Privacy Policy - Landscaping Catford
This Privacy Policy explains how Landscaping Catford collects, uses, stores, shares, and protects personal data. It applies to all Landscaping Catford customers in the area, including prospective customers, current customers, and anyone who contacts us to request services, quotes, or support. We are committed to handling personal data lawfully, fairly, and transparently in accordance with the UK GDPR and the Data Protection Act 2018.
1. Who We Are
Landscaping Catford provides landscaping-related services to individuals and businesses in the Catford area. In the course of delivering these services, we may need to collect and process personal information. We act as a data controller for the personal data we determine the purposes and means of processing.
Personal data means any information relating to an identified or identifiable person. This may include names, addresses, phone numbers, email addresses, service preferences, and payment-related information.
2. Data We Collect
We only collect data that is necessary for the services we provide and for related administrative, legal, and operational purposes. The types of data we may collect include:
- Identity information: name, title, and other identifiers.
- Contact information: address, email address, telephone number, and preferred communication details.
- Service information: property details, landscaping requirements, project instructions, and appointment notes.
- Transaction information: invoices, payment status, billing records, and service history.
- Technical information: limited device or usage details if you communicate with us electronically, such as basic log information.
- Correspondence: messages, feedback, complaints, and records of communication.
We do not intentionally collect special category data unless it is strictly necessary and we have a lawful basis to do so. Special category data includes information such as health data, racial or ethnic origin, political views, religious beliefs, or biometric data. If such information is ever provided to us, we will process it only where permitted by law and with appropriate safeguards.
3. How We Use Personal Data
We use personal data for the following purposes:
- to respond to enquiries and provide quotations;
- to plan, deliver, and manage landscaping services;
- to communicate about appointments, schedules, and service updates;
- to issue invoices, process payments, and maintain financial records;
- to handle complaints, claims, or service issues;
- to improve our services and customer experience;
- to comply with legal, tax, accounting, and regulatory obligations;
- to protect against fraud, misuse, or unlawful activity.
We will only use personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose and we have a lawful basis for doing so.
4. Lawful Basis for Processing
Under the UK GDPR, we must have a valid lawful basis for processing personal data. Landscaping Catford relies on the following lawful bases where appropriate:
Contract
We process personal data where it is necessary to enter into or perform a contract with you. This includes providing quotations, booking services, delivering work, and managing payments.
Legal Obligation
We may process and retain certain personal data where required by law, including tax, accounting, and record-keeping obligations.
Legitimate Interests
We may process data where it is necessary for our legitimate interests and where those interests are not overridden by your rights and freedoms. This may include improving our services, maintaining internal records, preventing fraud, and managing customer communications. We always consider the potential impact on your privacy before relying on this basis.
Consent
Where required, we may rely on your consent, for example for certain optional communications or non-essential processing. If we rely on consent, you can withdraw it at any time. Withdrawing consent will not affect processing already carried out lawfully before withdrawal.
5. Data Sharing and Processors
We may share personal data with trusted third parties who help us operate our business. These third parties act as processors or independent controllers depending on the service they provide. We ensure that any processor we use is subject to appropriate contractual obligations and only processes personal data on our instructions, unless required by law.
Typical categories of processors may include:
- IT and cloud service providers: to store files, manage email, or support business systems;
- payment service providers: to facilitate secure payments and financial transactions;
- accounting or bookkeeping providers: to assist with financial administration and compliance;
- customer management or scheduling tools: to organise service delivery and records;
- professional advisers: such as legal, tax, or insurance advisers where necessary.
We may also disclose personal data if required to do so by law, court order, or a public authority with lawful power to request it.
6. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, or reporting requirements. The retention period depends on the type of data and the reason for processing.
As a general approach:
- customer and service records are kept for the duration of the relationship and for a reasonable period afterwards;
- financial and invoicing records are retained in line with tax and accounting requirements;
- correspondence and complaint records are kept as long as necessary to resolve the issue and maintain business records;
- data no longer required is securely deleted or anonymised.
Where possible, we review retention periods regularly to ensure we do not store data for longer than necessary. When personal data is no longer needed, we take appropriate steps to delete or securely destroy it.
7. Data Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff awareness, and limiting access to personal data to people who need it for legitimate business purposes.
Although we take appropriate steps to safeguard data, no system can be guaranteed to be completely secure. We encourage customers to contact us promptly if they believe their information may have been compromised.
8. International Transfers
If any of our processors store or access data outside the UK, we will ensure that suitable safeguards are in place. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms required under data protection law.
9. Your Data Protection Rights
You have rights under data protection law in relation to the personal data we hold about you. These rights may include:
- Right of access: to request a copy of the personal data we hold about you;
- Right to rectification: to ask us to correct inaccurate or incomplete data;
- Right to erasure: to ask us to delete your data in certain circumstances;
- Right to restriction: to request that we limit how we use your data in certain cases;
- Right to object: to object to processing based on legitimate interests or direct marketing;
- Right to data portability: to receive certain data in a structured, commonly used format where applicable;
- Right to withdraw consent: where processing is based on consent;
- Right to complain: to the Information Commissioner’s Office if you are concerned about how your data is handled.
Some rights are subject to conditions or exceptions under applicable law. We will respond to requests in line with legal requirements and may need to verify your identity before acting on a request.
10. Automated Decision-Making
We do not use personal data for automated decision-making that produces legal or similarly significant effects on individuals. If this changes, we will update this policy and provide clear information about the logic involved, the significance of the processing, and your rights.
11. Children’s Data
Our services are not directed at children, and we do not knowingly collect personal data from children except where it is provided by an adult customer as part of a service arrangement and is necessary for the service. Where children’s data is processed, it will be handled with particular care and only where lawful and necessary.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, service arrangements, or data handling practices. Any revised version will continue to apply to all Landscaping Catford customers in the area from the date it becomes effective. We encourage you to review this policy periodically so you remain informed about how your data is used.
13. Summary of Key Principles
In summary, Landscaping Catford processes personal data fairly, securely, and only when necessary. We collect only the data needed to provide our services, rely on valid lawful bases, limit retention to appropriate periods, use trusted processors under contract, and respect your rights under data protection law. Our aim is to ensure your personal information is treated with care and in line with GDPR requirements at every stage.