Privacy Policy - Custom House Carpet Cleaners
Privacy Policy
This Privacy Policy explains how Custom House Carpet Cleaners collects, uses, stores, shares, and protects personal data. It applies to all Custom House Carpet Cleaners customers in the area, including prospective customers, existing customers, and individuals who contact us about our services. We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our services, making an enquiry, or otherwise providing personal information to us, you acknowledge that your data may be processed as described in this policy.
1. Information We Collect
We only collect personal data that is necessary for the provision, administration, and improvement of our carpet cleaning services. The categories of information we may collect include:
- Identity information, such as your name and title.
- Contact information, such as your address, phone number, and email address.
- Service details, including property access information, cleaning instructions, and appointment preferences.
- Billing and payment information, such as invoice details and payment records.
- Communication records, including messages, call notes, and complaints or feedback you submit.
- Technical information, if you interact with our digital systems, such as device details, browser type, or basic usage data.
- Special instructions relevant to the cleaning service, which may include details you choose to provide about stains, allergies, pets, or access restrictions.
We do not intentionally collect more information than is needed. We ask that you only provide data that is relevant to the services you request.
2. How We Use Personal Data
We use personal data to operate our business and provide our services effectively. The main purposes for which we process information are:
- To manage customer enquiries and quotations.
- To arrange appointments, confirm service dates, and deliver cleaning services.
- To process payments, issue invoices, and maintain financial records.
- To communicate with customers about service updates, bookings, or follow-up matters.
- To maintain service quality, handle complaints, and improve customer experience.
- To meet legal, accounting, tax, and regulatory obligations.
- To protect against fraud, misuse, or unlawful activity.
We do not sell personal data. We also do not use customer information for unrelated purposes without a lawful basis to do so.
3. Lawful Basis for Processing
Under data protection law, we must have a lawful basis for each use of personal data. Depending on the context, we may rely on one or more of the following:
Contract
We process data where it is necessary to enter into or perform a contract with you. This includes taking bookings, delivering cleaning services, confirming appointments, and handling payment-related matters.
Legal Obligation
We process certain information to comply with legal obligations, such as tax, accounting, insurance, or regulatory requirements. This may include retaining invoices and transaction records.
Legitimate Interests
We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include improving services, preventing fraud, managing customer records, and responding to complaints. When relying on legitimate interests, we assess the impact on your privacy and take steps to minimise any risk.
Consent
In limited cases, we may rely on your consent, for example where you voluntarily provide optional information or agree to certain communications. Where consent is used, you may withdraw it at any time. Withdrawal of consent does not affect processing already carried out lawfully before withdrawal.
4. Sharing Personal Data and Processors
We may share personal data with trusted third parties where necessary for service delivery, business administration, or legal compliance. These third parties act as processors or independent controllers depending on the service they provide.
Processors are organisations that process personal data on our instructions and under appropriate contractual safeguards. Examples may include:
- Payment service providers.
- Accounting and bookkeeping providers.
- IT and cloud storage providers.
- Customer management or scheduling software providers.
- Professional advisers, where necessary and subject to confidentiality obligations.
We require processors to handle data securely, use it only for specified purposes, and comply with applicable data protection requirements. We do not allow them to use your personal data for their own unrelated purposes.
We may also disclose personal data if required by law, court order, or lawful request from a regulator, enforcement authority, or public body. If our business is reorganised, sold, or transferred, personal data may be transferred as part of that transaction, subject to appropriate safeguards.
5. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including the need to satisfy legal, accounting, and reporting requirements. Retention periods vary depending on the type of data and the reason for processing.
In general:
- Customer enquiry records may be kept for a limited period after the enquiry ends.
- Service and booking records may be retained while the customer relationship is active and for a reasonable period afterwards.
- Financial records are kept for the period required by tax and accounting law.
- Complaint and dispute records may be kept longer where needed to resolve issues or defend legal claims.
When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.
6. Data Security
We use appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and limited access on a need-to-know basis.
However, no system is completely secure. While we work to protect your information, we cannot guarantee absolute security. If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will take the steps required by law, including notifying the relevant authority and affected individuals where appropriate.
7. Your Rights
Under data protection law, you may have a number of rights in relation to your personal data. These rights may apply depending on the circumstances and legal basis for processing:
- Right of access – you can request a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete information.
- Right to erasure – in some cases, you can ask us to delete your data.
- Right to restriction – you can request that we limit how we use your data in certain situations.
- Right to data portability – you may have the right to receive some data in a structured, commonly used format.
- Right to object – you may object to processing based on legitimate interests or direct marketing, where applicable.
- Right to withdraw consent – where we rely on consent, you may withdraw it at any time.
If you wish to exercise any of these rights, we may need to verify your identity before responding. We will respond within the timeframes required by law, unless an extension is permitted due to complexity or volume of requests.
Please note that some rights are not absolute and may be limited by law. For example, we may retain certain records where required for legal obligations or legitimate claims.
8. International Transfers
If personal data is transferred outside the United Kingdom, we will take appropriate steps to ensure that it remains protected in line with applicable data protection law. This may include relying on adequacy regulations, standard contractual clauses, or other lawful safeguards where required.
9. Children’s Data
Our services are intended for adults. We do not knowingly collect personal data directly from children unless it is necessary in connection with household service arrangements and is provided by an adult customer. If we become aware that we have collected data unlawfully from a child, we will take appropriate steps to delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is published or otherwise made available. We encourage customers to review this policy periodically.
11. Summary of Key Principles
In summary, Custom House Carpet Cleaners collects only the personal data needed to provide and manage our services, processes it under recognised lawful bases, stores it securely, and retains it only for as long as necessary. We use trusted processors where needed and respect your rights under data protection law.
This Privacy Policy applies to all Custom House Carpet Cleaners customers in the area and is designed to ensure that personal information is handled with care, transparency, and respect.