Privacy Policy - Carpet Cleaners Marylebone
This Privacy Policy explains how Carpet Cleaners Marylebone collects, uses, stores, and protects personal data relating to all customers in the Marylebone area. It applies to every individual who uses our carpet cleaning services, requests a quotation, books an appointment, communicates with us, or otherwise interacts with us in connection with our services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who This Policy Applies To
This policy applies to all Carpet Cleaners Marylebone customers in the area, including residential and business customers, prospective customers, and anyone whose personal data we process while providing carpet cleaning, rug cleaning, stain treatment, upholstery care, or related services. By using our services, you acknowledge that your personal information may be collected and processed as described in this policy.
2. Personal Data We Collect
We only collect personal data that is necessary for the purposes described in this policy. The types of data we may collect include:
- Identity information such as your name and, where relevant, business name.
- Contact details such as your address, email address, and telephone number.
- Service information such as booking details, property access instructions, cleaning preferences, and notes about the work requested.
- Payment and transaction data such as records of services purchased, invoices, and payment status.
- Communication data such as messages, complaints, feedback, and records of correspondence.
- Technical data where relevant, such as device or usage information if you interact with us through digital systems.
- Special category data only if you voluntarily provide it and only when strictly necessary, for example information that may be revealed through access notes or home circumstances. We do not seek to collect special category data unless there is a valid reason and appropriate safeguards are in place.
We do not intentionally collect more data than is needed. We encourage customers to provide only the information necessary to arrange and deliver our services safely and effectively.
3. How We Collect Data
We may collect personal data directly from you when you:
- request a quote or make an enquiry;
- book or reschedule a service;
- communicate with us by phone, email, or other methods;
- complete forms or provide information during service delivery;
- submit a complaint, review, or feedback;
- make a payment or request an invoice.
We may also receive data from third parties when necessary to provide our services, such as payment processors, referral sources, property managers, or business clients who arrange services on behalf of others. In each case, we will only process the information that is relevant and lawful for the purpose.
4. How We Use Your Data
We use personal data only for legitimate service-related and operational purposes, including:
- providing carpet cleaning and related services;
- managing bookings, changes, and cancellations;
- communicating with customers about appointments and service details;
- issuing invoices, processing payments, and keeping accounting records;
- responding to enquiries, feedback, and complaints;
- maintaining service quality, internal records, and business administration;
- meeting legal, regulatory, tax, and insurance obligations;
- protecting against fraud, misuse, and security incidents.
We do not use your personal information for unrelated purposes without a lawful basis.
5. Lawful Basis for Processing
Under UK GDPR, we must identify a lawful basis for each type of processing. Depending on the context, we may rely on one or more of the following:
- Contract: processing is necessary to perform our agreement with you or to take steps at your request before entering into a contract. This includes processing booking details, service addresses, and payment-related information.
- Legal obligation: processing is necessary to comply with laws, such as tax, accounting, consumer protection, or other regulatory requirements.
- Legitimate interests: processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include managing operations, improving services, maintaining records, and preventing fraud.
- Consent: where required by law, we will ask for your consent before processing certain data. If consent is relied upon, you may withdraw it at any time.
Where special category data is processed, we will only do so where a lawful condition applies and appropriate safeguards are used.
6. Data Sharing and Processors
We may share personal data with trusted third parties who assist us in operating our business. These parties act as processors or independent controllers depending on the circumstances. Processors only act on our instructions and must protect your data appropriately.
Examples of processors and service providers may include:
- payment processing providers;
- accounting and invoicing systems;
- IT hosting, backup, and security providers;
- customer communication and scheduling tools;
- professional advisers such as accountants or insurers;
- subcontracted cleaning operatives where needed to deliver a service.
We may also disclose data if required by law, court order, or a regulatory authority, or where it is necessary to protect our rights, customers, staff, or property. We do not sell personal data.
7. International Transfers
If any processor stores or accesses data outside the UK, we will take appropriate measures to ensure your personal data remains protected. This may include relying on adequacy regulations, standard contractual clauses, or other approved safeguards. We aim to keep data within the UK whenever reasonably possible.
8. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting obligations. Retention periods may vary depending on the type of information and the reason for processing. In general:
- booking and service records are retained for a period necessary for administration and customer support;
- invoice and transaction records are retained for tax and accounting compliance;
- communication records may be kept to resolve disputes or maintain service history;
- data no longer required is securely deleted or anonymised.
When determining retention, we consider legal obligations, the need to defend claims, and operational necessity. Once data is no longer needed, it will be removed securely.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and restricted data access on a need-to-know basis. While no system can be guaranteed completely secure, we take reasonable steps to reduce risks and to respond promptly if an issue arises.
10. Your Rights
As a data subject under UK GDPR, you have several rights in relation to your personal data. These rights are not absolute and may be subject to exemptions or legal restrictions. You may have the right to:
- Access the personal data we hold about you;
- Rectification of inaccurate or incomplete data;
- Erasure of data in certain circumstances;
- Restriction of processing in certain circumstances;
- Object to processing based on legitimate interests or direct marketing;
- Data portability for data you have provided to us, where legally applicable;
- Withdraw consent at any time where processing is based on consent.
If you wish to exercise any of these rights, we will assess your request in line with applicable law. We may need to verify your identity before responding.
11. Children’s Data
Our services are generally intended for adults. We do not knowingly collect personal data from children unless it is necessary in limited circumstances connected to service delivery and with appropriate care. If we become aware that we have collected data from a child without a valid basis, we will take steps to delete it promptly.
12. Automated Decision-Making
We do not use fully automated decision-making or profiling that produces legal or similarly significant effects on customers. Any service decisions are made by people using relevant information and professional judgment.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically to stay informed about how we protect personal data.
14. Summary of Our Commitment
Carpet Cleaners Marylebone is committed to handling customer data responsibly, securely, and transparently. We collect only the information needed to provide services, rely on clear lawful bases for processing, keep data only as long as necessary, work with trusted processors under appropriate safeguards, and respect your rights under the law. This policy applies to all customers in the Marylebone area and forms part of our commitment to privacy, professionalism, and trust.