Privacy Policy - Tree Surgeons Sanderstead
This Privacy Policy explains how Tree Surgeons Sanderstead collects, uses, stores, and shares personal data in connection with our tree surgery, arborist, and related property maintenance services. It applies to all Tree Surgeons Sanderstead customers in the area, including individuals, businesses, landlords, managing agents, and other organisations that enquire about, book, or receive our services.
We are committed to handling personal data in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We aim to keep information secure, relevant, and limited to what is necessary for the purposes set out in this policy.
1. Information We Collect
We may collect and process the following categories of personal data:
- Identity details: name, title, and where relevant, business or organisation name.
- Contact details: address, email address, telephone number, and property location details.
- Service information: details of the work requested, site notes, quotations, invoices, service history, and correspondence.
- Payment information: payment status and transaction records. We do not normally store full card details if payment is processed by a third-party payment provider.
- Technical information: basic online enquiry data such as IP address, browser type, device information, and website interaction data where applicable.
- Special or sensitive information: only where necessary and appropriate, for example access requirements, health and safety information, or site-specific risk details that affect how services are delivered.
We collect this data directly from you when you make an enquiry, request a quotation, book a service, communicate with us, or enter into a contract. We may also receive data from third parties, such as property managers, contractors, insurers, or public records, where it is necessary for the work we are asked to carry out.
2. How We Use Your Data
We use personal data only for specific and legitimate purposes, including:
- responding to enquiries and preparing quotations;
- arranging site visits and delivering tree surgery services;
- managing contracts, bookings, invoices, and payments;
- recording work completed and maintaining service history;
- meeting legal, regulatory, tax, accounting, and insurance obligations;
- ensuring health and safety and managing site access or operational risks;
- handling complaints, claims, or disputes;
- improving our services, records, and operational efficiency.
We will not use your personal data for purposes that are incompatible with the reasons it was collected unless we have a valid legal basis to do so.
3. Lawful Basis for Processing
Under data protection law, we must have a lawful basis for processing your personal data. Depending on the situation, we rely on the following bases:
Performance of a Contract
We process your data when it is necessary to provide quotations, carry out work, manage bookings, issue invoices, or fulfil our contractual obligations to you.
Legal Obligation
We may process and retain data to comply with legal requirements, including tax rules, accounting duties, health and safety obligations, and record-keeping requirements.
Legitimate Interests
We may process data where it is in our legitimate business interests and does not override your rights and freedoms. This may include managing our customer records, defending legal claims, improving our services, and ensuring safe and efficient operations.
Consent
In limited cases, we may rely on your consent, for example for optional marketing communications. Where consent is used, you may withdraw it at any time.
4. Sharing Your Personal Data
We do not sell personal data. We may share your information only where necessary and appropriate with trusted third parties that help us deliver our services or meet our legal obligations. These may include:
- IT and cloud service providers that store records or support communication systems;
- accountants and bookkeeping providers for financial administration and compliance;
- payment processors used to handle secure transactions;
- insurance providers, loss adjusters, or legal advisers where required to handle claims or disputes;
- subcontractors or specialist processors assisting with operational or technical tasks;
- public authorities where disclosure is required by law.
Any third party that processes data on our behalf is required to act under a written agreement and to keep the information secure and confidential. They may only use the data for the purposes we specify.
5. International Transfers
If any service provider stores or processes data outside the United Kingdom, we will ensure that appropriate safeguards are in place. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms designed to protect your information.
6. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law. Retention periods may vary depending on the type of record and our legal obligations.
- Customer and service records: retained for as long as needed to manage our relationship and for a reasonable period afterwards in case of queries, complaints, or claims.
- Financial records: kept in line with tax and accounting requirements.
- Health and safety documentation: retained where necessary to show compliance and manage site-related risks.
- Enquiry records: may be kept for a limited period if no contract is formed, unless we need them for legal or operational reasons.
When data is no longer required, we will securely delete, anonymise, or archive it in line with our retention practices. This helps ensure that personal data is not held indefinitely without purpose.
7. Data Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or misuse. These measures may include access controls, password protection, secure storage, staff confidentiality obligations, and limited access on a need-to-know basis. While no system can be guaranteed completely secure, we take reasonable steps to safeguard information throughout its lifecycle.
8. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights may not apply in every situation, but we will consider each request carefully and respond in accordance with the law.
- Right of access: you may request a copy of the personal data we hold about you.
- Right to rectification: you may ask us to correct inaccurate or incomplete information.
- Right to erasure: you may request deletion of your data in certain circumstances.
- Right to restriction: you may ask us to limit how we use your data in certain situations.
- Right to object: you may object to processing based on legitimate interests or direct marketing.
- Right to data portability: you may request that certain data be provided in a structured, commonly used format where applicable.
- Right to withdraw consent: where we rely on consent, you may withdraw it at any time.
If you wish to exercise any of these rights, we may need to verify your identity before responding. We aim to deal with requests promptly and within the statutory timeframe.
9. Cookies and Similar Technologies
Where our online systems use cookies or similar technologies, these may be used for essential site functionality, analytics, or service improvement. Any non-essential cookies should only be used where lawful and, if required, with appropriate consent. You can control cookies through your browser settings.
10. Children’s Data
Our services are generally intended for adults acting on their own behalf or on behalf of organisations or property owners. We do not knowingly collect personal data from children unless it is necessary for a specific service and appropriate safeguards are in place.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, service arrangements, or data handling practices. Where changes are material, we will take reasonable steps to make them known through appropriate channels. The latest version will always apply from the date it is issued.
12. Summary of Key Points
Tree Surgeons Sanderstead collects only the data needed to provide and manage our services, comply with legal obligations, and support safe, efficient operations. We process information on lawful grounds such as contract, legal obligation, legitimate interests, and consent where applicable. We retain data only for as long as necessary, share it only with appropriate processors and other permitted recipients, and respect your rights under UK data protection law. Our approach is designed to be transparent, secure, and proportionate.
By using our services or submitting your information, you acknowledge that this Privacy Policy applies to you as a customer or prospective customer of Tree Surgeons Sanderstead in the area.