Privacy Policy - Oven Cleaning Enfield
Last updated: This Privacy Policy explains how Oven Cleaning Enfield collects, uses, stores, and protects personal data. It applies to all Oven Cleaning Enfield customers in the area, including prospective customers, current customers, and anyone who interacts with our services.
We are committed to handling personal information in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy sets out what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and the rights available to you.
1. Information We Collect
We only collect personal data that is relevant and necessary for providing our oven cleaning services, managing our business, and meeting legal obligations. Depending on how you interact with us, we may collect the following categories of information:
- Identity information: name, title, and any details needed to identify you as a customer or service recipient.
- Contact information: address, email address, telephone number, and preferred communication details.
- Service information: details about the service requested, appointment times, property access instructions, and service history.
- Billing and payment information: records of payments, invoices, and transaction references.
- Communications: messages, enquiries, complaints, feedback, and other correspondence.
- Technical information: limited information such as device or browser data if you interact with our online systems, where applicable.
We do not intentionally collect special category data unless it is necessary and you have provided it for a specific reason, such as access requirements or health-related instructions relevant to service delivery. Where such information is provided, we process it only when there is a lawful basis to do so and with appropriate safeguards.
2. How We Use Your Data
We use personal data only for legitimate business purposes and lawful processing. Typical uses include:
- managing enquiries and responding to requests;
- booking, confirming, and delivering oven cleaning services;
- processing payments and issuing invoices;
- maintaining customer records and service history;
- handling complaints, refunds, or follow-up matters;
- meeting legal, accounting, and tax obligations;
- protecting our business against fraud, misuse, or security incidents;
- improving our services and customer experience.
We will not use your personal data for purposes that are incompatible with the original reason it was collected unless we have a lawful basis to do so and, where required, we have informed you.
3. Lawful Basis for Processing
Under UK GDPR, we must have a valid lawful basis for each type of processing. Oven Cleaning Enfield relies on the following lawful bases where appropriate:
Contract
We process personal data where it is necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes managing bookings, delivering cleaning services, and handling payment-related tasks.
Legal Obligation
Some data must be retained or processed to comply with legal requirements, such as accounting records, tax obligations, and other statutory duties.
Legitimate Interests
We may process data where it is necessary for our legitimate interests, provided your rights and freedoms do not override those interests. This may include customer administration, business record-keeping, service quality management, and internal security measures. When relying on legitimate interests, we consider necessity and balance our interests against your privacy rights.
Consent
In some cases, we may ask for your consent, for example where optional communications or specific processing activities require it. If consent is used as the lawful basis, you may withdraw it at any time. Withdrawal will not affect the lawfulness of any processing carried out before consent was withdrawn.
4. Data Sharing and Processors
We may share personal data with trusted third parties who process information on our behalf. These parties act as processors and are only permitted to use your data in accordance with our instructions and applicable law.
Examples of processors may include:
- Payment processors: to handle card or electronic payments securely.
- Accounting providers: to support invoicing, bookkeeping, and tax compliance.
- IT and cloud service providers: to store data, manage systems, or support secure operations.
- Scheduling or administrative tools: to organise appointments and customer records.
- Professional advisers: where needed for legal, financial, or compliance matters.
We require all processors to implement appropriate technical and organisational security measures. They must not retain, disclose, or use your information for their own independent purposes.
We may also share data with third parties where required by law, court order, or to protect our rights, customers, staff, or property.
5. Retention of Personal Data
We keep personal data only for as long as necessary for the purposes for which it was collected, or as long as required by law. Retention periods vary depending on the type of data and the reason for processing.
In general:
- customer and service records are kept for the duration of the customer relationship and for a reasonable period afterwards;
- financial and accounting records are retained for the period required by tax and accounting laws;
- communication records may be kept to resolve disputes, maintain service quality, or document requests;
- data no longer needed is securely deleted, anonymised, or destroyed.
Where possible, we apply the principle of data minimisation, meaning we keep only what is necessary and for no longer than needed.
6. Data Security
We take the security of your personal data seriously. Appropriate measures are used to protect information against unauthorised access, accidental loss, destruction, or disclosure. These may include access controls, secure storage, staff confidentiality requirements, and restricted sharing of data on a need-to-know basis.
Although we work hard to protect personal data, no system can be guaranteed to be completely secure. If a data incident occurs that affects your rights and freedoms, we will act in line with legal obligations and, where necessary, notify the relevant authorities and affected individuals.
7. Your Rights Under UK GDPR
You have important rights in relation to your personal data. Subject to legal limits, these may include:
- Right of access: you can ask for a copy of the personal data we hold about you.
- Right to rectification: you can ask us to correct inaccurate or incomplete information.
- Right to erasure: you can request deletion of your data in certain circumstances.
- Right to restriction: you can ask us to limit how we use your data in certain situations.
- Right to object: you can object to processing based on legitimate interests and, in some cases, direct marketing.
- Right to data portability: you can request certain data in a structured, commonly used format where applicable.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully. We encourage you to raise any concerns with us first so we can try to resolve them promptly and fairly.
8. International Transfers
Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. Any such transfer will be carried out only when necessary and with suitable protections.
9. Children’s Data
Our services are not directed at children, and we do not knowingly collect personal data from children in connection with our services unless it is necessary and provided by an adult customer in the context of arranging a service. If we become aware that we have collected data improperly, we will take steps to delete it where appropriate.
10. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When updates are made, the revised version will replace the previous one. We encourage customers to review this policy periodically to stay informed about how personal data is handled.
11. Summary of Our Commitments
At Oven Cleaning Enfield, we aim to process personal data in a way that is lawful, transparent, secure, and limited to what is necessary. We only collect data needed to provide our services, we rely on appropriate lawful bases, we keep information only as long as required, we use processors carefully, and we respect your rights under UK GDPR.
By using our services, making an enquiry, or providing your information to us, you acknowledge that this Privacy Policy applies to you as an Oven Cleaning Enfield customer in the area. We are committed to maintaining trust and protecting privacy at every stage of our service relationship.