breaks down?

Breakdowns are covered at no extra cost (fair use applies). Our UK-based team responds quickly to keep your venue running.

Can I upgrade my plan as my business grows?

Yes. You can upgrade to a higher capacity plan at any point after the minimum term with no penalties.

Privacy Policy

Version Date: 16 March 2026

This Privacy Policy explains how Canossa UK Ltd trading as uWater ("uWater", "we", "us", or "our") collects, uses, shares, and protects personal data when you visit our website at uwater.co.uk, request information about our services, or enter into a rental agreement with us.

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The data controller responsible for your personal data is:

Canossa UK Ltd t/a uWater

50-60 Station Road, CB1 2JH, Cambridge, United Kingdom

Email: [email protected]

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at the address above.

2. What Personal Data We Collect

We collect personal data in the following contexts:

2.1 Guide & Resource Downloads (Lead Magnet Form)

When you request a free guide or resource from our website, we collect:

First name and last name
Email address

2.2 Pre-Sale Enquiries

When you express interest in a subscription plan before it becomes available, we collect:

First name and last name
Email address
Phone number
The subscription tier you are interested in

2.3 Checkout and Subscription Sign-Up

When you sign up for a uWater subscription, we collect:

First name and last name
Email address
Phone number (optional)
Company name and Companies House registration number
Billing address and installation (shipping) address
Payment information (processed securely by Stripe — we do not store card details)
Direct debit mandate details (processed by Stripe)
Referral code (if you arrived via a referral link)

2.4 Account Registration

If you create an account on our platform, we also collect:

Email address
Password (stored as a one-way cryptographic hash — we cannot read your password)

2.5 Website Usage Data

When you visit our website, we automatically collect certain technical and behavioural data via cookies and analytics tools, including:

IP address and approximate geographic location
Browser type and version
Pages visited and time spent on the site
Referral source (how you found our website)
Conversion events (e.g. form submissions, checkout completions)

3. How and Why We Use Your Personal Data

We process your personal data only where we have a lawful basis to do so under UK GDPR. The table below sets out each processing activity, the personal data involved, and the lawful basis we rely upon.

Purpose	Data Used	Lawful Basis
Delivering a requested guide or resource	Name, email	Legitimate interests (fulfilling your request)
Following up on a pre-sale enquiry	Name, email, phone	Legitimate interests (responding to your enquiry)
Processing your subscription and payments	Name, email, phone, address, company details, payment data	Performance of a contract
Managing your account and providing customer support	Name, email, account data	Performance of a contract
Sending transactional emails (confirmations, receipts, service updates)	Name, email	Performance of a contract / Legitimate interests
Verifying your company via Companies House	Company name, company number	Performance of a contract / Legitimate interests (fraud prevention)
Analysing website usage and improving our service	Usage data, cookies	Legitimate interests (business analytics and improvement)
Measuring marketing effectiveness (Google Ads conversions)	Usage data, conversion events	Legitimate interests (understanding marketing ROI)
Managing referral partner relationships	Name, email, phone, company, referral code	Performance of a contract / Legitimate interests
Complying with legal and regulatory obligations	Any relevant data	Legal obligation

Where we rely on legitimate interests, we have assessed that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests at any time — see Section 8.

4. Third Parties We Share Your Data With

We do not sell your personal data. We may share your data with trusted third-party service providers ("processors") who act on our instructions. These include:

4.1 Stripe

We use Stripe, Inc. to process card payments and set up BACS Direct Debit mandates. Stripe acts as a data processor and is certified to PCI DSS Level 1. Your payment card data is handled directly by Stripe and is never stored on our servers. Stripe's privacy policy is available at stripe.com/gb/privacy.

4.2 Google Analytics 4 & Google Ads

We use Google Analytics 4 to understand how visitors use our website, and Google Ads to measure the effectiveness of our advertising. These services collect data via cookies and similar technologies. Google may process data in the United States — see Section 6 for information on international transfers. Google's privacy policy is available at policies.google.com/privacy.

4.3 Email Delivery (SMTP)

We use an SMTP email service to send transactional emails such as subscription confirmations, payment receipts, and lead magnet delivery. Your name and email address are passed to this service solely to deliver these communications.

4.4 UK Companies House API

During checkout, we query the UK Companies House public API to verify your business details. This involves sending your company name or number to the Companies House API. No personal data is shared beyond what is necessary for this lookup.

