Privacy Policy - Elmstead Carpet Cleaners
This Privacy Policy explains how Elmstead Carpet Cleaners collects, uses, stores, shares, and protects personal data when providing carpet cleaning and related services. It applies to all Elmstead Carpet Cleaners customers in the area, including individuals who request quotes, make bookings, receive services at home or at business premises, or otherwise interact with us in connection with our services.
We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is intended to help you understand what information we process and the rights you have over it.
1. Information We Collect
We may collect and process the following categories of personal data:
- Identity details, such as your name and title.
- Contact details, such as your address, email address, and telephone number.
- Service details, such as booking preferences, property access information, carpet or upholstery cleaning requirements, and any service notes you provide.
- Payment information, such as payment status, billing records, and transaction references. We do not store full card details where payments are handled by a third-party payment provider.
- Communication records, such as emails, messages, complaints, feedback, and service-related correspondence.
- Technical information, if you interact with our digital systems, including basic device or browser information and usage logs where applicable.
We generally collect personal data directly from you when you request a quote, make a booking, complete a form, communicate with us, or use our services. In some cases, we may also receive information from third parties, such as payment processors, booking platforms, property managers, or a person arranging services on your behalf.
2. How We Use Your Data
We use personal data only where we have a valid legal basis and for the purposes set out below:
- To provide quotes, confirm bookings, and deliver cleaning services.
- To communicate with you about appointments, access arrangements, service changes, or follow-up matters.
- To process payments, issue invoices, and manage accounts.
- To maintain service records and handle complaints, disputes, or insurance-related matters.
- To improve our services, training, scheduling, and operational efficiency.
- To comply with legal and regulatory obligations.
- To protect our business, customers, staff, and property from fraud, misuse, or unlawful activity.
We do not use personal data for unrelated purposes without informing you where required by law. We also do not sell your personal data.
3. Lawful Basis for Processing
Under data protection law, we must have a lawful basis for each type of processing. Elmstead Carpet Cleaners may rely on the following bases:
Contract
We process personal data when it is necessary to enter into or perform a contract with you. This includes preparing quotations, arranging appointments, carrying out cleaning services, and managing billing.
Legal obligation
We may process and retain certain information to comply with legal obligations, such as accounting rules, tax requirements, or responding to lawful requests from public authorities.
Legitimate interests
We may process personal data where it is necessary for our legitimate business interests, provided these interests do not override your rights and freedoms. Examples include managing customer records, improving service quality, preventing fraud, and protecting our business operations.
Consent
In limited situations, we may rely on your consent, for example where you choose to receive optional marketing communications. Where consent is used, you may withdraw it at any time.
Vital interests and public task
These bases are unlikely to apply in most cases, but may be used if necessary in exceptional circumstances or where required by law.
4. Data Sharing and Processors
We may share personal data with trusted third parties where necessary to operate our business and provide our services. These third parties act as processors or, in some cases, independent controllers. We only share data where there is a lawful basis and where appropriate safeguards are in place.
Examples of processors and service partners may include:
- Payment providers that handle card transactions securely.
- Accounting or invoicing systems used to manage records and financial administration.
- Booking and scheduling tools used to organise appointments and dispatch services.
- IT and cloud storage providers that help us store and secure business data.
- Customer communication services used to send service updates or respond to enquiries.
- Professional advisers, such as insurers, lawyers, or accountants, where required.
Where processors handle data on our behalf, they are required to process it only according to our instructions, apply appropriate security measures, and keep it confidential. We do not allow processors to use your data for their own unrelated purposes.
We may also disclose personal data if required to do so by law, court order, regulator, or law enforcement authority, or where necessary to protect our legal rights.
5. Data Retention
We keep personal data only for as long as necessary for the purpose for which it was collected, and to meet legal, accounting, or operational requirements. The retention period depends on the type of information and the reason we hold it.
- Customer and booking records are generally retained for as long as needed to manage the service relationship and for a reasonable period afterwards.
- Invoices and financial records are typically kept in line with tax and accounting obligations.
- Communication records may be retained for a period sufficient to handle queries, disputes, or service history.
- Marketing consent records are kept until you withdraw consent or the data is no longer needed.
When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention procedures.
6. Data Security
We take reasonable technical and organisational measures to protect personal data from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, password protection, staff confidentiality obligations, and limited access to information on a need-to-know basis.
While no system can be guaranteed to be completely secure, we work to maintain appropriate safeguards and regularly review our practices to reduce risk.
7. Your Rights
Under data protection law, you have a number of rights regarding your personal data. Subject to certain conditions and exceptions, these include:
- Right of access – you can request a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete information.
- Right to erasure – you can request deletion of your personal data in certain circumstances.
- Right to restriction – you can ask us to limit how we use your data in certain cases.
- Right to object – you can object to processing based on legitimate interests or to direct marketing.
- Right to data portability – you can request that certain data be provided to you or another organisation in a structured format.
- Right to withdraw consent – where we rely on consent, you may withdraw it at any time.
If you wish to exercise any of these rights, we will respond in accordance with applicable legal requirements. In some cases, we may need to verify your identity before acting on your request. We may also be unable to comply fully where the law permits or requires us to retain certain information.
8. Children’s Data
Our services are intended for adult customers and property occupiers. We do not knowingly collect personal data from children except where it is incidental to providing a service requested by an adult, and then only where necessary and lawful. If we become aware that personal data has been collected inappropriately, we will take steps to delete or correct it as required.
9. International Transfers
Where personal data is transferred outside the United Kingdom, we will take steps to ensure that appropriate safeguards are in place, such as relying on approved contractual protections or adequacy decisions where applicable. These measures are intended to keep your data protected to a standard consistent with UK data protection law.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or service arrangements. The updated version will apply from the date it is published or otherwise communicated to you. We encourage customers to review this policy periodically to stay informed about how we handle personal data.
11. Contact and Complaints
If you have concerns about how your personal data is handled, you may raise them with us so they can be reviewed and addressed. You also have the right to lodge a complaint with the UK data protection supervisory authority if you believe your rights have been infringed.
This policy is designed to provide clear information in a concise and accessible way. By using our services, you acknowledge that Elmstead Carpet Cleaners may process personal data as described above and in accordance with applicable law.