Privacy Policy - Tree Surgeons Putney
This Privacy Policy explains how Tree Surgeons Putney collects, uses, stores, shares, and protects personal data in connection with our services. It applies to all Tree Surgeons Putney customers in the area, including prospective customers, existing customers, suppliers, and anyone who contacts us regarding tree surgery, arboricultural work, site visits, quotations, or related services.
We are committed to handling personal information in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy sets out what information we may collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have in relation to your information.
1. Information We Collect
We collect only the personal data that is necessary for providing our services, meeting legal obligations, and managing our business operations. The categories of information we may collect include:
- Identity details such as your name and title.
- Contact details such as your address, email address, and telephone number.
- Property information such as the address of the site where work is to be carried out and relevant access details.
- Service information including quotations requested, work specifications, job notes, invoices, and payment status.
- Communication records including emails, messages, call notes, and complaints or feedback.
- Technical information such as basic website usage data if you interact with our online systems, where applicable.
- Safety and assessment information such as details needed to carry out risk assessments, site surveys, and service planning.
We generally do not seek to collect special category data unless it is strictly necessary and a lawful condition applies. If such information is provided to us accidentally, we will only use it where permitted by law and where appropriate safeguards are in place.
2. How We Use Your Data
We use personal data for legitimate business and operational purposes connected with our services. These purposes may include:
- Providing quotations, arranging visits, and carrying out tree surgery work.
- Managing customer accounts, service records, and billing.
- Communicating with you about appointments, job progress, and follow-up matters.
- Assessing site conditions and ensuring work can be completed safely.
- Meeting legal, regulatory, tax, and accounting obligations.
- Handling enquiries, complaints, or disputes.
- Maintaining internal business records and quality control.
We will only process your data where we have a valid lawful basis, and we will not use it in a way that is incompatible with the reason it was collected.
3. Lawful Basis for Processing
Under data protection law, we must have a lawful basis before processing personal data. Depending on the circumstances, Tree Surgeons Putney may rely on one or more of the following lawful bases:
- Contract: where processing is necessary to provide a quotation, enter into a service agreement, or carry out work you have requested.
- Legal obligation: where we must retain or disclose information to comply with tax, accounting, health and safety, or other legal requirements.
- Legitimate interests: where processing is necessary for our reasonable business interests, provided your rights and freedoms do not override those interests. This may include record keeping, service management, and business administration.
- Consent: where we ask for your clear permission for a specific purpose, and you may withdraw that consent at any time.
Where we rely on legitimate interests, we consider whether the processing is necessary and whether it is proportionate. We take steps to ensure that your privacy rights are respected at all times.
4. Sharing Your Information
We may share personal data with trusted third parties when necessary for the purposes described in this policy. These third parties may include:
- Service processors that support our business operations, such as administration, accounting, document storage, or IT support.
- Subcontractors or specialist contractors assisting with parts of a job where appropriate and necessary.
- Professional advisers such as accountants, insurers, or legal advisers.
- Public authorities where required by law or where disclosure is necessary to protect our rights, customers, or property.
We do not sell personal data. Where third parties process data on our behalf, they are required to act only on our instructions, keep the information secure, and use it only for the agreed purpose.
5. Data Processors
We may use data processors to help deliver our services and manage our operations. A processor is a person or organisation that processes personal data on our behalf. Examples may include cloud storage providers, customer management systems, email service providers, bookkeeping software, and secure document handling services.
We select processors carefully and ensure that appropriate contracts and security measures are in place. These contracts require processors to:
- process personal data only on our documented instructions;
- keep data confidential and secure;
- assist us in responding to data subject requests where applicable;
- delete or return data when it is no longer needed; and
- comply with applicable data protection law.
Where processors or other recipients are located outside the UK, we will ensure that appropriate safeguards are in place before any transfer occurs.
6. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Retention periods vary depending on the type of information and the reason for processing.
In general:
- Quotation and enquiry records may be retained for a reasonable period to manage follow-up and business records.
- Customer service records and job documentation may be retained for the duration of the customer relationship and for a period after completion.
- Invoice, payment, and accounting records are usually kept for the period required by tax and accounting laws.
- Complaint or dispute records may be retained for as long as needed to resolve the matter and defend legal claims.
When personal data is no longer required, we will securely delete, anonymise, or archive it in line with our retention procedures. We apply storage limitation principles to avoid keeping information for longer than necessary.
7. Data Security
We take appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, secure storage, password protection, staff confidentiality obligations, and review of our internal procedures.
Although we work hard to protect information, no system can be guaranteed to be completely secure. If a personal data breach occurs and it is likely to result in a risk to your rights and freedoms, we will handle it in accordance with applicable law and take necessary steps to reduce any potential harm.
8. Your Rights
Under data protection law, you have a number of rights in relation to your personal information. Subject to legal limits and exemptions, these may include:
- The right of access to obtain a copy of the personal data we hold about you.
- The right to rectification to correct inaccurate or incomplete information.
- The right to erasure in certain circumstances, also known as the right to be forgotten.
- The right to restrict processing in certain situations.
- The right to object to processing based on legitimate interests or direct marketing.
- The right to data portability for information processed by automated means and based on consent or contract, where applicable.
- The right to withdraw consent where processing is based on consent.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed. We encourage you to raise any concerns with us first so that we can try to resolve the issue promptly.
9. Children’s Data
Our services are generally intended for adult property owners, managers, and authorised representatives. We do not knowingly collect personal data from children unless it is necessary for a specific lawful purpose and appropriate safeguards are in place. If we become aware that we have collected data from a child in error, we will take appropriate steps to delete it where required.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the law, our services, or how we process data. Any revised version will apply from the date it is issued or otherwise made available. We encourage you to review this policy periodically so that you remain informed about how your information is used.
Summary of Our Commitment
Tree Surgeons Putney is committed to processing personal data lawfully, securely, and transparently. We only collect information needed to provide our services, rely on appropriate lawful bases, retain data for no longer than necessary, work with vetted processors under contract, and respect your rights under data protection law. Your privacy matters to us, and we aim to handle your information with care and accountability.