Privacy Policy - Landscaping Surbiton
This Privacy Policy explains how Landscaping Surbiton collects, uses, stores, shares, and protects personal data. It applies to all Landscaping Surbiton customers in the area, including prospective customers, current customers, and individuals who enquire about our services. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK GDPR and the Data Protection Act 2018.
1. Who this policy applies to
This policy applies to people who contact us, request a quotation, book services, receive landscaping work, or interact with us in relation to domestic or commercial landscaping services. It also applies to visitors whose information is provided to us by a customer, property owner, contractor, or other authorised person. If you use our services within the Surbiton area, your personal data will be processed in accordance with this policy.
2. Personal data we collect
We only collect personal data that is relevant and necessary for operating our services, fulfilling our obligations, and communicating effectively. Depending on the nature of your interaction with us, we may collect the following categories of data:
- Identity data, such as your name and title.
- Contact data, including address, phone number, and email address.
- Service data, such as garden preferences, property access details, appointment information, and work instructions.
- Billing and transaction data, including payment records, invoice details, and service history.
- Communication data, such as enquiries, complaints, feedback, and correspondence.
- Technical data, where relevant, such as limited device or usage information if you interact with our digital systems.
- Marketing preferences, if you choose to receive service updates or promotional information.
We do not intentionally collect special category data unless it is necessary and we have a valid legal reason to do so. If such data is provided to us incidentally, we will handle it with appropriate care and only process it where permitted by law.
3. How we use personal data
We use personal data for specific and legitimate purposes connected to our landscaping services. These may include:
- providing quotations and assessing service requirements;
- arranging and carrying out landscaping work;
- managing customer accounts and service records;
- processing invoices and payments;
- responding to questions, requests, and complaints;
- maintaining operational and health and safety records;
- improving the quality and efficiency of our services;
- meeting legal, tax, insurance, and regulatory obligations;
- sending relevant service communications where permitted;
- protecting our business, customers, and property from misuse, fraud, or unlawful activity.
We will only use personal data in ways that are compatible with the purpose for which it was collected, unless a lawful basis allows us to use it differently.
4. Lawful basis for processing
Under data protection law, we must have a lawful basis before processing personal data. Landscaping Surbiton relies on the following lawful bases, depending on the activity involved:
Contract
We process personal data when it is necessary to enter into or perform a contract with you. This includes providing quotations, scheduling services, carrying out agreed work, and handling payments.
Legal obligation
We process some personal data to comply with legal requirements, such as tax and accounting rules, insurance obligations, record-keeping duties, and health and safety obligations.
Legitimate interests
We may process data where it is reasonably necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include service administration, business improvement, preventing fraud, maintaining security, and limited internal reporting.
Consent
Where required, we rely on your consent, for example for certain marketing communications. If we rely on consent, you may withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.
Vital interests and public interest
In rare circumstances, we may process personal data to protect someone’s vital interests or where processing is necessary for a task carried out in the public interest, if applicable.
5. Data sharing and processors
We may share personal data with trusted third parties who act as processors or independent controllers, depending on the relationship. We only share the minimum information necessary and only where there is a valid reason to do so.
Processors may include:
- IT and system providers who support storage, email, and operational systems;
- accounting and bookkeeping providers who assist with finance and tax records;
- payment service providers who process transactions securely;
- customer administration tools used for scheduling, job tracking, and correspondence;
- professional advisers, such as legal, insurance, or compliance advisers;
- subcontractors or trade partners engaged to help deliver specific services where necessary.
All processors are required to protect personal data, act only on our instructions where applicable, and maintain appropriate security measures. If data is shared with independent controllers, such as banks, insurers, or public authorities, those organisations will be responsible for their own processing practices.
6. International transfers
If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place so that your information remains protected. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We will only make such transfers where necessary and permitted under data protection law.
7. Data retention
We keep personal data only for as long as necessary for the purpose for which it was collected, and in line with legal, tax, insurance, and operational requirements. Retention periods vary depending on the type of data and the reason for processing.
In general:
- quotation and enquiry records may be kept for a reasonable period to manage follow-up, service history, and business administration;
- customer service records are retained for the duration of the working relationship and for a period afterwards;
- financial and tax records are kept for the length required by law;
- complaints and legal records are retained as long as necessary to manage claims, resolve disputes, or comply with legal duties;
- marketing records are kept until you withdraw consent or object, where applicable.
When personal data is no longer needed, we will securely delete it or anonymise it so that it can no longer identify you.
8. Security of your data
We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff awareness, and limited sharing of information on a need-to-know basis. While no system can be guaranteed to be completely secure, we work to maintain a level of protection that is suitable for the nature of the information processed.
9. Your rights
Subject to certain legal conditions, you have a number of rights in relation to your personal data. These rights may include:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete data.
- Right to erasure – to request deletion of your data in certain circumstances.
- Right to restriction – to ask us to limit processing in specific situations.
- Right to object – to object to processing based on legitimate interests or direct marketing.
- Right to data portability – to request transfer of certain data in a structured format where applicable.
- Right to withdraw consent – where processing is based on consent.
You also have the right to raise concerns with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully. We encourage you to contact us first so we can try to resolve any concern promptly and fairly.
10. Children’s data
Our services are not directed to children, and we do not knowingly collect personal data from children except where it is necessary in connection with a property, household, or service arrangement and where appropriate authority has been provided by a parent, guardian, or responsible adult. If we become aware that we have collected data from a child without proper authorisation, we will take appropriate steps to address the matter.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in law, service operations, or data protection practices. Any updated version will apply from the date it is issued. We encourage customers in the Surbiton area to review this policy periodically so they remain informed about how their information is handled.
12. Summary of our commitment
Landscaping Surbiton will only collect data that is necessary, use it for clear and lawful purposes, keep it only for as long as needed, share it responsibly with trusted processors, and respect your rights under data protection law. We are committed to protecting personal privacy and handling all customer information with care, transparency, and respect.