Gardeners Coombe Privacy Policy

This Privacy Policy explains how Gardeners Coombe collects, uses, stores and protects personal data relating to its customers. It also explains the lawful bases we rely on under the UK General Data Protection Regulation and the EU General Data Protection Regulation, where applicable. This Privacy Policy applies to all Gardeners Coombe customers in our service area, including prospective, current and former customers who use or enquire about our gardening and related services.

By engaging with Gardeners Coombe, you acknowledge that you have read this Privacy Policy and understand how your personal data is processed. We may update this Privacy Policy from time to time to reflect changes in law or our practices. The latest version will always apply to our processing of your personal data.

Personal data we collect

We only collect personal data that is relevant to providing our services, running our business and complying with legal obligations. The categories of data we may collect include the following.

Identification and contact details, such as your name, postal address, service address, and general contact details that you choose to share with us to enable communication about our services.

Service and contract information, such as records of services requested or provided, visit dates and times, job notes, quotations, invoices, payment status, and any related correspondence that helps us deliver and manage your gardening services.

Payment and transaction information, including records of payments received, methods used, amounts, dates and related accounting information. We do not store full card details when payments are processed through third-party payment processors.

Communication data, including enquiries, feedback, complaints and any information you provide when communicating with us by post or other channels you choose to use, as well as notes of conversations when relevant to the services we provide.

Technical and usage information, where applicable, such as basic device or browser information, log data and interaction records with our online presence, to help us maintain and improve our services. We do not seek to identify individuals from this information unless necessary for security or legal reasons.

How we collect personal data

We collect personal data directly from you when you contact us to request a quote, make a booking, ask a question, provide feedback or otherwise communicate with us. This may occur in person, by post or via other communication methods that you choose to use.

We may also generate personal data in the course of providing services, for example by preparing service notes or invoices. Where necessary and appropriate, we may receive limited personal data about you from third parties, such as payment service providers or professional advisers, but only where this is required for the purposes described in this Privacy Policy.

Lawful bases for processing

We process your personal data only where we have a lawful basis to do so under data protection law. Depending on the context, we rely on the following lawful bases.

Contract. We process personal data to enter into and perform contracts with you, including providing gardening services, issuing quotes, scheduling visits, sending invoices and communicating with you about your bookings and service arrangements.

Legal obligation. We process certain data to comply with legal and regulatory requirements, such as maintaining accounting records, complying with tax obligations and responding to lawful requests from public authorities where required.

Legitimate interests. We process personal data where it is necessary for our legitimate business interests, provided your rights and interests do not override those interests. These legitimate interests include managing and improving our services, safeguarding our property and staff, addressing customer queries and complaints, keeping basic records of work completed, and preventing or detecting fraud or misuse.

Consent. In limited cases, we may rely on your consent, for example where required to send certain types of marketing communications or to use optional cookies or similar technologies. Where processing is based on consent, you can withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.

How we use personal data

We use personal data for the following purposes.

To provide and manage gardening and related services, including handling enquiries, preparing quotations, scheduling and carrying out work, and managing any follow up that may be required.

To administer our business, including maintaining internal records, managing billing and payments, preparing financial accounts, and monitoring and improving the quality of our services.

To communicate with you about your services, bookings, changes to our terms or policies, important updates affecting your service, and responses to any questions or issues you raise.

To protect our rights, property and safety, and that of our customers, staff and others, including handling disputes, enforcing agreements and cooperating with authorities when required by law.

To comply with our legal and regulatory obligations, including tax, accounting and reporting duties.

Data sharing and processors

We do not sell your personal data. We may share your personal data with trusted third parties where necessary and proportionate for the purposes described in this Privacy Policy.

Service providers acting as data processors may assist us with functions such as payment processing, accounting support, information technology services, data storage, and administrative support. These processors act on our instructions and are bound by contractual obligations to protect your personal data and process it only for specified purposes.

Professional advisers, such as accountants, lawyers or auditors, may receive personal data where necessary to provide us with professional services, comply with legal obligations or protect our legal rights.

Public authorities and bodies may receive personal data where we are required to disclose it by law, regulation, court order or to respond to lawful requests from regulatory, tax or law enforcement authorities.

Where we use processors or share data with third parties, we take steps to ensure that your data is handled securely and in accordance with data protection law.

International transfers

Where personal data is transferred outside the United Kingdom or the European Economic Area, we take appropriate safeguards to protect it, such as using standard contractual clauses or other mechanisms recognised by data protection law. We aim to ensure that your data enjoys a level of protection that is essentially equivalent to that in the United Kingdom and European Union.

Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including for satisfying any legal, accounting or reporting requirements. Retention periods are determined by factors such as the nature of the data, the purposes of processing and applicable legal obligations.

Customer records related to services, contracts and financial transactions are typically retained for the period required under tax and accounting laws, after which they are securely deleted or anonymised. Enquiry records and communication history may be kept for a reasonable period to respond to follow up queries and to maintain continuity of service.

When personal data is no longer required, we take steps to securely erase or anonymise it so that it can no longer be associated with an identifiable individual.

Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or damage. These measures may include access controls, secure storage, regular backups, restricted access to accounting and service systems, and staff awareness regarding data protection obligations.

While no method of transmission or storage is completely secure, we work to ensure that the level of security is appropriate to the risks presented by the processing of personal data.

Your data protection rights

Under data protection law, you have a number of rights in relation to your personal data, subject to certain conditions and exemptions.

Right of access. You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data, together with certain information about how it is used.

Right to rectification. You have the right to ask us to correct or complete personal data that is inaccurate or incomplete.

Right to erasure. In certain circumstances, you may have the right to request that we delete your personal data, for example where it is no longer needed for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis for processing.

Right to restriction. You may have the right to request that we restrict the processing of your personal data in certain situations, such as while we verify its accuracy or assess an objection you have raised.

Right to object. You have the right to object to processing of your personal data that is based on our legitimate interests, on grounds relating to your particular situation. We will stop processing unless we have compelling legitimate grounds to continue or the processing is required for legal claims.

Right to data portability. Where processing is based on consent or contract and carried out by automated means, you may have the right to receive your personal data in a structured, commonly used and machine readable format and to request that it is transmitted to another controller where technically feasible.

Where we rely on consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing carried out before consent was withdrawn, but may affect our ability to provide certain services that rely on that consent.

How to exercise your rights and raise concerns

If you wish to exercise any of your data protection rights, or if you have questions or concerns about how Gardeners Coombe handles your personal data, you can contact us using your usual communication method with our business. We will respond to your request or concern in accordance with data protection law and will generally do so within one month, subject to any lawful extensions where requests are complex or numerous.

You also have the right to lodge a complaint with your local data protection authority if you believe that your rights have been infringed or that your personal data has not been handled lawfully. We encourage you to contact us first so that we can seek to resolve any concerns directly.