Marylebone Carpet Cleaners Privacy Policy

This Privacy Policy explains how Marylebone Carpet Cleaners collects, uses, stores and protects personal data relating to our customers and prospective customers in our service area. It also explains your rights under the UK General Data Protection Regulation and related data protection laws. By using our cleaning services or contacting us to make an enquiry or booking, you acknowledge that you have read this Privacy Policy.

Who this Privacy Policy applies to

This Privacy Policy applies to all Marylebone Carpet Cleaners customers and prospective customers in our service area, including individuals who visit our website, request a quote, make a booking, or communicate with us by any means in relation to our carpet and upholstery cleaning services.

What personal data we collect

We only collect personal data that is relevant and necessary for delivering and managing our services. The types of personal data we may collect include:

Identification and contact details: name, address, service address, billing address, and general contact details such as communication accounts where you choose to use them.

Booking and service information: details of the services you request or receive, preferred dates and times, access instructions, property type and size, and any relevant notes you provide about your premises or cleaning requirements.

Payment and transaction information: records of the services you have purchased, amounts paid, payment status and any related transaction references. We do not store full card details when payment is processed through secure third party payment processors.

Communication records: messages you send to us and our responses, including enquiries, complaints, feedback, and any information you provide when you contact us.

Technical and usage information: limited information about how you interact with our website, such as pages visited and basic device information. This is collected using cookies or similar technologies where applicable, and only to the extent necessary for the proper functioning and security of the site.

How and why we use personal data

We use your personal data for the following purposes:

To provide services: arranging, confirming and delivering carpet and upholstery cleaning services at your property, including managing bookings, rescheduling, access, and follow up.

Customer care and communication: responding to your enquiries, providing quotes, confirming appointments, notifying you of changes, and handling complaints or service issues.

Billing and payments: issuing invoices, processing payments through our chosen payment providers, and maintaining records necessary for accounting and tax purposes.

Business operations: managing our business, keeping internal records, planning routes and staff allocation, improving our services, and monitoring service quality.

Legal and regulatory compliance: complying with legal obligations, including tax, accounting, health and safety, and responding to lawful requests from authorities where required.

Our lawful bases for processing

We rely on the following lawful bases under the UK GDPR to process personal data:

Contract: where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This includes handling bookings, providing services and managing your account.

Legal obligation: where we must process data to comply with a legal obligation, for example maintaining certain financial records for tax and accounting purposes.

Legitimate interests: where processing is necessary for our legitimate business interests and those interests are not overridden by your rights and freedoms. This includes managing and improving our services, keeping records of communications, and ensuring the security of our systems and staff.

Consent: in limited cases where we ask for your consent, for example for certain types of optional marketing communications. Where processing is based on consent, you may withdraw your consent at any time.

Data retention and storage

We keep personal data only for as long as necessary for the purposes for which it was collected, and to meet any legal, accounting or reporting requirements.

In general, we retain basic customer and booking records for a period that allows us to manage ongoing relationships, respond to queries or complaints, and demonstrate the history of services provided. Certain financial records and invoices are retained for the period required by tax and accounting laws.

When we no longer need your personal data, we will securely delete or anonymise it so that it can no longer be linked to you. Retention periods may vary depending on the type of data and the reasons for processing.

Data sharing and processors

We do not sell your personal data. We may share your personal data with trusted third parties where necessary for business and service delivery, always ensuring appropriate safeguards are in place. These third parties act as data processors or independent controllers depending on their role.

Typical categories of third parties include:

Payment service providers: to process card or electronic payments securely on our behalf.

IT and hosting providers: to host our website, manage email or other communication systems, and securely store data.

Professional advisers: such as accountants or legal advisers where necessary for legitimate business and compliance purposes.

Authorities and regulators: where we are legally required to disclose information, for example for tax audits or in response to lawful requests from law enforcement.

We require our processors to protect your personal data in line with data protection law and to use it only for the specific purposes we have agreed.

International data transfers

Where we use service providers located outside the United Kingdom or the European Economic Area, or where data is stored or accessed from outside these regions, we take steps to ensure that appropriate safeguards are in place. This may include using standard contractual clauses or other mechanisms approved under data protection law to protect your personal data.

How we protect your data

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include restricting access to personal data to staff and contractors who need it to perform their duties, and taking reasonable steps to ensure they are subject to confidentiality obligations.

Your data protection rights

Under data protection law, you have a number of rights in relation to your personal data, subject to certain conditions and exemptions. These include:

Right to be informed: the right to clear and transparent information about how we use your data, which this Privacy Policy is intended to provide.

Right of access: the right to request a copy of the personal data we hold about you and to obtain certain information about how it is processed.

Right to rectification: the right to request that we correct inaccurate or incomplete personal data.

Right to erasure: the right to request that we delete your personal data in certain circumstances, for example where it is no longer needed for the purposes for which it was collected and we are not required to keep it for legal reasons.

Right to restriction of processing: the right to request that we restrict the processing of your personal data in specific situations, for example while we verify its accuracy or consider an objection you have raised.

Right to data portability: the right to receive certain personal data in a structured, commonly used, machine readable format and to request that it is transferred to another controller where technically feasible.

Right to object: the right to object to processing based on our legitimate interests, including certain types of profiling, and the right to object to direct marketing at any time.

Rights in relation to automated decision making: the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects for you, where applicable.

Exercising your rights

If you wish to exercise any of your rights or have questions about how we handle your personal data, you can contact us using the details provided on our website or in your service documentation. When you make a request, we may need to verify your identity to protect your data. We aim to respond within the time limits set by data protection law.

You also have the right to lodge a complaint with the relevant data protection supervisory authority if you are concerned about how we handle your personal data. We encourage you to contact us first so that we can attempt to resolve any issues directly.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or service offerings. The most recent version will always apply to the personal data we hold about you. We encourage you to review this page periodically to stay informed about how we protect your information.