Privacy Policy - Tree Surgeons Holborn
This Privacy Policy explains how Tree Surgeons Holborn collects, uses, stores, shares, and protects personal data when providing tree surgery and related services. It applies to all Tree Surgeons Holborn customers in the area, including prospective customers, current customers, and anyone who has interacted with us in connection with our services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We understand that privacy is important. This policy sets out what information we collect, why we collect it, the lawful bases we rely on, how long we keep it, who may process it on our behalf, and the rights available to you.
1. Information We Collect
We may collect and process a range of personal data depending on how you interact with us and the services you request. This may include:
- Identity details such as your name, title, and any business name you provide.
- Contact details such as address, email address, and telephone number.
- Property and service information including property access notes, site details, photographs of trees or outdoor areas, and records of work requested or completed.
- Payment and billing data such as invoicing information and transaction records.
- Communication records including enquiries, complaints, feedback, and correspondence.
- Technical information where relevant, such as limited device or browser data if you contact us through digital channels.
- Health or safety-related information only where necessary for risk assessment, site access, or safe delivery of services.
We do not intentionally collect more information than is needed for legitimate business and legal purposes. Where special category data is incidentally provided, we will only process it where necessary and lawful.
2. How We Use Your Data
We use personal data for the following purposes:
- To respond to enquiries and provide quotations.
- To arrange site visits and deliver tree surgery services.
- To manage bookings, invoices, and payments.
- To maintain records of work completed.
- To communicate about service updates, access requirements, or safety issues.
- To handle complaints, disputes, and customer support requests.
- To meet legal, regulatory, insurance, and tax obligations.
- To improve our services, processes, and customer experience.
We will only use your data in ways that are compatible with the purposes for which it was collected. Where we need to use data for a new purpose, we will ensure there is a valid legal basis before doing so.
3. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis for each processing activity. The lawful bases we rely on may include:
Contract
We process personal data when it is necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes providing quotations, scheduling work, delivering services, and issuing invoices.
Legal Obligation
We may process data to comply with legal obligations such as tax laws, accounting requirements, health and safety duties, and record-keeping obligations.
Legitimate Interests
We may process data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include managing our business, maintaining service records, preventing fraud, defending legal claims, and improving our services.
Consent
In limited cases, we may rely on your consent, for example where you have clearly agreed to receive certain communications or where consent is required for a specific processing activity. You may withdraw consent at any time where it is the basis used.
Vital Interests
In rare circumstances, we may process data to protect someone’s vital interests, such as an emergency situation involving serious risk to health or safety.
4. Sharing Your Information
We do not sell your personal data. We may share information with trusted third parties when necessary to operate our business and deliver services safely and effectively. These may include:
- IT and software providers that support record keeping, scheduling, email, and document storage.
- Payment service providers that process transactions securely.
- Accountants and professional advisers who assist with financial, tax, and compliance matters.
- Insurance providers where required for claims, risk management, or policy administration.
- Subcontractors or specialist processors who help with specific service tasks under our instruction.
- Public authorities where disclosure is required by law or in response to lawful requests.
Any third party acting as a processor is required to handle your data only on our instructions, to use appropriate security measures, and to keep the information confidential.
5. Processors and Data Protection Controls
Where we use processors, we take steps to ensure they meet data protection standards. These may include contractual obligations relating to confidentiality, security, sub-processing, and deletion or return of data when services end. We assess processors on the basis of reliability, technical and organisational safeguards, and their ability to comply with UK GDPR requirements.
Examples of processor activities may include secure hosting of records, sending appointment reminders, storing project documents, or processing payments. Processors do not have permission to use your personal data for their own purposes.
6. International Transfers
Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We will only transfer data where necessary and where suitable protections are available.
7. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods depend on the type of information and the reason it is held.
- Customer and service records are generally retained for the duration of the working relationship and for a reasonable period afterwards.
- Financial and tax records are retained for the period required by law.
- Correspondence and complaint records may be retained longer where needed to evidence communications, resolve disputes, or defend legal claims.
- Photographs and site notes are kept only as long as necessary for service delivery, safety, or record keeping.
When data is no longer needed, we will securely delete, anonymise, or destroy it.
8. Data Security
We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff awareness, and limiting access to data to those who need it for legitimate business purposes. While no system is completely secure, we take data protection seriously and continuously review our safeguards.
9. Your Rights
Under UK GDPR, you have several rights in relation to your personal data. These may include:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete data.
- Right to erasure – to request deletion of data in certain circumstances.
- Right to restriction – to ask us to limit how we use your data in certain situations.
- Right to data portability – to receive certain data in a structured, commonly used format where applicable.
- Right to object – to object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.
These rights are not absolute and may be subject to legal exceptions. We will respond to valid requests in accordance with applicable law.
10. Children’s Data
Our services are aimed at property owners, occupiers, and business customers. We do not knowingly collect personal data from children unless it is necessary in a specific service context and permitted by law. If we become aware that we have inadvertently collected such data, we will take appropriate steps to delete it where required.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. When we do so, we will revise the policy text accordingly. We encourage customers to review this policy periodically so they remain informed about how their information is used.
12. How We Comply With Data Protection Principles
We are committed to following the core principles of UK GDPR, including lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. This means we aim to collect only the data we need, use it fairly, keep it accurate, retain it only as long as necessary, and protect it with appropriate safeguards.
If you use Tree Surgeons Holborn services in the area, this policy applies to the personal data we process about you in connection with those services. By engaging with us, you acknowledge that your information may be handled in line with this policy and applicable data protection laws.
Last reviewed: This policy should be reviewed regularly to ensure it remains current and compliant.