Privacy Policy - Cleaner Kentishtown
This Privacy Policy explains how Cleaner Kentishtown collects, uses, stores, shares, and protects personal data. It applies to all Cleaner Kentishtown customers in area, including anyone who requests, books, receives, or enquires about our cleaning services. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Cleaner Kentishtown provides cleaning services to households and businesses in the local area. In this Privacy Policy, we, us, and our refer to Cleaner Kentishtown as the data controller for the personal data described below. This means we decide how and why your personal data is used.
2. Personal Data We Collect
We collect only the information needed to provide services effectively, manage our relationship with customers, and meet legal requirements. The categories of personal data we may collect include:
- Identity information: name, title, and, where relevant, the name of a business or property manager.
- Contact information: address, email address, phone number, and service location details.
- Booking and service information: service preferences, appointment times, cleaning instructions, property access notes, and records of services provided.
- Payment information: billing details, payment status, transaction history, and limited financial information needed to process payments. We do not intentionally store unnecessary card details.
- Communication records: messages, complaints, feedback, and service-related correspondence.
- Technical information: basic device, browser, or usage information if you interact with us electronically, where needed for security or service administration.
- Special category data: we do not usually seek this data. However, if you voluntarily provide information that may reveal health conditions, accessibility needs, or other sensitive details relevant to service delivery, we will only use it where permitted by law and necessary for the specific purpose.
We aim to keep the information we collect adequate, relevant, and limited to what is necessary for the purpose of providing services and maintaining accurate records.
3. How We Collect Personal Data
We may collect personal data directly from you when you:
- make an enquiry or booking;
- receive a quote or contract;
- give us access instructions or service preferences;
- contact us by phone, email, or other communication channels;
- submit feedback, raise a complaint, or request support.
We may also receive data from third parties where necessary, such as payment providers, booking platforms, property managers, or business customers acting on behalf of their staff or tenants. When we receive information from a third party, we expect them to have a lawful basis for sharing it with us.
4. How We Use Personal Data
We use personal data for the following purposes:
- to provide cleaning services and manage appointments;
- to communicate with customers about bookings, service changes, or support requests;
- to process invoices, payments, and refunds;
- to maintain accurate customer and service records;
- to respond to complaints, disputes, and enquiries;
- to improve service quality, staff training, and operational planning;
- to comply with legal, tax, accounting, and insurance obligations;
- to protect the security of our staff, customers, and property.
We will not use personal data for purposes that are incompatible with the original reason it was collected unless we have a lawful basis to do so and, where required, we notify you.
5. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis to process your personal data. Depending on the situation, Cleaner Kentishtown relies on the following bases:
Contract
We process personal data where it is necessary to enter into or perform a contract with you. This includes booking services, delivering cleaning work, managing access arrangements, and handling payment administration.
Legal obligation
We may process data where needed to comply with legal requirements, including tax, accounting, record-keeping, health and safety, and fraud prevention obligations.
Legitimate interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include managing customer relationships, improving services, preventing abuse, securing systems, and handling internal administration.
Consent
In limited cases, we may rely on your consent, particularly for optional communications or certain sensitive information. Where consent is used, you may withdraw it at any time.
Vital interests and public task
These bases are unlikely to apply in ordinary service delivery, but may be relevant in exceptional circumstances where urgent protection is required or where a legal authority directs processing.
If we process special category data, we will do so only where a specific condition under data protection law applies, such as explicit consent or necessity for legal claims, employment, or health and safety obligations.
6. Data Sharing and Processors
We may share personal data with trusted third parties that act as data processors on our behalf. These processors are only permitted to use the data according to our instructions and must implement appropriate security measures. They may include:
- payment processing providers;
- booking, scheduling, and customer management software providers;
- IT and cloud storage providers;
- accounting and bookkeeping services;
- communication tools used for email, messaging, or administration;
- professional advisers such as insurers, legal advisers, or auditors where necessary;
- service subcontractors or temporary staff where required to deliver the cleaning service.
We may also disclose personal data if required by law, by a court order, or to protect our rights, customers, staff, or property. Where data is shared with processors or other recipients, we take reasonable steps to ensure it is handled securely and only for legitimate purposes.
7. International Transfers
If any processor stores or accesses personal data outside the United Kingdom, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms approved under applicable data protection law.
8. Data Retention
We keep personal data only for as long as necessary to meet the purpose for which it was collected, including the need to comply with legal, accounting, and operational requirements. Retention periods may vary depending on the type of data and the purpose of processing.
- Customer and booking records: retained for the duration of the service relationship and for a reasonable period afterwards.
- Financial and tax records: retained for the period required by law and accounting standards.
- Complaints and communication records: retained for as long as needed to resolve issues and defend against legal claims.
- Security and access-related information: retained only as long as necessary for service delivery and safety.
When personal data is no longer needed, we will securely delete, anonymise, or destroy it.
9. Data Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include restricted access, secure storage, password protection, staff confidentiality obligations, and procedures for handling incidents. While no system can guarantee absolute security, we work to reduce risk and respond promptly to any suspected data breach.
10. Your Rights
Under data protection law, you have a number of rights relating to your personal data. Subject to legal limits and exemptions, these rights may include:
- Right of access: you can ask for a copy of the personal data we hold about you.
- Right to rectification: you can ask us to correct inaccurate or incomplete data.
- Right to erasure: you can ask us to delete your data where there is no good reason for us to keep it.
- Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.
- Right to data portability: you can ask for your data in a structured, commonly used format where applicable.
- Right to object: you can object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: where we rely on consent, you can withdraw it at any time.
- Right to complain: you can raise concerns with the UK Information Commissioner’s Office if you believe your data is being handled improperly.
We may need to verify your identity before responding to a request. We will usually respond within one month, unless the request is complex or multiple requests are made.
11. Children’s Data
Our services are generally intended for adults. We do not knowingly collect personal data from children except where it is incidental to service delivery and only when appropriate and lawful. If we become aware that we have collected data from a child without proper authority, we will take steps to delete it or obtain the necessary permission where permitted by law.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review it periodically so they remain informed about how their data is used.
Summary of our approach: Cleaner Kentishtown processes personal data only when needed, uses lawful bases under UK GDPR, protects information with suitable safeguards, and respects customer rights across the area we serve.
