Privacy Policy - Deep Cleaning Merton
This Privacy Policy explains how Deep Cleaning Merton collects, uses, stores, shares, and protects personal data. It applies to all Deep Cleaning Merton customers in the area, including prospective customers, current customers, and anyone who interacts with us in connection with our services. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Deep Cleaning Merton provides professional deep cleaning services for homes and businesses. In the context of this policy, we act as the data controller for personal information we collect directly from customers and prospects for the purposes described below. This means we determine why and how your personal data is used.
2. Personal Data We Collect
We only collect personal data that is relevant and necessary for delivering our services, managing customer relationships, meeting legal obligations, and improving our operations. The types of data we may collect include:
- Identity details: name, title, and, where applicable, business name.
- Contact details: address, email address, telephone number, and preferred contact method.
- Service information: cleaning requirements, property access instructions, booking details, and service history.
- Payment-related information: billing information and transaction records. We do not store full card details where payment processing is handled by secure third-party providers.
- Communication records: enquiries, correspondence, complaints, feedback, and notes about customer preferences.
- Technical data: limited information such as IP address or device data when you use digital forms or online booking systems, if applicable.
We do not intentionally collect special category data unless it is strictly necessary and you have provided it voluntarily, for example where relevant to access arrangements or health and safety considerations. If we do receive such data, we will process it only where a lawful basis applies and with appropriate safeguards.
3. How We Use Your Data
We use personal data to provide and manage our services effectively. Typical uses include:
- Responding to enquiries and preparing quotations.
- Scheduling, confirming, and carrying out cleaning appointments.
- Managing billing, payments, and receipts.
- Recording customer preferences and service requirements.
- Handling complaints, service issues, and follow-up communication.
- Meeting legal, regulatory, tax, and accounting obligations.
- Maintaining business records and improving service quality.
- Protecting against fraud, misuse, or security incidents.
We only use your personal data for the purposes for which it was collected, unless we reasonably believe we need to use it for another compatible purpose and that use is permitted by law.
4. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis for each type of data processing. Deep Cleaning Merton relies on the following lawful bases:
Contract
We process personal data when it is necessary to enter into or perform a contract with you. This includes handling bookings, service delivery, customer communications, invoicing, and payment administration.
Legitimate Interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include record-keeping, service improvement, fraud prevention, internal administration, and responding to customer queries.
Legal Obligation
We may process and retain certain information where required to comply with legal obligations, such as tax, accounting, health and safety, or other regulatory requirements.
Consent
In limited situations, we may rely on consent, for example where we send optional marketing communications or process particularly sensitive information in a way that requires your permission. Where consent is used, you may withdraw it at any time.
We will always make sure the lawful basis used is appropriate to the specific type of processing.
5. Sharing Your Personal Data
We do not sell personal data. However, we may share your information with trusted third parties when necessary to operate our business and deliver services. These may include:
- Payment processors who handle secure payment transactions.
- Booking or scheduling systems used to manage appointments and service records.
- IT and cloud service providers that support storage, email, or business administration.
- Professional advisers such as accountants, insurers, or legal advisers where required.
- Public authorities or regulators if disclosure is required by law.
When we use third parties to process personal data on our behalf, they act as processors. They are only permitted to use your data according to our instructions and must implement appropriate technical and organisational measures to protect it.
6. Processors and Data Protection Standards
We carefully choose processors that provide adequate security and privacy protections. Before using a processor, we assess their reliability, data handling practices, and ability to meet legal requirements. Where necessary, we enter into written data processing agreements that set out confidentiality, security, and restricted-use obligations.
Examples of processor responsibilities may include:
- Storing data securely with access controls.
- Supporting back-up and disaster recovery procedures.
- Assisting with secure communication or appointment management.
- Deleting or returning data when our relationship with the processor ends.
We remain responsible for ensuring that your data is processed lawfully and safely even when processed by third parties on our behalf.
7. Data Retention
We keep personal data only for as long as necessary for the purpose it was collected, including legal, accounting, and reporting obligations. Retention periods depend on the type of information and the reason we hold it.
- Customer and service records: retained for as long as needed to manage the relationship and deal with any follow-up issues.
- Financial and tax records: retained for the period required by law.
- Communication records: retained for a reasonable period to handle disputes, complaints, or service continuity.
- Marketing data: retained until you opt out or withdraw consent, where applicable.
When data is no longer needed, we will securely delete, anonymise, or archive it in line with our retention practices.
8. Your Rights
As a data subject under UK GDPR, you have important rights regarding your personal data. These rights may be subject to certain legal limitations, but we will always respond appropriately and within the required timeframes.
- Right of access: you may request a copy of the personal data we hold about you.
- Right to rectification: you may ask us to correct inaccurate or incomplete data.
- Right to erasure: in certain circumstances, you may request deletion of your data.
- Right to restriction: you may ask us to limit how we use your data in certain cases.
- Right to object: you may object to processing based on legitimate interests or direct marketing.
- Right to data portability: you may request your data in a structured, commonly used format where applicable.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
If you wish to exercise any of these rights, we will review your request carefully and respond in accordance with data protection law.
9. Security of Your Data
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and careful selection of service providers. While no system can be guaranteed completely secure, we are committed to protecting your information to a high standard.
10. International Transfers
If any processor or service provider stores or processes data outside the UK, we will ensure that suitable safeguards are in place so that your information receives an equivalent level of protection. Such safeguards may include approved contractual clauses or other lawful transfer mechanisms.
11. Children’s Data
Deep Cleaning Merton does not knowingly collect data from children in the ordinary course of its services. If personal data relating to a child is provided in connection with an address, access arrangement, or other legitimate service requirement, we will only process it where necessary and lawful.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal duties, or data protection practices. Any updated version will apply from the date it is made effective. We encourage customers to review this policy periodically so they remain informed about how personal data is handled.
13. Summary of Our Commitment
Deep Cleaning Merton is committed to processing personal data responsibly, transparently, and in line with applicable data protection laws. We collect only the information we need, use it for clear and lawful purposes, share it only when necessary with trusted processors, and retain it for no longer than required. Your privacy matters to us, and we aim to ensure that every customer in the area can trust us with their personal information.