Privacy Policy - Elephantandcastle Carpet Cleaners
This Privacy Policy explains how Elephantandcastle Carpet Cleaners collects, uses, stores, shares, and protects personal data in connection with our carpet cleaning services. It applies to all Elephantandcastle Carpet Cleaners customers in the area, including prospective customers, existing customers, and individuals who enquire about our services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Elephantandcastle Carpet Cleaners provides professional carpet cleaning and related cleaning services to homes and businesses in the area. For the purposes of data protection law, we act as the data controller for the personal data we collect and process about our customers and service users. This means we determine the purposes and means of processing personal data collected in the course of our business.
2. Personal Data We Collect
We may collect and process different types of personal data depending on how you interact with us and the services you request. The categories of data we may collect include:
- Identity data such as your name and title.
- Contact data such as address, email address, and telephone number.
- Service details such as property access instructions, cleaning preferences, carpet condition, and booking information.
- Transaction data such as payment status, invoices, and service history.
- Communications data such as messages, complaints, feedback, and notes from calls or emails.
- Technical data such as basic device or browser information if you interact with us electronically.
We do not intentionally collect special category data unless it is necessary and you choose to provide it, for example if you share information relevant to access needs or health-related concerns affecting service delivery. Where such information is processed, we will do so only where a lawful basis applies and with appropriate safeguards.
3. How We Use Your Data
We use personal data for the following purposes:
- to provide quotes, arrange bookings, and deliver carpet cleaning services;
- to manage customer accounts and service records;
- to communicate with you about appointments, changes, and service-related matters;
- to process payments and maintain financial records;
- to deal with complaints, queries, and customer support requests;
- to improve our services, train staff, and maintain quality standards;
- to comply with legal, tax, insurance, and regulatory obligations;
- to prevent fraud, misuse, or unlawful activity;
- to defend or establish legal claims where necessary.
We only use personal data for the purposes for which it was collected, unless we reasonably believe that another compatible purpose is required or permitted by law.
4. Lawful Basis for Processing
Under the UK GDPR, we must have a lawful basis for each type of processing. Elephantandcastle Carpet Cleaners relies on the following lawful bases:
- Contract - to enter into and perform our service agreement with you, including bookings, quotations, and delivery of cleaning services.
- Legitimate interests - to manage and improve our business, respond to enquiries, maintain customer records, prevent fraud, and ensure service quality, provided these interests do not override your rights and freedoms.
- Legal obligation - to comply with accounting, tax, insurance, health and safety, and other legal requirements.
- Consent - in limited circumstances where consent is required, such as certain direct marketing activities or optional processing. Where we rely on consent, you may withdraw it at any time.
Where processing is based on legitimate interests, we balance our interests against your privacy rights to ensure the processing is appropriate and proportionate.
5. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary depending on the nature of the data and the reason for processing.
- Customer and booking records are generally retained for as long as needed to provide services and manage the customer relationship.
- Invoice and payment records are retained for the period required by tax and accounting law.
- Communications and complaints may be kept for a reasonable period after the matter is resolved in case follow-up or dispute resolution is needed.
- Marketing preferences are retained until you withdraw consent or object where applicable.
When data is no longer required, we will securely delete, anonymise, or otherwise dispose of it in a safe manner.
6. Sharing Your Data and Processors
We may share personal data with trusted third parties where necessary for business operations, legal compliance, or service delivery. These third parties act either as independent controllers or as processors acting on our behalf. We only share the minimum information needed.
Examples of processors
- IT and hosting providers that support our records, email, and system storage.
- Payment service providers that process card or electronic payments.
- Accounting and bookkeeping providers that assist with financial administration.
- Scheduling or administration tools used to manage bookings and customer records.
- Professional advisers such as insurers, auditors, or legal advisers where needed.
Where a processor is used, we require them to handle personal data securely, only on our instructions, and in compliance with data protection law. We do not sell personal data.
7. International Transfers
Where any of our processors or service providers store or access data outside the UK, we ensure that appropriate safeguards are in place. These safeguards may include adequacy regulations, standard contractual clauses, or other legally recognised transfer mechanisms designed to protect your data.
8. Data Security
We take the security of personal data seriously and apply reasonable technical and organisational measures to prevent unauthorised access, loss, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and limited data access on a need-to-know basis. While no system can be guaranteed to be completely secure, we work to protect your information in line with our obligations.
9. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights may be subject to certain conditions or exceptions.
- Right of access - to request a copy of the personal data we hold about you.
- Right to rectification - to ask us to correct inaccurate or incomplete information.
- Right to erasure - to request deletion of your data in certain circumstances.
- Right to restriction - to ask us to limit processing in certain situations.
- Right to object - to object to processing based on legitimate interests or direct marketing.
- Right to data portability - to receive certain data in a structured, commonly used format where applicable.
- Right to withdraw consent - where processing is based on consent, you may withdraw it at any time.
If you exercise any of these rights, we may need to verify your identity before responding. We will respond within the time limits required by law unless an extension is permitted.
10. Children’s Data
Our services are directed to adults and business customers. We do not knowingly collect personal data from children in the ordinary course of our business. If we become aware that child data has been collected unintentionally, we will take appropriate steps to delete it unless we are required to retain it by law.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Any updated version will apply from the date it is issued. We encourage customers to review this policy periodically to remain informed about how we protect personal data.
12. Your Responsibility
Please make sure the information you provide to us is accurate and kept up to date. This helps us deliver our services efficiently and reduces the risk of errors. If you provide information relating to access requirements, property conditions, or service preferences, please ensure it is shared only where necessary and is accurate.
13. Summary of Our Commitment
Elephantandcastle Carpet Cleaners respects your privacy and handles personal data responsibly. We collect only the information needed to operate our business, rely on lawful bases permitted by law, retain records for appropriate periods, use trusted processors under strict safeguards, and uphold your rights as a data subject. This policy applies to all Elephantandcastle Carpet Cleaners customers in the area and is intended to ensure transparency, accountability, and fair treatment of personal information.
Privacy is important to us, and we are committed to maintaining trust through lawful and secure data practices. We will continue to review and improve our approach to data protection so that your information remains protected at every stage of our service relationship.