Privacy Policy

Elephant and Castle Carpet Cleaning Privacy Policy

This Privacy Policy explains how Elephant and Castle Carpet Cleaning collects, uses, stores, and protects personal data relating to customers and prospective customers in the Elephant and Castle area. It is intended to provide clear and transparent information in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018.

This Privacy Policy applies to all Elephant and Castle Carpet Cleaning customers, as well as individuals who make enquiries about our carpet cleaning and related services within the Elephant and Castle area, whether contact is made online, by message, or in person.

Data Controller

Elephant and Castle Carpet Cleaning is the data controller for the personal data described in this Privacy Policy. As data controller, we determine the purposes and means of processing your personal information and are responsible for ensuring that such processing is carried out lawfully and securely.

Personal Data We Collect

We may collect and process the following categories of personal data about you when you contact us, request a quotation, or use our services:

Identification and contact information: name, address, property access details, and general location information within the Elephant and Castle area.

Communication details: information provided when you contact us, such as your preferred contact method and the content of your messages or calls.

Service information: details about the services requested or provided, including property type, areas to be cleaned, service preferences, dates and times of appointments, and related notes needed to deliver the service safely and effectively.

Billing and payment information: limited billing details required to process payments and issue invoices. Where payments are processed by a payment provider, that provider may collect card or account information directly, and will act as a separate data controller for that information.

Technical data: if you visit our website, certain technical data such as IP address, device type, and general usage information may be collected through standard web technologies to help operate and secure the site.

How We Collect Your Data

We collect personal data directly from you when you contact us to request information, a quote, or to book a service. This can occur through online forms, messages, or during telephone or in-person conversations.

We may also receive personal data indirectly if another person arranges a service on your behalf, for example a landlord, tenant, letting agent, or family member sharing your details to coordinate cleaning at a property you occupy or own. In such cases, we take reasonable steps to ensure you are made aware of this Privacy Policy.

Purposes and Lawful Basis for Processing

We process your personal data only where there is a lawful basis under data protection law. Depending on the context, we may rely on one or more of the following bases:

Contractual necessity: to take steps at your request before entering into a contract and to perform our contract with you. This includes providing quotations, managing bookings, delivering carpet cleaning and related services, handling payments, and communicating with you about your service.

Legitimate interests: to pursue our legitimate business interests, provided these are not overridden by your rights and interests. Examples include scheduling and managing our work, maintaining business records, improving our services, preventing fraud or misuse, managing customer queries, and ensuring the security and integrity of our systems.

Legal obligation: to comply with legal and regulatory requirements, such as record-keeping obligations for tax, accounting, and consumer protection purposes.

Consent: where we rely on your consent, for example for certain types of marketing communications. You can withdraw your consent at any time by contacting us using the details provided in our standard communications.

How We Use Your Personal Data

We may use your personal data for the following purposes:

To provide quotations and respond to your enquiries.

To schedule, manage, and deliver carpet cleaning and related services at your property.

To communicate with you about upcoming appointments, access requirements, or changes to bookings.

To issue invoices, process payments, and maintain financial records.

To maintain customer service and handle complaints, feedback, or refund requests.

To improve our services, business processes, and customer experience.

To meet our legal and regulatory obligations.

Data Sharing and Processors

We do not sell your personal data. We may share your personal data with third parties only as necessary for the purposes described above and in compliance with data protection law.

Service providers and processors: We may use carefully selected third-party service providers to support our business operations, for example in relation to payment processing, accounting, website hosting, or secure data storage. These providers act as data processors and may only process your personal data on our documented instructions, under a written contract, and with appropriate security measures in place.

Professional advisers: We may share data with accountants or other professional advisers where necessary for business administration, financial management, or legal advice.

Legal and regulatory authorities: We may disclose personal data where required to comply with a legal obligation, to respond to lawful requests, or to protect the rights, property, or safety of our business, our customers, or others.

Where processors or service providers are based outside the UK or the European Economic Area, we will ensure that appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses, to protect your personal data.

Data Retention

We keep your personal data only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, or reporting requirements.

Customer and service records: we typically retain customer and service-related data for a period that allows us to manage ongoing relationships, respond to queries, and demonstrate compliance with legal obligations. In many cases this will be up to six years after the last service or transaction, in line with standard limitation and accounting periods.

Enquiries without booking: if you contact us for a quotation or information but do not proceed with a booking, we may retain basic contact and enquiry information for a limited period to follow up and manage our records, after which it will be securely deleted or anonymised.

When data is no longer required, we will either delete it securely or anonymise it so that it can no longer be associated with you.

Data Security

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, accidental loss, destruction, or damage. These measures include limiting access to personal data to staff and processors who have a genuine business need to know it, using secure storage solutions, and maintaining suitable internal safeguards and procedures.

While we take reasonable steps to secure your data, no method of transmission or storage is completely risk-free. You should also take care when sharing personal information and consider the security of the devices and networks you use.

Your Data Protection Rights

Under data protection law, you have a number of rights in relation to your personal data, subject to certain conditions and exemptions:

Right of access: you can request confirmation of whether we process your personal data and obtain a copy of that data, together with certain information about how it is used.

Right to rectification: you can request that inaccurate or incomplete personal data is corrected or updated.

Right to erasure: in certain circumstances, you can request that your personal data is deleted, for example where it is no longer needed for the purpose for which it was collected and there is no lawful reason for us to continue processing it.

Right to restrict processing: you can ask us to restrict the processing of your personal data in certain situations, for example while we are verifying its accuracy or handling an objection.

Right to object: you can object to processing based on our legitimate interests where you believe your rights and interests outweigh our grounds for processing. You also have the absolute right to object to direct marketing at any time.

Right to data portability: in some cases, you can request that we provide your personal data in a structured, commonly used, machine-readable format, or that it is transmitted directly to another controller, where technically feasible.

To exercise any of these rights, or to ask questions about how we handle your data, you can contact us using the contact details provided in our standard communications and invoices. We may need to verify your identity before responding to your request. There is usually no fee for exercising your rights, unless a request is clearly unfounded or excessive.

You also have the right to lodge a complaint with the relevant supervisory authority if you are concerned about how your personal data is being handled. In the UK, this is the Information Commissioner's Office.

Children's Data

Our services are not directed at children, and we do not knowingly collect personal data relating to children. If we learn that we have inadvertently collected personal data about a child, we will take steps to delete such data as soon as reasonably possible.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. Any changes will take effect from the date of publication of the revised version. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.