Privacy Policy - Cricklewood Carpet Cleaners
This Privacy Policy explains how Cricklewood Carpet Cleaners collects, uses, stores, shares, and protects personal data in connection with our carpet cleaning services. It applies to all Cricklewood Carpet Cleaners customers in the area, including prospective customers, residential customers, and business customers who enquire about, book, or receive our services.
We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We only collect information that is necessary for providing our services, managing customer relationships, meeting legal obligations, and improving service quality.
1. Information We Collect
We may collect and process the following categories of personal data:
- Identity data such as your name and, where relevant, the name of your business or household account holder.
- Contact data such as address details and other correspondence details used to arrange appointments and provide services.
- Service and booking data including details of your carpet cleaning request, property access notes, preferred appointment times, and service history.
- Payment data such as payment status, transaction records, and billing-related information.
- Communication data including messages, calls, complaints, feedback, and service enquiries.
- Technical data if you interact with digital tools or online forms, such as device, browser, and usage information.
- Special category data only where strictly necessary and where you voluntarily provide it, for example if a health or accessibility need affects access to your property or service arrangements.
We do not intentionally collect more information than is needed for legitimate business purposes. Where we receive unnecessary or sensitive information, we will avoid using it unless there is a lawful basis to do so.
2. How We Use Your Data
We use personal data for the following purposes:
- to provide quotations, bookings, and carpet cleaning services;
- to communicate with you about appointments, changes, or service-related matters;
- to issue invoices, process payments, and maintain financial records;
- to respond to enquiries, complaints, or requests;
- to improve service quality, customer experience, and business operations;
- to comply with legal, tax, accounting, and insurance obligations;
- to maintain records of work completed and ensure appropriate aftercare;
- to protect against fraud, misuse, or unlawful activity.
We only use your personal data where we have a valid and lawful reason to do so. We do not sell personal data and we do not use it for purposes that are incompatible with the reason it was collected.
3. Lawful Basis for Processing
Under data protection law, we must have a lawful basis for each type of processing. Depending on the situation, we rely on one or more of the following:
Performance of a Contract
We process your data when it is necessary to take steps at your request before entering into a contract or to perform a contract with you. This includes arranging appointments, delivering services, managing bookings, and handling payments.
Legal Obligation
We may process your information to comply with legal obligations, including tax recordkeeping, accounting requirements, insurance matters, and any duties imposed by law or regulatory authorities.
Legitimate Interests
We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include improving our services, maintaining internal records, preventing fraud, and managing customer communications.
Consent
In limited cases, we may rely on your consent, particularly for optional processing or where special category data is involved and no other lawful basis applies. Where we rely on consent, you may withdraw it at any time.
We will always seek to ensure that any processing is proportionate, relevant, and limited to what is needed for the stated purpose.
4. Retention of Personal Data
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements.
Retention periods may vary depending on the nature of the information:
- Customer service records are generally retained for the duration of the customer relationship and for a reasonable period afterwards for administration and dispute handling.
- Financial and tax records are retained for the period required by applicable law.
- Complaints and correspondence may be retained for a period needed to resolve issues and demonstrate compliance.
- Technical or website-related data is retained only as long as needed for operational or security purposes.
When data is no longer required, it will be securely deleted, anonymised, or otherwise disposed of in a safe and appropriate manner. We aim to retain data for no longer than necessary.
5. Sharing and Processors
We may share personal data with trusted third parties where necessary to provide our services or meet legal obligations. These third parties may act as processors or independent controllers depending on the context.
Examples of processors may include:
- booking and administrative service providers;
- payment processing services;
- accounting and bookkeeping providers;
- IT, cloud storage, and security providers;
- customer communication and record management systems.
Where we use processors, we ensure they are bound by appropriate contractual obligations to protect personal data, act only on our instructions, and implement suitable security measures. We do not allow processors to use your personal data for their own unrelated purposes.
We may also share data with professional advisers, insurers, law enforcement, or regulatory bodies where required or permitted by law. If a business transfer occurs, such as a restructuring or sale of assets, personal data may be transferred as part of that transaction, subject to legal safeguards.
6. Data Security
We take appropriate technical and organisational measures to protect personal data against accidental loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, staff awareness, and restricted handling of sensitive information.
While no system can be guaranteed completely secure, we work to reduce risks and respond promptly to any suspected data incident. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will act in accordance with applicable legal requirements.
7. Your Rights
Under data protection law, you may have the following rights in relation to your personal data:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete data.
- Right to erasure – to request deletion of your data in certain circumstances.
- Right to restriction – to ask us to limit processing in certain situations.
- Right to data portability – to receive certain data in a structured, commonly used format, where applicable.
- Right to object – to object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent – where processing relies on consent, you can withdraw it at any time.
Some rights apply only in specific circumstances and may be subject to legal exceptions. If you exercise a right, we may need to verify your identity before responding.
You also have the right to raise a concern with the relevant data protection authority if you believe your data has been handled unlawfully or unfairly.
8. Children’s Data
Our services are directed to adults and businesses. We do not knowingly collect personal data from children except where it is incidental to a service arrangement and only where necessary and lawful. If we become aware that data has been collected inappropriately, we will take steps to delete it where required.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updates will take effect when published or otherwise communicated where appropriate. We encourage customers to review this policy periodically so they remain informed about how their information is used.
10. Summary of Our Approach
In summary, Cricklewood Carpet Cleaners collects only the information needed to provide professional carpet cleaning services, manage bookings, process payments, and maintain legal compliance. We process data on lawful bases such as contract, legal obligation, legitimate interests, and, where appropriate, consent. We retain personal data only as long as necessary, use processors under contract, and respect your data protection rights.
This policy is intended to be clear, transparent, and compliant with applicable UK data protection law for all customers in the Cricklewood area.