Privacy Policy - Carpet Cleaners Elephantandcastle

This Privacy Policy explains how Carpet Cleaners Elephantandcastle collects, uses, stores, shares, and protects personal data when providing cleaning services to customers in the Elephant and Castle area. It applies to all Carpet Cleaners Elephantandcastle customers in the area, including individuals who request quotations, make bookings, receive cleaning services, or otherwise interact with our business. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

We collect only the personal data necessary to deliver our services, manage customer relationships, and meet legal obligations. Depending on how you interact with us, the information we may collect includes:

  • Identity details such as your name or title.
  • Contact details such as address, telephone number, and email address.
  • Service details such as property access instructions, cleaning preferences, booking history, and service notes.
  • Payment information such as transaction records, billing details, and payment confirmations. We do not store full card details where payment processing is handled securely by a payment provider.
  • Communication records including messages, enquiries, complaints, and feedback.
  • Technical information if you visit a digital platform used for service enquiries, such as IP address, device information, and usage data.
  • Special category data only where you voluntarily provide information that may be relevant to access needs, allergies, or safety considerations, and only when necessary to provide a suitable service.

We aim to keep data collection proportionate. We do not collect personal data that is not needed for a legitimate business or legal purpose.

2. How We Use Personal Data

We use personal data for the following purposes:

  • To provide quotations, accept bookings, and carry out cleaning services.
  • To manage appointments, schedules, and access arrangements.
  • To communicate about service updates, changes, or customer queries.
  • To process payments and maintain accounting records.
  • To handle complaints, disputes, and service-related issues.
  • To improve service quality, training, and operational efficiency.
  • To comply with legal, tax, insurance, and regulatory obligations.
  • To protect the rights, property, and safety of customers, staff, and contractors.

We may use aggregated or anonymised information for service analysis and reporting. Where data has been anonymised properly, it no longer identifies an individual and is not treated as personal data.

3. Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The main lawful bases we rely on are:

Performance of a Contract

We process data where it is necessary to enter into or perform a contract with you. This includes taking bookings, delivering cleaning services, arranging access, issuing invoices, and managing payments.

Legitimate Interests

We may process data where it is necessary for our legitimate business interests, provided those interests do not override your rights and freedoms. Examples include managing customer records, preventing fraud, improving service delivery, and responding to enquiries. When relying on legitimate interests, we consider the nature of the data, the purpose of processing, and the impact on the individual.

Legal Obligation

We process personal data where it is necessary to comply with legal requirements. This may include tax records, accounting duties, health and safety obligations, or lawful requests from authorities.

Consent

In limited cases, we rely on consent, especially for optional communications or where you provide special category information that is not otherwise necessary for service delivery. Where consent is used, you can withdraw it at any time.

Vital Interests

In rare circumstances, we may process personal data to protect someone’s vital interests, such as in an emergency involving health or safety.

4. Sharing Data with Processors

We may share personal data with trusted third parties that act as processors on our behalf. These processors only handle data under our instructions and are required to protect it appropriately. Examples may include:

  • Payment processing providers.
  • Booking and scheduling software providers.
  • IT and cloud storage providers.
  • Accountancy and payroll service providers.
  • Customer communication tools.
  • Waste disposal or specialist service partners, where necessary for a booking.

We may also disclose personal data to independent controllers where required by law or where they determine the purposes and means of processing independently, such as HMRC, insurers, legal advisers, or regulatory bodies.

All processors are selected carefully, and we expect them to use appropriate technical and organisational measures to safeguard data. We do not sell personal data.

5. International Transfers

If any processor stores or accesses data outside the United Kingdom, we will ensure appropriate safeguards are in place before any transfer occurs. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent lawful mechanisms designed to protect your information.

6. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods depend on the type of information and the reason it was collected.

  • Customer service records are normally retained for the period needed to manage the relationship and resolve any post-service queries.
  • Invoice and payment records are usually retained for the period required by tax and accounting law.
  • Complaints or dispute records may be retained longer where needed for legal claims or insurance purposes.
  • Marketing preferences are retained until you withdraw consent or object, where applicable.

When personal data is no longer needed, we securely delete, destroy, or anonymise it. Retention is reviewed regularly to ensure data is not kept longer than necessary.

7. Data Security

We use reasonable and appropriate security measures to protect personal data against unauthorised access, accidental loss, misuse, or disclosure. These measures may include restricted access controls, secure storage, password protection, staff awareness procedures, and supplier checks. Although no system can be guaranteed to be completely secure, we take data protection seriously and continuously review our safeguards.

8. Your Rights

Under data protection law, you may have the following rights in relation to your personal data:

  • Right of access - to request a copy of the personal data we hold about you.
  • Right to rectification - to ask us to correct inaccurate or incomplete data.
  • Right to erasure - to request deletion of your data in certain circumstances.
  • Right to restrict processing - to ask us to limit how we use your data in certain situations.
  • Right to data portability - to receive certain data in a structured, commonly used format.
  • Right to object - to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent - where processing is based on consent, you may withdraw it at any time.

You also have the right to raise concerns about how your personal data is handled. If you believe your rights have not been respected, you may contact the UK supervisory authority, the Information Commissioner’s Office (ICO).

9. Children’s Data

Our services are intended for adult customers and property occupiers. We do not knowingly collect personal data from children unless it is incidentally provided in connection with a service arrangement and only where necessary. If we become aware that we have collected children’s data without appropriate justification, we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or service operations. Any updated version will apply from the date it is published. We encourage customers to review this policy periodically so they remain informed about how their data is used.

11. Summary of Our Commitment

Carpet Cleaners Elephantandcastle is committed to protecting the privacy of its customers in the area. We collect only the data needed to deliver services, rely on appropriate lawful bases, limit retention periods, and use trusted processors with suitable safeguards. We also respect your rights and aim to be transparent in all our data handling practices. Our objective is to keep customer information safe, relevant, and used only for legitimate purposes.

Carpet Cleaners Elephantandcastle

GDPR-compliant Privacy Policy for Carpet Cleaners Elephantandcastle covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.