Privacy Policy - Oven Cleaning Sutton
Oven Cleaning Sutton is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all Oven Cleaning Sutton customers in the area, including anyone who enquires about, books, receives, or has received our cleaning services.
By using our services, you acknowledge that you have read and understood this Privacy Policy. We aim to keep the information below clear, transparent, and easy to understand.
1. Information We Collect
We collect only the personal data that is necessary for providing and managing our services. Depending on how you interact with us, we may collect the following information:
- Identity details: your name and title.
- Contact details: address, phone number, and email address.
- Service information: details about your property, booking preferences, access instructions, and service history.
- Billing and payment information: payment status, invoice records, and transaction details where relevant.
- Communication records: messages, notes from phone calls, and correspondence relating to your booking or complaint.
- Technical data: basic information such as device type or browser data if you contact us electronically, where this is necessary for service administration.
We do not intentionally collect special category data, such as information about health, ethnicity, religion, or political views, unless you provide it voluntarily and it is necessary for a specific request. If we ever need to process such data, we will do so only where permitted by law.
2. How We Use Your Personal Data
We use personal data for the following purposes:
- to respond to enquiries and provide quotations;
- to manage bookings and deliver cleaning services;
- to communicate about appointments, changes, or service updates;
- to issue invoices, process payments, and maintain financial records;
- to handle complaints, disputes, or customer support requests;
- to maintain internal records and service quality;
- to comply with legal, regulatory, and tax obligations;
- to improve our services, processes, and customer experience;
- to prevent fraud, misuse, or unauthorised access.
We will always ensure that our use of your information is fair, lawful, and transparent.
3. Lawful Basis for Processing
Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following lawful bases:
Performance of a Contract
We process your data when it is necessary to take steps at your request before entering into a contract, or to perform our contract with you. This includes managing your booking, carrying out cleaning services, and handling payment arrangements.
Legitimate Interests
We may process data where it is necessary for our legitimate business interests, provided your rights and freedoms do not override those interests. Examples include maintaining records, improving services, responding to customer enquiries, and preventing misuse of our systems.
Legal Obligation
We may process and retain certain information because we are required to do so by law, such as for accounting, tax, insurance, or regulatory purposes.
Consent
In limited cases, we may rely on your consent, for example if you choose to receive optional marketing communications or agree to a specific type of data use. Where we rely on consent, you may withdraw it at any time.
4. Sharing Your Data and Processors
We do not sell your personal data. However, we may share it with trusted third parties who help us operate our business. These parties act as data processors or independent controllers, depending on the service they provide.
Examples of processors may include:
- payment providers that process card or electronic payments;
- accounting or bookkeeping services used for invoicing and financial records;
- customer management or scheduling tools used to organise appointments;
- IT and cloud storage providers that securely host business data;
- professional advisers such as insurers, auditors, or legal advisers where necessary.
Where we use processors, we require them to safeguard your information, use it only on our instructions, and comply with data protection law. If personal data is shared with other organisations acting as independent controllers, they will be responsible for their own privacy practices.
We may also disclose personal data if required by law, court order, or a lawful request from a public authority.
5. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, and reporting requirements. The length of time we retain information depends on the type of data and the reason for processing it.
- Customer and booking records: retained for the duration needed to manage the service relationship and any reasonable follow-up period.
- Financial records: retained for the period required by tax and accounting laws.
- Communication records: retained as needed for service administration, dispute resolution, and quality management.
- Consent-based data: retained until consent is withdrawn or the purpose ends.
When data is no longer required, we will delete it securely or anonymise it so that it can no longer identify you. Retention periods may vary depending on legal requirements and the nature of the record.
6. Data Security
We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, password protection, and limiting data access to those who need it to perform their duties.
Although we work hard to protect your data, no method of transmission or storage is completely secure. If a data incident occurs, we will act promptly in accordance with applicable law.
7. Your Rights Under GDPR
You have a number of rights in relation to your personal data. These rights may be subject to legal limitations, but we will always consider your request carefully.
- Right of access: you can request a copy of the personal data we hold about you.
- Right to rectification: you can ask us to correct inaccurate or incomplete information.
- Right to erasure: you can request deletion of your data in certain circumstances.
- Right to restrict processing: you can ask us to limit how your data is used in specific situations.
- Right to data portability: you can request that certain data be provided in a reusable format, where applicable.
- Right to object: you can object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: where we rely on consent, you may withdraw it at any time.
If you wish to exercise any of these rights, we will respond within the timeframe required by law. We may need to verify your identity before actioning your request.
8. International Transfers
In some cases, our service providers may store or process data outside the UK. Where this happens, we take steps to ensure that an adequate level of protection is in place, such as using approved contractual safeguards or relying on recognised adequacy measures.
9. Children’s Data
Our services are intended for adult customers and household service arrangements. We do not knowingly collect personal data from children unless it is incidentally provided in the course of service delivery and is necessary for a legitimate purpose. If we become aware that we have collected data from a child inappropriately, we will take appropriate steps to delete it.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, business practices, or the services we provide. Any updated version will apply from the date it is published or otherwise made available. We encourage customers to review this policy periodically so they remain informed about how their data is handled.
11. Summary of Our Commitment
We respect your privacy and process personal data only when we have a lawful basis to do so. We collect the minimum information needed to deliver our services, keep it secure, share it only with appropriate processors, and retain it only for as long as necessary. You also have strong rights over your personal information, and we will support you in exercising them where required by law.
Oven Cleaning Sutton treats data protection as an important part of its relationship with every customer in the area. Our goal is to provide a reliable service while ensuring your personal data is handled responsibly, securely, and in accordance with GDPR principles.