Privacy Policy - Tree Surgeons Mortlake
This Privacy Policy explains how Tree Surgeons Mortlake collects, uses, stores, shares, and protects personal data. It applies to all customers, prospective customers, website users, suppliers, and other individuals whose personal information we process in connection with our services in the Mortlake area and surrounding area. We are committed to handling personal data lawfully, fairly, and transparently in line with the UK GDPR and the Data Protection Act 2018.
1. Who This Policy Applies To
This policy applies to all Tree Surgeons Mortlake customers in the area, including homeowners, landlords, tenants, commercial clients, and property managers who engage our services for tree surgery, arboricultural maintenance, pruning, felling, stump removal, emergency work, inspections, and related services. It also applies to individuals who enquire about our services, request quotations, or interact with us in any way that results in personal data being collected or processed.
2. Personal Data We Collect
We only collect personal data that is necessary for the delivery of our services, the management of our business, and compliance with legal obligations. The types of information we may collect include:
- Identity data: your name, title, and where relevant, company name or role.
- Contact data: postal address, email address, and telephone number.
- Property and service data: details about the property, trees, site access, requested work, photographs, and notes from site visits or surveys.
- Financial data: payment records, billing information, and transaction details.
- Communication data: records of emails, phone calls, messages, complaints, feedback, and correspondence.
- Technical data: limited information such as IP address or browser details if you interact with our digital services, where applicable.
- Legal and compliance data: risk assessments, consent records, permits, insurance-related information, and documents required for regulatory compliance.
We may also collect data from third parties where appropriate, such as landlords, managing agents, local authorities, insurance providers, or referral partners, but only where they are permitted to share that information with us.
3. How We Use Your Data
We use personal data for the following purposes:
- to provide quotations, assess job requirements, and plan tree surgery work;
- to carry out services safely and effectively;
- to communicate with you about bookings, schedules, site access, and service updates;
- to issue invoices, process payments, and maintain financial records;
- to respond to queries, complaints, and requests;
- to keep records of work completed, including before-and-after images where relevant;
- to improve our services, operations, and customer experience;
- to comply with legal, tax, insurance, and regulatory duties;
- to protect our rights, property, staff, customers, and third parties;
- to prevent fraud, misuse, or unlawful activity.
We do not sell personal data. We only use it for legitimate business purposes connected to our services and legal obligations.
4. Lawful Basis for Processing
Under data protection law, we must have a lawful basis to process personal data. The main lawful bases we rely on are:
Contract
We process your personal data when it is necessary to enter into or perform a contract with you. This includes preparing quotations, arranging services, carrying out agreed work, and managing payments.
Legal obligation
We may process personal data where required to comply with legal obligations, including tax records, insurance requirements, health and safety duties, and record-keeping requirements.
Legitimate interests
We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include managing enquiries, improving services, preventing fraud, maintaining business records, and protecting our operations.
Consent
In limited situations, we may rely on your consent, for example where it is appropriate to use certain optional information or where a specific form of communication requires permission. When we rely on consent, you may withdraw it at any time.
5. Sharing Your Data and Processors
We may share personal data with trusted third parties who help us deliver our services or operate our business. These third parties act as data processors or independent controllers depending on the circumstances. We only share data where necessary and under appropriate data protection safeguards.
Examples of processors and recipients may include:
- IT and cloud service providers: for secure data storage, email, and document management;
- accounting and bookkeeping providers: for invoicing, bookkeeping, and tax compliance;
- payment service providers: for processing transactions;
- surveying or subcontracted service providers: where specialist input is required to complete a job;
- insurance providers and advisers: where claims or risk matters must be assessed;
- legal, regulatory, or public authorities: where disclosure is required by law or necessary to protect rights and safety.
All processors are expected to handle personal data securely, keep it confidential, and process it only on our instructions where they are acting as processors. We take reasonable steps to ensure appropriate contractual protections are in place.
6. International Transfers
Where any service provider stores or accesses data outside the UK, we will ensure that appropriate safeguards are used. These may include adequacy regulations, standard contractual clauses, or equivalent legal mechanisms to protect your data.
7. Data Retention
We keep personal data only for as long as necessary for the purpose for which it was collected, including to satisfy legal, accounting, insurance, and reporting requirements. Retention periods may vary depending on the type of data and the nature of the work carried out.
In general:
- quotation and enquiry records may be retained for a limited period to manage follow-up and service history;
- job records, invoices, and payment information may be retained for accounting and tax purposes;
- health and safety records may be retained for longer where required by law or best practice;
- correspondence and complaints may be retained for the time needed to resolve issues and protect our legal position.
When data is no longer required, we will securely delete, anonymise, or archive it in line with our retention procedures. We will not keep personal data indefinitely without a valid reason.
8. Security of Your Data
We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include restricted access, secure storage, staff confidentiality obligations, password protection, and regular review of data handling practices. While no system is completely secure, we work to reduce risks and respond promptly to any suspected security incident.
9. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights may apply depending on the legal basis for processing and the circumstances of the request. Your rights include:
- Right of access: to request a copy of the personal data we hold about you.
- Right to rectification: to ask us to correct inaccurate or incomplete data.
- Right to erasure: to request deletion of your data in certain circumstances.
- Right to restriction: to ask us to limit processing in certain situations.
- Right to object: to object to processing based on legitimate interests or direct marketing.
- Right to data portability: to request transfer of certain data to you or another organisation, where applicable.
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
If you wish to exercise any of these rights, we may need to verify your identity before responding. We aim to deal with requests within the timescales required by law.
10. Children’s Data
Our services are generally intended for adults acting on behalf of properties or businesses. We do not knowingly collect personal data from children as part of our ordinary business activities. If we become aware that we have received such data without appropriate justification, we will take steps to delete it where required.
11. Complaints and Further Information
If you are concerned about how your personal data has been handled, you have the right to raise a complaint with the relevant data protection authority. You may also contact us to discuss any concerns, request clarification, or exercise your rights. We encourage individuals to contact us first so we can try to resolve the matter promptly and fairly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is published or otherwise communicated. We recommend reviewing this policy periodically to stay informed about how we protect personal data.
13. Summary of Our Commitment
Tree Surgeons Mortlake is committed to processing personal data responsibly, securely, and lawfully. We collect only what we need, use it for clear and legitimate purposes, retain it only as long as necessary, and respect the rights of all individuals whose data we process. This policy is designed to ensure transparency and accountability for all customers in the area we serve.