Privacy Policy - Carpet Cleaners Enfield
This Privacy Policy explains how Carpet Cleaners Enfield collects, uses, stores, shares, and protects personal data. It applies to all Carpet Cleaners Enfield customers in the area, including individuals who request quotes, book services, receive cleaning visits, or otherwise interact with our service operations. We are committed to handling personal information in a lawful, fair, and transparent manner, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We understand that privacy matters. This policy is written to help customers understand what data is collected, why it is collected, how long it is kept, who may process it on our behalf, and what rights individuals have over their personal information. By using our services, you acknowledge that your information may be processed as described in this policy.
1. Who We Are
For the purposes of data protection law, Carpet Cleaners Enfield acts as the data controller for personal information collected in connection with our carpet cleaning services. This means we determine the purposes and means of processing your personal data. In some cases, third-party service providers may act as processors and handle data only on our instructions.
This policy covers customers, prospective customers, property occupants, and where relevant, business contacts involved in arranging or receiving carpet cleaning services. It also covers information collected through service bookings, communications, and operational records.
2. What Personal Data We Collect
We collect only the information necessary to provide services, manage bookings, handle enquiries, and meet legal or administrative obligations. Depending on the nature of your interaction with us, this may include:
- Identity details such as name and, where relevant, business name.
- Contact details including address, email address, and telephone number.
- Service information such as property access instructions, preferred appointment times, room or carpet details, and cleaning requirements.
- Payment and billing information where required for invoicing, transaction processing, or accounting records.
- Communication records including emails, messages, booking notes, complaint records, and feedback.
- Technical and usage data if you interact with digital systems used for booking or administration, such as device and browser information, security logs, and usage patterns.
- Special category data only in limited cases, and only if you voluntarily provide it and it is necessary for the service, such as information about allergies, sensitivities, or access needs.
We do not intentionally collect more information than required. We do not seek sensitive personal information unless it is directly relevant to service delivery or legal compliance.
3. How We Use Personal Data
We use personal data for clear and specific purposes. These include:
- Managing service enquiries and providing quotations.
- Scheduling, confirming, and carrying out carpet cleaning appointments.
- Communicating service updates, changes, or follow-up information.
- Processing payments, issuing invoices, and maintaining accounting records.
- Responding to complaints, queries, and requests.
- Improving our services, operational planning, and quality assurance.
- Maintaining records for legal, tax, insurance, and compliance purposes.
- Protecting against fraud, misuse, or unauthorised access.
We use your information only where it is necessary and proportionate. We do not use personal data for unrelated purposes without a valid legal basis.
4. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis to process personal data. Depending on the situation, Carpet Cleaners Enfield relies on the following bases:
Contract
We process personal data when it is necessary to enter into or perform a contract with you. This includes taking bookings, providing cleaning services, confirming appointments, handling payments, and managing service delivery.
Legitimate Interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include improving operations, maintaining service records, preventing fraud, managing internal administration, and responding to enquiries. We carefully assess such processing to ensure it is reasonable and appropriate.
Legal Obligation
We may process and retain certain information to comply with legal requirements, such as tax, accounting, consumer protection, or insurance obligations.
Consent
Where consent is required, we will ask for it clearly and specifically. This may apply in limited circumstances, such as optional marketing communications or the processing of special category information that is not covered by another lawful basis. You may withdraw consent at any time, where applicable, without affecting the lawfulness of processing carried out before withdrawal.
5. Data Sharing and Processors
We may share personal data with trusted third parties where necessary for service delivery, administrative support, or legal compliance. These third parties act as processors or, in some cases, independent controllers. We require processors to protect data and use it only on our instructions.
Processors and service providers may include:
- Payment service providers.
- Accounting and bookkeeping services.
- IT, software, hosting, and data storage providers.
- Communication and scheduling platforms.
- Insurance, legal, or compliance advisers where necessary.
We do not sell personal data. We do not share data with unrelated third parties for their own marketing purposes. If data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses where required.
6. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, and to meet legal, accounting, or operational requirements. Retention periods depend on the type of information and the reason for holding it.
- Booking and service records are typically kept for a period needed to manage customer history, resolve issues, and support quality control.
- Financial and invoicing records are retained for the period required under tax and accounting law.
- Correspondence and complaint records are kept long enough to address the matter and support evidence of resolution.
- Technical logs are retained for a limited period for security and operational monitoring.
When data is no longer required, it is securely deleted, anonymised, or destroyed in line with our retention practices. We review retention regularly to avoid keeping information for longer than necessary.
7. Data Security
We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and restricted sharing with processors. While no system can be guaranteed completely secure, we take data protection seriously and work to reduce risk wherever possible.
8. Your Rights
As a data subject under UK GDPR, you have a number of rights in relation to your personal information. These rights may be subject to limitations or exceptions depending on the circumstances. They include:
- Right of access - to request a copy of the personal data we hold about you.
- Right to rectification - to ask us to correct inaccurate or incomplete data.
- Right to erasure - to request deletion of your data in certain circumstances.
- Right to restriction - to ask us to limit how we use your data in certain cases.
- Right to data portability - to receive certain data in a structured, commonly used format where applicable.
- Right to object - to object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent - where processing relies on consent.
You also have the right to raise concerns about how your data is handled. If you believe your privacy rights have been breached, you may choose to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.
9. Children’s Data
Our services are not directed at children, and we do not knowingly collect personal data from children except where it is incidental to a service arrangement involving a household or property. If we become aware that we have collected data from a child without appropriate authority, we will take steps to address it.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service arrangements. Any updated version will apply from the date it is made available. We encourage customers to review this policy periodically so they remain informed about how their data is handled.
11. Scope of This Policy
This Privacy Policy applies to all Carpet Cleaners Enfield customers in the area, including new and existing customers, individuals requesting information, and anyone whose personal data is processed in connection with our carpet cleaning services. It is intended to be clear, fair, and consistent with data protection law.
By using our services, you confirm that you have read and understood this policy. We are committed to respecting your privacy and handling your personal information responsibly, lawfully, and with care.