Greenwich Carpet Cleaning Privacy Policy

This Privacy Policy explains how Greenwich Carpet Cleaning collects, uses, stores and protects personal data relating to our customers in the Greenwich area. It also sets out the lawful bases we rely on under the UK General Data Protection Regulation and the EU General Data Protection Regulation where applicable, how long we keep your information, when we use data processors, and what rights you have over your personal data.

Scope of this Privacy Policy

This Privacy Policy applies to all customers and prospective customers of Greenwich Carpet Cleaning located in the Greenwich area who contact us, request a quotation, make a booking, receive services from us, or otherwise interact with our business offline or online. By using our services, you acknowledge that you have read and understood this Policy.

Data Controller

Greenwich Carpet Cleaning acts as the data controller for the personal data described in this Policy. This means we determine the purposes and means of processing your personal data and are responsible for ensuring that such processing complies with applicable data protection laws.

Personal Data We Collect

We may collect and process the following categories of personal data about you:

Identification and contact details, such as your name, home address, billing address, and other postal addresses you provide for the performance of our services.

Communication details, such as your preferred method of contact and the content of any communications you send to us, including enquiries, complaints, or feedback.

Booking and service information, such as dates and times of appointments, details of the property or areas to be cleaned, service history, and any specific instructions or notes you provide.

Payment and billing information, such as the amount charged, payment method used, and transaction references. We do not store full card details; where card payments are processed electronically, certain data will be handled directly by our payment service provider acting as a processor.

Technical and usage data, where applicable, such as basic information about how you interact with our website or online content, including date and time of visits and pages viewed. This may involve the use of cookies or similar technologies where permitted by law and subject to your choices.

Purposes and Lawful Bases for Processing

We process your personal data only where we have a lawful basis under data protection law. The main purposes and lawful bases are as follows:

To provide our cleaning services and manage bookings. We use your identification, contact, booking and service information to create and confirm appointments, access your property as arranged, and deliver the services you request. Lawful basis: performance of a contract or taking steps at your request before entering into a contract.

To manage payments and accounting. We use payment and billing information to process your payments, issue invoices and receipts, and maintain accounting records. Lawful basis: performance of a contract and compliance with legal obligations relating to tax and financial reporting.

To respond to enquiries and provide customer support. We use your communication details and service information to answer questions, handle complaints, and provide aftercare. Lawful basis: performance of a contract or legitimate interests in operating and improving our services.

To maintain service records and improve our business. We may analyse non-sensitive service history and feedback to monitor service quality and improve our operations. Lawful basis: legitimate interests in running an efficient business and improving customer satisfaction, provided such interests are not overridden by your rights.

To comply with legal and regulatory requirements. We may process and retain certain data to comply with laws, regulations, and requests from competent authorities. Lawful basis: compliance with a legal obligation.

Marketing communications. Where permitted by law, we may occasionally send you information about similar services that may interest you. Lawful basis: legitimate interests in promoting our services, or consent where required. You can opt out of marketing at any time.

Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law.

Customer and booking records are generally kept for up to six years after the end of our relationship with you, in order to maintain accurate records for tax, accounting and potential legal claims.

Communication records and customer service correspondence may be kept for a shorter period where they are no longer required to resolve issues or provide evidence of our interactions.

Marketing data is retained until you withdraw your consent or object to processing, or until we determine that it is no longer accurate or necessary for our legitimate interests.

When personal data is no longer required, we will securely delete or anonymise it in accordance with our data retention procedures.

Data Processors and Sharing of Personal Data

We do not sell your personal data. We may share your data with trusted third parties who act as data processors on our behalf. These processors are contractually obliged to use your data only in accordance with our instructions, to keep it secure, and to comply with applicable data protection laws.

Examples of processors and third parties we may use include:

Payment service providers to process your payments securely and handle transaction data.

IT and software providers who supply booking systems, customer management tools, or data storage solutions.

Accountants or professional advisers who help us meet our legal and regulatory obligations.

We may also share data with competent authorities, regulators, or law enforcement agencies where required by law or necessary to protect our rights or the rights of others.

Where any processing involves transfers of personal data outside the UK or European Economic Area, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms, to ensure your data remains protected.

Data Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include limiting access to your personal data to personnel and processors who need it for business purposes, and requiring them to treat it confidentially and securely.

Your Data Protection Rights

As a data subject under the GDPR, you have several rights in relation to the personal data we hold about you. These include:

Right of access. You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data, together with certain information about how we use it.

Right to rectification. You have the right to request that inaccurate or incomplete personal data about you is corrected or updated.

Right to erasure. In certain circumstances, you may request that we delete your personal data, for example where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other lawful basis for processing.

Right to restriction of processing. You may request that we restrict the processing of your data in specific situations, such as while we verify its accuracy or consider an objection you have raised.

Right to object. You have the right to object to processing based on our legitimate interests, and to object at any time to the processing of your personal data for direct marketing purposes.

Right to data portability. Where we process your data based on consent or contract and the processing is carried out by automated means, you may request to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to have it transmitted to another controller where technically feasible.

Right to withdraw consent. Where processing is based on your consent, you can withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

You also have the right to lodge a complaint with a supervisory authority if you believe that your data protection rights have been infringed. In the UK, this is the Information Commissioner's Office.

Children's Data

Our services are directed at adult customers. We do not knowingly collect personal data relating to children, and we ask that persons under 18 do not provide personal data to us without the consent and involvement of a parent or guardian.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other reasons. Any material changes will be communicated through an updated version of the Policy made available to customers. We encourage you to review this Policy periodically to stay informed about how we process your personal data.