Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, shared, and protected when services are provided to customers in the area. It applies to all customers in the area and is intended to meet the requirements of the General Data Protection Regulation (GDPR) and any other applicable data protection laws. By using our services, customers in the area acknowledge that their personal data may be processed in accordance with this policy.

1. Data We Collect

We collect only the personal data that is necessary for legitimate business, operational, and legal purposes. Depending on how a customer interacts with our services, the categories of data collected may include:

  • Identity data such as name, title, and similar identifiers.
  • Contact data such as mailing address, billing address, or other communication details.
  • Transaction data including records of purchases, services received, and related payment information.
  • Technical data such as device information, browser type, IP address, log data, and usage patterns.
  • Communication data including messages, inquiries, complaints, feedback, and records of correspondence.
  • Preference data such as choices related to service settings, language, and communication preferences.

We do not knowingly collect special category data unless it is strictly necessary and we are permitted to do so under applicable law. When such data is processed, we apply heightened safeguards and only process it where a valid GDPR condition exists.

2. How We Use Personal Data

Personal data is used for the following purposes:

  • To provide and manage services requested by customers in the area.
  • To process transactions, deliver products or services, and maintain records.
  • To communicate service updates, operational notices, and responses to inquiries.
  • To improve service quality, performance, and customer experience.
  • To maintain security, prevent misuse, and detect fraud or unauthorized activity.
  • To comply with legal obligations, regulatory requirements, and lawful requests.
  • To establish, exercise, or defend legal claims where necessary.

We use personal data only to the extent that the purpose is relevant, necessary, and proportionate.

3. Lawful Basis for Processing

Under GDPR, we process personal data only when we have a valid lawful basis. Depending on the activity, the lawful basis may include:

Performance of a Contract

We process personal data when it is necessary to perform a contract with a customer or to take steps at the customer’s request before entering into a contract. This includes fulfilling orders, delivering services, managing accounts, and providing customer support.

Legal Obligation

We may process personal data to comply with legal or regulatory requirements, including tax, accounting, consumer protection, and recordkeeping obligations.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by the customer’s rights and freedoms. Legitimate interests may include fraud prevention, service improvement, security monitoring, internal administration, and limited direct communication where permitted by law. We conduct balancing assessments where required.

Consent

Where consent is required, we will rely on it as our lawful basis. Customers have the right to withdraw consent at any time, and withdrawal will not affect the lawfulness of processing carried out before withdrawal.

Vital Interests and Public Task

In rare situations, we may process personal data to protect someone’s vital interests or where processing is necessary for a task carried out in the public interest, if applicable.

4. Retention of Personal Data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, tax, regulatory, or reporting requirements. Retention periods may vary depending on the type of data and the reason for processing.

  • Data related to active customer relationships is generally kept for the duration of the relationship.
  • Transaction and accounting records may be retained for the period required by applicable law.
  • Communication and support records may be retained for a reasonable period after resolution to manage follow-up, quality assurance, and dispute handling.
  • Technical and security logs may be kept for a shorter period unless they are needed for investigations, compliance, or legal claims.

When data is no longer required, it is securely deleted, anonymized, or archived in accordance with our data management practices. We review retention regularly to ensure that personal data is not kept longer than necessary.

5. Processors and Data Sharing

We may share personal data with trusted third-party processors that act on our instructions and only for the purposes described in this policy. These processors may provide services such as hosting, payment processing, analytics, customer support tools, document storage, security services, or administrative assistance.

All processors are required to:

  • Process personal data only on documented instructions.
  • Implement appropriate technical and organizational safeguards.
  • Keep personal data confidential.
  • Assist with data protection compliance where necessary.
  • Delete or return personal data when services end, unless retention is legally required.

We may also disclose personal data to regulators, courts, law enforcement, insurers, advisors, or other parties where required by law, or where such disclosure is necessary to protect rights, safety, and lawful interests. We do not sell personal data.

6. International Transfers

If personal data is transferred outside the European Economic Area or to a country without an adequacy decision, we will ensure that appropriate safeguards are in place. These may include standard contractual clauses, equivalent transfer mechanisms, or other legally approved protections. Such measures are used to maintain a level of data protection consistent with GDPR requirements.

7. Security of Personal Data

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures may include access controls, encryption, secure storage, staff confidentiality obligations, monitoring, and regular security reviews. While no system can be guaranteed completely secure, we take reasonable and proportionate steps to reduce risk.

8. User Rights Under GDPR

Customers in the area have the following rights, subject to any legal limitations or exemptions under GDPR:

  • Right of access – to obtain confirmation of whether personal data is processed and receive a copy of that data.
  • Right to rectification – to request correction of inaccurate or incomplete personal data.
  • Right to erasure – to request deletion of personal data in certain circumstances.
  • Right to restriction – to request limited processing in certain cases.
  • Right to data portability – to receive personal data in a structured, commonly used format and, where feasible, have it transmitted to another controller.
  • Right to object – to object to processing based on legitimate interests or direct marketing, where applicable.
  • Right to withdraw consent – to withdraw consent where processing relies on consent.
  • Right not to be subject to solely automated decisions – to avoid decisions made solely by automated processing that produce legal or similarly significant effects, where applicable.

We may need to verify identity before responding to a rights request to protect personal data and prevent unauthorized disclosure. Requests will be handled within the time limits required by law.

9. Complaints and Supervisory Authority

If a customer believes that personal data has been handled unlawfully, they have the right to lodge a complaint with the relevant data protection supervisory authority in the area of residence or place of work, or where an alleged infringement occurred. We encourage customers to raise concerns promptly so that we can address them appropriately, but this does not limit their right to contact the authority directly.

10. Children’s Data

Our services are not intended for children unless explicitly stated otherwise. We do not knowingly collect personal data from children without appropriate authorization where required by law. If we become aware that such data has been collected improperly, we will take steps to delete it or obtain the required consent or authorization.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or data processing activities. Any revised version will apply from the date it becomes effective. Customers in the area are encouraged to review this policy periodically to remain informed about how personal data is handled.

12. Scope of This Policy

This Privacy Policy applies to all customers in the area and to personal data processed in connection with services provided there. It is intended to be read as a general statement of our data protection practices and commitments under GDPR. By continuing to use the services, customers in the area confirm that they have read and understood this policy.

Call Now!
Call Now Get a Quote
St Johns Wood Carpet Cleaners

GDPR Privacy Policy for customers in the area, covering data collection, lawful basis, retention, processors, security, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.