Privacy Policy - Collier Row Carpet Cleaners
This Privacy Policy explains how Collier Row Carpet Cleaners collects, uses, stores, shares, and protects personal data. It applies to all Collier Row Carpet Cleaners customers in the area, including anyone who requests a quote, books a service, communicates with us, or receives cleaning services from us. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We understand that privacy matters. This policy sets out what information we collect, why we collect it, the legal bases we rely on, how long we keep data, the types of third parties that may process data on our behalf, and the rights available to individuals.
1. Personal Data We Collect
We collect only the information needed to provide carpet cleaning and related services, manage customer relationships, and meet legal and business obligations. The personal data we may collect includes:
- Identity details: name, title, and any business name where relevant.
- Contact details: address, email address, and telephone number.
- Service information: property access details, booking history, service preferences, and notes needed to carry out cleaning safely and effectively.
- Payment information: transaction details, payment status, and billing records. We do not store full card details where payment is handled by a secure third-party payment provider.
- Communication records: messages, enquiries, complaints, and feedback.
- Technical data: limited website or device information if you contact us through an online form or digital service, such as IP address or browser type, where applicable.
- Special category data: we do not intentionally collect special category data. However, information may be provided by you indirectly, for example if you mention health, mobility, allergies, or access needs to help us provide the service safely.
We do not collect more data than we need. Where possible, we avoid requesting unnecessary information. If you provide data about another person, you should ensure you have permission to do so.
2. How We Use Personal Data
We use personal data for the following purposes:
- to respond to enquiries and provide quotations;
- to schedule and deliver carpet cleaning services;
- to manage appointments, rescheduling, and service updates;
- to process payments and maintain business records;
- to communicate with customers about work carried out;
- to manage complaints, queries, and customer support;
- to maintain safety, quality, and operational standards;
- to comply with accounting, tax, and legal obligations;
- to prevent fraud or misuse of our services; and
- to improve our services and customer experience.
We may also use aggregated or anonymised data for internal reporting, service improvement, and business planning. Anonymous data does not identify you personally.
3. Lawful Basis for Processing
Under data protection law, we must have a lawful basis for each use of personal data. Depending on the context, Collier Row Carpet Cleaners relies on the following bases:
Contract
We process personal data when it is necessary to enter into or perform a contract with you. This includes managing quotes, bookings, service delivery, and payment processing.
Legal Obligation
We process some data to comply with legal and regulatory requirements, including tax, accounting, and record-keeping obligations.
Legitimate Interests
We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Examples include managing our business operations, improving services, maintaining security, handling disputes, and preventing misuse.
Consent
Where required, we rely on your consent. For example, if we need to use optional marketing communications or collect certain additional information not required for the service, we will ask for your clear permission. You may withdraw consent at any time.
Vital Interests
In rare circumstances, we may process personal data to protect someone’s vital interests, such as in an emergency situation where health or safety is at risk.
4. Retention of Personal Data
We only keep personal data for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law. Retention periods may vary depending on the type of data and the reason for processing.
- Customer and service records: kept for the duration of the customer relationship and for a reasonable period afterwards to handle follow-up queries or disputes.
- Financial and tax records: retained in line with legal and accounting requirements.
- Communication records: kept as long as needed to manage the enquiry or resolve an issue.
- Consent records: retained to demonstrate compliance with data protection law.
When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. We aim to keep retention periods proportionate and relevant.
5. Sharing Personal Data and Processors
We may share personal data with trusted third parties who help us run our business. These third parties act as processors or independent controllers depending on their role. We only share the minimum information needed and require appropriate safeguards.
Types of processors and service providers may include:
- Payment processors: to handle secure card or online payments.
- Accounting and bookkeeping providers: to manage invoices, records, and tax compliance.
- IT and cloud service providers: to store or manage business data securely.
- Communication tools: to send booking confirmations, updates, or service-related messages.
- Website or form hosting providers: where online contact or enquiry tools are used.
We may also disclose data where required by law, court order, or regulatory request, or where it is necessary to establish, exercise, or defend legal claims. We do not sell personal data.
Where a processor handles data on our behalf, they are only permitted to process it according to our instructions and must keep it secure. They must not use it for their own purposes unless they are acting as an independent controller and have their own lawful basis.
6. Data Security
We take appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, limited staff access, and care in the handling of paper and digital records.
However, no method of transmission or storage is completely secure. While we work to protect your data, we cannot guarantee absolute security.
7. User Rights
Under data protection law, you have rights in relation to your personal data. These rights may apply depending on the circumstances and the lawful basis we rely on. They include:
- Right of access: to request a copy of the personal data we hold about you.
- Right to rectification: to ask us to correct inaccurate or incomplete data.
- Right to erasure: to request deletion of your data in certain situations.
- Right to restriction: to ask us to limit how we use your data in certain circumstances.
- Right to object: to object to processing based on legitimate interests or direct marketing.
- Right to data portability: to request transfer of data you have provided to us, where applicable.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
We will respond to requests in accordance with applicable law. In some cases, we may need to verify your identity before acting on a request. This is to protect your privacy and the security of your data.
If you believe we have not handled your data properly, you also have the right to complain to the UK data protection authority. We encourage you to raise concerns with us first so we can try to resolve the matter promptly.
8. Children’s Data
Our services are intended for adults. We do not knowingly collect personal data from children unless it is necessary in connection with a service request made by an adult customer, for example a family household arrangement. If we become aware that we have collected data inappropriately, we will take steps to delete it where appropriate.
9. International Transfers
Where any processor or service provider stores or accesses data outside the UK, we ensure that appropriate legal safeguards are in place. This may include using recognised transfer mechanisms and contractual protections to help keep personal data secure and compliant with UK GDPR requirements.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, business practices, or the services we provide. Any updated version will apply from the date it is published or otherwise communicated. We recommend reviewing this policy periodically so you remain informed about how your personal data is handled.
11. Summary of Our Commitment
We respect your privacy and handle personal data carefully. We only collect the information needed to provide cleaning services, manage customer relationships, and meet our legal obligations. We process personal data on a lawful basis, keep it secure, retain it only as long as necessary, and use trusted processors under appropriate safeguards. Our customers in Collier Row and the surrounding area can expect their data to be treated responsibly, transparently, and in compliance with applicable law.