Oven Cleaning Lewisham Privacy Policy
This Privacy Policy explains how Oven Cleaning Lewisham collects, uses, stores and protects personal data relating to individuals who use our oven cleaning services in the Lewisham area. It is intended to provide clear and transparent information in accordance with the UK General Data Protection Regulation and related data protection laws.
This Privacy Policy applies to all Oven Cleaning Lewisham customers and prospective customers located in the Lewisham area, as well as to individuals who contact us with enquiries about our services.
Data Controller
Oven Cleaning Lewisham is the data controller for the personal data described in this Privacy Policy. As data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that such processing is carried out in compliance with applicable data protection laws.
Personal Data We Collect
We may collect and process the following categories of personal data when you contact us, make a booking, or use our services:
Identification and contact details, such as name, address, and other contact details you choose to provide;
Service and booking information, such as preferred appointment dates and times, details about the property where the service will be carried out, and specific service requirements;
Communication data, including information contained in enquiries, messages and feedback you send to us, and records of communications with you by any method you choose to use;
Payment-related information, such as amounts charged and payment status. We do not store full card details when you pay using electronic payment methods; these are processed securely by our chosen payment processors;
Technical and usage information, such as details about how you access or interact with our online content, for example basic device information and pages viewed, where applicable and where cookies or similar technologies are used in accordance with applicable law.
How We Collect Personal Data
We collect personal data directly from you when you:
Request a quote or make a booking for oven cleaning services;
Communicate with us by phone, online form, messaging services, or any other communication channel;
Provide feedback, reviews or complaints about our services;
Interact with any online pages or content managed by us, where technical and usage data may be collected.
Purposes and Lawful Bases for Processing
We process your personal data only when we have a lawful basis to do so under the GDPR. The main purposes and lawful bases are:
To provide our services: We use your identification, contact and service information to arrange, deliver and manage oven cleaning services. The lawful basis is performance of a contract or taking steps at your request before entering into a contract.
Customer service and communication: We use your contact and communication data to respond to enquiries, manage bookings, handle complaints and provide customer support. The lawful basis is performance of a contract and our legitimate interests in operating our business and maintaining customer relationships.
Payment and invoicing: We process payment-related information to take and record payments for services. The lawful basis is performance of a contract and compliance with legal obligations relating to accounting and taxation.
Service improvement and business operations: We may use anonymised or aggregated data, and where necessary limited personal data, for internal reporting, quality control, training and service improvement. The lawful basis is our legitimate interests in improving and developing our services and managing our business efficiently.
Marketing communications: Where permitted by law, we may use your contact details to send you information about services that are similar to those you have already purchased. The lawful basis is our legitimate interests in promoting our services. Where required, we will obtain your consent before sending marketing communications, and you can withdraw your consent or opt out of marketing at any time.
Legal and regulatory obligations: We may process personal data where necessary to comply with legal or regulatory requirements or to respond to lawful requests from authorities. The lawful basis is compliance with a legal obligation or our legitimate interests in establishing, exercising or defending legal claims.
Data Retention
We keep personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. The retention periods below are applied, subject to any overriding legal requirements:
Customer records and booking information are typically retained for up to seven years from the date of the last service or transaction, to meet accounting, tax and contractual obligations.
Communication records, such as emails or enquiry messages, are retained for as long as necessary to resolve your query or manage the relevant service, and may be retained for a reasonable period for reference, training or dispute resolution purposes.
Payment-related records are retained for periods required by financial and tax regulations.
Where data is no longer needed, it will be securely deleted, anonymised or otherwise disposed of in a safe manner.
Data Processors and Third Parties
We may share your personal data with trusted third parties who act as data processors on our behalf. These processors are engaged to support the delivery and management of our services and are only permitted to process your personal data in accordance with our instructions and this Privacy Policy.
Typical categories of data processors include:
IT and hosting providers who host our systems or store data on our behalf;
Payment processing providers who securely process card or electronic payments;
Customer management, booking or scheduling system providers used to manage appointments and customer records;
Professional advisers, such as accountants, where necessary for compliance with legal and regulatory obligations.
We require all processors to implement appropriate technical and organisational measures to protect personal data and to maintain confidentiality and security.
We may also share personal data with other third parties where required by law, in connection with legal proceedings, or in the context of a business sale or restructuring, always in accordance with data protection laws.
International Transfers
If we transfer personal data outside the United Kingdom or the European Economic Area, we will ensure that appropriate safeguards are in place to protect your data, such as using standard contractual clauses or transferring to countries recognised as providing an adequate level of protection. Where applicable, further details can be provided upon request.
Data Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures include restricting access to personal data to personnel and processors who need it for legitimate business purposes and who are subject to confidentiality obligations.
While we take reasonable steps to secure your data, no method of transmission or storage can be guaranteed as completely secure. You are also responsible for taking appropriate steps to protect your own information when communicating with us.
Your Data Protection Rights
Under the GDPR and related data protection laws, you have the following rights in relation to your personal data, subject to certain conditions and exemptions:
Right of access: You can request confirmation of whether we process your personal data and obtain a copy of the personal data we hold about you.
Right to rectification: You can request correction of inaccurate personal data and completion of incomplete data.
Right to erasure: In certain circumstances, you can request that we delete your personal data, for example where it is no longer necessary for the purposes for which it was collected or where you withdraw consent and there is no other lawful basis for processing.
Right to restriction of processing: You can request that we restrict the processing of your personal data in certain situations, such as where the accuracy of the data is contested or where you have objected to processing.
Right to data portability: You can request that certain personal data is provided to you or to another controller in a structured, commonly used and machine-readable format, where the processing is based on consent or contract and is carried out by automated means.
Right to object: You can object to the processing of your personal data based on our legitimate interests, including profiling, and we will stop processing unless we can demonstrate compelling legitimate grounds. You also have the right to object at any time to the processing of your personal data for direct marketing purposes.
Rights relating to automated decision-making: You have rights in relation to decisions based solely on automated processing that have legal or similarly significant effects, where such processing occurs.
To exercise any of these rights, please contact us using the contact details provided on our main contact channels. We may need to verify your identity before responding to your request.
Complaints
If you have concerns about how we handle your personal data, we encourage you to contact us so that we can address your concerns. You also have the right to lodge a complaint with the relevant data protection supervisory authority in the United Kingdom.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or services. Any updated version will be made available through our usual communication channels, and the revised policy will apply from the date it is published. We recommend that you review this Privacy Policy periodically to stay informed about how we process your personal data.
