Privacy Policy - Stamford Hill Carpet Cleaners
This Privacy Policy explains how Stamford Hill Carpet Cleaners collects, uses, stores, shares, and protects personal data. It applies to all Stamford Hill Carpet Cleaners customers in the Stamford Hill area, including anyone who requests a quote, books a service, visits our premises, communicates with us, or otherwise uses our services. We are committed to handling personal data in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Stamford Hill Carpet Cleaners provides professional carpet cleaning and related cleaning services for homes, landlords, tenants, businesses, and other clients in the Stamford Hill area. For the purpose of data protection law, we act as the data controller for the personal data we collect and use in connection with our services. This means we determine why and how your personal data is processed.
2. Personal Data We Collect
We only collect personal data that is relevant and necessary for providing our services, communicating with you, managing bookings, processing payments, and meeting legal obligations. The categories of data we may collect include:
- Identity information such as your name, title, and, where applicable, company name.
- Contact information such as your address, email address, and telephone number.
- Service information such as the services requested, booking details, property access notes, and cleaning preferences.
- Payment information such as transaction details, payment status, and limited billing records. We do not intentionally store full card details unless required through a secure payment provider.
- Communication records including emails, messages, call notes, and customer service correspondence.
- Technical data such as basic website or device information if you interact with our online systems, where applicable.
- Feedback and complaints including reviews, service concerns, and resolutions.
In some cases, we may also process information that you choose to provide voluntarily, for example special access instructions or notes relevant to the cleaning job. We do not seek to collect sensitive personal data unless it is necessary and you have provided it knowingly.
3. How We Use Your Data
We use personal data for the following purposes:
- To provide quotes, confirm bookings, and deliver cleaning services.
- To communicate with you about appointments, service updates, and scheduling changes.
- To process payments, invoices, and refunds where applicable.
- To manage customer relationships and respond to enquiries or complaints.
- To maintain business records and improve the quality of our services.
- To comply with legal, accounting, tax, and regulatory requirements.
- To protect our business, staff, and customers from fraud, misuse, or security incidents.
We will only use your personal data for the purposes for which it was collected unless we reasonably consider that we need to use it for a compatible purpose. If we need to use it for an unrelated purpose, we will explain the lawful basis that allows us to do so.
4. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis to process your personal data. Depending on the circumstances, Stamford Hill Carpet Cleaners may rely on one or more of the following bases:
Contract
We process your data where it is necessary to perform a contract with you or take steps at your request before entering into a contract. This includes arranging visits, providing quotes, confirming services, and carrying out cleaning work.
Legal Obligation
We may process personal data where required to meet legal or regulatory obligations, such as tax recordkeeping, accounting requirements, or responding to lawful requests from authorities.
Legitimate Interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include managing our customer base, improving services, maintaining security, and handling service communications. When relying on legitimate interests, we consider whether the processing is necessary and proportionate.
Consent
In limited cases, we may rely on your consent, for example where you agree to receive certain marketing communications or where you provide optional information that is not required for the service. You may withdraw consent at any time, although this will not affect processing already carried out before withdrawal.
5. How We Share Personal Data
We do not sell your personal data. We may share it only where necessary and lawful, and only with parties that help us operate our business or meet legal requirements. These may include:
- Service processors who support booking administration, IT systems, payment processing, accounting, or record storage.
- Professional advisers such as accountants, auditors, or legal advisers where needed.
- Regulators, law enforcement, or public authorities where disclosure is required by law or necessary to protect rights and safety.
Where we use third parties to process personal data on our behalf, they act as processors. They are only permitted to handle personal data under our instructions and are required to protect it appropriately. We take reasonable steps to ensure that any processor we use offers suitable safeguards, confidentiality obligations, and security measures.
6. Retention of Personal Data
We keep personal data only for as long as necessary for the purpose for which it was collected, including for legal, accounting, or reporting requirements. The exact retention period may vary depending on the type of data and the reason for processing.
- Customer and service records are generally retained for as long as needed to manage the business relationship and handle follow-up matters.
- Financial and tax records are retained for the period required by law.
- Communication records may be retained for a reasonable period to support customer service, dispute handling, and business administration.
- Consent-based records are retained until consent is withdrawn or no longer needed for the purpose given.
When personal data is no longer required, it is securely deleted, anonymised, or destroyed in line with our retention practices. We apply retention rules carefully to avoid keeping data longer than necessary.
7. Data Security
We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, restricted permissions, staff awareness, and careful vetting of processors. While no system can be guaranteed completely secure, we take data protection seriously and review our safeguards regularly.
8. International Transfers
Where personal data is processed by a third party outside the UK, we will only permit such transfers where suitable safeguards are in place and where the transfer complies with applicable data protection law. This may include approved contractual protections or adequacy decisions.
9. Your Rights
As a data subject under UK GDPR, you have a number of rights in relation to your personal data. These rights may apply depending on the circumstances and the lawful basis for processing. They include:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate or incomplete data.
- Right to erasure — in some cases, you can ask us to delete your personal data.
- Right to restrict processing — you can ask us to limit how we use your data in certain situations.
- Right to data portability — where applicable, you can request your data in a structured, commonly used format.
- Right to object — you can object to processing based on legitimate interests, and to direct marketing where applicable.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
These rights are not absolute. We may need to retain or continue processing certain information where required by law or where we have a valid legal ground to do so. If you make a request, we may ask for information to confirm your identity before responding.
10. Marketing Communications
We may send you marketing communications only where permitted by law. If you have given consent or if we are otherwise allowed to contact you under applicable rules, you can opt out at any time. You may do this by following the instructions provided in the communication or by contacting us through the usual business channels. We will respect your preferences and stop sending marketing messages where required.
11. Children’s Data
Our services are intended for adults and businesses. We do not knowingly collect personal data from children except where it is incidental to a service request made by an adult customer. If we become aware that we have collected data from a child inappropriately, we will take steps to delete it where legally appropriate.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers in the Stamford Hill area to review this policy periodically so they remain informed about how their data is handled.
13. Summary of Key Points
- We collect only the personal data needed to provide and manage our services.
- We process data on lawful bases such as contract, legal obligation, legitimate interests, and consent.
- We retain data only as long as necessary and securely dispose of it when no longer needed.
- We may use processors such as IT, payment, and accounting providers under strict safeguards.
- You have rights over your data, including access, correction, deletion, restriction, objection, and portability where applicable.
By using Stamford Hill Carpet Cleaners, you acknowledge that your personal data may be processed as described in this Privacy Policy. We are committed to protecting your privacy and handling your information responsibly, transparently, and in accordance with the law.