Privacy Policy - Stjohnswood Cleaner
Stjohnswood Cleaner is committed to protecting your privacy and handling personal data in a transparent, fair, and secure manner. This Privacy Policy explains how we collect, use, store, share, and protect personal information in line with the UK GDPR and the Data Protection Act 2018. It applies to all Stjohnswood Cleaner customers in the area, including current, former, and prospective customers who use or enquire about our cleaning services.
1. Who We Are
For the purposes of data protection law, Stjohnswood Cleaner is the data controller for the personal data described in this policy. This means we decide why and how your personal information is processed. We take our responsibilities seriously and aim to collect only the information we need to provide our services effectively and lawfully.
2. Personal Data We Collect
We may collect and process different types of personal information depending on how you interact with us. The data we collect may include:
- Identity data such as your name or title.
- Contact data such as your address, email address, and telephone number.
- Service data such as service preferences, booking details, property access notes, and cleaning instructions.
- Payment data such as payment confirmations, billing records, or transaction references. We do not store full payment card details unless explicitly required and permitted through a secure payment provider.
- Communication data such as messages, complaints, enquiries, and feedback.
- Technical data such as limited device or usage information if you interact with our digital systems, where applicable.
We may also process special category data only where it is necessary and where a valid legal condition applies. In most cases, we do not intentionally collect this type of data. If you choose to provide information that could reveal health, access, or vulnerability-related needs, we will handle it carefully and only for the purpose for which it was shared.
3. How We Use Your Data
We use personal data for the following purposes:
- To provide and manage our cleaning services.
- To confirm bookings, schedules, and service changes.
- To communicate with customers about appointments, queries, or complaints.
- To process payments, invoices, and account-related matters.
- To maintain service records and improve quality.
- To comply with legal, accounting, or regulatory obligations.
- To protect our business, staff, customers, and property.
We only use your personal data where we have a lawful basis to do so and where the processing is necessary, relevant, and proportionate to the purpose.
4. Lawful Basis for Processing
Under GDPR, we must have a lawful basis before processing your personal data. Depending on the context, we may rely on one or more of the following:
Contract
We process your personal data when it is necessary to enter into or perform a contract with you. This includes managing bookings, delivering cleaning services, handling service changes, and processing payments.
Legal Obligation
We may process your data when required to comply with legal obligations, such as tax, accounting, or record-keeping requirements.
Legitimate Interests
We may process data where it is necessary for our legitimate business interests, provided that these interests are not overridden by your rights and freedoms. Examples include service improvement, responding to enquiries, maintaining security, preventing fraud, and keeping accurate business records.
Consent
Where required by law, we will ask for your consent before processing your personal data. If consent is used as the lawful basis, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
5. Data Sharing and Processors
We may share personal data with trusted third parties who help us operate our business. These parties act as processors where they process data on our behalf and only according to our instructions. We use appropriate contractual safeguards to ensure they protect your data and comply with applicable data protection requirements.
Examples of processors may include:
- Booking and scheduling providers that help manage appointments and service records.
- Payment service providers that process secure transactions.
- IT and cloud service providers that host systems, communications, or data storage.
- Administrative or accounting service providers that support invoicing, bookkeeping, and compliance tasks.
We may also disclose personal data where necessary to professional advisers, insurers, regulators, law enforcement, or courts if required by law or needed to protect our legal rights. We do not sell personal data.
6. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including the purposes of satisfying legal, accounting, tax, or reporting requirements. The retention period depends on the type of data and why it is held.
In general:
- Customer service records are retained for the duration of the relationship and for a reasonable period afterwards.
- Financial and invoicing records are retained for the period required under applicable tax and accounting laws.
- Complaint or dispute records may be retained until the matter is resolved and for a further period if necessary to defend legal claims.
When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention practices.
7. Data Security
We take appropriate technical and organisational measures to safeguard personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures are designed to reflect the nature of the data we process and the risks involved. However, no method of transmission or storage is completely secure, and while we strive to protect your information, we cannot guarantee absolute security.
8. Your Rights Under GDPR
You have a number of rights in relation to your personal data. These rights may be limited in certain circumstances, but we will always assess any request carefully and respond in line with applicable law.
- Right of access – You may request a copy of the personal data we hold about you.
- Right to rectification – You may ask us to correct inaccurate or incomplete data.
- Right to erasure – In some cases, you may ask us to delete your personal data.
- Right to restriction – You may ask us to limit how we use your data in certain situations.
- Right to data portability – You may request that we provide certain data in a structured, commonly used format.
- Right to object – You may object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent – Where we rely on consent, you can withdraw it at any time.
If you wish to exercise any of these rights, we will respond without undue delay and within the time limits set by law. We may need to verify your identity before acting on your request.
9. International Transfers
Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms recognised under applicable data protection rules. We will only transfer data when necessary and when suitable protections are available.
10. Children’s Data
Our services are not directed at children, and we do not knowingly collect personal data from children without appropriate authority. If we become aware that we have collected such data inadvertently, we will take reasonable steps to delete it or obtain the necessary permissions where required.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is published. We encourage customers to review this policy periodically to stay informed about how we protect personal data.
12. Our Commitment
Stjohnswood Cleaner values trust, confidentiality, and compliance. We aim to process personal data in a lawful, fair, and transparent way, ensuring that it is used only when necessary and kept only for as long as required. Our approach is based on the principles of data minimisation, purpose limitation, accuracy, storage limitation, and integrity and confidentiality.
By using our services, you acknowledge that your personal data may be processed as described in this Privacy Policy. If you have concerns about how your data is handled, you may raise them with us or contact the relevant supervisory authority in accordance with your rights under GDPR.