Privacy Policy - Tree Surgeons Blackfriars
Tree Surgeons Blackfriars is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal information when we provide tree surgery, arboricultural, and related services. It applies to all Tree Surgeons Blackfriars customers in the area, including prospective customers, current customers, and individuals who make enquiries or receive our services.
This policy is written in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It explains what data we collect, the lawful bases we rely on, how long we keep data, who we may share it with, and the rights available to you.
1. Information We Collect
We may collect and process personal data that you provide to us directly, data generated during the performance of our services, and limited technical information where relevant. The exact information we collect depends on the nature of your enquiry, the services requested, and any ongoing customer relationship.
Examples of data we may collect include:
- Identity information such as your name and title.
- Contact information such as address, email address, and telephone number.
- Property information relevant to the work requested, including site access details.
- Service information such as the type of tree surgery or arboricultural work requested, survey notes, and work history.
- Payment and billing information where applicable, such as invoicing details and transaction records.
- Communication records including emails, messages, call notes, and correspondence relating to quotes, bookings, complaints, or aftercare.
- Images and site records such as photographs used to assess work, document completed services, or support safety records.
- Health and safety information where needed to carry out work safely, for example access notes, hazard information, or special site requirements.
We do not intentionally collect special category data unless it is necessary and appropriate for a specific purpose, such as health and safety management or where you have chosen to provide it. If such information is collected, it will only be processed where permitted by law and with suitable safeguards.
2. How We Use Your Data
We use personal data to respond to enquiries, provide quotes, deliver services, manage appointments, and maintain accurate records. We may also use it to comply with legal obligations, resolve disputes, improve our operations, and maintain safety standards.
In practical terms, we may use your data to:
- assess your enquiry and provide a quotation;
- plan and carry out tree surgery or related services;
- communicate with you about your booking, changes, or service updates;
- issue invoices, record payments, and manage accounts;
- keep records of work completed and service history;
- meet legal, tax, insurance, and health and safety obligations;
- handle complaints, claims, or disputes;
- improve our services, customer experience, and operational efficiency.
3. Lawful Basis for Processing
We only process your personal data where we have a lawful basis under UK GDPR. The lawful basis may vary depending on the purpose of processing.
The main lawful bases we rely on are:
- Contract - where processing is necessary to take steps at your request before entering into a contract or to perform a contract with you, such as providing quotes, booking services, or completing work.
- Legal obligation - where processing is required to comply with laws and regulations, including tax, accounting, safety, and record-keeping requirements.
- Legitimate interests - where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include service administration, business record management, quality control, and responding to customer queries.
- Consent - in limited cases where we rely on your permission, for example for certain optional communications or the processing of data that requires consent. Where consent is used, you may withdraw it at any time.
Where special category data is processed, we will only do so if a lawful condition under Article 9 UK GDPR applies and if additional protection is in place.
4. Sharing Your Information
We may share personal data with trusted third parties when necessary to provide our services, manage our business, or comply with legal duties. We only share the minimum information required for the relevant purpose.
Processors and service providers may include:
- IT and cloud service providers who store or support our records and communication systems.
- Accountants and bookkeepers who assist with invoicing, tax, and financial administration.
- Payment service providers where payments are handled electronically.
- Waste disposal or recycling providers where required for service delivery.
- Insurance providers, legal advisers, or claims handlers where needed to manage risk, complaints, or disputes.
- Subcontractors or specialist contractors engaged to help deliver specific work, subject to confidentiality and data protection obligations.
These organisations act as data processors or independent controllers depending on the circumstances. Where they act as processors, they are required to process your data only on our instructions, keep it secure, and comply with applicable data protection laws.
We may also disclose data where required by law, court order, regulatory authority, or to protect our legal rights, property, staff, customers, or the public.
5. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including for legal, accounting, and operational requirements. Retention periods vary depending on the type of information and the reason it is held.
Typical retention periods may include:
- Enquiry and quotation records retained for a reasonable period after the enquiry ends, unless a longer period is needed for follow-up or dispute resolution.
- Customer and service records retained for the duration of the relationship and for a further period where required for warranties, claims, or continuity of service.
- Financial records kept for the period required by tax and accounting law.
- Health and safety records retained in accordance with legal obligations and risk management needs.
When personal data is no longer needed, we will delete it, anonymise it, or securely archive it where appropriate. We review retention regularly to ensure information is not kept longer than necessary.
6. Data Security
We take appropriate technical and organisational measures to protect personal data from unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and regular review of our systems and procedures.
While we work hard to protect your information, no system can be guaranteed completely secure. If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will respond in line with applicable legal requirements.
7. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights are not absolute and may be subject to legal conditions or exceptions.
Your rights may include:
- Right of access - to request a copy of the personal data we hold about you.
- Right to rectification - to ask us to correct inaccurate or incomplete data.
- Right to erasure - to request deletion of your data in certain circumstances.
- Right to restriction - to ask us to limit how we use your data in certain situations.
- Right to object - to object to processing based on legitimate interests or direct marketing, where applicable.
- Right to data portability - to request transfer of certain data to you or another controller where technically feasible.
- Right to withdraw consent - where processing is based on consent, you may withdraw it at any time.
If you wish to exercise any of these rights, we will respond within the time limits set out by law. We may need to verify your identity before acting on your request.
8. International Transfers
Where any of our processors or service providers store or access data outside the UK, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or equivalent protective measures required by law.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. The most current version will apply from the date it is published or otherwise communicated. We encourage you to review it periodically.
10. Complaints and Further Information
If you have concerns about how we use your personal data, you have the right to raise them with the relevant data protection authority. You may also contact us through the appropriate service channels to discuss your concerns and seek resolution.
This Privacy Policy is intended to provide clear and transparent information about how Tree Surgeons Blackfriars handles personal data. By using our services or making an enquiry, you acknowledge that your personal information may be processed as described in this policy, subject always to your rights and applicable law.