Privacy Policy - Carpetcleaning SE1
This Privacy Policy explains how Carpetcleaning SE1 collects, uses, stores, shares, and protects personal data in relation to its services. It applies to all Carpetcleaning SE1 customers in the area, including prospective customers, existing customers, and individuals who interact with us when requesting or receiving carpet cleaning and related services.
We are committed to handling personal data in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is intended to help you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have over your personal information.
1. Data We Collect
We collect only the personal data that is necessary for providing our services, managing customer relationships, and meeting legal or regulatory obligations. The types of information we may collect include:
- Identity information, such as your name, and where relevant, the name of an authorised representative or property manager.
- Contact information, such as your address, email address, and telephone number.
- Service information, including details of the cleaning services requested, property type, job notes, preferred appointment times, and service history.
- Payment information, such as billing details, payment confirmation, and transaction records. We do not store more payment data than is necessary for accounting and record-keeping purposes.
- Communication records, including messages, complaints, service updates, and customer feedback.
- Technical or usage data if you interact with us through digital systems, such as basic device or log information needed to maintain security and functionality.
We do not intentionally collect special category data unless you choose to provide it for a specific reason, such as informing us of an allergy, accessibility need, or health-related concern that affects service delivery. Where such information is provided, we treat it with additional care and only process it when there is a clear lawful basis to do so.
2. How We Use Personal Data
We use personal data to operate our business and provide services efficiently and safely. The main purposes for processing include:
- responding to enquiries and booking requests;
- providing carpet cleaning and related services;
- managing appointments, rescheduling, and service updates;
- processing payments, invoices, and refunds where applicable;
- handling customer support, complaints, and service issues;
- maintaining internal business records and service quality;
- meeting legal, tax, accounting, and regulatory obligations;
- protecting against fraud, misuse, or security incidents.
We only use personal data in ways that are relevant and proportionate to these purposes. We do not sell personal data.
3. Lawful Basis for Processing
Under GDPR, we must have a lawful basis to process your personal data. Depending on the context, we rely on the following bases:
Contract
We process personal data when it is necessary to enter into or perform a contract with you. This includes using your details to confirm bookings, provide services, issue invoices, and manage service delivery.
Legal Obligation
We may process and retain certain information to comply with laws that apply to accounting, taxation, business record-keeping, consumer protection, or other regulatory obligations.
Legitimate Interests
We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include improving our services, maintaining administrative records, securing our systems, and handling customer communications.
Consent
In limited situations, we may rely on your consent, for example where you provide optional information that is not necessary for the service, or where specific marketing communications require consent. If consent is used, you may withdraw it at any time.
Vital Interests
In rare cases, we may process personal data to protect someone’s vital interests, for example if an urgent safety issue arises during a service visit.
4. Data Sharing and Processors
We may share personal data with trusted third parties only where necessary and with appropriate safeguards. These third parties act either as processors or, in some cases, as independent controllers.
Examples of processors may include:
- IT and hosting providers that support data storage, email, or system management;
- payment service providers that process transactions securely;
- accounting or bookkeeping providers that support financial records and compliance;
- customer management or scheduling tools used to organise service delivery;
- subcontracted service partners where needed to complete a booking or specialist task.
Where processors handle personal data on our behalf, they are required to act only on our instructions, keep data confidential, and implement appropriate security measures. We ensure that any sharing is limited to what is necessary for the specific purpose.
We may also disclose personal data if required by law, court order, or to protect our legal rights, prevent fraud, or respond to lawful requests by public authorities.
5. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Retention periods vary depending on the type of information and the reason for processing.
- Customer and service records are retained for the period reasonably needed to manage service history and resolve disputes.
- Financial and invoice records are retained for the period required by tax and accounting laws.
- Communication records are kept for as long as needed to support customer service, complaint handling, or business administration.
- Consent-based data is kept until consent is withdrawn or the purpose no longer applies.
When personal data is no longer needed, we will securely delete, anonymise, or otherwise dispose of it in a safe and appropriate manner. We review retention regularly to avoid keeping data longer than necessary.
6. Security of Personal Data
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, secure storage, confidentiality obligations, and data minimisation practices.
While no system can be guaranteed completely secure, we take data protection seriously and continuously assess our security measures to reduce risk.
7. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights may apply in full or in part depending on the circumstances and the lawful basis relied upon.
- Right of access – you can request a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete information.
- Right to erasure – you may request deletion of your data in certain situations.
- Right to restrict processing – you can ask us to limit how your data is used in certain circumstances.
- Right to object – you can object to processing based on legitimate interests or direct marketing.
- Right to data portability – where applicable, you may request your data in a structured, commonly used format.
- Right to withdraw consent – where processing is based on consent, you can withdraw it at any time.
If you wish to exercise any of these rights, we will respond in accordance with applicable data protection law. We may ask for information to confirm your identity before dealing with your request.
8. International Transfers
In most cases, personal data is processed within the United Kingdom or the European Economic Area. If data is transferred outside these areas, we will ensure that appropriate safeguards are in place to protect your information in line with GDPR requirements.
9. Children’s Data
Our services are not directed at children, and we do not knowingly collect personal data from children unless it is provided by a parent, guardian, or authorised adult in connection with a service request. If we become aware that we have collected such data without proper authority, we will take reasonable steps to delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, business practices, or service operations. Any updated version will apply from the time it is published and will replace previous versions.
Carpetcleaning SE1 customers in the area should review this policy periodically to stay informed about how personal data is handled. Continued use of our services does not change your rights under data protection law.
11. Summary of Key Points
- We collect only the information needed to provide and manage our services.
- We process data under lawful bases such as contract, legal obligation, legitimate interests, and consent.
- We share data only with trusted processors or where required by law.
- We keep data only as long as necessary and dispose of it securely.
- You have important rights over your personal data, including access, correction, erasure, and objection.
Privacy is an important part of our service commitment. We aim to handle all personal data responsibly, securely, and in a way that respects your rights and expectations.