Privacy Policy - Islington Carpet Cleaners
Last updated: [Insert Date]
This Privacy Policy explains how Islington Carpet Cleaners collects, uses, stores, shares, and protects personal data. It applies to all customers of Islington Carpet Cleaners in the Islington area, including any individual who requests a quote, books a service, receives a cleaning appointment, makes a payment, or otherwise interacts with our business in connection with carpet, upholstery, rug, or related cleaning services.
We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We only process personal data where we have a valid legal basis and we take appropriate measures to keep it secure and confidential.
1. Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity data: your name, title, and any relevant property or business name.
- Contact data: your address, email address, and telephone number.
- Service data: details of the cleaning services requested, service history, access instructions, appointment preferences, and property type.
- Payment data: payment status, transaction references, and limited billing information where needed to process payments and maintain accounts.
- Communication data: records of correspondence, complaints, feedback, and customer service enquiries.
- Technical data: limited device and usage information if you interact with our digital systems, such as logs, timestamps, and browsing-related data collected for security or analytics purposes.
We do not intentionally collect special category data unless you provide it to us voluntarily and it is necessary for the service, for example where access or health-related instructions are relevant to completing work safely. Where such information is provided, we will only process it where a lawful basis exists and additional safeguards are in place.
2. How We Use Personal Data
We use personal data to operate our business and provide services efficiently and lawfully. Typical uses include:
- responding to enquiries and preparing quotations;
- scheduling and delivering cleaning services;
- processing payments and managing invoices;
- maintaining service records and customer history;
- handling complaints, cancellations, or follow-up requests;
- improving our services, staff training, and quality control;
- meeting legal, accounting, and insurance obligations;
- protecting our business from fraud, misuse, and security incidents.
We only use your data for the purposes for which it was collected, unless we reasonably need to use it for a compatible purpose or where required or permitted by law.
3. Lawful Basis for Processing
Under data protection law, we must have a lawful basis for each processing activity. Depending on the circumstances, we rely on one or more of the following:
Contract
We process personal data where it is necessary to enter into or perform a contract with you. This includes providing quotes, confirming bookings, delivering cleaning services, and managing payments.
Legal Obligation
We may process and retain certain information where needed to comply with legal requirements, including tax, accounting, consumer law, and record-keeping obligations.
Legitimate Interests
We may process data where it is necessary for our legitimate business interests, provided your interests and fundamental rights do not override those interests. Examples include service improvement, internal administration, fraud prevention, network and information security, and maintaining business records.
Consent
In limited situations, we may rely on consent, for example where you choose to receive marketing communications or provide optional sensitive information. Where consent is used, you may withdraw it at any time.
4. Data Sharing and Processors
We may share personal data with trusted third parties who act as processors or independent controllers, but only when necessary and appropriate. These may include:
- Payment service providers who help process transactions securely;
- Accounting and bookkeeping providers who support financial administration;
- IT and cloud service providers who host data, maintain systems, or provide security tools;
- Customer communication tools used for scheduling, notifications, or record management;
- Insurers, legal advisers, and professional advisers where required for claims, disputes, or compliance;
- Public authorities where disclosure is required by law or necessary to protect rights and safety.
We only appoint processors that provide sufficient guarantees to implement appropriate technical and organisational measures. Where a processor handles data on our behalf, it may only act on our instructions and must keep the data secure and confidential.
We do not sell personal data. We do not permit third parties to use customer data for their own unrelated purposes unless they are acting as an independent controller under a lawful basis of their own.
5. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods depend on the type of information and the context in which it was collected.
- Quotation and booking records: retained for a reasonable period to manage follow-up service, disputes, and customer history.
- Invoice and payment records: retained in line with tax and accounting obligations.
- Communication records: retained for operational, service, and complaint-handling purposes.
- Security or technical logs: retained for a limited period unless needed for investigation or compliance.
When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual.
6. Data Security
We use reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures may include access restrictions, secure storage, staff confidentiality obligations, and data minimisation practices.
Although we take appropriate steps to safeguard information, no system can be guaranteed completely secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will act in accordance with applicable law, which may include notifying affected individuals and the relevant supervisory authority where required.
7. Your Rights
As a data subject, you have a number of rights under UK data protection law. Subject to legal conditions and exemptions, you may have the right to:
- Access your personal data and receive a copy of the information we hold about you;
- Rectification of inaccurate or incomplete data;
- Erasure of your data in certain circumstances, also known as the right to be forgotten;
- Restriction of processing in certain situations;
- Object to processing based on legitimate interests or direct marketing;
- Data portability where processing is based on consent or contract and carried out by automated means;
- Withdraw consent at any time where we rely on consent, without affecting the lawfulness of prior processing;
- Complain to the Information Commissioner’s Office if you believe your rights have been infringed.
To exercise your rights, you may make a request using the means we provide in our customer communications. We may need to verify your identity before responding. We aim to respond within the statutory time frame.
8. Marketing Communications
If we send marketing communications, we will do so only where allowed by law. You can opt out of marketing at any time. Operational communications relating to bookings, service updates, or billing are not marketing and may still be necessary for us to provide our services.
9. Children’s Data
Our services are generally intended for adults. We do not knowingly collect personal data from children unless it is provided by a parent, guardian, or responsible adult in connection with a service booking or access arrangement. If we become aware that we have collected data from a child without an appropriate basis, we will take steps to delete it promptly.
10. International Transfers
If any personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place in accordance with applicable data protection law. These safeguards may include an adequacy decision, standard contractual clauses, or another valid transfer mechanism.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any revised version will take effect once published or otherwise communicated, as appropriate. We encourage customers to review this policy periodically.
12. Summary of Key Commitments
- We collect only the data needed to provide cleaning services and manage our business.
- We process personal data only where we have a valid lawful basis.
- We share data only with trusted processors or where required by law.
- We keep data only for as long as necessary and delete it securely when no longer needed.
- We respect your rights and provide clear ways to exercise them.
Islington Carpet Cleaners is committed to transparent, fair, and secure data handling. This policy applies to all customers in the Islington area and is designed to ensure that personal data is treated with care, accountability, and respect.