Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, shared, and protected in connection with the services provided to customers in the relevant area. It applies to all customers in the area and is intended to meet the requirements of the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using the services, customers acknowledge that they have read and understood this Privacy Policy.

1. Data We Collect

We collect only the personal data necessary to provide our services, manage our relationship with customers, maintain security, and comply with legal obligations. The categories of data collected may include:

  • Identity data: name, title, and similar identifying information.
  • Contact data: address, email address, telephone number, and other communication details.
  • Account and service data: login details, preferences, service history, and records of interactions.
  • Transaction data: payment-related details, billing records, and purchase or order information.
  • Technical data: device information, browser type, IP address, and usage logs.
  • Communication data: messages, enquiries, feedback, complaints, and support correspondence.
  • Compliance data: information required for identity verification, fraud prevention, and legal or regulatory checks.

We do not intentionally collect special category data unless it is strictly necessary and lawful to do so. If such data is ever processed, it will be handled with enhanced safeguards and only where an appropriate legal basis exists.

2. How We Use Personal Data

Personal data is used for clearly defined and legitimate purposes. These may include:

  • providing and managing services requested by customers;
  • communicating service updates, notices, and operational information;
  • processing payments, billing, and account administration;
  • maintaining security, preventing fraud, and protecting against misuse;
  • responding to enquiries, complaints, and support requests;
  • improving service quality, performance, and customer experience;
  • meeting legal, tax, accounting, and regulatory obligations.

Where required by law, we will obtain consent before using personal data for any purpose that is not covered by another lawful basis. Personal data will never be used in ways that are incompatible with the original purpose for which it was collected.

3. Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process personal data. Depending on the situation, we rely on one or more of the following lawful bases:

  • Contract: processing is necessary to enter into or perform a contract with a customer.
  • Legal obligation: processing is necessary to comply with applicable laws and regulations.
  • Legitimate interests: processing is necessary for our legitimate business interests, provided these are not overridden by the rights and freedoms of customers.
  • Consent: where customers have given clear and informed consent for a specific purpose.
  • Vital interests: in rare cases, where processing is necessary to protect someone’s life.
  • Public task: where processing is required for a task carried out in the public interest, if applicable.

When relying on legitimate interests, we conduct a balancing test to ensure that the impact on customers is appropriate and proportionate. When relying on consent, customers may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

4. Data Sharing and Processors

We may share personal data with trusted third parties that act as processors or, where relevant, independent controllers. These parties process data only for specified purposes and under appropriate contractual and security safeguards. Typical categories of processors may include:

  • IT and hosting providers: for data storage, system maintenance, and infrastructure support;
  • Payment service providers: for secure payment handling and transaction processing;
  • Customer support tools: for managing communication and service tickets;
  • Analytics providers: for measuring service performance and usage trends;
  • Professional advisers: such as legal, accounting, or audit advisers where necessary;
  • Public authorities: where disclosure is required by law or lawful request.

All processors are required to act on documented instructions, apply suitable technical and organisational measures, and keep personal data secure. They may not use personal data for their own unrelated purposes unless they are acting as a separate controller under an applicable legal basis.

5. International Transfers

Where personal data is transferred outside the European Economic Area or the United Kingdom, we ensure that appropriate safeguards are in place. These may include adequacy decisions, standard contractual clauses, or other legally recognised mechanisms. Additional measures may be applied where necessary to protect personal data against unlawful access, loss, or misuse.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, reporting, and operational requirements. Retention periods are determined by the nature of the data, the purpose of processing, and any applicable legal obligations.

In general:

  • account and service records are kept for the duration of the customer relationship and for a reasonable period afterward;
  • financial and transaction records are retained for the periods required by tax and accounting laws;
  • communications and support records are kept for as long as needed to resolve matters and maintain accurate records;
  • technical logs are retained for a limited period for security, troubleshooting, and fraud prevention purposes.

When personal data is no longer required, it is securely deleted, anonymised, or otherwise disposed of in accordance with our retention procedures. Retention schedules are reviewed regularly to ensure data is not kept longer than necessary.

