Watford Carpet Cleaning Privacy Policy

This Privacy Policy explains how Watford Carpet Cleaning collects, uses, stores, and protects personal data relating to its customers and prospective customers in the Watford area. It is intended to comply with the UK General Data Protection Regulation and the Data Protection Act 2018. This policy applies to all Watford Carpet Cleaning customers and enquiries within our service area, regardless of how you contact us or use our services.

Data Controller

For the purposes of data protection law, Watford Carpet Cleaning is the data controller for the personal data described in this policy. This means that we determine the purposes and means of processing your personal data and are responsible for looking after it in a secure and lawful way.

Personal Data We Collect

We only collect personal data that is relevant to providing and managing our carpet cleaning and related services. The types of data we may collect include:

Identity and contact details: name, address, property details, billing address, and other contact details such as your preferred method of communication.

Service information: details of the services you request or receive, including dates and times of appointments, areas of the property to be cleaned, and any special instructions you give us.

Payment information: details necessary to process payments for our services, such as partial card details provided through secure payment processors, payment status, and billing records. We do not store full card numbers or security codes when a third-party payment processor is used.

Communication records: information contained in your communications with us, including enquiries, quotations, bookings, complaints, or feedback, whether made by phone, text message, online form, or other means.

Technical and usage information: limited technical data that may be collected when you visit our website, such as IP address, device information, approximate location data, and how you navigate our pages. This may be collected through basic analytics tools and cookies where used.

Lawful Bases for Processing

We process your personal data only where we have a lawful basis under data protection law. Depending on the context, we rely on the following lawful bases:

Contract: we process your data when it is necessary to provide a quotation, to take steps at your request before entering into a contract, and to perform our services once you have made a booking. This includes managing your appointments, communicating with you about the service, and handling billing.

Legal obligation: we may process certain data where we are required to do so by law, for example, to maintain appropriate business and financial records or to respond to lawful requests from regulatory or law enforcement authorities.

Legitimate interests: we may process personal data where it is necessary for our legitimate business interests and where your rights and freedoms are not overridden. This includes managing our business operations, improving our services, preventing fraud or misuse of our services, and maintaining accurate records of customer interactions and service history.

Consent: in limited situations, such as when we send certain types of marketing communications to individual customers, we may rely on your consent. Where we rely on consent, you can withdraw it at any time by contacting us using your usual communication channel with us.

How We Use Your Personal Data

We use the personal data we collect for the following purposes:

Providing services: booking and delivering carpet cleaning and related services at the correct address, at agreed times, and in line with your instructions and preferences.

Customer relationship management: responding to enquiries, providing quotations, confirming bookings, rescheduling or cancelling appointments, and handling any issues, complaints, or feedback.

Payments and accounting: issuing invoices or receipts, processing payments through secure payment providers, and maintaining accurate financial records for tax and accounting purposes.

Service improvement: reviewing service records, feedback, and usage information to help us improve the quality, safety, and efficiency of our services.

Legal and regulatory compliance: retaining information as required by law, responding to legal requests, and protecting our legal rights, for example in the event of a dispute.

Data Retention

We keep personal data only for as long as it is needed for the purposes set out in this Privacy Policy or as required by law. When deciding how long to retain data, we consider the nature of the information, the reasons it was collected, and any legal or regulatory requirements.

Customer and service records: identity, contact, and service information are generally kept while you remain an active customer and for a period of up to six years after your last interaction with us, in order to respond to queries, maintain accurate service history, and establish or defend legal claims.

Financial records: payment and billing records are typically retained for at least six years to comply with legal and tax obligations.

Communication records: routine enquiry and communication records may be kept for a shorter period, unless they form part of your service history or are needed for legal, regulatory, or complaint-handling purposes.

Once data is no longer required, it will be securely deleted, anonymised, or otherwise removed from our systems.

Data Sharing and Processors

We do not sell your personal data. However, we may share it with carefully selected third parties where necessary for the purposes set out in this policy or where required by law.

Service providers and data processors: we may use trusted third parties to help us run our business and deliver services, such as payment processing providers, accounting or invoicing systems, appointment or diary management tools, and basic website analytics or hosting providers. These third parties act as data processors on our behalf and are only permitted to process personal data in accordance with our instructions and with appropriate security measures in place.

Professional advisers and authorities: we may share personal data with professional advisers, such as accountants or legal advisers, and with law enforcement or regulatory authorities where required by law or where necessary to protect our legal rights.

In all cases, we limit the personal data shared to what is necessary and take reasonable steps to ensure it is handled securely and in accordance with data protection law.

International Transfers

Some of our service providers or their systems may be located outside the United Kingdom or the European Economic Area. Where personal data is transferred outside these areas, we take steps to ensure that it is given appropriate protection, for example by using standard contractual clauses or relying on other safeguards permitted under data protection law.

Security of Your Personal Data

We take reasonable and appropriate technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, alteration, or disclosure. These measures include limiting access to personal data to those staff and processors who need it to perform their duties, using secure storage and, where applicable, encryption or password protection, and keeping our systems and procedures under review.

Your Data Protection Rights

As a customer or prospective customer in the Watford area, you have a number of rights under data protection law in relation to your personal data. These include:

Right of access: you can ask for confirmation of whether we process your personal data and request a copy of the data we hold about you.

Right to rectification: you can request that inaccurate or incomplete personal data is corrected or updated.

Right to erasure: in certain circumstances, you can ask us to delete your personal data, for example where it is no longer needed for the purposes for which it was collected and we have no legal obligation to retain it.

Right to restriction: you can request that we restrict the processing of your personal data in specific situations, such as while we investigate a concern you have raised about its accuracy.

Right to object: you can object to processing based on our legitimate interests, including certain types of direct marketing. We will stop processing your data for these purposes unless we have compelling legitimate grounds or it is needed for legal claims.

Right to data portability: where processing is based on consent or contract and is carried out by automated means, you may request that certain personal data is provided to you or another organisation in a structured, commonly used, machine-readable format.

Where we rely on consent as the lawful basis for processing, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.

You also have the right to lodge a complaint with the relevant data protection supervisory authority if you believe your data protection rights have been infringed.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, or the services we provide. Any changes will take effect when the updated version is made available. We encourage you to review this policy periodically to stay informed about how we handle your personal data.