Privacy Policy - Tree Surgeons Coneyhall
This Privacy Policy explains how Tree Surgeons Coneyhall collects, uses, stores, shares, and protects personal data. It applies to all Tree Surgeons Coneyhall customers in the area, including prospective customers, current customers, and anyone who has contacted us about tree surgery, arboricultural services, site assessments, quotations, maintenance, or related work. We are committed to processing personal data fairly, lawfully, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Tree Surgeons Coneyhall provides tree surgery and related outdoor services to customers in the local area. For the purposes of data protection law, we act as the data controller when we decide why and how personal data is used in connection with our services. This policy applies to information collected in person, by phone, by email, through online enquiry forms, or during the course of a service relationship.
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity data such as your name and title.
- Contact data such as your address, email address, and telephone number.
- Service information such as details of the work requested, site notes, access requirements, and photographs of trees or land where relevant.
- Transaction data such as invoices, payment status, and records of services provided.
- Communication data including messages, correspondence, and notes from phone calls or meetings.
- Technical data where applicable, such as basic device or browser information if an online form is used.
- Legal and compliance data such as records needed for insurance, tax, health and safety, or dispute handling.
We do not normally seek to collect special category data. However, if such data is accidentally included in communications, we will only process it where a lawful basis exists and where it is necessary for the relevant purpose.
3. How We Use Personal Data
We use personal data to provide and manage our services, including:
- responding to enquiries and preparing quotations;
- arranging visits, assessments, and scheduled work;
- delivering tree surgery and related services safely and effectively;
- managing billing, payments, and customer records;
- maintaining health and safety, insurance, and compliance records;
- handling complaints, questions, or disputes;
- meeting legal, tax, and regulatory obligations;
- improving our services and managing our business operations.
We only use personal data for the purposes for which it was collected, unless we reasonably determine that another compatible purpose applies.
4. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis for each use of personal data. The lawful bases we rely on may include:
Performance of a Contract
We process personal data where it is necessary to take steps before entering into a contract, or to perform a contract with you. This includes providing quotations, carrying out tree surgery services, invoicing, and managing your customer account or booking.
Legitimate Interests
We may process data where it is necessary for our legitimate business interests and where those interests are not overridden by your rights and freedoms. This may include managing enquiries, keeping accurate records, improving service quality, preventing fraud, and protecting our business, staff, customers, and property.
Legal Obligation
We may process personal data where required to comply with legal obligations, such as accounting, tax, health and safety, insurance, or responding to lawful requests from authorities.
Consent
In limited circumstances, we may rely on your consent, for example where it is required for a specific optional activity. Where consent is used, you have the right to withdraw it at any time.
5. Sharing and Processors
We may share personal data with trusted third parties where necessary for service delivery, administration, or compliance. These parties act as processors or independent controllers depending on the service they provide.
Examples of processors may include:
- IT and cloud storage providers;
- email and communication service providers;
- accounting and bookkeeping providers;
- payment processing services;
- customer administration or scheduling tools;
- professional advisers such as insurers, accountants, or legal advisers where relevant.
Where a processor is used, we require them to handle personal data securely, only on our instructions, and in compliance with data protection law. We do not sell personal data. We will only share information with other third parties where necessary, lawful, and proportionate.
6. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including satisfying legal, accounting, insurance, and record-keeping requirements. The retention period depends on the type of information and the reason it is held.
- Customer and service records are generally retained for as long as needed to manage the relationship and any follow-up work.
- Financial and tax records are retained for the period required by law.
- Health and safety or insurance-related records may be retained for a longer period where necessary to protect legal rights or defend claims.
- Enquiry records may be kept for a reasonable period after the enquiry ends, unless you ask us to delete them and we are not required to retain them.
When personal data is no longer needed, we will delete, anonymise, or securely destroy it.
7. Data Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and careful handling of paper and electronic records. While no system is completely secure, we take reasonable steps to protect the information we hold.
8. Your Rights
Under data protection law, you have certain rights regarding your personal data. These rights may include:
- Right of access - you can request a copy of the personal data we hold about you.
- Right to rectification - you can ask us to correct inaccurate or incomplete data.
- Right to erasure - you can ask us to delete your data in some circumstances.
- Right to restrict processing - you can ask us to limit how we use your data in certain situations.
- Right to data portability - you can ask for certain information to be transferred to you or another controller.
- Right to object - you can object to processing based on legitimate interests or direct marketing, where applicable.
- Right to withdraw consent - where processing is based on consent, you may withdraw it at any time.
These rights are not absolute and may be subject to legal exceptions. We will respond to valid requests in line with applicable law.
9. How to Exercise Your Rights
If you wish to exercise any of your rights, you should provide enough information for us to identify you and understand your request. We may need to verify your identity before responding. We will aim to respond within one month, although this may be extended where requests are complex or numerous.
10. International Transfers
Where any of our processors or service providers store or access data outside the UK, we will ensure appropriate safeguards are in place so that your personal data remains protected to an adequate standard.
11. Children’s Data
Our services are directed to adult customers and property owners, not children. We do not knowingly collect children’s personal data unless it is incidentally provided by an adult customer in connection with a service request.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data handling practices. Any updated version will apply from the date it is made available. We encourage you to review this policy periodically to stay informed about how your data is used.
13. Summary of Our Commitment
Tree Surgeons Coneyhall treats your personal data with care, confidentiality, and respect. We collect only what we need, use it for clear and lawful purposes, keep it only for as long as necessary, and share it only with trusted processors or where required by law. Your privacy matters to us, and we are committed to handling your information in a way that is fair, secure, and compliant with data protection law.