4.5 ROcheck

We use ROcheck, a water treatment system management platform, to remotely monitor and manage the equipment installed at your premises. Operational data (such as machine serial numbers and location) may be associated with your subscription record.

4.6 Disclosure to Authorities

We may disclose personal data to law enforcement, regulatory bodies, or other third parties where required by law or to protect our legal rights.

5. Cookies

We use cookies and similar technologies on our website. Cookies are small text files stored on your device.

Cookie Name	Purpose	Type	Duration
uwater_ref	Remembers the referral code from a partner link so we can correctly attribute your sign-up	Functional	24 hours
Auth session cookie	Keeps you securely signed in to your account	Strictly necessary	Session / short-lived
_ga, _ga_*, _gid	Google Analytics cookies that help us understand how visitors use our website (pages visited, session duration, traffic source)	Analytical	Up to 2 years
Google Ads cookies	Track conversions from our advertising campaigns (e.g. when you submit a form or complete a sign-up after clicking an ad)	Marketing / measurement	Up to 90 days

Strictly necessary cookies and the referral cookie are required for the website to function correctly and do not require your consent. Analytical and marketing cookies help us improve our service and measure the effectiveness of our advertising; these are set on the basis of our legitimate interests as a B2B service.

You can control or disable cookies through your browser settings. Disabling analytical or marketing cookies will not affect your ability to use our website, though we may have a reduced ability to improve our services.

6. International Data Transfers

Some of our third-party processors (including Stripe and Google) operate from the United States and other countries outside the United Kingdom. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including:

Reliance on UK adequacy regulations or decisions;
Standard contractual clauses (SCCs) approved for use under UK GDPR; or
The UK International Data Transfer Agreement (IDTA) or addendum.

You can request details of the safeguards in place for specific transfers by contacting us at [email protected].

7. How Long We Retain Your Data

We retain your personal data only for as long as necessary for the purposes for which it was collected:

Lead enquiry data (guide downloads, pre-sale interest): retained for up to 2 years from collection, or until you request deletion.
Subscription and contract data (names, addresses, company details, payment references): retained for 7 years after the end of your subscription to comply with UK tax and accounting obligations (Companies Act 2006 and HMRC requirements).
Account data: retained for as long as your account is active and for up to 2 years after account deletion.
Analytics data: retained in line with Google Analytics default retention settings (up to 14 months for user-level data).

After the applicable retention period, personal data is securely deleted or anonymised.

8. Your Rights Under UK GDPR

As a data subject, you have the following rights:

Right of access: You may request a copy of the personal data we hold about you (a "Subject Access Request").
Right to rectification: You may ask us to correct inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten"): You may ask us to delete your personal data where we no longer have a lawful basis to hold it. This right is subject to our legal obligations (e.g. mandatory retention of financial records).
Right to restriction of processing: You may ask us to limit how we use your data in certain circumstances.
Right to data portability: Where processing is based on your consent or a contract and carried out by automated means, you may request your data in a structured, machine-readable format.
Right to object: You may object at any time to processing based on our legitimate interests. We will stop processing unless we have compelling legitimate grounds that override your interests, or the processing is necessary for legal claims.
Rights related to automated decision-making: We do not currently make any solely automated decisions that have a legal or similarly significant effect on you.

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month (which may be extended by a further two months for complex or numerous requests, with notice). We will not charge a fee unless your request is manifestly unfounded or excessive.

We may need to verify your identity before processing your request.

9. Marketing Communications

If you have submitted your details via our lead magnet form or pre-sale enquiry form, we may contact you with relevant information about our products and services on the basis of legitimate interests. You can opt out of marketing communications at any time by:

Clicking the unsubscribe link in any marketing email; or
Emailing us at [email protected] and asking to be removed from our mailing list.

Opting out of marketing emails will not affect transactional communications related to an active subscription.

10. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

Encryption of sensitive configuration values and credentials stored in our database
Passwords stored using one-way cryptographic hashing (bcrypt)
HTTPS encryption for all data in transit
HTTP-only, secure cookies for authentication sessions
Access controls restricting data to authorised personnel only

No method of transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, affected individuals without undue delay.

11. Children's Data

Our services are directed solely at business customers (B2B) and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

12. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated policy on this page with a revised version date. For material changes, we will notify active subscribers by email. We encourage you to review this page periodically.

14. How to Complain

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us first at [email protected].