Merton Cleaners Privacy Policy
This Privacy Policy explains how Merton Cleaners collects, uses, stores and protects personal data belonging to its customers. It applies to all Merton Cleaners customers in the areas where our services are offered, including domestic and commercial clients. We are committed to handling personal data lawfully, fairly and transparently in accordance with the UK General Data Protection Regulation and related data protection laws.
Who this Privacy Policy applies to
This Privacy Policy applies to all individuals who use or enquire about Merton Cleaners services, including regular and one off cleaning, end of tenancy cleaning, office cleaning and any related services. It also applies to individuals who interact with us as representatives of business customers and property managers in our service area.
Personal data we collect
We collect and process different types of personal data depending on how you interact with us and which services you use. The categories of personal data we may collect include:
Identity and contact details, such as name, title, billing address, service address, and contact preferences. We collect these details when you request a quote, make a booking or contact us with a query.
Service and booking information, such as details of the cleaning services requested, the size and layout of the property, preferred dates and times, access instructions and any special requirements. This information allows us to plan and deliver our services safely and effectively.
Payment information, such as the amount charged and basic transaction details. Card and bank details are processed securely by our chosen payment processors and are not stored by us beyond what is necessary for accounting and legal compliance.
Communication records, such as emails, messages and notes from telephone conversations relating to bookings, feedback, complaints or general enquiries. These help us manage our relationship with you and improve our services.
Usage and technical data, such as basic information about how you interact with our website or digital tools, including pages visited, time and date of visits and device type. This information is generally collected using cookies or similar technologies and is used to improve our online services.
How we collect personal data
We collect personal data directly from you when you make an enquiry, request a quote, complete a booking, communicate with us by email, phone or online form, or provide feedback. We may also receive personal data indirectly when a third party, such as a landlord, letting agent or employer, books our services on your behalf and provides necessary information for the service to be delivered at your premises.
Lawful bases for processing
We only process personal data when we have a valid legal basis under the GDPR. Depending on the situation, we rely on the following lawful bases:
Contract: We process personal data when it is necessary to enter into or perform a contract with you, for example to provide cleaning services, manage bookings, take payment and communicate about your service.
Legitimate interests: We process personal data where it is necessary for our legitimate business interests, provided that your interests and fundamental rights are not overridden. This includes managing and improving our services, responding to enquiries, maintaining business records, preventing fraud and ensuring the security of our staff and customers.
Legal obligation: We process personal data when required to comply with our legal obligations, such as tax, accounting and record keeping requirements, and to respond to lawful requests from public authorities.
Consent: In certain limited situations, we may rely on your consent, for example where optional marketing communications are offered. Where we rely on consent, you can withdraw it at any time by contacting us using the details provided in our general customer information.
How we use personal data
We use personal data for the following purposes:
To provide and manage cleaning services, including handling enquiries, preparing quotes, arranging and confirming bookings, carrying out cleaning work, managing keys or access details and handling follow up visits where required.
To manage customer relationships, including communicating with you about your bookings, dealing with questions or complaints, and requesting feedback to help us improve our services.
To manage payments and accounting, including issuing invoices, processing payments, handling refunds where necessary, and maintaining financial records.
To ensure safety and security, including keeping appropriate records of service locations and schedules so that we can protect our staff and customers and respond to incidents.
To improve and develop our business, including analysing service usage, monitoring website performance and planning staffing and resources.
To comply with legal and regulatory requirements, including maintaining records required by law and responding to lawful requests from public authorities or regulators.
Data sharing and processors
We limit access to personal data to those people and organisations who need it to perform their roles. We may share personal data with the following categories of recipients:
Staff and contractors, including cleaning staff and administrative staff, who require access to customer details to provide the services. All personnel are subject to confidentiality obligations.
Payment service providers, who process payments on our behalf. These providers act as data processors and are required to handle personal data securely and in accordance with data protection laws.
IT and system support providers, who supply or maintain our booking systems, communication tools or data storage solutions. These providers may have access to personal data as data processors under contract.
Professional advisers, such as accountants or legal advisers, where this is necessary for business management, legal claims or compliance with our legal obligations.
Public authorities, regulators or law enforcement, where we are legally required to disclose information or where disclosure is necessary to protect the rights, property or safety of our customers, staff or others.
We do not sell personal data to third parties. Where we use data processors, we put in place written agreements requiring them to act only on our instructions, keep the data secure and comply with relevant data protection laws.
International transfers
Where it is necessary to use service providers located outside the United Kingdom or the European Economic Area, we will ensure that an appropriate level of protection is in place. This may include using countries that have been recognised as providing adequate protection or entering into standard contractual clauses or other approved safeguards.
Data retention
We keep personal data only for as long as is necessary for the purposes for which it was collected and to meet our legal, accounting or reporting obligations. In general, we apply the following retention periods:
Customer and booking records are typically kept for up to six years from the end of our relationship with you, to enable us to answer queries, handle complaints and comply with tax and accounting rules.
Communication records are usually kept for as long as they are needed for the management of our relationship with you and for a reasonable period afterwards, in line with the retention of customer records.
Technical and usage data from our website is retained for a shorter period necessary to analyse and improve site performance and security.
When personal data is no longer needed, we will delete it or anonymise it so that it can no longer be linked to an identifiable individual.
Your data protection rights
Under the GDPR, you have a number of rights in relation to your personal data. These rights may be subject to certain conditions and legal exemptions. Subject to those, you have the right to:
Access your personal data and receive a copy of the information we hold about you, along with an explanation of how it is used.
Rectify inaccurate or incomplete personal data, by asking us to correct or update information that is wrong or out of date.
Erase your personal data, in certain circumstances, for example where the data is no longer needed for the purposes for which it was collected and we have no legal obligation to retain it.
Restrict the processing of your personal data, for example while we are verifying its accuracy or assessing an objection you have raised.
Object to processing that is based on our legitimate interests, including profiling, where you believe that your rights and freedoms outweigh our interests.
Data portability, which allows you, in some circumstances, to receive personal data you have provided to us in a structured, commonly used and machine readable format and to ask us to transmit it to another organisation where technically feasible.
Withdraw consent where we rely on consent as our lawful basis for processing, without affecting the lawfulness of processing carried out before the withdrawal.
You can exercise your rights by contacting us using the contact details provided in our general customer information. We may need to verify your identity before responding to a request. We aim to respond within one month, or within any extended period permitted by law where requests are complex or numerous.
Security of personal data
We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include limiting access to personal data to those who need it for their role, using secure systems for storing and transmitting information and training staff on data protection responsibilities.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, how we process personal data or changes in applicable law. Any updates will be made available under the title Privacy Policy, and the updated version will apply from the date it is published.
