Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, shared, and protected in connection with the services provided to customers in the area. It applies to all customers in area and is intended to give clear information about how personal data is processed in line with the General Data Protection Regulation (GDPR).

1. Scope of this Policy

This policy applies to all individuals who use, purchase, inquire about, or otherwise engage with the services offered to customers in area. It covers data collected directly from individuals, data generated through service use, and data received from third parties where permitted by law. We respect the privacy of every customer and process personal data only where there is a lawful basis to do so.

2. Personal Data We Collect

We may collect the following categories of personal data, depending on the nature of the relationship and the services involved:

  • Identification data such as name, title, and account identifiers.
  • Contact data such as email address, phone number, billing address, or service address.
  • Transaction data such as service history, purchase records, payment status, and related administrative details.
  • Technical data such as device information, log data, browser type, and usage patterns when interacting with digital systems.
  • Communication data such as correspondence, requests, complaints, feedback, and support interactions.
  • Preference data such as service choices, communication preferences, and consent settings where applicable.

We do not intentionally collect more personal data than is necessary for the purposes described in this policy. Where special category data is involved, it will only be processed if a valid legal condition under GDPR applies.

3. How We Use Personal Data

We process personal data for the following purposes:

  • to provide and manage services requested by customers in area;
  • to administer accounts, orders, billing, and record keeping;
  • to communicate about service updates, changes, notices, and support matters;
  • to improve service quality, customer experience, and operational efficiency;
  • to maintain security, prevent fraud, and protect against misuse;
  • to meet legal, regulatory, tax, accounting, and audit obligations;
  • to establish, exercise, or defend legal claims where necessary.

Where possible, we use data in a proportionate and privacy-conscious way.

4. Lawful Basis for Processing

Under GDPR, we rely on one or more lawful bases depending on the context of the processing:

Contract

We process personal data when it is necessary to enter into or perform a contract with a customer, including delivering requested services, managing payments, and handling related service administration.

Legal Obligation

We process personal data when required to comply with legal obligations, such as financial record keeping, tax requirements, consumer protection duties, and regulatory compliance.

Legitimate Interests

We may process personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by the rights and freedoms of the individual. Legitimate interests may include service improvement, security monitoring, fraud prevention, internal administration, and limited business analysis.

Consent

In some cases, we may rely on consent, especially for optional communications or other activities where consent is the most appropriate basis. When consent is used, it may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

Vital Interests and Public Task

These bases are unlikely to apply in ordinary customer service settings, but if they do apply in exceptional circumstances, processing will occur only within the limits permitted by law.

5. Data Sharing and Processors

We may share personal data with trusted third parties that act as processors or, in limited cases, independent controllers. Processors are engaged only where appropriate safeguards are in place and where they process data on our instructions.

Examples of processor categories may include:

  • IT hosting and infrastructure providers;
  • customer service and communications platforms;
  • payment processing and financial administration providers;
  • accounting, audit, and compliance service providers;
  • security and fraud prevention service providers;
  • document storage and archival providers.

Where personal data is disclosed to independent controllers, they are responsible for their own GDPR compliance. We do not sell personal data. Any disclosure will be limited to what is necessary and will be based on a valid legal ground.

6. International Transfers

If personal data is transferred outside the European Economic Area, appropriate safeguards will be used to protect the data in accordance with GDPR. These safeguards may include adequacy decisions, standard contractual clauses, or other approved transfer mechanisms. We aim to ensure that any cross-border transfer preserves a level of protection essentially equivalent to that required within the EEA.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, regulatory, and reporting obligations. Retention periods vary depending on the type of data and the reason for processing.

  • Contract and service records may be kept for the duration of the customer relationship and for a reasonable period afterward.
  • Billing and accounting records may be retained for periods required by law.
  • Support communications may be kept for a period needed to resolve issues and maintain service quality.
  • Security logs may be retained for a limited period for monitoring and incident investigation.

When personal data is no longer needed, it will be deleted, anonymised, or securely archived in a manner consistent with applicable law.

8. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorized access, accidental loss, destruction, disclosure, or alteration. These measures may include access controls, encryption where suitable, logging, staff training, and internal policies designed to limit access to those who need it. Security is an ongoing responsibility, and we review safeguards periodically to maintain protection at a reasonable and proportionate level.

9. User Rights Under GDPR

Individuals have rights concerning their personal data. Depending on the circumstances and the legal basis for processing, these rights may include the following:

  • Right of access to obtain confirmation and a copy of personal data being processed.
  • Right to rectification to correct inaccurate or incomplete data.
  • Right to erasure to request deletion of data in certain circumstances.
  • Right to restriction to limit processing in certain situations.
  • Right to data portability to receive data in a structured, commonly used format where applicable.
  • Right to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent where processing is based on consent.
  • Right not to be subject to automated decision-making in circumstances where such decisions produce legal or similarly significant effects, unless permitted by law.

Requests will be handled in accordance with GDPR and may require verification of identity to protect personal data. Some rights may be limited where processing is necessary for compliance with legal obligations or for the establishment, exercise, or defense of legal claims.

10. Children’s Data

Our services are not directed to children unless specifically stated otherwise. If personal data relating to a child is processed, it will be done only where lawful and appropriate safeguards are in place. Where consent is required and the child is below the age defined by applicable law, parental or guardian consent may be necessary.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service offerings. When changes are made, the updated policy will apply from the stated effective date. Customers in area are encouraged to review the policy periodically to remain informed about how personal data is handled.

12. General Principles

Our approach to privacy is based on the core principles of GDPR, including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability. We aim to process personal data in a manner that is transparent, proportionate, and respectful of individual rights. We also seek to ensure that processing is limited to what is necessary for clear and legitimate purposes.

13. Final Statement

This Privacy Policy applies to all customers in area and governs the handling of personal data connected with the services provided there. By using the services, customers acknowledge that personal data may be processed in accordance with this policy and the applicable requirements of GDPR. If any part of this policy is found to be inconsistent with mandatory law, the remaining provisions will continue to apply to the fullest extent permitted.

Call Now!
Call Now Get a Quote
Hammersmith Carpet Cleaners

GDPR-compliant privacy policy covering data collection, lawful basis, retention, processors, user rights, and scope for all customers in area.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.