Waterloo Cleaner Privacy Policy

This Privacy Policy explains how Waterloo Cleaner collects, uses, discloses, and protects personal data of all Waterloo Cleaner customers within our service area. It is intended to comply with the General Data Protection Regulation and related data protection laws. By using our services, you acknowledge that you have read and understood this Privacy Policy.

Scope and Data Controller

This Privacy Policy applies to all Waterloo Cleaner customers in our service area, including individuals and businesses who request or receive our cleaning services. Waterloo Cleaner is the data controller of the personal data processed in connection with the provision of these services. As data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that such processing complies with applicable law.

Types of Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with us and the services you request. The personal data we may collect includes identification and contact details such as name, address, service location, billing address, and any other contact details you provide to arrange our services. We also process communication data such as information you include when you contact us, request a quote, make a booking, or provide feedback or complaints about our services.

In addition, we collect service-related data, including dates and times of bookings, details of the cleaning services you request, access instructions for the property where services are provided when you choose to share them, and records of completed work. We may process billing and payment-related information, such as details necessary to issue invoices and confirm that payment has been made. When you visit our website, we may collect technical data such as your browser type, device type, and general usage data to ensure site security and improve user experience. We do not intentionally collect sensitive personal data unless you voluntarily provide it and it is necessary for a clearly identified purpose, such as accessibility requirements.

Purposes and Legal Bases for Processing

We process your personal data only when we have a lawful basis under the GDPR. The primary purpose is to provide our cleaning services. This includes managing bookings, arranging access to your premises, delivering the requested services, and communicating with you about your service. The legal basis for this is the performance of a contract or taking steps at your request prior to entering into a contract.

We also process data to handle billing and payments, including issuing invoices, recording payments, and maintaining appropriate financial and tax records. This processing is necessary for the performance of a contract and to comply with legal obligations related to accounting and taxation. We may process your data to respond to enquiries, complaints, or requests, and to maintain records of our communications. This is based on our legitimate interest in managing our customer relationships and improving our services, as well as performance of a contract where relevant.

In some cases, we may process your data for marketing and service information purposes, such as informing you about updates to our services or similar services you might reasonably expect to hear about. Where required by law, we will obtain your consent before sending marketing communications, and you can withdraw your consent at any time. We may also process personal data to comply with legal obligations, enforce our contractual rights, prevent fraud or misuse of our services, and ensure the security and integrity of our operations. This is based on compliance with legal obligations and our legitimate interests in protecting our business and customers.

Data Retention

We keep personal data for no longer than is necessary for the purposes for which it was collected. The length of time we retain your data depends on the type of data and the reasons we process it. We generally retain customer account and service records for as long as you remain a customer and for a reasonable period thereafter, to respond to any queries or disputes and to comply with legal and tax requirements.

Financial records, including invoices and payment confirmations, are retained for the period required by applicable tax and accounting laws. Communications relating to enquiries, feedback, or complaints may be kept for a period that allows us to manage our relationship with you, monitor service quality, and address any ongoing issues. At the end of applicable retention periods, we will either securely delete or anonymise personal data so that it can no longer be linked to an identifiable person.

Use of Data Processors

In some cases, we engage third parties to process personal data on our behalf. These third parties act as data processors and may provide services such as secure data hosting, appointment management tools, customer relationship management systems, or accounting and invoicing support. When we use data processors, we only share the personal data that is necessary for them to perform the relevant services.

We select processors that can demonstrate they apply appropriate technical and organisational measures to protect your data in accordance with applicable data protection laws. We enter into written agreements with all processors that set out their obligations, including requirements to process personal data only on our documented instructions, to maintain confidentiality, to implement data security measures, and to assist us in responding to data subject requests and managing data breaches when required.

Data Sharing and International Transfers

We do not sell your personal data. We may share your data with trusted third parties when this is necessary for the provision of our services, compliance with legal obligations, or the protection of our legitimate interests. This may include professional advisers such as accountants or legal advisers, and authorities or regulators when required by law or to protect our rights.

If any of our service providers or data processors are located outside the European Economic Area or the United Kingdom, we take steps to ensure that an adequate level of protection is in place. This may include using jurisdictions that have been recognised as providing an adequate level of data protection, or entering into contracts that incorporate appropriate data protection safeguards, such as standard contractual clauses approved by relevant authorities.

Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures may include access controls, secure storage systems, staff training on data protection responsibilities, and regular review of our security practices. Although we take reasonable steps to safeguard your data, no system is completely secure and we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will follow our legal obligations to notify the relevant supervisory authority and, where required, inform you without undue delay.

Your Data Protection Rights

You have a number of rights regarding your personal data under the GDPR and other applicable data protection laws. These rights are subject to certain conditions and legal exceptions, and we will always explain if an exception applies. You have the right to request access to the personal data we hold about you and to receive information about how we process it. You also have the right to request correction of inaccurate or incomplete personal data.

In certain circumstances, you have the right to request that we delete your personal data or restrict its processing, for example where the data is no longer needed for the original purpose or where you have withdrawn consent. You may have the right to object to processing based on our legitimate interests, including profiling, and we will consider your objection and stop processing unless we have compelling legitimate grounds to continue. Where processing is based on your consent or carried out by automated means for the performance of a contract, you may also have the right to data portability, allowing you to receive your data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

You can withdraw your consent to processing at any time when we rely on consent as the legal basis, without affecting the lawfulness of processing carried out before withdrawal. You also have the right to lodge a complaint with a supervisory authority if you believe that your data protection rights have been infringed. We encourage you to contact us first so that we can try to resolve your concerns directly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, our services, or applicable legal requirements. Any updated version will apply from the date it is made available. We encourage you to review this Policy periodically to stay informed about how we handle your personal data.