Privacy Policy - Cheam Carpet Cleaners

This Privacy Policy explains how Cheam Carpet Cleaners collects, uses, stores, and protects personal data. It applies to all Cheam Carpet Cleaners customers in the area, including anyone who enquires about, books, receives, or pays for our carpet cleaning and related services. We are committed to handling personal information in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you acknowledge that your personal data may be processed as described in this policy. We only collect information that is necessary for legitimate business purposes and we do not sell personal data to third parties.

1. Information We Collect

We may collect and process the following categories of personal data:

  • Identity information: name, title, and any information you provide when making an enquiry or booking.
  • Contact information: address, email address, and telephone number.
  • Service details: property access instructions, cleaning requirements, service history, and notes relevant to the job.
  • Payment information: limited billing details and payment status. We do not store full card details where payments are handled by secure third-party processors.
  • Communication records: messages, quotations, feedback, complaints, and correspondence.
  • Technical information: basic website or device information if you interact with our digital services, such as IP address, browser type, and cookies where applicable.
  • Special category data: we do not intentionally collect special category data. If such information is shared with us incidentally, we will only process it where there is a lawful basis and where necessary for the service requested.

2. How We Use Personal Data

We use personal data for the following purposes:

  • to provide quotations, confirm bookings, and deliver cleaning services;
  • to communicate with customers before, during, and after appointments;
  • to manage payments, invoices, and accounting records;
  • to respond to questions, complaints, and service requests;
  • to maintain accurate internal records and service history;
  • to improve our services, training, and customer experience;
  • to comply with legal, tax, insurance, and regulatory obligations;
  • to protect our business, staff, and customers from fraud or misuse.

We process personal data only for specific and legitimate purposes and we do not use it in ways that are incompatible with those purposes.

3. Lawful Basis for Processing

Under data protection law, we must have a lawful basis for each use of personal data. Depending on the circumstances, Cheam Carpet Cleaners relies on one or more of the following lawful bases:

  • Contract: processing is necessary to provide a quotation, carry out a cleaning service, manage payment, or fulfil our agreement with you.
  • Legal obligation: processing is necessary to meet legal and regulatory requirements, including tax and accounting duties.
  • Legitimate interests: processing is necessary for our legitimate business interests, such as maintaining records, improving services, handling customer enquiries, or preventing fraud, provided these interests are not overridden by your rights and freedoms.
  • Consent: where required, we will rely on your consent, for example for certain forms of marketing or optional communications. You may withdraw consent at any time.

Where we rely on legitimate interests, we consider the impact on your privacy and only proceed when the processing is necessary and proportionate. We always aim to keep personal data usage limited to what is needed for the task in question.

4. Data Sharing and Processors

We may share personal data with trusted third parties only when necessary for the operation of our business or the delivery of services. These third parties act as processors or independent controllers, depending on the role they perform.

Examples of processors may include:

  • Payment processors: to process transactions securely.
  • Accounting software providers: to manage invoices, bookkeeping, and tax records.
  • IT and cloud storage providers: to securely host data and support internal systems.
  • Communication service providers: to deliver emails, messages, or appointment reminders.
  • Customer management tools: to store service records and booking details.

We only appoint processors that can provide sufficient guarantees about the security and confidentiality of your information. Where data is transferred to a processor, we require appropriate contractual protections and data processing terms. We do not permit processors to use your data for their own unrelated purposes.

We may also disclose data if required by law, to respond to lawful requests from authorities, or to protect the rights, property, and safety of our customers, staff, or business. If a business transfer occurs, such as a sale or restructuring, customer data may be transferred as part of that transaction, subject to applicable legal safeguards.

5. Data Retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, insurance, and reporting requirements. Retention periods depend on the type of data and the purpose of processing.

  • Customer and service records: retained for a period necessary to manage the relationship, address follow-up issues, and maintain service history.
  • Financial and tax records: retained for the period required by law and standard accounting practice.
  • Communication records: retained for as long as needed to resolve queries, support service delivery, or evidence decisions.
  • Marketing preferences: retained until you withdraw consent or object, where applicable.

When personal data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in a safe manner. If data is archived for legal reasons, access will be restricted and kept to the minimum necessary.

6. Data Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, password protection, restricted permissions, and staff confidentiality expectations. While no system can be guaranteed completely secure, we work to reduce risks and to maintain appropriate safeguards based on the nature of the information we process.

7. Your Rights

As a data subject under UK GDPR, you have several rights in relation to your personal data. These rights are not absolute and may be subject to legal or practical limitations.

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete information.
  • Right to erasure: you can request deletion of your data in certain circumstances.
  • Right to restriction: you can ask us to limit processing in certain situations.
  • Right to data portability: you may request certain data in a structured, commonly used format, where applicable.
  • Right to object: you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: where we rely on consent, you may withdraw it at any time.
  • Right to complain: you have the right to raise concerns with the relevant data protection authority if you believe your data has been mishandled.

We will respond to valid requests in line with legal requirements and may need to verify your identity before taking action. In some cases, we may retain certain information where we are legally entitled or required to do so.

8. Cookies and Similar Technologies

If you interact with our online services, we may use cookies or similar technologies to support basic functionality, understand usage patterns, and improve performance. Where required by law, we will request consent before placing non-essential cookies. You can manage cookie preferences through your browser settings or other available controls.

9. Children’s Data

Our services are directed to adults and we do not knowingly collect personal data from children for marketing or service purposes. If we become aware that personal data has been collected from a child without appropriate consent or legal basis, we will take reasonable steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically so they remain informed about how we protect personal data.

11. Summary of Our Commitment

Cheam Carpet Cleaners is committed to respecting privacy, limiting data collection to what is necessary, and processing personal information responsibly. We use lawful bases for processing, work with trusted processors under appropriate safeguards, retain data only as long as needed, and support your rights under data protection law. Your trust matters to us, and we aim to handle all personal information with care and transparency.

This policy applies to all Cheam Carpet Cleaners customers in area.

Cheam Carpet Cleaners

GDPR-compliant Privacy Policy for Cheam Carpet Cleaners covering data collection, lawful basis, retention, processors, and user rights.

Get a Quote

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.