Privacy Policy for Carpetcleaning London
This Privacy Policy explains how Carpetcleaning London collects, uses, stores, shares, and protects personal data when providing carpet cleaning and related services. It applies to all Carpetcleaning London customers in the area, including individuals, households, landlords, tenants, letting agents, and business clients who use our services or communicate with us in connection with an enquiry, booking, quote, visit, or completed service.
We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We aim to process personal data fairly, lawfully, transparently, and securely. This policy should be read together with any service terms or notices we may provide at the point of data collection.
1. Data We Collect
We only collect personal data that is relevant and necessary for delivering our services, managing our customer relationships, and meeting legal obligations. Depending on the nature of your enquiry or booking, we may collect the following categories of information:
- Identity details such as your name, title, and preferred form of address.
- Contact details such as telephone number, email address, and service address.
- Booking and service information including requested service type, appointment details, property access notes, carpet condition, and any special instructions.
- Payment information where relevant, such as payment status and transaction references. We do not retain full card details unless required by the payment processor.
- Communication records including emails, messages, complaint details, survey responses, and records of customer support interactions.
- Technical data if you interact with us electronically, such as device information, time of contact, and basic usage information that helps us improve our services.
- Consent records where we rely on permission for optional marketing or follow-up communications.
We do not intentionally collect special category data unless you choose to provide it and it is necessary for a specific service request, such as information about allergies, access needs, or other circumstances relevant to cleaning safety. If such information is provided, we will handle it with appropriate care and only for the purpose for which it was shared.
2. How We Use Personal Data
We use personal data for the following purposes:
- To respond to enquiries and provide quotations.
- To schedule, confirm, and deliver cleaning services.
- To manage customer accounts and service history.
- To process payments, refunds, or billing-related matters.
- To communicate about bookings, service updates, complaints, and aftercare.
- To maintain records required for accounting, tax, or legal compliance.
- To improve our services, staff training, quality control, and internal administration.
- To prevent fraud, misuse, or unlawful activity.
- To send marketing communications where permitted by law and, where required, where consent has been obtained.
We use personal data only to the extent necessary for the purpose for which it was collected. We do not sell personal data.
3. Lawful Basis for Processing
Under data protection law, we must have a lawful basis for each type of processing. Depending on the context, Carpetcleaning London may rely on one or more of the following lawful bases:
Contract
We process personal data when it is necessary to enter into or perform a contract with you. This includes confirming bookings, carrying out cleaning services, handling payments, and communicating about service delivery.
Legal Obligation
We may process and retain certain information where required by law, including accounting records, tax documentation, and other compliance-related information.
Legitimate Interests
We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include managing our operations, improving service quality, preventing fraud, and maintaining customer records.
Consent
Where required, we rely on your consent for certain optional activities, such as specific types of direct marketing or collecting additional information not necessary for service delivery. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
4. Data Sharing and Processors
We may share personal data with trusted third parties, but only when necessary and with appropriate safeguards in place. These third parties may act as data processors on our behalf or, in some cases, as independent controllers.
Examples of processors or service providers may include:
- Payment processors that handle card or electronic payments securely.
- Booking and scheduling systems used to manage appointments and service logistics.
- IT, hosting, and cloud storage providers that support our administrative systems.
- Email and communication service providers used for customer correspondence.
- Professional advisers such as accountants, insurers, or legal advisers where necessary.
- Subcontracted service personnel who need access to limited information to perform the service requested.
All processors are required to process personal data only on our instructions, keep it confidential, and implement appropriate technical and organisational security measures. We do not permit processors to use your personal data for their own purposes.
We may also disclose data where required by law, court order, or regulatory authority, or where disclosure is necessary to establish, exercise, or defend legal claims.
5. Data Retention
We keep personal data only for as long as necessary for the purposes described in this policy. Retention periods vary depending on the type of information and the reason it was collected.
- Enquiry records are typically retained for a limited period after the enquiry is closed, unless they lead to a booking or legal obligation.
- Customer and service records are kept for as long as needed to manage the relationship, resolve disputes, and maintain service history.
- Financial and accounting records are retained for the period required by tax and accounting laws.
- Consent and marketing records are retained while consent remains active or until you object or withdraw consent.
When personal data is no longer needed, we will securely delete, anonymise, or destroy it. In some cases, we may retain a minimal amount of information to demonstrate compliance with legal duties or to respond to potential claims.
6. Data Security
We take reasonable and proportionate security measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, password protection, secure storage, staff confidentiality obligations, and restricted sharing on a need-to-know basis.
While no method of transmission or storage is completely risk-free, we continuously review our practices and systems to protect customer information as effectively as possible.
7. Your Rights
As a data subject under UK GDPR, you have a number of rights in relation to your personal data. Subject to legal limitations, these may include:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete data.
- Right to erasure – to request deletion of your data in certain circumstances.
- Right to restriction – to ask us to limit how we use your data in specific situations.
- Right to data portability – to receive certain data in a structured, commonly used format where applicable.
- Right to object – to object to processing based on legitimate interests or to direct marketing.
- Right to withdraw consent – where processing is based on consent.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been breached. We encourage you to raise any concerns with us first so that we can try to resolve them promptly and fairly.
8. Marketing Communications
If we send marketing messages, we will do so only in accordance with applicable law. Where consent is required, you can withdraw it at any time. If marketing is sent on the basis of legitimate interests or a similar lawful basis allowed by law, you can still object at any time, and we will respect your preference.
We aim to keep marketing limited, relevant, and respectful. We do not share your details for unrelated third-party marketing purposes.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect operational changes, legal developments, or improvements in our data handling practices. Any changes will take effect when published in the revised version. We encourage customers to review this policy periodically so they remain informed about how their data is used.
10. Summary of Key Principles
- Lawful, fair, and transparent processing is central to our approach.
- Only necessary data is collected for service and compliance purposes.
- Trusted processors may handle data under strict instructions.
- Retention is limited to what is necessary or legally required.
- Your rights are respected and supported under data protection law.
This policy is intended to provide a clear and compliant explanation of how Carpetcleaning London handles personal data for customers in the area. By using our services or contacting us about them, you acknowledge that your information may be processed as described in this Privacy Policy and in accordance with applicable data protection laws.