Gardeners Erith Privacy Policy

This Privacy Policy explains how Gardeners Erith collects, uses, stores and protects personal data of its customers and prospective customers in the Erith area. It also explains the legal bases on which we process personal data, how long we keep it, when we may share it with service providers, and the rights you have under applicable data protection laws, including the UK General Data Protection Regulation and the Data Protection Act 2018.

Scope of this Privacy Policy

This Privacy Policy applies to all Gardeners Erith customers and prospective customers located in the Erith area. It covers personal data collected when you contact us, request a quote, book a service, receive gardening services, visit our website, or otherwise interact with Gardeners Erith in relation to our services.

Personal Data We Collect

We may collect and process the following categories of personal data, depending on how you interact with us and which services you use:

Identification and contact details: name, address, service address, billing address, and other location details necessary for providing our services.

Communication details: information you provide by phone, in person, or in writing, including enquiries, feedback, and complaints.

Service information: details about the gardening or related services you request or receive, such as garden size, type of work requested, visit dates and times, and related job notes.

Billing and payment information: records of invoices, amounts due, payment status, and payment method type. We do not store full payment card details; where needed, these are processed securely by our chosen payment processor.

Technical data: if you use our website, limited technical information may be collected such as IP address, browser type, and information about how you use the site, to keep the site secure and improve its performance.

Marketing preferences: your preferences regarding receiving marketing communications from us and your responses to such communications, where applicable.

Lawful Basis for Processing Your Data

We only process personal data where we have a valid lawful basis under data protection legislation. Depending on the context, this may be:

Contract: we process your personal data where it is necessary to enter into, or perform, a contract for gardening or related services. For example, we need your address to attend your property and your contact details to confirm appointments.

Legitimate interests: we process data where it is necessary for our legitimate business interests, provided these are not overridden by your rights and freedoms. This includes managing our relationship with you, keeping records of work completed, improving our services, protecting our business and securing our systems.

Legal obligation: we process personal data where it is necessary to comply with legal requirements, such as tax and accounting rules, record keeping standards, and obligations relating to insurance or health and safety.

Consent: in some cases, we rely on your consent, for example, where we send you certain types of direct marketing communications by electronic means. When consent is the basis, you can withdraw your consent at any time.

How We Use Your Personal Data

We use the personal data we collect for the following purposes:

To provide and manage gardening and related services, including arranging visits, carrying out work at your property, and handling follow up requests.

To respond to your enquiries, provide quotes, confirm bookings, and communicate about changes to appointments or services.

To manage billing and payments, including issuing invoices, processing payments via our chosen payment processors, and maintaining financial records.

To maintain our business and administrative records, analyse service performance, and plan future services in the Erith area.

To send you service updates, important notices, or information about changes to our terms or policies.

Where permitted and appropriate, to send you information about services that may be of interest to you, in line with your communication preferences and applicable law.

To protect our business, our customers and our staff, including for fraud prevention, security, and the establishment, exercise or defence of legal claims.

Data Retention

We keep personal data only for as long as is reasonably necessary for the purposes for which it was collected and to meet any legal, accounting, or reporting requirements.

Customer and service records: we typically retain core customer records, including contact details, service history and invoices, for a period that aligns with applicable legal limitation periods and tax requirements. This allows us to answer queries about past work, manage warranties where relevant, and comply with financial regulations.

Quotes and enquiries: if you request a quote or make an enquiry but do not proceed, we may keep limited information for a reasonable period to respond to follow up queries and to understand demand for our services.

Marketing data: where you have agreed to receive marketing communications, we retain your contact details and preference information until you opt out or we no longer use that data for marketing, after which we keep a minimal record to ensure we respect your opt out request.

When personal data is no longer needed, it will be securely deleted, anonymised, or otherwise removed from our systems.

Data Processors and Sharing of Personal Data

We may share personal data with carefully selected third parties who act as data processors on our behalf. These processors only process your data according to our instructions and for the purposes set out in this Privacy Policy. They are required to take appropriate security measures to protect your personal data and must not use it for their own purposes.

Examples of such processors may include providers of scheduling and job management tools, payment processing services, accounting or bookkeeping services, cloud storage or hosting services, and communication platforms used to send service messages or permitted marketing communications.

We may also share personal data with other organisations in the following limited circumstances:

Where it is necessary for complying with a legal obligation, court order, or request from an authorised authority.

Where it is required to establish, exercise, or defend legal claims.

Where we transfer parts of our business, in which case data may be disclosed to professional advisers and to any new owner of the business, subject to appropriate safeguards.

We do not sell your personal data to third parties.

International Data Transfers

Where any of our service providers or systems involve the transfer of personal data outside the United Kingdom, we ensure that appropriate safeguards are in place to protect your data. These safeguards may include the use of standard contractual clauses or other lawful mechanisms recognised under data protection laws.

Data Security

We take reasonable and appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include access controls, secure storage, and restricting personal data access to those staff and processors who need it for legitimate business purposes. While we work hard to safeguard your data, no system can be completely secure, and we cannot guarantee absolute security.

Your Data Protection Rights

As a customer or prospective customer of Gardeners Erith, you have a number of rights in relation to your personal data under data protection law. These rights may be subject to certain conditions and exemptions, but generally include:

Right of access: you can request a copy of the personal data we hold about you, together with information about how and why we process it.

Right to rectification: you can ask us to correct or complete personal data that is inaccurate or incomplete.

Right to erasure: in certain circumstances, you can request that we delete your personal data, for example where it is no longer needed for the purposes for which it was collected and we have no legal obligation to retain it.

Right to restriction of processing: you can request that we restrict our processing of your personal data in certain situations, such as while we are verifying its accuracy or considering an objection you have raised.

Right to object: you can object to our processing of your data where we rely on legitimate interests, including profiling, and you believe your rights outweigh our interests. You can always object to direct marketing.

Right to data portability: where we process your data based on your consent or a contract and by automated means, you may request to receive that data in a structured, commonly used and machine readable format, or for it to be transferred to another controller where technically feasible.

Right to withdraw consent: where we rely on consent for processing, you can withdraw that consent at any time. This will not affect the lawfulness of processing carried out before consent was withdrawn.

Exercising Your Rights and Complaints

If you wish to exercise any of your data protection rights or have questions about how Gardeners Erith handles your personal data, you can contact us using the contact details provided on our website or in your service documentation. We will respond to your request in accordance with applicable legal requirements.

If you are not satisfied with our response or believe that your data protection rights have been infringed, you have the right to lodge a complaint with the relevant supervisory authority. In the United Kingdom, this is the Information Commissioner's Office. Further details about how to raise a concern can be found on the authority's website.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or how we handle personal data. The updated version will apply from the date it is published. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.