Privacy Policy - Carpetcleaning EC2
This Privacy Policy explains how Carpetcleaning EC2 collects, uses, stores, shares, and protects personal data. It applies to all Carpetcleaning EC2 customers in the area, including people who request quotations, book services, receive cleaning visits, or otherwise interact with our services. We are committed to handling personal data in a lawful, fair, and transparent way in accordance with the UK GDPR and the Data Protection Act 2018.
1. Who this policy applies to
This policy applies to customers, prospective customers, and anyone who uses or enquires about our services in the area served by Carpetcleaning EC2. It covers both residential and commercial customers where applicable. By using our services, you acknowledge that your personal data may be processed in accordance with this policy.
2. Information we collect
We only collect data that is necessary for operating our services, managing our relationship with you, and meeting legal obligations. Depending on how you interact with us, we may collect the following categories of information:
- Identity details: name, surname, and title.
- Contact details: address, email address, telephone number, and any preferred method of communication.
- Service details: property type, cleaning preferences, booking history, service instructions, and notes relevant to the work requested.
- Payment information: billing records, payment status, and transaction confirmations. We do not keep unnecessary payment data beyond what is needed for administration and accounting.
- Technical information: basic information about how you interact with our digital communications, where relevant and permitted.
- Correspondence: records of messages, complaints, feedback, and customer support communications.
We do not intentionally collect special category data unless it is strictly necessary and you choose to provide it. If you share information about allergies, health sensitivities, or similar issues, we will only use that information to deliver a safe and suitable service.
3. How we use your data
We use personal data for clear and limited purposes, including:
- responding to enquiries and preparing quotations;
- booking and delivering cleaning services;
- managing customer accounts and records;
- processing payments and maintaining invoices;
- handling complaints, follow-up requests, and service improvements;
- meeting legal, tax, insurance, and regulatory obligations;
- protecting our business, staff, and customers from fraud or misuse.
We will not use your personal data for purposes that are incompatible with the reasons it was collected unless we have a lawful basis to do so.
4. Lawful basis for processing
Under GDPR, we must have a lawful basis to process personal data. Carpetcleaning EC2 relies on the following bases where appropriate:
Performance of a contract
We process your information when it is necessary to provide a quote, confirm a booking, perform cleaning services, issue invoices, or manage your account. Without this data, we may be unable to deliver the service you requested.
Legal obligation
We may process and retain certain records to comply with tax, accounting, employment, insurance, and other legal requirements.
Legitimate interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include service administration, quality control, record-keeping, fraud prevention, and managing customer communications.
Consent
In some cases, we may rely on your consent, for example when you voluntarily provide optional information or agree to receive specific marketing communications. You may withdraw consent at any time, where consent is the lawful basis for processing.
5. Data sharing and processors
We may share limited personal data with trusted third parties, known as processors, who act on our instructions and are required to protect your information. These may include:
- accounting or bookkeeping providers;
- payment service providers;
- IT, hosting, or data storage providers;
- customer management or scheduling systems;
- professional advisers, such as legal or insurance advisers, where necessary;
- public authorities or regulators, when required by law.
We only share the minimum information needed for the relevant purpose. All processors are expected to handle data securely and only in line with our instructions. We do not sell personal data.
6. International transfers
Where any processor stores or accesses data outside the UK, we take reasonable steps to ensure appropriate safeguards are in place. This may include using approved contractual protections and reviewing the recipient’s data protection standards.
7. Data retention
We keep personal data only for as long as necessary for the purposes for which it was collected, or for as long as we are legally required to keep it. Retention periods may vary depending on the type of record and why it is held.
- Customer and service records: kept for the duration of our relationship and for a reasonable period afterwards for administration, dispute handling, and service history.
- Financial and tax records: retained for the period required by law.
- Correspondence and complaints: kept as long as needed to resolve the issue and to maintain proper records.
- Optional marketing preferences: retained until you change your preference or withdraw consent.
When data is no longer needed, it is securely deleted, anonymised, or otherwise disposed of in a safe manner.
8. Data security
We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include restricted access, secure storage, staff awareness, and careful management of digital records. While no system can be completely secure, we take data protection seriously and review our practices regularly.
9. Your rights
Under data protection law, you have a number of rights regarding your personal data. These rights may be subject to certain conditions or legal exceptions.
- Right of access: you may request a copy of the personal data we hold about you.
- Right to rectification: you may ask us to correct inaccurate or incomplete information.
- Right to erasure: you may ask us to delete your personal data in certain circumstances.
- Right to restrict processing: you may request that we limit how we use your data in some situations.
- Right to data portability: you may request your data in a usable format where this applies.
- Right to object: you may object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
You also have the right to raise a concern with the Information Commissioner’s Office if you believe your data has been handled improperly.
10. Children’s data
Our services are not directed at children, and we do not intentionally collect personal data from children unless it is necessary in a service context and provided by an adult customer. If we become aware that we have collected such data without appropriate authority, we will take steps to address it.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or service arrangements. The latest version will apply to all relevant processing activity from the date it is published or otherwise made available.
12. Summary of our approach
Carpetcleaning EC2 processes personal data only when necessary, keeps it for only as long as needed, and uses trusted processors under strict controls. We collect information to provide cleaning services, manage bookings, meet legal obligations, and maintain service quality. We respect your rights and work to ensure your data is handled lawfully, securely, and transparently. This policy applies to all Carpetcleaning EC2 customers in the area.