Westminster Carpet Cleaning Privacy Policy

This Privacy Policy explains how Westminster Carpet Cleaning collects, uses, stores, and protects personal data relating to customers and prospective customers in our service area. It is intended to comply with the UK General Data Protection Regulation and the Data Protection Act 2018. By using our services, you acknowledge that you have read and understood this Privacy Policy.

Scope of this Privacy Policy

This Privacy Policy applies to all Westminster Carpet Cleaning customers and prospective customers in our service area, including individuals who contact us for quotations, make bookings, receive our cleaning services, or otherwise interact with us in relation to our carpet, upholstery, or related cleaning services.

Personal Data We Collect

We may collect and process the following categories of personal data when you contact us, request a quote, make a booking, or receive our services:

Identification and contact information, such as your name, postal address, property address where services are provided, and any alternative contact details you choose to provide.

Communication details, including your preferred contact methods and any information you provide when you communicate with us, for example by phone or through online forms.

Service and transaction information, such as details of the services you request, dates and times of appointments, notes about your property that are relevant to service delivery, prices quoted, payment status, and basic invoice information.

Payment-related information to the extent necessary to process payments and issue invoices. We do not retain full payment card details; where electronic payments are processed through a third-party provider, that provider may process your card details on our behalf.

Technical and usage information, where applicable, relating to your use of our website, such as basic analytical data that does not directly identify you, used to help us understand how our website is used.

Lawful Basis for Processing

We process your personal data only where we have a lawful basis under data protection law. Depending on the context, we may rely on the following lawful bases:

Performance of a contract: We process your personal data when it is necessary to enter into or perform a contract with you. This includes arranging site visits, providing quotations, confirming bookings, delivering cleaning services, processing payments, and managing any related customer service matters.

Legitimate interests: We process personal data where it is necessary for our legitimate business interests, provided that your rights and freedoms are not overridden. These interests include managing our day-to-day operations, improving our services, responding to enquiries, maintaining records of past services for reference and safety, and pursuing or defending legal claims.

Compliance with legal obligations: We process personal data when we must do so to comply with our legal obligations, for example in relation to accounting, taxation, and record keeping requirements.

Consent: In limited cases, we may rely on your consent, for example for certain types of optional marketing communications. When we rely on consent, you have the right to withdraw it at any time.

How We Use Personal Data

We use personal data only for specified, explicit, and legitimate purposes and do not use it in ways that are incompatible with those purposes. Typical uses include:

Providing quotations, confirming availability, and managing bookings for carpet and upholstery cleaning services.

Carrying out cleaning and related services at the agreed premises, including contacting you to confirm arrival times or access arrangements.

Issuing invoices, processing payments, and handling queries about your account or our services.

Responding to questions, complaints, or feedback, and improving our services based on customer comments.

Keeping appropriate business records and complying with legal and regulatory requirements.

Sending service-related updates and, where permitted, limited marketing communications about our services that may be of interest to you. You can object to or opt out of marketing at any time.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law. We consider the amount, nature, and sensitivity of the data, the purposes for which it is processed, and any legal, accounting, or reporting requirements.

Customer records relating to services carried out, including contact details, service history, and invoices, are generally kept for up to six years after the end of our relationship with you. This period reflects typical statutory limitation periods for legal claims and accounting requirements.

Enquiry records where no contract is formed are usually retained for a shorter period, typically up to two years, to allow us to answer follow-up enquiries and keep track of quotations given.

Where we no longer need to keep personal data, it will be securely deleted, anonymised, or otherwise removed from our systems.

Data Sharing and Processors

We do not sell your personal data. We may share your personal data with trusted third parties where necessary for the operation of our business, service delivery, or legal compliance. These third parties act as processors or, in some cases, as independent controllers.

Typical categories of data recipients include:

Payment service providers who process payments on our behalf in accordance with applicable security standards.

IT and systems providers who support our booking, communication, and record-keeping systems, and who may process limited customer data in order to provide and maintain these services.

Professional advisers such as accountants or legal advisers, where necessary for compliance, financial management, or in connection with legal claims.

Public authorities where we are required by law or regulation to share data, or where sharing is necessary to protect the rights, property, or safety of our customers, staff, or others.

Whenever we use third-party processors, we require them to safeguard personal data through appropriate contractual and technical measures and to process it only on our documented instructions.

International Data Transfers

If we use service providers located outside the United Kingdom or the European Economic Area, we will ensure that appropriate safeguards are in place to protect your personal data in accordance with data protection laws. These safeguards may include the use of standard contractual clauses, adequacy regulations, or other recognised mechanisms.

Security of Personal Data

We take the security of your personal data seriously. We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include controlled access to systems, secure storage of physical records, and staff awareness of data protection responsibilities.

Your Data Protection Rights

Under data protection law, you have a number of rights in relation to your personal data, subject to certain conditions and exemptions. These rights include:

Right of access: You can request confirmation of whether we hold personal data about you and obtain a copy of that data, together with certain information about how it is processed.

Right to rectification: You can ask us to correct or complete any inaccurate or incomplete personal data we hold about you.

Right to erasure: In certain circumstances, you can request that we delete your personal data. This is sometimes known as the right to be forgotten.

Right to restriction of processing: You can ask us to limit the way we use your personal data in certain situations, for example while we are checking its accuracy or investigating a concern.

Right to data portability: Where processing is based on consent or contract and carried out by automated means, you may have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format and to request that it is transferred to another controller where technically feasible.

Right to object: You can object at any time to the processing of your personal data based on legitimate interests, including profiling, and we will stop processing unless we have compelling legitimate grounds to continue or the processing relates to legal claims. You also have an absolute right to object to processing for direct marketing purposes.

Rights in relation to automated decision-making: You have rights where we carry out automated decision-making that has legal or similarly significant effects on you. We do not typically carry out such processing in the context of our cleaning services.

Exercising Your Rights and Complaints

If you wish to exercise any of the rights described above, or if you have questions or concerns about this Privacy Policy or our handling of your personal data, you can contact us using your preferred communication method. We may need to verify your identity before responding to certain requests. We aim to respond without undue delay and within the time limits set by law.

You also have the right to lodge a complaint with the relevant supervisory authority for data protection if you believe that your privacy rights have been infringed. We encourage you to contact us first so that we can try to resolve any concerns directly.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection best practices. Any changes will take effect when the updated Privacy Policy is made available. We recommend that you review this Privacy Policy periodically to stay informed about how we handle your personal data.