7. Data Security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, loss, or destruction. These measures may include access controls, encryption, secure storage, staff confidentiality obligations, logging, monitoring, and regular security reviews. While no system can be guaranteed completely secure, we take reasonable and proportionate steps to reduce risk and respond promptly to any suspected incident.

8. User Rights Under GDPR

Customers have rights in relation to their personal data. Subject to legal conditions and exemptions, these rights include:

  • Right of access: to obtain confirmation and a copy of the personal data we hold about them;
  • Right to rectification: to request correction of inaccurate or incomplete data;
  • Right to erasure: to request deletion of personal data in certain circumstances;
  • Right to restriction: to request that processing be limited in specific situations;
  • Right to data portability: to receive certain data in a structured, commonly used format and have it transferred where feasible;
  • Right to object: to object to processing based on legitimate interests or direct marketing;
  • Right to withdraw consent: where processing is based on consent, to withdraw it at any time;
  • Right not to be subject to automated decision-making: to request human review where decisions are based solely on automated processing and produce legal or similarly significant effects.

Customers may also have the right to lodge a complaint with a supervisory authority if they believe their rights have been infringed. Exercising these rights will not usually require a fee, unless a request is manifestly unfounded or excessive.

How Rights Requests Are Handled

When a rights request is received, we will verify the requester’s identity and assess the request in line with GDPR requirements. We will respond within the statutory timeframe unless an extension is permitted due to complexity or volume. Where we cannot fully comply, we will explain the reasons and, where possible, identify any partial remedies or applicable exemptions.

9. Children’s Data

Our services are not intended for children unless specifically stated otherwise. We do not knowingly collect personal data from children without appropriate authorisation or a lawful basis. If we become aware that data has been collected in error, we will take appropriate steps to delete or protect it as required by law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service arrangements. Any updates will apply from the date they take effect. Customers are encouraged to review this policy periodically to stay informed about how personal data is processed.

Scope: This Privacy Policy applies to all customers in the area and governs the processing of personal data in connection with the relevant services. By continuing to use the services, customers acknowledge the terms set out in this policy and the protections offered under applicable data protection law.

Call Now!
Call Now Get a Quote
Elephantandcastle Carpet Cleaners

GDPR privacy policy covering data collection, lawful basis, retention, processors, user rights, security, and scope for all customers in the area.

Get a Quote

What Our Customers Say

Excellent on Google
4.9 (10)

Because of a recommendation, I chose ElephantAndCastleCarpetCleaners--and it was absolutely the right choice. The service was exceptional, the staff were friendly, and the work was remarkable. I'm very satisfied with the results.

Google Logo
J

First cleaning with Elephant And Castle Carpet Cleaning Company today, and I was blown away by the level of cleanliness. Every spot was sparkling. Thank you so much!

Google Logo
D

Efficient and dependable. The staff's friendliness stands out.

Google Logo
P

Great service from very courteous staff. We have used Elephant And Castle Carpet Cleaning Company on two occasions and have always been satisfied.

Google Logo
P

Professionalism, efficiency, and a sincere dedication to customer satisfaction were evident in their cleaning team.

Google Logo
T

Having had three regular Elephant And Castle Carpet Cleaning Company cleaners plus an excellent substitute during holidays, each one has been professional, friendly, and industrious. I have no complaints whatsoever. Thank you.

Google Logo
K

I appreciated how attentive and respectful the Elephant And Castle Carpet Cleaning team was. Their meticulous cleaning left my house spotless, and they removed stains I thought were beyond help. Everything feels so fresh now.

Google Logo
D

First time getting an End of Tenancy clean and was very pleased. The cleaner came exactly as scheduled and was warm and welcoming. The apartment is immaculate--excellent results.

Google Logo
A

Elephant And Castle Carpet Cleaning recently did a deep cleaning for us before an event. The staff was professional and exceeded expectations. Thank you for making our gathering shine!

Google Logo
A

For more than a year, Elephant And Castle Carpet Cleaning has cleaned our office monthly. Their professionalism, attention to detail, and willingness to work around our schedule are impressive.

Google Logo
R

Get In Touch With Us.

Please fill out the form below to send us an email and we will get back to you as soon as possible.