Gardeners Sanderstead Privacy Policy

This Privacy Policy explains how Gardeners Sanderstead collects, uses, stores and protects personal data relating to our customers in the Sanderstead area. We are committed to complying with the UK General Data Protection Regulation and the Data Protection Act 2018 and to handling your personal data transparently and securely.

This Privacy Policy applies to all Gardeners Sanderstead customers and prospective customers in the Sanderstead area who use our gardening services or contact us to enquire about our services.

Data Controller

Gardeners Sanderstead is the data controller for the personal data we process about you in connection with providing gardening and related services. As data controller, we decide how and why your personal data is processed and are responsible for ensuring that such processing is carried out in accordance with applicable data protection laws.

Personal Data We Collect

We collect and process different types of personal data depending on how you interact with us and the services you request. This may include:

Identity and contact information, such as your name, postal address, service address, and any other contact details you choose to provide, for example for arranging visits or sending confirmations.

Service and contract information, such as details of the gardening services requested, dates and times of visits, notes about your garden and preferences, estimates, invoices, payments made, and any instructions you give us in relation to the work.

Communication data, such as information contained in messages or correspondence you send us, for example when you request a quote, provide feedback, or ask a question about our services.

Usage and technical data, where relevant, such as basic information about how you interact with our website or online profiles, for example pages visited or forms completed, and technical information provided by your browser or device. This is collected using standard tools such as browser settings and server logs.

Any other information you choose to share with us, where it is relevant to the provision of our services or our relationship with you.

How We Collect Your Data

We collect personal data directly from you when you contact us, request a quote, book a service, communicate with us by any means, or provide information during a site visit. We may also collect limited data about you from publicly available sources where this is necessary for our legitimate business interests and does not override your rights, such as confirming address details.

Lawful Bases for Processing

We process your personal data only where we have a lawful basis under the UK GDPR. The main lawful bases we rely on are:

Contract: We process your personal data when it is necessary to enter into or perform a contract with you, for example to provide gardening services, issue quotes, manage bookings, and handle payments.

Legitimate interests: We process your personal data where it is necessary for our legitimate business interests and where your interests and fundamental rights do not override those interests. This includes managing our relationship with you, improving our services, maintaining records, and protecting our business and customers.

Legal obligation: We may process your personal data where necessary to comply with legal obligations, such as tax and accounting requirements and responding to lawful requests from authorities.

Consent: In certain limited situations, we may rely on your consent, for example in relation to specific forms of optional marketing. Where we rely on consent, you can withdraw it at any time by contacting us.

Purposes for Which We Use Your Data

We use your personal data for the following purposes:

To provide and manage gardening services, including arranging and carrying out visits, tailoring services to your needs, and communicating with you about the work.

To respond to enquiries and requests, including providing quotes, service information, and customer support.

To manage our relationship with you, including maintaining accurate records, handling feedback and complaints, and notifying you about changes to our terms or policies where relevant.

To administer our business operations, including bookkeeping, invoicing, debt collection where necessary, and internal management and planning.

To comply with legal and regulatory obligations, including maintaining financial records and cooperating with lawful requests and inspections.

To protect our rights, property, and safety, and those of our customers and third parties, for example in relation to disputes or claims.

Data Retention

We keep personal data only for as long as is reasonably necessary for the purposes set out in this Privacy Policy and to satisfy any legal, accounting, or reporting requirements.

In general, customer records and related personal data will be retained for as long as you remain a customer of Gardeners Sanderstead and for a reasonable period afterwards to deal with any queries, repeat services, or potential disputes. Financial records, such as invoices and payment information, are retained for the period required by applicable tax and accounting laws.

When personal data is no longer needed, we will securely delete it or anonymise it so that it can no longer be associated with you.

Data Sharing and Processors

We do not sell your personal data. We may share your personal data with selected third parties where necessary for the purposes described in this Privacy Policy and where we have a lawful basis to do so.

Service providers and processors: We may engage trusted third parties to provide services to us, such as bookkeeping, accounting, information technology support, data storage, and other administrative support. These providers act as data processors and only process your personal data on our instructions, in accordance with written agreements and appropriate security measures.

Professional and legal advisers: We may share information with professional advisers, such as accountants, or legal advisers where necessary for obtaining advice, managing our business, or handling disputes.

Authorities and legal obligations: We may disclose personal data where required to do so by law or in response to valid requests by public authorities, including for the purpose of meeting legal obligations or protecting our rights or the rights of others.

Where personal data is shared with third parties acting as processors, we ensure they are bound by confidentiality and data protection obligations consistent with applicable law.

International Transfers

Our intention is to keep your personal data within the United Kingdom or other locations that provide an adequate level of data protection. If in the future any transfer of personal data outside the United Kingdom becomes necessary, we will ensure that appropriate safeguards are in place, such as standard contractual clauses, and that such transfers comply with applicable data protection laws.

Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include limiting access to personal data to those who need to know it for business purposes, using secure storage methods, and implementing reasonable procedures to deal with any suspected personal data breach.

Your Data Protection Rights

Under data protection law, you have a number of rights in relation to your personal data. These include:

Right of access: You have the right to request confirmation that we are processing your personal data and to receive a copy of the personal data we hold about you.

Right to rectification: You have the right to request that inaccurate or incomplete personal data we hold about you is corrected or updated.

Right to erasure: In certain circumstances, you have the right to request that we delete your personal data, for example where the data is no longer needed for the purposes for which it was collected or where you withdraw consent and no other lawful basis applies.

Right to restriction of processing: You have the right to ask us to restrict the processing of your personal data in certain situations, for example while we investigate a concern you raise about the accuracy of the data.

Right to object: You have the right to object to certain types of processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defence of legal claims.

Right to data portability: Where processing is based on your consent or a contract and carried out by automated means, you may have the right to request that we provide the personal data you have given us in a structured, commonly used, and machine-readable format or that we transmit it to another controller where technically feasible.

Right to withdraw consent: Where we rely on your consent for processing, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing before consent was withdrawn.

You also have the right to raise a concern or complaint about our handling of your personal data with the relevant data protection supervisory authority.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will update the date of the latest version. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.