Privacy Policy - Landscaping Sanderstead
This Privacy Policy explains how Landscaping Sanderstead collects, uses, stores, shares, and protects personal data when providing landscaping, garden maintenance, design, and related services. It applies to all Landscaping Sanderstead customers in the area, including prospective customers, existing customers, former customers, and individuals who enquire about our services. We are committed to handling personal data in a lawful, fair, and transparent manner in line with the UK GDPR and the Data Protection Act 2018.
1. Who this policy applies to
This policy applies to anyone whose personal data we process in connection with our services. This includes household customers, property owners, tenants, business customers, site managers, and other individuals who communicate with us about landscaping work. It also applies where we receive personal data from third parties such as estate agents, contractors, or property managers acting on behalf of a customer.
2. What personal data we collect
We only collect data that is necessary for delivering our services, managing our relationship with customers, and meeting legal obligations. Depending on the nature of the work, we may collect the following categories of personal data:
- Identity data: name, title, and any relevant business or household role.
- Contact data: address, email address, and telephone number.
- Service and property data: details of the property, garden layout, access information, service preferences, and project requirements.
- Transaction data: records of quotes, invoices, payments, receipts, and service history.
- Communication data: correspondence and notes from calls, emails, messages, and feedback.
- Technical data: basic website or device information if a customer interacts with our digital systems, where applicable.
- Legal and compliance data: records required for accounting, tax, insurance, or dispute handling.
We do not intentionally collect special category data unless it is provided voluntarily and is relevant to a service request, for example if a customer shares access or vulnerability information needed to carry out work safely.
3. How we collect data
We collect personal data directly from customers when they request a quote, book a service, sign an agreement, make payment, or contact us with questions. We may also receive data indirectly from third parties where necessary to complete a job, arrange access, verify ownership or instructions, or manage a service relationship. In some cases, data may be generated during the provision of services, such as service notes, scheduling records, and payment records.
4. Why we use personal data
We process personal data for the following purposes:
- to provide quotations, advice, and landscaping services;
- to manage bookings, schedules, and site visits;
- to communicate with customers about work progress, changes, or service issues;
- to issue invoices, process payments, and maintain financial records;
- to maintain service quality and customer records;
- to comply with legal, tax, accounting, and insurance obligations;
- to resolve complaints, claims, or disputes;
- to protect our business, staff, and customers from fraud or misuse.
We will only use personal data in ways that are compatible with these purposes and will not use it for unrelated activities without a lawful basis.
5. Lawful basis for processing
Under the UK GDPR, we must have a lawful basis to process personal data. Depending on the situation, we rely on one or more of the following bases:
Performance of a contract
We process personal data when it is necessary to provide a quotation, enter into a service agreement, deliver landscaping work, or carry out related obligations requested by the customer.
Legitimate interests
We may process data where it is in our legitimate interests to run and improve our business, manage customer records, communicate efficiently, prevent fraud, and protect our rights, provided these interests do not override the rights and freedoms of the individual.
Legal obligation
We may need to process and keep certain records to comply with legal requirements such as tax law, accounting rules, health and safety responsibilities, or insurance obligations.
Consent
Where consent is required, we will ask for it clearly and separately. For example, consent may be used for optional marketing communications or for processing certain sensitive information voluntarily provided by a customer. Consent can be withdrawn at any time.
6. Data sharing and processors
We do not sell personal data. We may share personal data only where necessary and appropriate for the purposes described in this policy. This may include sharing data with processors and other trusted service providers acting on our instructions. Examples may include:
- accounting and bookkeeping providers;
- payment service providers;
- IT and data storage providers;
- email, scheduling, or communications platforms;
- professional advisers such as insurers, legal advisers, or auditors;
- subcontractors or specialist tradespeople assisting with a project;
- public authorities or regulators where required by law.
Where a processor is used, they are required to process personal data only on our instructions, keep it secure, and use it only for the agreed service. We take reasonable steps to ensure appropriate data protection safeguards are in place before sharing data.
7. International transfers
Where personal data is transferred outside the UK, we will ensure suitable safeguards are used so that the data remains protected to an appropriate standard. These safeguards may include standard contractual clauses or other legally recognised transfer mechanisms, depending on the circumstances.
8. Data retention
We keep personal data only for as long as it is necessary for the purposes for which it was collected, including to meet legal, accounting, and reporting requirements. Retention periods may vary depending on the type of data and the reason for processing. In general:
- quotation and customer enquiry records are retained for a limited period if no service is booked;
- service records, invoices, and payment information are retained for accounting and legal compliance purposes;
- communications may be retained where needed for customer support, dispute resolution, or record-keeping;
- data no longer required is securely deleted or anonymised.
When deciding how long to keep data, we consider the volume, nature, and sensitivity of the data, the potential risk of harm from unauthorised use, and the legal requirements that apply.
9. Security of personal data
We use appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and careful selection of service providers. Although no system can be guaranteed completely secure, we work to reduce risks and respond appropriately if an issue occurs.
10. User rights
Individuals whose personal data we process have rights under data protection law. These rights may include:
- the right of access – to request a copy of the personal data we hold about you;
- the right to rectification – to ask us to correct inaccurate or incomplete data;
- the right to erasure – to ask us to delete data in certain circumstances;
- the right to restriction – to request that we limit how we use your data in certain cases;
- the right to object – to object to processing based on legitimate interests or direct marketing;
- the right to data portability – to receive certain data in a structured, commonly used format where applicable;
- the right to withdraw consent – where processing is based on consent;
- the right to complain – to raise concerns with the relevant data protection authority if you believe your rights have been infringed.
We will respond to valid requests within the time limits required by law and may need to verify identity before acting on a request. Some rights may be limited where legal exceptions apply.
11. Children’s data
Our services are generally aimed at adults who arrange landscaping work. We do not knowingly collect personal data from children unless it is necessary in a specific situation and provided by an adult with authority to do so. If we become aware that children’s data has been collected without appropriate permission, we will take steps to delete it where required.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect legal, operational, or service changes. The latest version will apply to all customers in the area. We encourage customers to review it periodically so they remain informed about how their data is handled.
13. Contact and complaints
If you have questions about this Privacy Policy or wish to exercise your rights, you may contact us using the usual service channels. You also have the right to make a complaint to the UK data protection regulator if you are unhappy with how your data has been handled. We encourage you to contact us first so we can try to resolve any concerns promptly and fairly.
Summary principle: we will only collect and use personal data where necessary, keep it secure, retain it for no longer than needed, and respect the rights of every customer.