Stockwell Carpet Cleaning Privacy Policy

This Privacy Policy explains how Stockwell Carpet Cleaning collects, uses, stores, and protects personal data relating to customers and prospective customers in our service area. It also describes your rights under applicable data protection laws, including the UK General Data Protection Regulation and the EU General Data Protection Regulation where relevant.

This Privacy Policy applies to all Stockwell Carpet Cleaning customers and individuals who contact us, request a quote, make a booking, or otherwise use our services in our operating area, whether the interaction is by phone, online, or in person.

Personal data we collect

We collect and process different types of personal data depending on how you interact with us and which services you use. The categories of personal data we may collect include:

Identification and contact details: name, title, billing address, service address, and other contact details necessary to communicate with you and provide our services.

Booking and service information: dates and times of bookings, service history, details about the premises and areas to be cleaned, special instructions or preferences you choose to share, and related information required to carry out the work.

Payment-related information: records of payments made, amounts, dates, and payment method used. We do not store full payment card details; where card payments are taken, these are processed securely by third-party payment processors.

Communication data: information contained in or relating to any communications you send to us, such as enquiries, complaints, feedback, and any information you voluntarily provide when contacting us or responding to our messages.

Technical and usage information: limited technical information related to how you access our online platforms, such as IP address and basic device or browser details, where this is necessary for security, system administration, or to improve our services. We only collect such data to the extent permitted by applicable law.

Sensitive personal data: we do not normally collect special categories of personal data. If you choose to share health or mobility-related information so that we can tailor how we deliver our services safely and appropriately, we treat this information with particular care and only use it for that purpose.

How we collect your data

We may collect personal data directly from you when you contact us, request a quote, make a booking, use our services, or interact with us in any other way. This includes information you provide by telephone, in person, on our website, or in writing.

We may also receive some personal data about you from third parties, for example where a third party books our services for you, or from providers who help us with payment processing or appointment scheduling. In such cases, we only receive the minimum information necessary to deliver our services.

Lawful bases for processing

We only process your personal data where we have a lawful basis to do so under data protection law. Depending on the context, we rely on the following bases:

Contract: we process personal data when this is necessary to enter into, perform, or manage a contract with you, such as when you request a quote, make a booking, or use our cleaning services.

Legal obligation: we process personal data where this is necessary to comply with legal obligations, such as accounting, tax, or statutory record-keeping requirements.

Legitimate interests: we process personal data where this is necessary for our legitimate business interests or those of a third party, provided that your interests and fundamental rights do not override those interests. This may include managing our business operations, improving our services, handling enquiries, preventing fraud, and ensuring the security of our systems and staff.

Consent: in limited situations, we may rely on your consent, for example for certain direct marketing activities that go beyond our legitimate interests, or when dealing with particularly sensitive information you choose to share. Where processing is based on consent, you may withdraw that consent at any time.

How we use your personal data

We use your personal data for the following purposes:

To provide our services: managing bookings, scheduling visits, delivering carpet cleaning or related services at your premises, and communicating with you about your appointments.

Customer service and communication: responding to your enquiries, handling complaints, providing information you request, and keeping you informed about any changes to our services or terms.

Billing and payments: issuing invoices, recording payments, and maintaining appropriate financial and accounting records.

Business management and improvement: analysing service usage, improving our processes and customer experience, and training staff.

Legal and regulatory purposes: complying with legal obligations, responding to lawful requests from authorities, and establishing, exercising, or defending legal claims.

Marketing and promotions: subject to your choices, we may send you information about services we believe may be of interest to you. You can opt out of direct marketing communications at any time.

Data retention

We keep personal data only for as long as is necessary for the purposes for which it was collected, or to meet legal, accounting, or reporting requirements.

In most cases, we will retain customer records and related personal data for a period consistent with applicable limitation periods for legal claims and statutory record-keeping rules. After this time, we will securely delete or anonymise the data so that it can no longer be linked to you.

The specific retention period may vary depending on the type of data and the context of our relationship with you. We may retain certain core information such as your name, basic contact details, and basic service history for a longer period where we reasonably need this to respond to future queries, prevent duplicate records, or comply with legal obligations.

Data sharing and processors

We treat your personal data as confidential and only share it when this is lawful and necessary. We may share personal data with the following categories of recipients:

Service providers and data processors: third parties who provide services to us, such as payment processing, appointment scheduling tools, IT support, data storage, accounting and bookkeeping services, and customer management systems. These providers act as data processors and only process your data on our instructions and for the purposes described in this Privacy Policy.

Professional advisers: such as accountants, auditors, or legal advisers, to the extent they need the information to provide their services and subject to confidentiality obligations.

Authorities and regulators: where we are legally required or permitted to do so, for example to comply with tax or regulatory requirements or to respond to lawful requests.

Business transfers: in the event of a business sale, merger, restructuring, or similar transaction, your personal data may be transferred as part of that process. In such cases, we will ensure that your rights continue to be protected.

We do not sell your personal data to third parties. Where we use data processors, we ensure appropriate contractual and technical safeguards are in place to protect your data.

International transfers

Where we use third-party providers that store or process personal data outside the United Kingdom or the European Economic Area, we take steps to ensure that adequate safeguards are in place. These may include using countries that have been recognised as providing an adequate level of protection or using standard contractual clauses or equivalent measures approved by relevant authorities.

Your data protection rights

Under data protection law, you have a number of rights in relation to your personal data. Subject to certain conditions and exceptions, you may have the right to:

Access: request confirmation as to whether we process your personal data and, if so, obtain a copy of that data together with information about how we use it.

Rectification: request correction of inaccurate or incomplete personal data we hold about you.

Erasure: request deletion of your personal data where there is no good reason for us to continue processing it, for example where the data is no longer needed for the original purpose or where you have withdrawn consent and there is no other lawful basis.

Restriction: request that we restrict processing of your personal data in certain circumstances, such as while we verify accuracy or assess an objection.

Objection: object to processing based on our legitimate interests, including profiling, on grounds relating to your particular situation. We will stop processing unless we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or where processing is required for legal claims.

Objection to marketing: object at any time to the processing of your personal data for direct marketing. If you do so, we will stop all direct marketing to you.

Data portability: request that we provide your personal data in a structured, commonly used, and machine-readable format, and have it transmitted to another controller where technically feasible and where the processing is based on consent or contract and carried out by automated means.

Withdraw consent: where processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that your rights have been infringed or that your personal data has been processed unlawfully.

Security of your data

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include restricting access to personal data to those staff and contractors who have a business need to know it, using appropriate security tools, and training our staff on data protection responsibilities.

While we take reasonable steps to secure your personal data, no system can be guaranteed as completely secure. You are also responsible for taking reasonable steps to protect your own information when communicating with us.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or how we process personal data. The updated version will apply from the date it is published. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.