Privacy Policy - Shadwell Carpet Cleaners
This Privacy Policy explains how Shadwell Carpet Cleaners collects, uses, stores, shares, and protects personal data. It applies to all Shadwell Carpet Cleaners customers in the area, including individuals who request quotations, book services, receive cleaning treatments, or otherwise interact with our business. We are committed to handling personal information fairly, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this policy carefully so that you understand how your information is used and what rights you have.
1. Personal Data We Collect
We collect only the information that is relevant and necessary for providing carpet cleaning services, managing customer relationships, and meeting legal obligations. Depending on how you contact us and which services you use, we may collect the following categories of personal data:
- Identity details such as your name and title.
- Contact details such as your address, email address, and telephone number.
- Service information including the type of carpet cleaning requested, property access notes, preferred appointment times, and service history.
- Payment-related information such as billing details and payment confirmation records. We do not store full card details where payment processing is handled securely by a payment provider.
- Communication records including messages, enquiries, complaints, and notes from calls or emails.
- Technical information that may be collected when you visit our online services, such as IP address, device type, and browser details, where applicable.
- Special categories of data are not normally collected. If you voluntarily provide information that could reveal health conditions, access requirements, or other sensitive matters, we will process it only where necessary and with appropriate safeguards.
We do not knowingly collect more personal data than we need.
2. How We Use Your Data
We use personal data for the following purposes:
- To provide quotations and respond to enquiries.
- To schedule, deliver, and manage carpet cleaning services.
- To communicate about appointments, changes, follow-up services, and service-related issues.
- To process invoices, payments, refunds, and accounting records.
- To maintain business records and evidence of work completed.
- To improve our services, customer experience, and operational efficiency.
- To handle complaints, disputes, and requests for support.
- To comply with legal and regulatory obligations.
Where appropriate, we may also use aggregated or anonymised information for internal reporting. This information does not identify you personally.
3. Lawful Basis for Processing
Under GDPR, we must have a lawful basis to use your personal data. We rely on the following bases depending on the activity involved:
Contract
We process personal data when it is necessary to enter into or perform a contract with you. This includes providing quotations at your request, arranging services, carrying out carpet cleaning work, and managing related billing or communications.
Legitimate Interests
We may process personal data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. This may include improving our services, managing enquiries, keeping basic business records, preventing fraud, and maintaining a secure and efficient operation.
Legal Obligation
We may process and retain certain data to comply with tax laws, accounting rules, insurance requirements, and other legal duties.
Consent
In limited situations, we may rely on your consent, for example where you agree to receive certain optional communications. You may withdraw consent at any time where consent is the basis for processing.
We do not rely on consent where another lawful basis is more appropriate for delivering our services.
4. Sharing Your Personal Data
We only share personal data where necessary and with appropriate safeguards. Data may be shared with the following types of recipients:
- Service providers and processors who assist us with booking administration, payment processing, secure data storage, accounting, or IT support.
- Professional advisers such as accountants, insurers, or legal advisers where needed for business operations or compliance.
- Public authorities where disclosure is required by law, court order, or regulatory request.
We do not sell your personal data. We do not share your data for unrelated third-party marketing.
5. Processors and Data Handling Partners
Some trusted third parties process personal data on our behalf as processors. These processors are selected carefully and are required to protect your data, use it only for agreed purposes, and act in accordance with data protection law.
Examples of processor functions may include:
- Appointment scheduling and customer administration.
- Secure cloud storage and business document management.
- Payment and invoicing support.
- Email, messaging, or record-keeping systems.
- IT maintenance, backup, and cybersecurity services.
Where a processor is used, we take reasonable steps to ensure that appropriate contractual and technical safeguards are in place. This includes data processing terms, confidentiality obligations, and security measures designed to reduce the risk of unauthorised access, loss, or misuse.
6. Retention of Personal Data
We keep personal data only for as long as necessary for the purposes for which it was collected, or for as long as required by law. Retention periods vary depending on the type of information and the reason for processing.
Typical retention approach
- Customer service records are retained for the duration of the relationship and for a reasonable period afterward for administrative and dispute-handling purposes.
- Financial and tax records are retained for the period required by applicable accounting and tax laws.
- Communication records may be retained for a period necessary to resolve queries, improve service, or defend legal claims.
- Technical records are retained only as long as needed for security, diagnostics, or system administration.
When personal data is no longer needed, we will delete it securely, anonymise it, or otherwise prevent it from being used to identify you.
7. Data Security
We use appropriate technical and organisational measures to protect personal data against accidental loss, unlawful destruction, unauthorised access, disclosure, or alteration. These measures may include access restrictions, secure storage, staff confidentiality obligations, regular updates to systems, and careful handling of paper and electronic records.
Although no system can be guaranteed to be completely secure, we aim to maintain a level of protection that is appropriate to the nature of the data we hold.
8. Your Rights Under GDPR
You have several rights in relation to your personal data. These rights may be subject to certain conditions and legal exceptions.
Your main rights include:
- Right of access – you can request a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete information.
- Right to erasure – in some cases, you can ask us to delete your data.
- Right to restriction – you can request that we limit how we use your data in certain situations.
- Right to object – you can object to processing based on legitimate interests.
- Right to data portability – where applicable, you can ask for your data in a structured, commonly used format.
- Right to withdraw consent – where we rely on consent, you may withdraw it at any time.
If you wish to exercise any of these rights, we will take reasonable steps to respond within the time limits set by law. We may need to verify your identity before completing your request.
9. International Transfers
Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place to protect your information. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent legal mechanisms required by law.
10. Children’s Data
Our services are intended for adults and property-related business customers. We do not knowingly collect personal data from children except where it is incidental to arranging services with an adult customer and only where necessary. If we become aware that we have collected children’s data without a lawful basis, we will take appropriate steps to delete it.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. When we do so, we will revise the policy content accordingly. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.
12. Complaints
If you have concerns about how your data is handled, you have the right to raise a complaint with the relevant data protection authority. We also encourage you to contact us first so that we can try to resolve the matter directly and fairly.
13. Summary of Our Approach
Shadwell Carpet Cleaners is committed to processing personal data lawfully, fairly, and transparently. We collect only what is necessary to provide our services, rely on appropriate lawful bases, limit retention, use trusted processors, and respect your rights under GDPR. Your privacy matters to us, and we aim to handle your information with care and responsibility at every stage.