Merton Carpet Cleaning Privacy Policy

This Privacy Policy explains how Merton Carpet Cleaning collects, uses, stores, and protects personal data relating to our customers and prospective customers. It applies to all individuals and businesses using Merton Carpet Cleaning services within our service area, whether you contact us online, by post, or in person.

Merton Carpet Cleaning acts as the data controller for the personal data described in this Privacy Policy. We handle your information in accordance with the United Kingdom General Data Protection Regulation and the Data Protection Act, together referred to as GDPR in this policy.

Personal Data We Collect

We only collect personal data that is relevant and necessary for providing our carpet and upholstery cleaning services, managing our relationship with you, and meeting our legal obligations. The types of data we may collect include:

Identification and contact details such as your name, business name where applicable, postal address, billing address, and any other contact details you choose to provide, except for email addresses or phone numbers, which are not collected or stored by us.

Service details such as the type of cleaning service requested, property type and access instructions, details of previous visits, and any relevant notes you provide about your premises or specific cleaning requirements.

Transaction and account data such as records of quotes, invoices, amounts paid, payment method used, date and time of payment, and internal customer reference numbers.

Communication records such as the content of any written communications you send to us and our responses, including queries, feedback, and complaints. We retain these records in order to manage our relationship with you and improve our services.

Technical and usage data if you visit our website, such as pages viewed, time and date of visit, and information collected through cookies or similar technologies, where applicable. This may include anonymised or aggregated data used for analytics, which does not identify you directly.

Purposes and Lawful Bases for Processing

We only process your personal data when we have a valid lawful basis under GDPR. The purposes for which we use your personal data and the corresponding lawful bases include:

To provide and manage cleaning services. We use your identification, contact, and service details to prepare quotes, schedule appointments, perform cleaning, issue invoices, and manage payments. The lawful basis is performance of a contract or taking steps at your request prior to entering into a contract.

To respond to enquiries and provide customer service. We use your personal data to respond to questions, provide information about our services, handle complaints, and offer aftercare support. The lawful basis is performance of a contract or our legitimate interests in providing effective customer service.

To maintain records and comply with legal obligations. We retain certain transaction and accounting records for tax, audit, and regulatory purposes. The lawful basis is compliance with legal obligations that apply to our business.

To manage and improve our business. We may use anonymised or aggregated data for analysis, quality monitoring, service improvement, and internal reporting. Where any personal data is used for these purposes, our lawful basis is our legitimate interests in operating and developing our services in a responsible way.

To protect our rights and the rights of others. Where necessary, we may process personal data to prevent or investigate fraud or misuse of our services, or to establish, exercise, or defend legal claims. The lawful basis is our legitimate interests and, where applicable, compliance with legal obligations.

Data Retention

We only retain personal data for as long as reasonably necessary to fulfil the purposes described in this Privacy Policy and to meet any legal, regulatory, or reporting requirements. When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use, the purposes for which we process it, and whether we can achieve those purposes through other means.

Customer records including basic identification, contact, and service history are generally retained for a period aligned with applicable limitation periods for legal claims, after which they are securely deleted or anonymised unless a longer retention period is required by law.

Accounting and tax records such as invoices and payment information are retained for the duration required by tax and company law, after which they are securely deleted or archived in anonymised form.

Enquiry records where no service is ultimately provided are retained for a limited period to respond to any follow-up queries and to demonstrate how we handled your enquiry, after which they are securely deleted or anonymised.

Website usage data may be retained for a shorter period, usually only as long as necessary for analytics and security purposes, and may be stored in anonymised or aggregated form that does not identify you directly.

Data Sharing and Processors

We do not sell your personal data. However, we may share your data with trusted third parties where necessary for the operation of our business, always under appropriate data protection safeguards.

Service providers acting as data processors may process your data on our behalf for purposes such as secure data storage, accounting and invoicing, payment processing, website hosting, information technology support, and business administration. These processors are only permitted to process your personal data in accordance with our instructions and are subject to contractual obligations to implement appropriate technical and organisational measures.

Professional advisers such as accountants, auditors, or legal advisers may have access to certain personal data where necessary for the services they provide to us. They are bound by professional duties of confidentiality and data protection obligations.

Authorities and regulators may receive data where we are required to disclose information by law, regulation, or court order, or where necessary to protect our rights or the rights of others.

In the event of a business reorganisation, merger, or transfer of services, personal data may be shared with relevant third parties strictly as necessary and subject to appropriate protections, and you will be informed where required by law.

International Transfers

Where we use service providers or systems located outside the United Kingdom or the European Economic Area, your personal data may be transferred internationally. In such cases, we ensure that appropriate safeguards are in place, such as adequacy regulations for the destination country or the use of standard contractual clauses or equivalent measures approved under applicable data protection law.

Security of Your Personal Data

We take reasonable and proportionate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These measures include controlled access to records, secure storage, staff awareness and confidentiality commitments, and regular review of our security arrangements.

While we take care to protect your data, no method of storage or transmission can be guaranteed as fully secure. We continuously assess and improve our safeguards to reduce risks as far as is reasonably possible.

Your Data Protection Rights

Under GDPR, individuals have a range of rights in relation to their personal data. These rights apply to all Merton Carpet Cleaning customers and prospective customers within our service area, subject to certain legal conditions and limitations.

Right of access You have the right to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of that data together with information about how we use it.

Right to rectification You have the right to request correction of inaccurate personal data and to have incomplete data completed.

Right to erasure In certain circumstances, you may request that we delete your personal data, for example where the data is no longer necessary for the purposes for which it was collected or where you withdraw consent, if consent was the lawful basis.

Right to restriction You may ask us to restrict the processing of your personal data in certain situations, such as while we verify the accuracy of the data or consider an objection you have raised.

Right to object You have the right to object to processing based on our legitimate interests, on grounds relating to your particular situation. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is required for legal claims.

Right to data portability Where processing is based on consent or on a contract and carried out by automated means, you may have the right to receive your personal data in a structured, commonly used, machine-readable format and to request that it is transmitted to another controller where technically feasible.

Right to withdraw consent Where we rely on consent as the lawful basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before you withdraw.

You also have the right to raise a concern or lodge a complaint with a supervisory authority if you believe your data protection rights have been infringed. In the United Kingdom, this is the Information Commissioner s Office. We encourage you to contact us first so we can try to resolve any concerns directly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection best practices. The updated version will apply from the date it is made available. We recommend that you review this policy periodically so that you remain informed about how we process your personal data.