Crystal Palace Carpet Cleaning Privacy Policy

This Privacy Policy explains how Crystal Palace Carpet Cleaning collects, uses, discloses and protects personal data relating to its customers in the Crystal Palace area. It also explains the rights you have under the UK General Data Protection Regulation and the Data Protection Act 2018.

This Privacy Policy applies to all Crystal Palace Carpet Cleaning customers and prospective customers within our service area, including individuals and businesses who contact us, request a quote, book a service, or otherwise interact with us.

Data Controller

For the purposes of data protection law, Crystal Palace Carpet Cleaning is the data controller for the personal data described in this Privacy Policy. This means we determine the purposes and means of processing your personal data.

Personal Data We Collect

We only collect personal data that is necessary for us to provide our carpet cleaning and related services, manage our business, and meet our legal obligations. The types of personal data we may collect include:

Identity and contact details: name, address, property access details where relevant, and other contact details such as your preferred method of communication.

Booking and service information: dates and times of appointments, details of the services requested or provided, property type and relevant notes needed to perform the service safely and effectively.

Payment information: information relating to the method of payment and payment status. We do not store full payment card details when card payments are processed through third-party providers.

Communications: records of emails, messages, or other communications you send to us and our responses, including enquiries, complaints and feedback.

Technical and usage data: basic technical information related to how you interact with our online content, such as IP address, device and browser type, and general usage data, where this is collected through standard analytics tools. We do not collect more technical data than is reasonably needed for security, performance, and basic analytics.

Lawful Basis for Processing

We process your personal data only where we have a lawful basis under data protection law. Depending on the context, this may include:

Contract: where processing is necessary to enter into or perform a contract with you, such as providing a quotation, scheduling and delivering carpet cleaning services, or managing invoicing and payment.

Legal obligation: where we must process certain information to comply with legal and regulatory requirements, such as accounting, taxation and record-keeping obligations.

Legitimate interests: where processing is necessary for our legitimate business interests, and these are not overridden by your rights and freedoms. This can include improving our services, managing our relationship with you, responding to your enquiries, and maintaining security.

Consent: where required by law, for example for some types of marketing communications, we will rely on your consent. You can withdraw your consent at any time.

How We Use Your Personal Data

We may use your personal data for the following purposes:

To provide quotations, arrange appointments, and deliver cleaning services at your property.

To manage our ongoing relationship with you, including handling any questions, feedback or complaints.

To process payments, issue invoices, and keep appropriate financial and business records.

To send you important information about your bookings, such as confirmations, amendments and reminders.

To improve our services, including quality control, staff training, and internal analysis of how our services are used.

To send you marketing communications that you have agreed to receive, and to give you the opportunity to opt out of such communications at any time.

To protect our business, staff and customers, including by preventing and detecting fraud, misuse, or security incidents.

Data Sharing and Processors

We do not sell your personal data. We may share your personal data with third parties only where necessary and in accordance with data protection law.

Service providers and processors: we may engage carefully selected third-party providers to help us operate our business and deliver our services. These can include payment processing companies, IT and hosting providers, customer management systems, and basic analytics or communication tools. These providers act as data processors and may only process your personal data on our documented instructions and for the purposes we specify.

Professional advisers: we may share information with our external professional advisers, such as accountants, auditors or legal advisers, where required for legitimate business or legal reasons.

Authorities: we may disclose personal data where required to do so by law, or where such disclosure is necessary to protect the rights, property, or safety of our business, our staff, our customers, or others.

Whenever we use data processors, we put in place appropriate contracts and safeguards to ensure your data is protected in line with the GDPR.

International Data Transfers

If we transfer personal data outside the United Kingdom or the European Economic Area through our service providers, we will ensure that appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or equivalent protections, so that your personal data remains protected to a standard essentially equivalent to that in the UK.

Data Retention

We keep your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law.

Customer and service records: we generally retain core customer and booking information for a period that allows us to manage our ongoing relationship, respond to queries or complaints, and meet our legal and tax obligations.

Financial and transaction data: we keep records of payments, invoices and related financial information for the period required by law for tax and accounting purposes.

Marketing data: we retain data used for marketing purposes for as long as you remain subscribed or engaged with our communications, or until you withdraw your consent or object to such processing.

When data is no longer needed, we either delete it securely or anonymise it so that it can no longer be linked to you.

Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures include limiting access to personal data to those who have a genuine business need to access it, using secure systems and requiring our staff and processors to handle data in accordance with data protection law and our internal policies.

Your Data Protection Rights

Under data protection law, you have a number of rights in relation to your personal data. These may include:

Right of access: the right to request a copy of the personal data we hold about you and information about how we use it.

Right to rectification: the right to ask us to correct inaccurate or incomplete personal data.

Right to erasure: the right, in certain circumstances, to request that we delete your personal data.

Right to restrict processing: the right, in certain circumstances, to ask us to restrict the processing of your personal data.

Right to data portability: the right, in certain circumstances, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to ask us to transfer that data to another controller where technically feasible.

Right to object: the right to object to our processing of your personal data where we are relying on legitimate interests, including the right to object at any time to processing for direct marketing.

Right to withdraw consent: where we rely on consent as our lawful basis, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing before consent was withdrawn.

If you wish to exercise any of these rights, we will respond in accordance with applicable data protection law.

Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can try to resolve the issue. You also have the right to lodge a complaint with the relevant data protection supervisory authority in the United Kingdom.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services, our internal practices, or legal requirements. Any changes will take effect when the updated Privacy Policy is made available. We recommend that you review this Privacy Policy periodically to stay informed about how we protect your personal data.

This Privacy Policy applies to all Crystal Palace Carpet Cleaning customers and prospective customers in our service area and is intended to be compliant with the UK GDPR and related data protection legislation.