Gardeners Finsbury Privacy Policy

This Privacy Policy explains how Gardeners Finsbury collects, uses, stores and protects personal data relating to our customers in the Finsbury area. It also describes your rights under the UK General Data Protection Regulation and the Data Protection Act 2018. This policy applies to all Gardeners Finsbury customers and prospective customers located in our service area.

Data Controller

Gardeners Finsbury is the data controller for the personal data described in this Privacy Policy. As the data controller, we decide what personal data we collect, how and why we process it, and how long we keep it.

Personal Data We Collect

We collect and process personal data that is necessary to provide our gardening and related services, manage our customer relationships, and comply with our legal obligations. The categories of personal data we may collect include:

Identification and contact details: name, postal address, billing address, service address, and any other address you provide to us for service delivery, as well as contact details such as email address and any communication details you choose to share.

Service and contract information: details about the gardening or maintenance services you request or receive from us, property access information that you provide to enable us to carry out services, preferred service times, and any specific instructions or notes you give us.

Payment and transaction data: information about payments you make to us and related billing details. We do not store full payment card details; where third party payment processors are used, they handle card information on our behalf in accordance with applicable standards.

Communication data: records of communications between you and Gardeners Finsbury, including emails, written correspondence, records of phone or in-person conversations where we note the key points, and any feedback or complaints you submit.

Website and technical data: if you use our website or other online services, we may collect technical information such as IP address, device information, browser type and usage data such as pages visited and interaction with our site, to the extent necessary for security, administration and improvement of our services.

Lawful Basis for Processing

Gardeners Finsbury processes personal data only when there is a valid lawful basis under the UK GDPR. Depending on the context, we rely on one or more of the following bases:

Contract: we process personal data when it is necessary to enter into or perform a contract with you. This includes arranging and delivering gardening services, managing appointments, invoicing and handling related communications.

Legal obligation: we process personal data when it is necessary to comply with legal and regulatory requirements, such as tax, accounting, record-keeping and consumer protection laws.

Legitimate interests: we may process personal data when it is necessary for our legitimate business interests, provided these are not overridden by your rights and interests. Examples include responding to enquiries, improving and developing our services, maintaining security, and managing and protecting our business operations. When we rely on legitimate interests, we consider and balance any potential impact on you.

Consent: in limited circumstances, we may rely on your consent, for example for certain direct marketing activities or optional communications. When we rely on consent, you are free to withdraw it at any time, and we will stop processing the relevant data unless another lawful basis applies.

How We Use Personal Data

We use your personal data for the following purposes:

To provide and manage gardening and related services you request, including scheduling, delivering and monitoring the quality of our work.

To manage our business relationship with you, including handling enquiries and complaints, maintaining customer records, and administering contracts.

To process payments, issue invoices and credit notes, and maintain accounting and financial records for tax and audit purposes.

To communicate with you about booked services, changes to appointments, updates to this Privacy Policy or our terms, and other service-related matters.

To maintain the security and integrity of our systems, prevent fraud, and protect our rights, property and safety as well as that of our customers and staff.

To improve and develop our services, including monitoring service performance and customer satisfaction, and conducting internal analysis and planning.

Sharing Personal Data and Use of Processors

We do not sell your personal data. We may share your personal data with trusted third parties where necessary and permitted by law. These third parties act either as independent controllers or as processors on our behalf.

Service providers acting as processors: we may engage external companies to support our operations. These may include companies providing IT and hosting services, customer relationship management tools, accounting and bookkeeping support, payment processing, and document storage. When we use processors, they are only allowed to process personal data on our documented instructions and must provide appropriate security and confidentiality protections.

Professional and legal advisers: we may share personal data with accountants, auditors, insurers and legal advisers when necessary for the management of our business, the exercise or defence of legal claims, or to obtain professional advice.

Authorities and regulators: where required by law or in response to valid legal processes, we may disclose personal data to law enforcement agencies, courts, regulatory bodies or other public authorities.

Any sharing of personal data is limited to what is necessary for the relevant purpose, and we take steps to ensure that your data remains protected.

International Transfers

Where our service providers or systems are located outside the United Kingdom, or where personal data is otherwise transferred internationally, we take steps to ensure that your data is protected in line with UK data protection law. This may include relying on adequacy regulations for certain countries or implementing appropriate safeguards such as standard contractual clauses.

Data Retention

Gardeners Finsbury keeps personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting or reporting requirements.

Customer and contract data: we typically retain core contract and billing information for a period required by applicable tax and accounting laws after the end of our business relationship with you. This is to comply with legal obligations and for the establishment, exercise or defence of legal claims.

Service and communication records: information about services provided, appointments and routine communications is kept for a period consistent with our business needs and any legal requirements, after which it is securely deleted or anonymised.

Marketing and enquiry data: if you contact us with an enquiry but do not become a customer, we may retain limited information about your enquiry for a reasonable period to respond and follow up, after which it will be removed or anonymised. Where we rely on your consent for marketing, we will stop processing your data for this purpose if you withdraw consent.

When personal data is no longer required, we take appropriate steps to securely delete, destroy or anonymise it.

Your Data Protection Rights

As a data subject, you have several rights in relation to your personal data under the UK GDPR. These rights apply to Gardeners Finsbury customers and prospective customers within our service area, subject to certain conditions and legal exceptions.

Right of access: you have the right to request confirmation as to whether we process your personal data and, if so, to receive a copy of that data together with certain information about how we process it.

Right to rectification: you have the right to ask us to correct or complete personal data that you believe is inaccurate or incomplete.

Right to erasure: in certain circumstances, you may request that we delete your personal data. This is not an absolute right and may not apply where we have legal obligations or legitimate grounds to retain the data.

Right to restriction of processing: you may ask us to limit the processing of your personal data in certain situations, for example while we are verifying its accuracy or considering an objection you have raised.

Right to object: where we process your personal data based on legitimate interests, you have the right to object to such processing on grounds relating to your particular situation. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms or where processing is needed for legal claims.

Right to data portability: where processing is based on consent or contract and is carried out by automated means, you may request that we provide your personal data in a commonly used, machine-readable format or transfer it to another controller where technically feasible.

Rights related to consent and marketing: where we rely on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal. You also have the right to object at any time to the processing of your personal data for direct marketing.

We may need to ask you for information to confirm your identity before responding to a request to exercise your rights. We will respond within the time limits set by law.

Security

We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures are proportionate to the nature of the data and the risks associated with processing. While we take reasonable steps to secure your data, no system can be completely secure, and you should take care when sharing personal information with us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the services we offer. Any changes will take effect when the updated policy is made available. We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data.