Privacy Policy - Tree Surgeons Millbank
This Privacy Policy explains how Tree Surgeons Millbank collects, uses, stores, shares, and protects personal data relating to customers and potential customers in Millbank and the surrounding area. It applies to all Tree Surgeons Millbank customers in area, including individuals who enquire about our services, request quotes, book site visits, receive tree surgery work, or communicate with us in any other way.
We are committed to handling personal data in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy is designed to help you understand what data we process, why we process it, how long we keep it, and the rights you have over your information.
1. Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity details such as your name and, where relevant, the name of your business or property owner.
- Contact details such as address, telephone number, and email address.
- Service details including information about the trees, land, or property requiring work, job instructions, quotations, and service history.
- Communication records including emails, messages, notes from calls, and correspondence relating to enquiries, complaints, bookings, or feedback.
- Payment and invoicing information such as billing address, transaction details, and payment status. We do not store card details unless specifically required and securely processed by a payment provider.
- Technical data if you interact with us electronically, such as device information, IP address, and basic usage data, where applicable.
- Site and safety information such as access notes, hazard details, photographs, and information needed to plan and carry out tree surgery safely.
We generally do not seek to collect special category data. However, in limited situations, personal data may reveal health or access needs, for example where a customer tells us about mobility restrictions or safety considerations. If this occurs, we will only process it where necessary and with appropriate safeguards.
2. How We Collect Your Data
We collect personal data directly from you when you:
- request a quotation or assessment;
- book or receive tree surgery services;
- contact us by phone, email, or message;
- provide feedback or make a complaint;
- enter into a contract with us; or
- otherwise interact with us in relation to our services.
We may also receive data from third parties where necessary for service delivery, such as property managers, contractors, insurers, or local authorities. In all cases, we only use such data where we have a lawful basis to do so and where the information is relevant to the services we provide.
3. Why We Use Your Personal Data
We use personal data for the following purposes:
- to respond to enquiries and provide quotes;
- to assess work requirements and carry out tree surgery services;
- to manage bookings, scheduling, and customer communications;
- to issue invoices, record payments, and manage accounts;
- to maintain service records and quality control;
- to comply with legal, regulatory, and insurance obligations;
- to handle complaints, disputes, and claims;
- to protect our staff, customers, visitors, and property;
- to improve our services and internal processes; and
- to defend or establish legal rights where necessary.
We only use personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible purpose.
4. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis to process personal data. We rely on the following bases depending on the situation:
Contract
We process your data where it is necessary to enter into or perform a contract with you. This includes preparing a quotation at your request, confirming bookings, completing tree surgery work, and managing invoices and payment-related administration.
Legal Obligation
We may process personal data where we must comply with legal obligations, such as record keeping, tax requirements, health and safety duties, and responding to lawful requests from authorities.
Legitimate Interests
We may process data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. This may include maintaining business records, improving our services, preventing fraud, managing disputes, and ensuring safe and efficient operations.
Consent
In limited cases, we may rely on your consent, for example if we need to use optional information for a specific purpose. Where we rely on consent, you have the right to withdraw it at any time.
Vital Interests
In rare circumstances, we may process data to protect someone’s vital interests, such as in an emergency relating to safety on site.
5. How Long We Keep Your Data
We keep personal data only for as long as necessary for the purpose for which it was collected, including for legal, accounting, insurance, and reporting requirements. Retention periods vary depending on the type of information and the reason it is held.
- Customer and contract records are usually retained for the duration of the relationship and for a period afterwards where needed for administration, tax, or legal purposes.
- Invoices and financial records are retained for the period required by law and standard accounting practice.
- Communication records are retained for a reasonable period to manage queries, complaints, and follow-up matters.
- Safety and site records may be retained longer where necessary for insurance, incident handling, or legal defence.
When personal data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.
6. Who We Share Data With
We may share personal data with trusted third parties where necessary for business operations and service delivery. These may include:
- accountants and bookkeepers;
- IT and cloud storage providers;
- payment processors and invoicing systems;
- insurance providers and professional advisers;
- subcontractors or specialist contractors working on our behalf;
- public authorities, regulators, or law enforcement where required by law.
We require processors and other third parties to handle personal data securely, only in accordance with our instructions, and in line with data protection law.
7. Processors and Data Security
Where we use third-party service providers to process personal data on our behalf, they act as processors. We only appoint processors that can provide appropriate security and confidentiality measures. Typical processor activities may include hosting data, sending emails, managing accounts, storing documents, or supporting our business systems.
We use reasonable technical and organisational measures to protect personal data from unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include access controls, secure devices, password protection, staff training, and limiting access to data on a need-to-know basis.
Although we take appropriate steps to protect your data, no system can be guaranteed to be completely secure.
8. International Transfers
If any of our processors store or access data outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual protections, to keep your information protected in line with applicable law.
9. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These may include:
- Right of access – you can request a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete data.
- Right to erasure – in certain situations, you can request deletion of your data.
- Right to restrict processing – you can ask us to limit how we use your data in some circumstances.
- Right to object – you can object to processing based on legitimate interests, and to direct marketing where applicable.
- Right to data portability – where relevant, you can request your data in a structured, commonly used format.
- Right to withdraw consent – where we rely on consent, you may withdraw it at any time.
You also have the right to raise a concern with the Information Commissioner’s Office (ICO) if you believe your data rights have been infringed. We encourage you to contact us first so we can address any issue promptly.
10. Cookies and Online Data
If you communicate with us online, limited technical data may be collected automatically for security and functionality purposes. If we use cookies or similar technologies, they will be used only where lawful and, where required, with appropriate notice and consent.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or operational requirements. Any updated version will apply from the date it is published. We recommend reviewing this policy periodically to stay informed about how we protect your personal data.
12. Summary of Our Commitment
Tree Surgeons Millbank is committed to respecting your privacy and protecting your personal information. We process data lawfully, use it only where needed, keep it secure, retain it for appropriate periods, and limit access to trusted processors and advisers. Your rights matter, and we will act transparently and responsibly in handling your data.
This Privacy Policy applies to all Tree Surgeons Millbank customers in area.