Privacy Policy - Surrey Cleaner
This Privacy Policy explains how Surrey Cleaner collects, uses, stores, shares, and protects personal data relating to its customers, prospective customers, website visitors, and anyone who contacts us in connection with our services. It applies to all Surrey Cleaner customers in the area where our services are offered and delivered.
1. Introduction
Surrey Cleaner is committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws. We aim to be transparent about what information we collect, why we collect it, how long we keep it, and the rights individuals have over their personal data.
We process personal data fairly and securely, and only for specified, explicit, and legitimate purposes. We do not sell personal information.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity data such as name and title.
- Contact data such as address, email address, and telephone number.
- Service information such as service type, booking details, property access notes, and cleaning preferences.
- Payment and transaction data such as payment status, billing records, and transaction references. We do not necessarily store full card details where a secure third-party payment provider is used.
- Communication data such as messages, complaints, feedback, and correspondence relating to your booking or account.
- Technical data where applicable, such as device information, IP address, and browsing activity if you interact with our digital services.
- Special instructions or notes you voluntarily provide, which may include access requirements or other information needed to provide services safely and effectively.
We generally collect information directly from you. In some cases, we may receive information from third parties such as payment processors, booking platforms, referral partners, or property managers where relevant to the services requested.
3. How We Use Personal Data
We use personal data for the following purposes:
- to provide and manage cleaning services;
- to process bookings, quotes, invoices, and payments;
- to communicate with customers about appointments, service changes, or service issues;
- to respond to enquiries, feedback, and complaints;
- to maintain service records and improve service quality;
- to meet legal, regulatory, tax, accounting, and insurance obligations;
- to protect our business, customers, staff, and property from fraud, misuse, or unlawful activity;
- to analyse and improve customer experience and operational efficiency.
We only use data in ways that are compatible with the purpose for which it was collected, unless we reasonably determine that another lawful basis applies.
4. Lawful Basis for Processing
Under data protection law, we must have a lawful basis for processing your personal data. Depending on the circumstances, Surrey Cleaner relies on one or more of the following lawful bases:
Contract
We process personal data where it is necessary to enter into or perform a contract with you. This includes managing your booking, delivering cleaning services, issuing invoices, and handling service-related communications.
Legal obligation
We process certain data to comply with legal obligations, including tax, accounting, record-keeping, and regulatory requirements.
Legitimate interests
We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include service administration, customer support, fraud prevention, and improving our operations. When relying on legitimate interests, we consider whether the processing is proportionate and necessary.
Consent
In some situations, we may rely on your consent, for example where you choose to receive certain marketing communications or provide optional information that is not required to deliver the service. You may withdraw consent at any time where consent is the basis for processing.
5. Data Sharing and Processors
We may share personal data with trusted third parties where necessary to deliver services, operate our business, or comply with legal duties. These third parties act as data processors or independent controllers depending on the circumstances.
Processors we may use include:
- payment service providers to process transactions securely;
- booking and scheduling system providers;
- IT hosting, cloud storage, and software providers;
- email and communication platform providers;
- accounting and bookkeeping service providers;
- professional advisers such as insurers, legal advisers, or auditors;
- subcontractors or field workers who assist in delivering services, where necessary and subject to confidentiality and data protection obligations.
We require processors to handle personal data only on our instructions, to protect it appropriately, and to use it only for the agreed purposes. Where a third party acts as an independent controller, that organisation will be responsible for its own privacy practices.
We may also disclose information if required by law, court order, or request from a competent authority, or where necessary to establish, exercise, or defend legal claims.
6. International Transfers
Some of our service providers may store or process data outside the United Kingdom. Where this occurs, we take steps to ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent protective measures. These safeguards are intended to keep your data protected to a standard consistent with UK data protection law.
7. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, tax, and reporting requirements. Retention periods vary depending on the type of data and the reason for processing.
- Customer and booking records are usually retained for the duration of the customer relationship and for a reasonable period afterwards.
- Financial and invoice records are retained for the period required by tax and accounting law.
- Communication records are retained as needed to manage service issues, disputes, and customer support.
- Marketing records are retained until you opt out or withdraw consent, where applicable.
When data is no longer needed, it is securely deleted, anonymised, or archived in accordance with our retention practices.
8. Data Security
We use appropriate technical and organisational measures to protect personal data from accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, secure storage, encryption where appropriate, staff confidentiality duties, and regular review of data handling practices.
While no system can be guaranteed completely secure, we work to reduce risks and to respond appropriately if a security incident occurs.
9. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights are not absolute and may be subject to legal exceptions.
- Right of access – you can ask for a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete information.
- Right to erasure – in certain circumstances, you can ask us to delete your data.
- Right to restrict processing – you can ask us to limit how we use your data in some situations.
- Right to data portability – you can ask for certain data in a structured, commonly used format where legally applicable.
- Right to object – you can object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.
- Right to complain – you can raise concerns with the UK data protection authority if you believe your rights have been infringed.
To exercise your rights, you may submit a request through the appropriate contact route used for service matters. We may need to verify your identity before responding.
10. Marketing Preferences
If you receive marketing communications from us, you can opt out at any time. We will respect your choice and stop sending marketing where required by law. Even if you opt out of marketing, we may still send essential service-related communications, such as booking confirmations, schedule updates, or administrative notices.
11. Children
Our services are intended for adults and business customers. We do not knowingly collect personal data from children under the age of 13 unless it is provided by a parent, guardian, or another authorised adult in connection with a service request.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. When changes are made, the updated policy will apply from the date it is published or otherwise communicated. We encourage you to review this policy periodically.
13. Summary of Key Points
In summary: Surrey Cleaner collects only the personal data needed to provide and manage cleaning services, comply with legal requirements, and improve operations. We process data on lawful bases such as contract, legal obligation, legitimate interests, and consent where appropriate. We share data only with trusted processors and other authorised recipients, keep it only as long as necessary, and respect your data protection rights.
This policy applies to all Surrey Cleaner customers in the area.