Privacy Policy - Carpetcleaning Brompton
This Privacy Policy explains how Carpetcleaning Brompton collects, uses, stores, shares, and protects personal data in connection with its services. It applies to all Carpetcleaning Brompton customers in area, including individuals who request quotations, book services, receive cleaning treatments, or otherwise interact with our business. We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018.
1. Who We Are
Carpetcleaning Brompton provides professional carpet cleaning and related cleaning services. For the purposes of data protection law, we act as the data controller when we decide why and how your personal data is processed. This policy applies to information relating to identifiable individuals, whether that information is provided directly by you or obtained through our legitimate business operations.
2. Information We Collect
We collect only the data that is necessary for operating our services effectively, managing customer relationships, and meeting legal obligations. The types of information we may collect include:
- Identity details such as your name and title.
- Contact information such as your address, telephone number, and email address.
- Service details including the type of cleaning requested, preferred appointment times, property access notes, and service history.
- Payment-related information such as billing records and transaction confirmations.
- Communication records including emails, messages, call notes, and complaints.
- Technical data such as IP address, browser type, and device information when you interact with digital systems or forms.
- Special category data only where necessary and usually only incidentally, for example if you voluntarily inform us of sensitivities relating to chemicals, allergies, or health-related cleaning requirements.
We do not intentionally collect more data than is needed. If you provide information about another person, you should ensure you have their permission to do so.
3. How We Use Your Data
We use personal data for the following purposes:
- To provide quotations and deliver cleaning services.
- To manage bookings, cancellations, and service updates.
- To process payments, issue invoices, and maintain accounting records.
- To respond to queries, feedback, and complaints.
- To improve our services, customer experience, and operational efficiency.
- To maintain records for legal, tax, insurance, and regulatory purposes.
- To protect against fraud, misuse, or security incidents.
We may also use data in an aggregated or anonymised form for internal reporting and service improvement. In such cases, the information will no longer identify you personally.
4. Lawful Basis for Processing
We only process personal data where we have a valid lawful basis under the UK GDPR. Depending on the situation, our lawful bases may include:
Contract
We process your data where it is necessary to enter into or perform a contract with you. This includes arranging appointments, carrying out cleaning work, handling payments, and providing customer support connected to the service you requested.
Legal Obligation
Some information must be retained or processed to meet legal requirements, such as accounting, tax compliance, business record-keeping, or responding to lawful requests from authorities.
Legitimate Interests
We may process personal data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. This can include service improvement, internal administration, security monitoring, and communication with customers about existing bookings.
Consent
In limited cases, we may rely on your consent, for example if we wish to send certain optional marketing communications or if we need to handle sensitive information in a way that requires explicit permission. Where consent is used, you can withdraw it at any time.
5. Sharing Your Personal Data
We do not sell your personal data. We may share it only where necessary and with appropriate safeguards in place. Recipients may include:
- Payment processors who help us complete transactions.
- IT and cloud service providers that support secure storage, scheduling, communication, or business administration.
- Accountants and professional advisers assisting with compliance, finance, or legal matters.
- Insurance providers or dispute resolution bodies where required.
- Public authorities where disclosure is required by law.
Any third party acting on our behalf is required to protect your data and to use it only for the purposes we specify. These parties act as processors when they process data according to our instructions. If a third party uses data for its own independent purposes, it will act as a separate controller and its own privacy notice may apply.
6. Data Processors
Carpetcleaning Brompton uses selected processors to support day-to-day operations. Examples may include providers of:
- Customer management systems.
- Appointment scheduling software.
- Secure data storage and back-up services.
- Email and messaging platforms.
- Payment and invoicing systems.
- Website hosting or security tools, if used.
We choose processors carefully and seek to ensure they provide appropriate technical and organisational security measures. Where required, we put in place written data processing agreements.
7. Data Retention
We keep personal data only for as long as necessary for the purpose for which it was collected, unless a longer retention period is required or permitted by law. Retention periods may depend on the type of data and the reason for holding it. In general:
- Customer service and booking records are retained for a period necessary to manage services and handle queries.
- Financial and tax records are kept for the period required by applicable law.
- Complaint and correspondence records may be retained to resolve issues and maintain business records.
- Data held on the basis of consent will usually be kept only until consent is withdrawn or the purpose ends.
When data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.
8. Data Security
We take the security of personal data seriously and use reasonable technical and organisational measures to protect it. These measures may include restricted access controls, secure storage systems, password protection, staff confidentiality obligations, and regular review of data handling practices. While no system can be guaranteed to be completely secure, we work to prevent unauthorised access, accidental loss, alteration, or disclosure.
9. International Transfers
If any of our processors or service providers store or access data outside the United Kingdom, we will ensure that appropriate safeguards are in place to protect your information. Such safeguards may include adequacy regulations, standard contractual clauses, or equivalent protective measures required under data protection law.
10. Your Rights
Under data protection law, you have several rights in relation to your personal data. These rights may not apply in every situation, but we will assess each request carefully and respond where required by law. Your rights include:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete information.
- Right to erasure – to request deletion of your data in certain circumstances.
- Right to restriction – to ask us to limit how we use your data in certain cases.
- Right to object – to object to processing based on legitimate interests or direct marketing.
- Right to data portability – to receive certain information in a structured, commonly used format where applicable.
- Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.
If you wish to exercise any of these rights, we may need to verify your identity before responding. We aim to deal with requests within the time limits required by law.
11. Children’s Data
Our services are intended for adults or for individuals acting on behalf of property owners or occupiers. We do not knowingly collect personal data from children except where it is incidental to service delivery and handled lawfully. If we become aware that we have collected data from a child inappropriately, we will take steps to delete it.
12. Complaints and Your Right to Raise Concerns
If you are unhappy with how your personal data has been handled, you have the right to raise a concern with the relevant data protection authority. You may also contact us directly so that we can review and address the matter. We encourage customers to contact us first where possible, as many issues can be resolved quickly and fairly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, business practice, or service arrangements. Any updates will apply from the date they take effect. We recommend reviewing this policy periodically so that you remain informed about how your data is used. Continued use of our services after changes are made will signify your acceptance of the updated policy where permitted by law.
14. Summary of Key Points
Carpetcleaning Brompton collects only the information needed to provide and manage cleaning services, comply with legal duties, and improve operations. We rely on lawful bases such as contract, legal obligation, legitimate interests, and consent where appropriate. We retain data only as long as necessary, share it only with trusted processors and other necessary recipients, and respect your rights under data protection law. This policy applies to all Carpetcleaning Brompton customers in area.
