Privacy Policy - Carpetcleaning SE8
This Privacy Policy explains how Carpetcleaning SE8 collects, uses, stores, shares, and protects personal data when providing services to customers in the SE8 area. It applies to all Carpetcleaning SE8 customers in the area, including prospective customers, existing customers, and anyone who contacts us or uses our services. We are committed to handling personal data in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who this policy applies to
This policy applies to individuals who:
- request a quote or service from Carpetcleaning SE8;
- book or receive carpet cleaning or related cleaning services;
- communicate with us before, during, or after a service;
- provide personal data through forms, messages, calls, or email;
- are included in service records as a customer, tenant, homeowner, landlord, or authorised representative.
By using our services, you acknowledge that your personal data may be processed in line with this policy.
2. Personal data we collect
We collect only the data necessary to deliver our services effectively and responsibly. The types of personal data we may collect include:
- Identity data: name, title, and, where relevant, business or property ownership details;
- Contact data: address, phone number, and email address;
- Service data: property details, service instructions, appointment history, and information needed to complete the cleaning service;
- Billing data: invoicing details, payment records, and transaction confirmations;
- Communication data: messages, notes, complaints, feedback, and service-related correspondence;
- Technical data: limited device or website-use data if you interact with online systems, where applicable;
- Special category data: we do not normally seek this information. However, if you voluntarily share information that could reveal health, access, or vulnerability-related needs, we will only process it where necessary and permitted by law.
We do not intentionally collect more data than is needed for the provision and management of our services.
3. How we collect your data
We may collect personal data directly from you when you:
- make an enquiry or request a quote;
- book a cleaning appointment;
- provide access or service instructions;
- pay for a service or ask for an invoice;
- submit feedback, complaints, or follow-up requests;
- communicate with us by phone, email, text, or in writing.
We may also receive data from third parties where lawful and appropriate, such as property managers, landlords, tenants, or payment service providers, when they arrange or support a service on your behalf.
4. Why we use your data
We process personal data for the following purposes:
- to provide quotes, arrange bookings, and deliver cleaning services;
- to manage customer accounts and service records;
- to communicate about appointments, changes, or service updates;
- to process payments and issue invoices;
- to handle complaints, claims, or customer support requests;
- to maintain business records and meet legal, accounting, or insurance obligations;
- to improve service quality, staff training, and internal operations;
- to protect the security of our operations, staff, and customers.
We do not use your personal data for unrelated purposes without informing you and ensuring there is a lawful basis to do so.
5. Lawful basis for processing
Under UK GDPR, we must have a lawful basis for each type of processing. We rely on the following lawful bases:
Contract
We process personal data where it is necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes managing bookings, carrying out cleaning services, and providing invoices.
Legitimate interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights. This includes managing customer relationships, preventing fraud, improving services, keeping operational records, and maintaining business security.
Legal obligation
We may process and retain certain records to comply with legal obligations, including tax, accounting, insurance, health and safety, and dispute resolution requirements.
Consent
Where we rely on consent, such as for specific optional communications or the processing of special category information you choose to provide, you may withdraw consent at any time. Withdrawal will not affect processing already carried out lawfully before withdrawal.
Vital interests
In rare cases, we may process information where necessary to protect someone’s vital interests, for example in an emergency involving safety or urgent access concerns.
6. Data sharing and processors
We may share personal data with trusted processors and service providers who assist us in operating our business. These may include:
- payment processing providers;
- accounting and bookkeeping services;
- booking, scheduling, or customer management systems;
- IT support, cloud storage, and secure data hosting providers;
- professional advisers such as legal, insurance, or tax advisers;
- subcontractors or technicians who need the data to perform a service;
- public authorities, regulators, or law enforcement where required by law.
All processors are required to handle data securely, process it only on our instructions, and comply with relevant data protection obligations. We take reasonable steps to ensure that any third party that processes personal data for us offers appropriate safeguards.
We do not sell your personal data.
7. Data retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including any legal, accounting, or reporting requirements. The length of retention depends on the nature of the data and the reason for processing.
- Customer and service records are retained for as long as needed to manage the relationship and handle any follow-up issues.
- Financial and invoicing records are generally kept for the period required by tax and accounting laws.
- Communication records may be kept for a reasonable period to resolve disputes, maintain service history, or improve customer support.
- Data no longer required is securely deleted, anonymised, or destroyed.
When determining retention periods, we consider legal requirements, the nature of the service, risk, and whether the data may be needed for a legitimate business purpose.
8. Data security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures may include access controls, secure storage, limited staff access, and data minimisation practices. While no system can be guaranteed completely secure, we work to maintain a high level of protection in line with the sensitivity of the data we hold.
9. Your rights
As a data subject, you have rights under UK GDPR. These rights may apply in full or in part depending on the circumstances and the legal basis for processing. Your rights include:
- Right of access: you may request confirmation of whether we process your data and obtain a copy of it;
- Right to rectification: you may ask us to correct inaccurate or incomplete data;
- Right to erasure: you may request deletion of your data in certain circumstances;
- Right to restriction: you may request limits on how we use your data in certain cases;
- Right to data portability: you may request your data in a structured, commonly used format where applicable;
- Right to object: you may object to processing based on legitimate interests or direct marketing;
- Right to withdraw consent: where processing relies on consent, you may withdraw it at any time;
- Right to complain: you may raise concerns with the UK Information Commissioner’s Office if you believe your data has been handled improperly.
We aim to respond to valid rights requests within the time limits required by law. To protect privacy, we may ask for information to verify your identity before responding.
10. International transfers
If personal data is transferred outside the UK, we will only do so where appropriate safeguards are in place and the transfer complies with applicable data protection law. Such safeguards may include adequacy regulations, standard contractual clauses, or other lawful mechanisms.
11. Children’s data
Our services are intended for adults and business customers arranging cleaning services. We do not knowingly collect personal data from children except where it is incidentally provided by a parent, guardian, or authorised adult in connection with a service booking or property access arrangement. If we become aware that we have collected children’s data unlawfully, we will take appropriate steps to delete or protect it.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in law, business practices, or operational needs. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how we protect personal data.
13. Summary of our commitment
Carpetcleaning SE8 is committed to respectful and lawful data handling. We collect only the information necessary to provide services, rely on clear lawful bases, keep records only as long as needed, and use trusted processors with appropriate safeguards. We also recognise and respect your rights over your personal data. This policy applies to all Carpetcleaning SE8 customers in the area and is designed to support transparency, accountability, and trust.