Privacy Policy - Kingston Carpet Cleaners
Effective for all Kingston Carpet Cleaners customers in the local area. This Privacy Policy explains how Kingston Carpet Cleaners collects, uses, stores, shares, and protects personal data when providing carpet cleaning and related services. It applies to all customers, prospective customers, website visitors, and anyone else who interacts with us in connection with our services in the Kingston area.
1. Who we are
Kingston Carpet Cleaners is a carpet cleaning service provider operating in the Kingston area. For the purposes of data protection law, we act as a data controller when we decide why and how personal data is processed. This means we are responsible for ensuring that personal data is handled lawfully, fairly, and transparently.
2. Personal data we collect
We only collect personal data that is relevant and necessary for delivering our services, managing customer relationships, meeting legal obligations, and improving service quality. The categories of data we may collect include:
- Identity data such as your name.
- Contact data such as your address, phone number, and email address.
- Service data such as details of rooms, carpet types, stain concerns, cleaning preferences, and booking history.
- Payment and billing data such as payment status and transaction records. We do not keep card details unless this is required by the payment provider and allowed by law.
- Communication data such as messages, complaints, feedback, and notes about your service requests.
- Technical data where applicable, such as limited information from our devices or systems used to keep services secure and functional.
We do not intentionally collect special category data unless you choose to provide it to us and there is a valid reason for doing so. Please avoid sharing sensitive information unless it is necessary for the service.
3. How we use personal data
We use personal data for the following purposes:
- To provide quotations, bookings, and carpet cleaning services.
- To communicate with customers about appointments, access arrangements, service updates, and follow-up matters.
- To manage billing, payments, refunds, and accounting records.
- To respond to questions, complaints, and service requests.
- To maintain internal records and service history.
- To improve our services, customer experience, and operational efficiency.
- To comply with legal, tax, insurance, and regulatory requirements.
- To prevent fraud, misuse, or unauthorised access to our systems and services.
We do not use your data for unrelated purposes without a valid legal basis.
4. Lawful basis for processing
Under GDPR, we must have a lawful basis before processing personal data. We rely on one or more of the following bases:
Contract
We process personal data where it is necessary to perform a contract with you or to take steps before entering into a contract. This includes handling bookings, providing cleaning services, and managing payment-related matters.
Legal obligation
We may process personal data where needed to comply with legal obligations, including accounting, tax, health and safety, and record-keeping requirements.
Legitimate interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include managing customer records, improving service delivery, preventing fraud, and securing our systems.
Consent
In limited cases, we may rely on your consent, for example where you choose to receive certain optional communications. Where consent is used, you can withdraw it at any time.
5. Data sharing and processors
We may share personal data with trusted third parties where necessary for the purposes described in this Policy. These third parties act either as independent controllers or as processors acting on our behalf.
Examples of processors may include:
- Booking and scheduling service providers.
- Payment processing providers.
- IT and cloud storage providers.
- Customer communication tools.
- Accountancy, administration, or document management services.
Where a processor is used, we require them to handle personal data only in line with our instructions, to keep it secure, and to comply with data protection law. We do not sell personal data.
We may also disclose personal data if required by law, court order, or a lawful request from a public authority, or where necessary to protect our rights, customers, staff, or the public.
6. Data retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. The retention period depends on the type of data and the reason it is held.
- Customer booking and service records are kept for a reasonable period after the service has been completed.
- Invoice and payment records are retained for the time required by tax and financial laws.
- Communication records are kept as needed to resolve queries, manage disputes, or maintain service history.
- Marketing consent records, where applicable, are kept until consent is withdrawn or the data is no longer needed.
When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you.
7. Data security
We take appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff awareness, and limiting data access to those who need it for business purposes.
Although no system can be guaranteed to be completely secure, we work to maintain a high standard of protection.
8. Your rights under GDPR
You have a number of rights in relation to your personal data. These rights may apply in different situations, depending on the lawful basis used and the circumstances of the request.
- Right of access – you can request a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete information.
- Right to erasure – in some cases, you can ask us to delete your personal data.
- Right to restrict processing – you can ask us to limit how your data is used in certain situations.
- Right to object – you can object to processing based on legitimate interests, and to direct marketing where applicable.
- Right to data portability – where processing is based on consent or contract and carried out by automated means, you may request your data in a portable format.
- Right to withdraw consent – where we rely on consent, you may withdraw it at any time.
Exercising your rights will not usually affect the lawfulness of processing carried out before your request. We may need to verify your identity before responding to a request. We aim to respond within the time limits required by data protection law.
9. Children’s data
Our services are generally aimed at adults. We do not knowingly collect personal data from children in a way that would require separate consent or special handling, unless this is necessary for a lawful service request made by a parent, guardian, or authorised adult.
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or how we process data. Any updated version will apply from the date it becomes effective. We encourage customers to review this Policy periodically so they remain informed about how their data is used.
11. Summary of our commitments
- We collect only the data needed to provide and manage our services.
- We process personal data under a valid lawful basis.
- We keep data only as long as necessary.
- We use trusted processors with appropriate safeguards.
- We respect your GDPR rights and respond to valid requests.
Kingston Carpet Cleaners is committed to handling personal data responsibly, transparently, and in line with applicable data protection laws for every customer in the Kingston area.