Privacy Policy - Cleaners Elephantandcastle
This Privacy Policy explains how Cleaners Elephantandcastle collects, uses, stores, shares, and protects personal data belonging to our customers in the Elephant and Castle area. It applies to all Cleaners Elephantandcastle customers in the area, including anyone who requests, receives, or enquires about our cleaning services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK GDPR and the Data Protection Act 2018.
1. Who We Are
Cleaners Elephantandcastle provides professional cleaning services for residential and commercial customers. In the course of delivering those services, we may process personal data about customers, property occupants, payment contacts, and other relevant individuals. For the purposes of data protection law, Cleaners Elephantandcastle is the data controller for the personal data we collect and use for our own business operations.
2. Personal Data We Collect
We only collect data that is necessary for providing and managing our services, improving our operations, and meeting legal obligations. The categories of personal data we may collect include:
- Identity details, such as your name and title.
- Contact details, such as address, email address, and telephone number.
- Service information, including property access details, service preferences, booking history, and special instructions.
- Payment and billing data, such as payment status, invoices, and transaction references. We do not store full card details unless strictly necessary and permitted by law.
- Communication records, such as emails, messages, call notes, and complaint correspondence.
- Technical information when you interact with our digital services, such as device data, browser data, and basic usage information.
- Operational records, including staff notes relating to service delivery, incident reports, and quality assurance information.
We generally do not seek to collect special category data, such as health information or political opinions. If such information is incidentally shared with us, we will handle it carefully and only where there is a lawful basis to do so.
3. How We Collect Your Data
We may collect personal data directly from you when you:
- make a booking or request a quote;
- communicate with us by phone, email, or message;
- provide access or service instructions;
- pay for services or request an invoice;
- submit feedback or complaints.
We may also receive data from third parties where appropriate, for example from a person making a booking on your behalf, a landlord or property manager, payment providers, or service partners involved in arranging or completing the cleaning work.
4. Lawful Basis for Processing
We only process personal data where the law allows us to do so. Depending on the situation, our lawful bases for processing may include:
- Performance of a contract - to provide cleaning services, manage bookings, issue invoices, and deliver customer support.
- Legitimate interests - to operate and improve our business, prevent fraud, manage service quality, maintain records, and respond to enquiries, provided our interests do not override your rights.
- Legal obligation - to comply with accounting, tax, employment, safety, or regulatory requirements.
- Consent - where we rely on your permission for certain optional uses, such as particular marketing communications or the processing of sensitive information in specific circumstances.
When consent is used, you may withdraw it at any time, and this will not affect the lawfulness of processing before withdrawal.
5. How We Use Personal Data
We may use your personal data for the following purposes:
- to provide and manage cleaning services;
- to confirm bookings and service schedules;
- to communicate about changes, delays, or updates;
- to process payments and manage accounts;
- to deal with complaints, claims, and disputes;
- to maintain internal records and service history;
- to improve our services, training, and customer experience;
- to meet legal and regulatory requirements;
- to protect our business, staff, and customers from misuse, fraud, or security risks.
We do not sell your personal data.
6. Data Sharing and Processors
We may share personal data with trusted third parties who act as processors or independent controllers, but only where necessary and lawful. These may include:
- Payment processors that handle secure payment transactions.
- IT and cloud service providers that support our email, storage, scheduling, and administration systems.
- Accounting and bookkeeping providers that help with invoicing, tax records, and financial management.
- Customer service or communications tools used to manage enquiries and service updates.
- Professional advisers such as legal, insurance, or audit advisers when necessary.
- Public authorities where disclosure is required by law or necessary to protect rights, safety, or legal interests.
Where a third party processes data on our behalf, we require them to act only on our instructions, keep data secure, and comply with applicable data protection laws. We choose processors carefully and only share the minimum data needed for the task.
7. International Transfers
If any personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place. This may include the use of approved contractual clauses, adequacy regulations, or other lawful transfer mechanisms designed to protect your data to a standard consistent with UK GDPR.
8. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including for legal, accounting, tax, and reporting obligations. Retention periods may vary depending on the type of record and the reason it is held.
- Customer and booking records are typically retained for the period needed to provide services and manage follow-up queries.
- Financial records are retained for the period required by law and standard business practice.
- Communication records may be retained for a reasonable period to handle disputes, service issues, and quality control.
- Technical and security records may be retained for shorter or longer periods depending on the need to investigate incidents and protect systems.
When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. Retention is reviewed regularly to ensure we do not keep data longer than necessary.
9. Data Security
We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures may include access controls, secure storage, encryption where appropriate, staff confidentiality obligations, and regular review of security practices. However, no system can be guaranteed to be completely secure, so we continually work to reduce risks.
10. Your Rights
Under data protection law, you have a number of rights regarding your personal data. These include:
- Right of access - you can request a copy of the personal data we hold about you.
- Right to rectification - you can ask us to correct inaccurate or incomplete data.
- Right to erasure - you can ask us to delete your data in certain circumstances.
- Right to restrict processing - you can request that we limit how we use your data in certain situations.
- Right to object - you can object to processing based on legitimate interests or direct marketing.
- Right to data portability - you can request that certain data be provided to you or another organisation in a structured format.
- Right to withdraw consent - where we rely on consent, you may withdraw it at any time.
If you make a request, we may need to verify your identity before responding. We will aim to respond within the timeframe required by law.
10.1 Automated Decision-Making
Cleaners Elephantandcastle does not normally use automated decision-making that produces legal or similarly significant effects. If this changes, we will update this policy and provide the required information.
11. Marketing Preferences
If we send you marketing communications, we will do so in line with applicable law and your preferences. You can object to marketing at any time. Where required, we will obtain consent before sending certain types of promotional messages. We respect your choice and will not use your data for marketing where you have told us not to.
12. Children’s Data
Our services are aimed at adults, and we do not intentionally collect data from children except where it is necessary in connection with a service arrangement and lawfully provided by an adult with responsibility for the household or property. If we become aware that we have collected child data without an appropriate basis, we will take steps to delete it or handle it lawfully.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it takes effect. We encourage customers to review this policy periodically so they remain informed about how their personal data is used.
14. Complaints
If you are concerned about how your personal data is being handled, you have the right to raise a complaint with the relevant data protection authority. Before doing so, you may wish to contact us first so we can review and address your concerns. We take privacy seriously and will respond appropriately to legitimate requests and complaints.
Summary of Commitment: Cleaners Elephantandcastle processes personal data only where lawful, uses it for clear service-related purposes, limits sharing with trusted processors, keeps it only as long as needed, and respects your data protection rights.