Privacy Policy - Tree Surgeons Kingscross
This Privacy Policy explains how Tree Surgeons Kingscross collects, uses, stores, shares, and protects personal data. It applies to all Tree Surgeons Kingscross customers in the area, including individuals, property owners, landlords, tenants, and businesses who request or receive our tree surgery, arboricultural, maintenance, inspection, and related services. We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Tree Surgeons Kingscross provides tree surgery and related services to customers in the Kingscross area. For the purposes of data protection law, we act as the data controller for the personal data we collect and process about our customers, prospective customers, suppliers, and other individuals who interact with us in connection with our services.
2. Personal Data We Collect
We collect only the personal data that is reasonably necessary to provide our services, manage our business, and meet legal obligations. The categories of data we may collect include:
- Identity data such as your name, title, and, where relevant, company name.
- Contact data such as address, telephone number, and email address.
- Property and service data such as the location of the property, details about trees or vegetation, service instructions, photographs, survey notes, and job records.
- Payment and billing data such as invoice details and transaction records.
- Communication data such as enquiries, feedback, complaints, and correspondence.
- Technical data such as basic internet protocol information or device data if you interact with us electronically.
- Health and safety data where necessary for site access, risk management, or to protect individuals during works.
We generally do not seek to collect special category data unless it is necessary and lawful to do so, for example where a customer voluntarily provides information relevant to access, safety, or service delivery. When we do process such data, we apply appropriate safeguards.
3. How We Collect Personal Data
We may collect personal data directly from you when you:
- request a quotation or consultation;
- make an enquiry or complaint;
- book or receive a service;
- make a payment or request an invoice;
- communicate with us by phone, email, or other means;
- provide information on-site or through a representative.
We may also receive data from third parties, such as property managers, contractors, insurers, or public authorities, where they lawfully share information with us to arrange or support services. In some cases, we may collect limited information from public sources where this is necessary for legitimate business purposes, for example to confirm property details or access arrangements.
4. Lawful Basis for Processing
We process personal data only where we have a valid lawful basis under UK GDPR. Depending on the circumstances, we rely on one or more of the following:
Contract
We process personal data where it is necessary to enter into or perform a contract with you, including preparing quotations, arranging site visits, carrying out tree surgery works, issuing invoices, and managing customer accounts.
Legal Obligation
We process data when required to comply with laws and regulations, including health and safety requirements, tax and accounting duties, and other statutory obligations.
Legitimate Interests
We may process data for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include responding to enquiries, improving our services, maintaining records, preventing fraud, managing risk, and defending legal claims.
Consent
In limited circumstances, we may rely on your consent, for example where you voluntarily ask us to use certain information in a specific way. Where consent is used, you have the right to withdraw it at any time.
5. How We Use Personal Data
We use personal data for the following purposes:
- to respond to enquiries and provide quotations;
- to schedule, deliver, and manage services;
- to assess site conditions and plan safe working methods;
- to handle billing, payments, and account administration;
- to maintain internal records and service histories;
- to communicate with customers and service users;
- to comply with legal and regulatory obligations;
- to resolve disputes, enforce agreements, and protect our legal rights;
- to improve operational efficiency, customer service, and service quality.
We only process data in ways that are compatible with the purposes for which it was collected. If we need to use data for a new purpose, we will ensure there is a lawful basis and, where necessary, provide appropriate notice.
6. Data Sharing and Processors
We may share personal data with trusted third parties who assist us in delivering our services or operating our business. These third parties act as processors when they process data on our behalf and under our instructions. Examples may include:
- accounting and bookkeeping providers;
- IT and cloud storage providers;
- payment processing services;
- software and customer management platforms;
- subcontractors or specialist contractors engaged to support a job;
- professional advisers such as legal or insurance advisers;
- public authorities, regulators, or law enforcement where required by law.
Where a processor is used, we take steps to ensure it is bound by appropriate contractual obligations, including confidentiality, security, and data protection requirements. We do not sell personal data.
7. International Transfers
In some cases, data may be stored or accessed using services located outside the United Kingdom. Where this happens, we will ensure that appropriate safeguards are in place to protect your personal data, such as approved transfer mechanisms and contractual protections that meet UK GDPR standards.
8. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, tax, insurance, and dispute-resolution requirements. Retention periods vary depending on the type of data and the nature of the service. For example:
- customer and service records may be retained for a period necessary to manage accounts, warranties, and follow-up work;
- financial records are usually kept for the period required by tax and accounting law;
- health and safety records may be kept for longer where necessary to demonstrate compliance and manage risk;
- correspondence and complaints may be retained for the duration needed to resolve the issue and protect legal interests.
When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual.
9. Data Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality duties, device protection, and data minimisation practices. While we strive to protect your data, no system can be guaranteed to be completely secure.
10. Your Rights
Under data protection law, you have several rights in relation to your personal data. These rights may be subject to conditions or exceptions. They include:
- The right of access to request a copy of the personal data we hold about you.
- The right to rectification to request correction of inaccurate or incomplete data.
- The right to erasure in certain circumstances, sometimes called the right to be forgotten.
- The right to restriction of processing where you want us to limit how data is used.
- The right to data portability for data processed by automated means in certain situations.
- The right to object to processing based on legitimate interests or direct marketing.
- Rights relating to automated decision-making, where applicable, including the right not to be subject to decisions made solely by automated means that have legal or similarly significant effects.
If you wish to exercise any of these rights, we will respond in accordance with applicable law. We may need to verify your identity before responding to your request.
11. Marketing Communications
We do not use personal data for unnecessary marketing. If we ever send marketing communications, we will do so only where permitted by law and, where required, with your consent. You can object to marketing at any time, and we will respect your preferences.
12. Complaints
If you have concerns about how we handle personal data, you may raise the matter with us so that we can review and address it. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is published or otherwise communicated. We encourage customers to review this policy periodically.
14. Scope of This Policy
This Privacy Policy applies to all Tree Surgeons Kingscross customers in the area and to personal data processed in connection with our services, enquiries, and business operations. By engaging with our services, you acknowledge that your personal data may be handled in the manner described in this policy, subject always to applicable data protection law.
In summary: Tree Surgeons Kingscross processes personal data responsibly, uses it only where lawful, keeps it no longer than necessary, shares it only with appropriate processors or where required by law, and respects your rights under UK GDPR.