Privacy Policy – Tree Surgeons Mitcham
This Privacy Policy explains how Tree Surgeons Mitcham collects, uses, stores, shares, and protects personal data. It applies to all Tree Surgeons Mitcham customers in the area, including individuals and businesses who request quotes, book services, receive site visits, or otherwise interact with us in connection with tree surgery, arboricultural, and related maintenance services.
We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains your rights and the choices available to you.
1. Information We Collect
We only collect personal data that is necessary for the provision, administration, and improvement of our services. Depending on your interaction with us, this may include:
- Identity details such as your name, title, or business name.
- Contact details such as your address, telephone number, and email address.
- Property information such as the location of the trees or site requiring inspection or work.
- Service details including quotes requested, work instructions, service history, and job notes.
- Billing and payment information where needed for invoicing, record-keeping, and financial administration.
- Communication records such as emails, messages, call notes, and correspondence relating to enquiries or service delivery.
- Technical data such as basic website or device information if you submit an enquiry online, including IP address and browser details where applicable.
- Photographs and site records taken for quotation, safety, compliance, insurance, or work documentation purposes.
In some cases, we may also process limited special category data if it is necessary to support a customer’s access needs, safety requirements, or legal obligations. Where this occurs, we will ensure appropriate safeguards are in place and that processing is limited to what is necessary.
2. How We Use Your Data
Your personal data is used for specific and legitimate purposes connected with our services. These include:
- Responding to enquiries and providing quotations.
- Assessing sites and planning tree surgery work.
- Delivering services safely and efficiently.
- Managing customer accounts, scheduling, and administration.
- Issuing invoices, processing payments, and maintaining financial records.
- Keeping records of completed work, inspections, and customer communication.
- Meeting legal, regulatory, insurance, and health and safety obligations.
- Handling complaints, claims, or disputes.
- Improving our services, internal operations, and customer experience.
We do not use personal data for purposes that are incompatible with those described in this policy unless we have a valid lawful basis and, where required, your consent.
3. Lawful Basis for Processing
We process personal data only when we have a lawful basis under UK GDPR. Depending on the circumstances, our lawful bases may include:
Performance of a Contract
We process your data when it is necessary to provide a quotation, arrange a site visit, carry out agreed services, issue invoices, or otherwise perform our obligations under a contract with you.
Legitimate Interests
We may process your information where it is necessary for our legitimate business interests, provided these interests do not override your rights and freedoms. This may include managing enquiries, maintaining service records, improving operations, preventing fraud, and protecting our business, staff, and customers.
Legal Obligation
We may process and retain personal data where we are required to do so by law, including tax, accounting, insurance, health and safety, and regulatory obligations.
Consent
In limited situations, we may rely on your consent, particularly where processing is not necessary for contract performance or another lawful basis. If consent is used, you may withdraw it at any time.
4. Sharing Your Data and Processors
We may share personal data with trusted third parties where necessary for service delivery, legal compliance, or legitimate business purposes. These third parties act as processors or independent controllers depending on the service they provide.
Processors may include:
- IT and cloud storage providers that host secure data systems and communications.
- Accounting and bookkeeping providers that assist with invoicing, tax, and financial record management.
- Payment service providers that process transactions securely.
- Software and customer management providers used for scheduling, quotation, and job management.
- Professional advisers such as insurers, legal advisers, or compliance specialists.
- Subcontractors or specialist partners where required to complete work safely and effectively.
We only use processors who provide sufficient guarantees that they will protect personal data and comply with data protection law. Where required, we have written agreements in place to govern how data is processed and safeguarded.
We may also disclose information where necessary to comply with legal requirements, enforce our agreements, protect rights or property, or respond to lawful requests from public authorities.
5. Retention of Personal Data
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, insurance, and reporting requirements. Retention periods depend on the type of information and the purpose for which it is held.
- Customer and service records are retained for the period needed to manage the relationship and to address any follow-up queries or disputes.
- Financial and tax records are kept for the duration required by law.
- Communication records are retained as needed to maintain evidence of instructions, agreements, and customer support.
- Photographs, inspection notes, and site records are retained for operational, safety, insurance, or legal purposes.
When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer identify an individual.
6. Data Security
We take appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, limited staff access, and good data-handling procedures.
Although we work hard to protect your information, no system can be guaranteed as completely secure. If a data incident occurs, we will assess the situation and take steps in line with applicable law.
7. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights may apply depending on the circumstances and the legal basis for processing.
- Right of access – you can request a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete information.
- Right to erasure – in certain cases, you can request deletion of your data.
- Right to restriction – you can ask us to limit how we use your data in certain situations.
- Right to data portability – where applicable, you can request your data in a structured, commonly used format.
- Right to object – you can object to processing based on legitimate interests, and in some cases to direct marketing.
- Right to withdraw consent – where we rely on consent, you may withdraw it at any time.
You also have the right to raise concerns with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.
8. Children’s Data
Our services are generally intended for adults and business customers. We do not knowingly collect personal data from children unless it is necessary in connection with a lawful service request, safety matter, or legal obligation. If we become aware that we have collected data from a child without an appropriate lawful basis, we will take steps to delete it or handle it appropriately.
9. International Transfers
If any service provider stores or processes data outside the United Kingdom, we will ensure appropriate safeguards are in place to protect your personal data. These safeguards may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms as required by law.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, operational, or service changes. When we do, the revised version will apply from the date it is posted or otherwise communicated. We encourage customers to review it periodically so they remain informed about how their data is handled.
11. Contact and Further Information
If you have questions about this Privacy Policy, your personal data, or how we handle information, please review the rights and principles outlined above. We will make reasonable efforts to respond to legitimate requests and to resolve concerns in line with applicable data protection law.
Tree Surgeons Mitcham is committed to maintaining trust, protecting privacy, and using personal data responsibly. We recognise the importance of confidentiality and transparency in every stage of our service relationship.