Privacy Policy
How Somerset Window Cleaning uses and protects your personal information.
Last updated: 22 September 2025
1) Who we are
Somerset Window Cleaning ("SWC", "we", "us", "our") provides window and exterior cleaning services across Somerset. We are the data controller for the personal data we process about our customers, prospective customers, and website visitors.
Contact for privacy matters: Privacy Lead, info@somersetwindowcleaning.co.uk, 01458 860 339, 13 Rockhaven Business Centre, Gravenchon Way, Street, Somerset, BA16 0HW.
If you are a commercial client and we work on your instruction (for example, as a subcontractor), we may act as your processor (in which case your privacy notice applies).
We process personal data under the UK data protection framework, including the UK GDPR as amended, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). Guidance on these laws is issued by the UK Information Commissioner's Office (ICO). Recent amendments are being implemented via the Data (Use and Access) Act 2025.
2) What data we collect
We only collect what we need to deliver our services:
- Identity & contact: name, email, and phone number.
- Property & access: service address, parking notes, safe-access instructions (for example, gate or side passage notes).
- Service & communications: quotes, bookings (including via our online booking page), job notes, messages, and emails.
- Photos: optional before/after job photos for quotes, quality assurance, or proofs of work (see section 6).
- Payments & transactions: invoice totals and payment confirmations. We do not store full card details; these are handled by our payment providers (GoCardless and Stripe).
- Website & device: IP address, pages viewed, and cookie or analytics data (see section 7).
- Business contacts (B2B): company name, role or title, and work contact details.
- Special category data: we do not seek this. If you voluntarily tell us something health related to help us work safely (for example, shielding preferences), we will use it only with your consent and only for that purpose.
3) How we use your data & legal bases
| Purpose | Examples | Legal basis |
|---|---|---|
| Quotes & bookings | Responding to enquiries, providing quotes, scheduling visits via our booking form. | Contract or steps to enter a contract |
| Carrying out services | Attending site, recording job notes, quality assurance. | Contract |
| Invoicing & payments | Issuing invoices, taking payments, processing refunds. | Contract; legal obligation (tax/accounting) |
| Customer service | Handling messages, rescheduling, and complaints. | Legitimate interests (running our business and helping customers) |
| Reviews & feedback | One-off messages after a job asking for feedback or reviews. | Legitimate interests; for email/SMS we follow PECR soft opt-in rules and always offer an opt-out. |
| Direct marketing | Occasional emails or texts to existing customers about relevant services with a clear opt-out. | Legitimate interests under the PECR soft opt-in (for our own similar services only). You can opt out at any time. |
| Safety & security | Maintaining basic logs to protect our website and services. | Legitimate interests |
| Legal, tax & compliance | Record-keeping and responding to lawful requests. | Legal obligation |
We do not sell your personal data.
4) Where data comes from
- Directly from you (enquiries, calls, emails, booking or quote forms, in person).
- From your organisation (if you are a site contact for a commercial job).
- From your device when you visit our website (cookies or analytics, see section 7).
5) Who we share data with
We use trusted service providers (processors) to run our business. They only process data under our instructions and must meet security and privacy standards. Typical categories include:
- Website hosting, booking or scheduling tools, email/SMS providers, invoicing or payment providers.
- Professional services such as accountants for financial records and insurers if a claim arises.
Some providers may be located outside the UK. See section 8 on international transfers.
6) Photos and social media
We may take property photos for quoting, quality checks, or proof of work. We will not publish identifiable photos of your home (for example, house numbers or vehicle plates) for marketing unless we have your consent or we have suitably anonymised the image.
7) Cookies & tracking technologies
We use necessary cookies to make the site work and, if enabled, optional analytics to help us improve the site. We ask for your consent for non-essential cookies where required, and you can change your choices at any time via our cookie banner or browser settings. UK cookie guidance is being updated following the Data (Use and Access) Act 2025 and we will adjust our approach as the ICO finalises its updated guidance.
Examples:
| Cookie/tool | Purpose | Type | Typical expiry |
|---|---|---|---|
| cmp_choice | Stores your cookie preferences. | Necessary | Up to 6 months |
| _ga, _gid (Google Analytics 4) | Site measurement and improvement (only when you consent). | Analytics (optional) | Up to 2 years |
Managing cookies: you can withdraw consent via our cookie banner at any time or control cookies in your browser settings. The ICO provides practical guidance on managing cookies on its website.
8) International transfers
If any provider stores or accesses your data outside the UK, we use recognised safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or we rely on a UK adequacy decision where available. For transfers to eligible US organisations, we may use the UK-US Data Bridge (the UK extension to the EU-US Data Privacy Framework).
9) How long we keep data
We keep personal data only as long as needed for the purposes above, including to comply with law and to resolve disputes:
- Quotes and enquiries: generally 12-24 months after last contact (so we can pick up if you re-book).
- Customer and job records, invoices, and payments: typically 6 years from the end of the financial year to meet UK accounting or tax obligations and to defend legal claims (the Limitation Act sets six years for simple contracts).
We then securely delete or anonymise data.
10) Your privacy rights
You have rights over your personal data, including access, rectification, erasure, restriction, portability, and the right to object to certain processing (for example, direct marketing). You can also withdraw consent where we rely on it. UK guidance on these rights is published by the ICO. To exercise any right, contact us using the details in section 1.
If we cannot verify your identity or if an exemption applies (for example, protecting others' data or fulfilling legal obligations), we will explain this to you.
11) Marketing preferences
For email or SMS marketing to existing customers, we follow PECR's soft opt-in rules and always include an unsubscribe link. You can opt out at any time, and we will continue to send essential service messages (appointments, invoices) regardless of marketing preferences.
12) Security
We use reasonable technical and organisational measures to protect your information, such as access controls, encrypted connections (HTTPS), staff need-to-know access, and reputable providers. No system is perfectly secure, but we work to reduce risks and review suppliers regularly.
13) Complaints
If you have concerns, please contact us first so we can help. You also have the right to complain to the Information Commissioner's Office (ICO) on 0303 123 1113 or via the ICO website.
14) Children
Our services and website are not aimed at children. We do not knowingly collect children's personal data.
15) Changes to this policy
We may update this notice to reflect changes in our services or the law (including ongoing ICO updates related to the Data (Use and Access) Act 2025). We will post the new version with a new "Last updated" date.