Privacy Policy - Tree Surgeon Hillingdon
This Privacy Policy explains how Tree Surgeon Hillingdon collects, uses, stores, and protects personal data. It applies to all Tree Surgeon Hillingdon customers in the area, including individuals, households, landlords, tenants, commercial property owners, and anyone who requests or receives tree surgery services. We are committed to handling personal information in a lawful, fair, transparent, and secure manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who This Policy Applies To
This policy applies to all personal data processed in connection with enquiries, quotations, bookings, site visits, service delivery, invoicing, aftercare, and any other interaction related to Tree Surgeon Hillingdon services. It covers both prospective customers and existing customers, as well as third parties whose details may be provided to us during the course of arranging or completing work, such as site managers, neighbours, landlords, property agents, or authorised representatives.
2. Data We Collect
We may collect the following categories of personal data:
- Identity details such as name, title, and, where relevant, company name.
- Contact information including address, email address, and telephone number.
- Property and service details such as service address, access information, tree location, photographs of the site, and notes about the work required.
- Enquiry and communication records including messages, call notes, quote requests, complaint details, and correspondence.
- Transaction and payment records such as invoices, payment status, and billing history.
- Technical information where applicable, including limited device or browser data gathered through standard website functionality or email systems.
- Health and safety information if it is necessary for carrying out tree surgery safely, for example access restrictions, hazard notices, or relevant site conditions.
We do not intentionally collect special category data unless it is strictly necessary and a lawful basis applies. If such data is incidentally provided, it will only be used where needed for a legitimate operational or legal purpose and with appropriate safeguards.
3. How We Use Personal Data
We use personal data for the following purposes:
- To respond to enquiries and provide quotations.
- To assess the work required and plan visits.
- To deliver tree surgery, pruning, removal, stump grinding, and related services.
- To manage customer accounts, bookings, invoices, and payments.
- To communicate about appointments, service updates, and follow-up matters.
- To keep records for business, tax, insurance, and legal compliance.
- To improve our services, internal processes, and customer experience.
- To protect against fraud, misuse, or unlawful activity.
We only use personal data in ways that are compatible with the purpose for which it was collected, unless we have a lawful basis for another use.
4. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis to process personal data. The lawful bases we rely on are:
Contract
We process personal data where it is necessary to enter into or perform a contract with you, such as preparing quotations, arranging works, and completing services you have requested.
Legal Obligation
We may process data where needed to comply with laws and regulations, including accounting requirements, tax obligations, health and safety duties, and record-keeping obligations.
Legitimate Interests
We may process personal data where it is necessary for our legitimate business interests, provided your rights and freedoms do not override those interests. This may include managing customer enquiries, maintaining service records, preventing misuse, improving operational efficiency, and defending legal claims. When relying on legitimate interests, we consider the necessity and impact of the processing carefully.
Consent
In limited situations, we may rely on consent, for example where we need permission for certain optional forms of communication or non-essential uses of information. Where consent is used, it can be withdrawn at any time.
5. Data Sharing and Processors
We may share personal data with trusted third-party processors who support the operation of Tree Surgeon Hillingdon. These processors act on our instructions and are required to protect data appropriately. Examples may include:
- IT and cloud service providers used for secure storage, email, and administrative systems.
- Accounting and invoicing services used for financial management and tax compliance.
- Payment service providers used to process transactions securely.
- Scheduling, record management, or customer administration tools used to organise bookings and records.
- Professional advisers such as insurers, legal advisers, or accountants where necessary.
We may also share data with public authorities, regulators, or law enforcement bodies where required by law or where disclosure is necessary to protect our rights, property, staff, customers, or the public.
We do not sell personal data. Any sharing is limited to what is necessary and is carried out under appropriate contractual and security controls.
6. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, tax, insurance, and dispute-resolution requirements. Retention periods depend on the nature of the information and the reason for processing.
- Customer and service records are kept for a period that supports proper business administration and legal compliance.
- Financial records are kept for the period required by tax and accounting law.
- Communications and quotations may be retained for a reasonable period to support service history and handling of queries.
- Health and safety-related records may be kept longer where required for legal defence or compliance purposes.
When personal data is no longer needed, we will delete it or anonymise it securely. If deletion is not immediately possible, we will ensure it is stored securely and no longer actively used.
7. Data Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and regular review of data handling practices. While no system can be guaranteed to be completely secure, we aim to use reasonable and proportionate safeguards at all times.
8. International Transfers
If any processor or service provider stores or accesses data outside the UK, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms permitted under data protection law.
9. Your Rights
As a data subject, you have rights in relation to your personal data. Subject to legal limits and verification of identity, these rights may include:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete information.
- Right to erasure – to request deletion of your data in certain circumstances.
- Right to restriction – to ask us to limit how we use your data in certain situations.
- Right to data portability – to receive certain data in a structured, commonly used format where applicable.
- Right to object – to object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data rights have been infringed. We encourage you to raise concerns first so that we can try to resolve them promptly and fairly.
10. Cookies and Similar Technologies
If online systems or digital tools are used in connection with our services, limited cookies or similar technologies may be used for basic functionality, security, or performance purposes. Where consent is required, appropriate notice will be provided. You can manage cookie settings through your browser or device where applicable.
11. Children’s Data
Our services are generally directed to adults. We do not knowingly collect personal data from children unless it is necessary in connection with a property service arrangement and only with appropriate authorisation from a parent, guardian, or responsible adult. If we become aware that we have collected data from a child without the proper basis, we will take steps to delete it where required.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal, operational, or service-related changes. Any updates will take effect when published in the revised form. We encourage customers to review this policy periodically so they remain informed about how their personal data is handled.
13. Contact and Further Information
If you have questions about this Privacy Policy, your rights, or how your data is handled, you should review the relevant records or use the usual channels provided by Tree Surgeon Hillingdon for service administration. We will respond to reasonable requests and deal with data protection concerns in accordance with applicable law.
By using Tree Surgeon Hillingdon services, you acknowledge that your personal data may be processed as described in this Privacy Policy.