Privacy Policy - Landscaping Millbank
This Privacy Policy explains how Landscaping Millbank collects, uses, stores, shares, and protects personal data. It applies to all Landscaping Millbank customers in area, including people who enquire about our services, receive quotes, book work, or otherwise interact with us in connection with landscaping services. We are committed to handling personal data fairly, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Landscaping Millbank provides landscaping and related property maintenance services. For the purposes of data protection law, we act as the data controller when we decide how and why personal data is processed. This means we determine the purposes and means of processing personal information that relates to customers, prospects, suppliers, and other relevant individuals.
2. Personal data we collect
We only collect personal data that is relevant and necessary for our services, business operations, and legal obligations. The types of data we may collect include:
- Identity details such as name and title.
- Contact details such as address, email address, and telephone number.
- Service information such as property details, project requirements, service preferences, and records of quotes, bookings, and completed work.
- Payment and billing information such as invoice details and transaction records.
- Communication records including emails, messages, notes from calls, and complaint or feedback records.
- Technical data if you visit any online services associated with our business, such as device information or basic usage data.
- Photographs or site images where needed to assess work, document projects, or confirm completion.
We do not intentionally collect special category data unless it is strictly necessary and we have a valid legal basis to do so. If special category data is ever provided to us, it will be handled with extra care and in accordance with applicable law.
3. How we use personal data
We use personal data for legitimate business purposes connected to our services. These purposes may include:
- responding to enquiries and providing quotations;
- planning, delivering, and managing landscaping services;
- setting up and maintaining customer records;
- preparing invoices, processing payments, and managing accounts;
- communicating about appointments, updates, and service-related issues;
- handling complaints, disputes, or requests;
- maintaining business records and meeting legal, tax, or regulatory requirements;
- improving our services, workflows, and customer experience;
- protecting our business, staff, and customers from fraud, misuse, or security incidents.
We only use personal data in ways that are compatible with the purpose for which it was collected, unless we have a lawful basis to use it for another compatible purpose.
4. Lawful basis for processing
Under data protection law, we must have a lawful basis before we process personal data. Landscaping Millbank may rely on one or more of the following lawful bases:
Contract
We process personal data where it is necessary to enter into or perform a contract with you. This includes providing quotes, booking services, carrying out landscaping work, and managing billing or service communications.
Legal obligation
We process personal data where needed to comply with legal duties, including record-keeping, accounting, taxation, and other obligations under applicable law.
Legitimate interests
We may process personal data where it is necessary for our legitimate business interests, provided that these interests are not overridden by your rights and freedoms. This can include managing our business efficiently, improving services, keeping proper records, and preventing fraud or misuse.
Consent
In limited circumstances, we may rely on consent, for example where it is required for a particular form of communication or optional activity. Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
5. Sharing personal data and processors
We may share personal data only when necessary and only with trusted third parties who assist us in operating our business. These third parties act as processors when they process data on our behalf and under our instructions. Examples may include:
- IT and cloud service providers that store records or support business systems;
- accounting and bookkeeping providers that assist with financial administration;
- payment service providers that process transactions;
- communication service providers that support email, telephone, or messaging functions;
- professional advisers such as accountants, insurers, or legal advisers where necessary;
- subcontractors or suppliers involved in delivering services, where limited details are needed for coordination.
We require our processors to keep personal data secure, to use it only for authorised purposes, and to comply with data protection law. We do not sell personal data. We do not share personal data with unrelated third parties unless required by law, necessary to protect rights or safety, or instructed by you.
6. Data retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting, reporting, and business continuity purposes. Retention periods depend on the type of data and the reason it is held. In general:
- customer enquiry records may be kept for a reasonable period after the enquiry ends;
- contract, invoice, and payment records may be retained for the period required by tax and accounting laws;
- project records may be retained for as long as needed to support service history, warranty matters, or dispute resolution;
- communication records may be retained where needed to document decisions or manage ongoing relationships.
When personal data is no longer required, we will delete it, anonymise it, or securely archive it in accordance with our retention practices. We do not retain data indefinitely.
7. Data security
We take appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include access controls, secure storage, password protection, limited staff access, and careful oversight of third-party processors. While no system can be guaranteed completely secure, we work to reduce risk and respond appropriately to any suspected data incident.
8. Your rights
As a data subject, you have rights under UK GDPR in relation to your personal data. Subject to legal conditions and exemptions, your rights may include:
- the right to be informed about how your data is used;
- the right of access to obtain a copy of the personal data we hold about you;
- the right to rectification of inaccurate or incomplete data;
- the right to erasure in certain circumstances;
- the right to restrict processing in certain circumstances;
- the right to data portability where applicable;
- the right to object to processing based on legitimate interests or direct marketing;
- rights relating to automated decision-making, where relevant.
Where we process data based on consent, you may withdraw consent at any time. Where we rely on legitimate interests, you may object to that processing and we will consider whether our interests override your rights and freedoms. We may need to keep certain information where the law requires it or where we need it to establish, exercise, or defend legal claims.
9. Children’s data
Our services are generally intended for adults. We do not knowingly collect children’s personal data except where it is incidentally provided in the course of customer communications or service delivery. If we become aware that we have collected personal data from a child without appropriate authority or lawful basis, we will take reasonable steps to delete it.
10. International transfers
If any processor stores or accesses personal data outside the UK, we will ensure appropriate safeguards are in place as required by data protection law. These safeguards may include adequacy regulations, standard contractual clauses, or equivalent legal protections to help keep personal data secure and properly protected.
11. Complaints and changes to this policy
If you have concerns about how we handle personal data, you have the right to raise them with the relevant data protection authority. We also encourage you to review this policy from time to time, as we may update it to reflect changes in law, business practices, or service arrangements. Any updates will apply from the date they are published or otherwise communicated.
Landscaping Millbank is dedicated to respecting privacy, using personal data responsibly, and maintaining the trust of every customer in area. This policy is designed to be clear, fair, and compliant with applicable data protection requirements.