Privacy Policy - Tree Surgeons Eltham
This Privacy Policy explains how Tree Surgeons Eltham collects, uses, stores, shares, and protects personal data when providing tree surgery and related services. It applies to all Tree Surgeons Eltham customers in the area, including individuals, property owners, landlords, tenants, business clients, and any other person who contacts us, requests a quotation, books a service, or receives our services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Tree Surgeons Eltham provides arboricultural services such as tree pruning, tree removal, stump grinding, hedge maintenance, emergency tree work, site clearance, and related property services. In delivering these services, we may collect and process personal data where it is necessary to manage enquiries, perform work safely, maintain records, and meet legal obligations.
We take privacy seriously and only process personal information that is relevant, adequate, and limited to what is necessary for the purposes set out in this policy.
2. Data we collect
We may collect the following categories of personal data:
- Identity data such as your name, title, and any business or organisation name.
- Contact data such as telephone number, email address, postal address, and property access details where needed.
- Service and enquiry data such as information about your trees, garden, site conditions, work requested, quote details, and appointment preferences.
- Technical data such as IP address, browser type, and device information if you interact with digital systems or forms.
- Transaction data such as invoicing details, payment records, service history, and correspondence relating to quotations or bookings.
- Safety and access data such as notes about hazards, site restrictions, parking, access instructions, or health and safety considerations.
- Communication data including messages, call notes, complaints, feedback, and records of any ongoing discussions.
We normally do not intentionally collect special category data unless it is provided by you and is necessary for a specific lawful purpose. If such data is ever required, we will handle it with extra care and only where a valid legal basis applies.
3. How we collect your data
We may collect personal data directly from you when you:
- make an enquiry or request a quotation;
- book or receive tree surgery services;
- communicate with us by phone, email, text, or in person;
- submit information for access, scheduling, or site assessment purposes;
- provide feedback, ask a question, or make a complaint.
We may also receive data from third parties where appropriate, such as from property managers, contractors, insurers, local authorities, or other persons acting on your behalf. In some cases, we may also collect limited information from publicly available sources or professional records where needed for service delivery or compliance.
4. How we use your personal data
We use personal data for the following purposes:
- to respond to enquiries and provide quotations;
- to assess site conditions and plan work safely;
- to deliver tree surgery and related services;
- to manage scheduling, attendance, and operational coordination;
- to issue invoices, process payments, and maintain financial records;
- to communicate with you about your booking, service, or account;
- to handle complaints, disputes, and service-related queries;
- to comply with legal, tax, insurance, and health and safety obligations;
- to maintain internal records and improve our services;
- to defend legal claims or establish, exercise, or defend legal rights.
We will only use your data where we have a lawful basis to do so.
5. Lawful basis for processing
Under UK GDPR, we must have a lawful basis for each processing activity. Tree Surgeons Eltham relies on one or more of the following lawful bases:
Performance of a contract
We process personal data when it is necessary to provide a quotation, arrange services, carry out agreed work, manage payments, or fulfil any contract with you.
Legitimate interests
We may process data where it is in our legitimate interests to operate, improve, and secure our services, provided your rights and interests do not override those interests. This may include record keeping, customer service, site planning, fraud prevention, and business administration.
Legal obligation
We may process data where we are required to do so under law, including tax rules, accounting obligations, insurance requirements, and health and safety duties.
Consent
In limited circumstances, we may rely on your consent, for example where you have agreed to receive certain optional communications. Where consent is used, you may withdraw it at any time.
Vital interests
In rare situations, we may process personal data to protect someone’s vital interests, for example if there is a serious and immediate safety issue on site.
6. Sharing your data and processors
We may share personal data with trusted third parties where necessary for the purposes described in this policy. These third parties act as processors or independent controllers depending on the service provided.
Examples of processors and service providers may include:
- IT and data storage providers that host records, backups, and secure business systems;
- accounting and bookkeeping providers that help manage invoices, tax records, and financial administration;
- payment service providers that process card or electronic payments;
- communication tools used for email, telephone, messaging, or appointment management;
- document and record management providers that assist with secure retention and archiving;
- professional advisers such as insurers, solicitors, or consultants where necessary;
- subcontractors or specialist contractors who assist in delivering services under our instruction;
- public authorities where disclosure is required by law or for regulatory purposes.
We only share data when there is a legitimate reason to do so and where appropriate safeguards are in place. We require processors to protect personal data, use it only on our instructions, and apply suitable technical and organisational security measures.
7. International transfers
Where a processor or service provider stores or accesses personal data outside the UK, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or equivalent lawful protection measures.
8. Data retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods may vary depending on the type of information and the reason it is held.
- Enquiry records may be kept for a reasonable period to manage follow-up and customer service.
- Job and contract records may be retained for the duration of the working relationship and a further period after completion.
- Invoice, payment, and tax records are generally retained for the period required by law.
- Health and safety or insurance-related records may be retained for longer where necessary to manage claims or legal obligations.
When personal data is no longer needed, we will delete it securely or anonymise it so that it can no longer identify you.
9. Data security
We use reasonable technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures may include access controls, secure storage, password protection, and restricted use of data among staff and authorised contractors.
While no system is completely secure, we take appropriate steps to reduce risk and review our safeguards regularly.
10. Your rights
Under data protection law, you have rights in relation to your personal data. These rights may include:
- the right of access to obtain a copy of the personal data we hold about you;
- the right to rectification to correct inaccurate or incomplete data;
- the right to erasure in certain circumstances, also known as the right to be forgotten;
- the right to restrict processing in certain situations;
- the right to data portability where applicable;
- the right to object to processing based on legitimate interests or direct marketing;
- the right to withdraw consent where processing is based on consent;
- the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.
Some rights are subject to legal exceptions and may not apply in every situation. If you exercise a right, we may need to verify your identity before responding.
11. Children’s data
Our services are generally intended for adult customers and property-related contacts. We do not knowingly collect data from children unless it is incidental and necessary for a service enquiry or legal reason. If we become aware that we have collected information from a child without appropriate basis, we will take steps to delete it where required.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service arrangements. Any updated version will apply from the date it is published or otherwise communicated.
13. Contact and further information
If you have questions about this Privacy Policy or how your personal data is handled, you may raise concerns through our usual communication channels. You also have the right to contact the Information Commissioner’s Office if you are dissatisfied with our response.
This policy is intended to provide clear information about how Tree Surgeons Eltham manages personal data and to support compliance with applicable data protection law.