Privacy Policy

This Privacy Policy explains how personal data is collected, used, disclosed, retained, and protected. It applies to all customers in the area and describes the rights available to individuals under applicable data protection law, including the General Data Protection Regulation (GDPR). By using our services, customers acknowledge that their personal data may be processed in accordance with this policy.

1. Data We Collect

We collect only the personal data necessary for the purposes described in this policy. Depending on the nature of the interaction, the categories of data may include:

  • Identification data such as name, title, and account identifiers.
  • Contact data such as postal address, email address, and telephone number.
  • Transaction data such as purchase history, service requests, billing information, and payment-related records.
  • Technical data such as device type, browser type, IP address, language settings, and access logs.
  • Usage data such as interaction patterns, preferences, and service activity.
  • Communication data such as messages, complaints, feedback, and support correspondence.

We do not intentionally collect special category data unless it is strictly necessary and lawful to do so. If such information is ever processed, it will only be handled with additional safeguards and an appropriate lawful basis.

2. How We Use Personal Data

Personal data is used for legitimate business and operational purposes, including to:

  • provide and manage services;
  • process transactions and maintain records;
  • respond to requests and deliver customer support;
  • improve service quality, performance, and user experience;
  • detect, investigate, and prevent fraud, misuse, or security incidents;
  • comply with legal and regulatory obligations;
  • communicate important service-related notices;
  • establish, exercise, or defend legal claims.

Where processing is based on consent, customers may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

3. Lawful Basis for Processing

We process personal data only where a lawful basis under GDPR applies. Depending on the context, we rely on one or more of the following bases:

Performance of a Contract

We process data when it is necessary to enter into or perform a contract with a customer, including account administration, service delivery, billing, and support.

Legal Obligation

We may process data to comply with legal duties such as tax, accounting, consumer protection, and record-keeping requirements.

Legitimate Interests

We may process data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by the individual’s rights and freedoms. Legitimate interests may include improving services, securing systems, preventing fraud, and managing internal operations.

Consent

Where required, we rely on freely given, specific, informed, and unambiguous consent. This may apply to certain optional communications or processing activities. Consent may be withdrawn at any time.

Vital Interests

In rare circumstances, we may process data to protect someone’s vital interests, such as in an emergency.

4. Retention of Personal Data

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods depend on the type of data, the purpose of processing, and any applicable legal obligations.

When determining retention periods, we consider the following:

  • the amount, nature, and sensitivity of the data;
  • the potential risk of harm from unauthorized use or disclosure;
  • the purposes of processing and whether those purposes can be achieved by other means;
  • legal limitation periods and statutory retention obligations;
  • the necessity of retaining information for dispute resolution or auditing.

When data is no longer required, it is securely deleted, anonymized, or otherwise irreversibly rendered unusable.

5. Processors and Data Sharing

We may share personal data with trusted third-party service providers acting as data processors on our behalf. These processors are only permitted to process data according to our documented instructions and are bound by appropriate confidentiality and security obligations.

Examples of processors may include:

  • IT and cloud infrastructure providers;
  • payment and billing service providers;
  • customer support and communication tools;
  • security, monitoring, and fraud prevention providers;
  • analytics and reporting service providers;
  • professional advisers, where necessary and subject to confidentiality.

We may also disclose personal data where required by law, court order, or regulatory authority, or where disclosure is needed to protect rights, safety, and property. Any transfer of personal data is limited to what is necessary and handled with appropriate safeguards.

6. International Transfers

If personal data is transferred outside the European Economic Area, we ensure that appropriate legal safeguards are in place. These may include adequacy decisions, standard contractual clauses, or other mechanisms permitted under GDPR. Additional measures may also be applied where necessary to protect personal data during transfer.

7. Data Security

We use organizational and technical measures designed to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. Such measures may include access controls, encryption where appropriate, restricted permissions, staff confidentiality obligations, and regular security review processes. While no system can be guaranteed completely secure, we maintain safeguards proportionate to the risks involved.

8. User Rights

Individuals whose personal data we process have rights under GDPR, subject to certain conditions and exceptions. These rights may include:

  • Right of access — to obtain confirmation of whether personal data is being processed and receive a copy of that data.
  • Right to rectification — to request correction of inaccurate or incomplete information.
  • Right to erasure — to request deletion of data in certain circumstances.
  • Right to restriction — to request limited processing in specific situations.
  • Right to data portability — to receive data in a structured, commonly used, machine-readable format and transmit it to another controller where applicable.
  • Right to object — to object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time.
  • Right not to be subject to automated decision-making — to request human intervention and challenge decisions where legally applicable.

Requests should be made through the channels made available to customers. We may need to verify identity before responding to a request. We will respond within the timeframe required by law, unless an extension is permitted due to complexity or volume.

9. Children’s Data

Our services are not directed to children, and we do not knowingly collect personal data from children without the required legal basis and safeguards. If we become aware that personal data has been collected inappropriately, we will take appropriate steps to delete it or obtain necessary authorization where permitted by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes. Any revised version will apply from the date it becomes effective. Customers are encouraged to review this policy periodically to remain informed about how personal data is processed.

11. Scope and Application

This Privacy Policy applies to all customers in the area and covers personal data processed in connection with the provision of services, customer management, compliance, and related operations. Where local law provides additional protections, those protections remain in effect alongside this policy.

Key Principles

We are committed to processing personal data in line with the GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. We aim to ensure that processing is proportionate, secure, and limited to what is necessary for legitimate and lawful purposes.

This Privacy Policy is intended to set out clear, lawful, and transparent standards for personal data processing.

Battersea Cleaners

GDPR privacy policy covering data collection, lawful basis, retention, processors, user rights, security, transfers, and scope for all customers in the area.

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.