Privacy Policy - Nine Elms Carpet Cleaners
This Privacy Policy explains how Nine Elms Carpet Cleaners collects, uses, stores, shares, and protects personal data. It applies to all Nine Elms Carpet Cleaners customers in area, including current, former, and prospective customers who request services, receive quotations, make enquiries, or otherwise interact with us. We are committed to handling personal information in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our services, you acknowledge that your personal data may be processed as described in this policy. We aim to keep the information we hold relevant, accurate, and limited to what is necessary for providing our services and managing our business.
1. Personal Data We Collect
We may collect and process different categories of personal data depending on how you interact with us. The information we collect may include:
- Identity data such as your name and, where relevant, the name of a business or property manager.
- Contact data such as your address, postcode, telephone number, and email address.
- Service details such as the type of cleaning requested, property access notes, preferred appointment times, and service instructions.
- Transaction data such as invoices, payment status, and records relating to quotations and bookings.
- Communication data such as correspondence by phone, email, text message, or written notes.
- Technical and usage data where applicable, such as basic information about how you access our online forms or pages.
We do not intentionally collect special category data unless it is necessary and you choose to provide it. If you share information that is sensitive, we will handle it carefully and only use it where there is a valid legal basis.
2. How We Use Your Data
We use personal data only for legitimate business and operational purposes. These purposes may include:
- responding to enquiries and providing quotations;
- managing bookings and delivering carpet cleaning and related services;
- confirming appointments and service access arrangements;
- processing payments and maintaining financial records;
- handling complaints, follow-up questions, or service issues;
- meeting accounting, tax, and legal obligations;
- improving service quality, training, and internal administration;
- preventing fraud, misuse, and unlawful activity;
- keeping records of work completed and customer preferences for future service continuity.
We will only use your data in ways that are compatible with the purpose for which it was collected. If we need to use it for a new purpose, we will ensure there is a lawful basis for doing so.
3. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis before processing personal data. Depending on the situation, we rely on one or more of the following bases:
Contract
We process data when it is necessary to enter into or perform a contract with you. This includes providing quotes, booking services, carrying out cleaning work, issuing invoices, and managing payment arrangements.
Legal Obligation
We process certain records where required by law, such as keeping tax, accounting, and business records.
Legitimate Interests
We may process data where it is necessary for our legitimate interests and where your rights do not override those interests. This may include service administration, record-keeping, fraud prevention, business improvement, and responding to customer enquiries. We balance our interests against your privacy rights before relying on this basis.
Consent
In limited situations, we may rely on your consent, for example where you voluntarily provide optional information or agree to a particular type of communication. Where consent is used, you may withdraw it at any time.
4. Data Sharing and Processors
We may share personal data with trusted third parties who act as processors or independent controllers, but only where necessary and only under appropriate safeguards. Processors process data on our instructions and are required to protect it.
Examples of processors may include:
- IT and hosting providers who maintain systems used for administration, data storage, and secure communications;
- payment service providers who handle card or online payment processing;
- accounting and bookkeeping services that help manage financial records;
- customer management or scheduling tools used to organise appointments and service records;
- professional advisers such as accountants, legal advisers, or insurers where needed for advice or compliance.
We may also disclose personal data if required by law, by a court order, or to protect our legal rights, safety, or the rights of others. We do not sell personal data.
Where data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations or approved contractual protections.
5. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, or reporting requirements. Retention periods vary depending on the type of data and the reason it is held.
- Customer and service records are generally retained for a reasonable period after the last interaction to manage follow-up queries, service history, and business records.
- Financial and invoice records are retained for the period required under tax and accounting laws.
- Communications and complaint records may be kept for a period necessary to resolve disputes and demonstrate proper handling of issues.
- Technical records are retained only as long as needed for security, troubleshooting, and performance purposes.
When data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention procedures. We do not keep information indefinitely.
6. Security of Your Information
We take reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include restricted access, secure storage, access controls, and staff awareness of data protection responsibilities.
While we work to protect your information, no system can be guaranteed to be completely secure. If a data incident occurs, we will respond in line with legal requirements and take steps to minimise risk.
7. Your Data Protection Rights
As a data subject under UK GDPR, you have rights in relation to the personal data we hold about you. These rights may apply depending on the circumstances and legal exemptions.
- Right of access – you can request a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete information.
- Right to erasure – you can request deletion of your data in certain situations.
- Right to restriction – you can ask us to limit how we use your data in certain circumstances.
- Right to data portability – you can ask for some of your data in a structured, machine-readable format where applicable.
- Right to object – you can object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent – where processing is based on consent, you can withdraw it at any time.
If you wish to exercise any of these rights, we will review your request and respond within the time limits set by law. We may need to verify your identity before acting on your request.
8. Marketing and Communications
We only send marketing communications where permitted by law. If you receive any such communication from us, you may opt out at any time. Operational messages relating to bookings, service delivery, invoices, or legal notices are not marketing and may still be sent where necessary.
9. Cookies and Similar Technologies
If we use online forms or digital services, small files or similar technologies may be used for basic functionality, security, or to understand site performance. Where required, we will obtain appropriate consent for non-essential technologies. Any such data is handled in line with this Privacy Policy and our internal controls.
10. Children’s Data
Our services are directed to adults and property-related customers. We do not knowingly collect personal data from children. If we become aware that such data has been provided without proper consent or legal basis, we will take steps to delete it where appropriate.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. The latest version will apply from the date it is published or otherwise communicated. We encourage customers to review it periodically.
12. How We Apply This Policy
This Privacy Policy applies to all services provided by Nine Elms Carpet Cleaners within the area we serve, and to all customers who use those services. By engaging with us, you acknowledge that your personal data may be processed in accordance with the terms described above.
We are committed to using personal information responsibly, keeping it secure, and respecting your privacy rights at every stage of our service relationship.