Privacy Policy

Gardeners St Giles Privacy Policy

This Privacy Policy explains how Gardeners St Giles collects, uses, stores and protects personal data relating to customers and prospective customers. It also explains the rights that individuals have under the UK General Data Protection Regulation and related data protection laws. This Privacy Policy applies to all Gardeners St Giles customers and prospective customers in our service area, whether you contact us online, by post or in person.

Who We Are

Gardeners St Giles is a gardening and grounds maintenance business providing services to residential and commercial customers in our service area. For the purposes of data protection law, Gardeners St Giles is the data controller for the personal data described in this Privacy Policy. This means we decide how and why personal data is used.

Personal Data We Collect

We collect and process different types of personal data depending on how you interact with us and which services you use. This may include:

Identification and contact details, such as your name, postal address, service address, and any other address you provide, as well as your preferred contact details.

Service and project information, such as details of your garden or outdoor space, photographs you provide to help us scope work, records of work carried out, visit dates, service notes, and any associated instructions or preferences.

Account and billing information, such as details of the services you have requested or received, billing history, payment status, invoices, and information required for accounting and tax purposes. Payment details may be processed by our chosen payment processors.

Communication records, including enquiries, quotes, correspondence, feedback, and complaints, as well as records of our responses.

Technical and usage information where you use our website or online services, which may include IP address, device and browser details, and information about how you navigate our site. This may be collected through cookies or similar technologies where permitted by law and your browser settings.

How We Collect Personal Data

We collect personal data directly from you when you contact us to request a quote, make a booking, enter into a contract for services, or communicate with us by any means.

We may also receive personal data from third parties that help us provide our services, such as payment processors, as well as from publicly available sources where appropriate and lawful.

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. Depending on the context, we rely on the following lawful bases:

Contract: where processing is necessary to enter into or perform a contract with you, such as providing gardening services, managing bookings, and handling payments.

Legal obligation: where processing is required to comply with legal obligations, including accounting, tax, and record-keeping requirements, or to respond to lawful requests from public authorities.

Legitimate interests: where processing is necessary for our legitimate business interests and these interests are not overridden by your rights and freedoms. This may include planning and improving our services, managing our relationship with you, preventing fraud or misuse of our services, and protecting our business operations.

Consent: where you have given us clear consent to process your personal data for a specific purpose, for example, to receive certain forms of marketing. When our processing is based on consent, you can withdraw that consent at any time.

How We Use Personal Data

We use personal data for the following purposes:

To provide and manage our gardening and maintenance services, including arranging site visits, carrying out work, and following up on ongoing maintenance schedules.

To respond to enquiries, provide quotations, and manage bookings or cancellations.

To manage billing, invoicing, and payment collection, and to maintain accurate financial and service records.

To communicate with you about your services, updates to our terms and policies, and other administrative information.

To improve our services, understand customer needs, and manage our business operations, including planning workloads and staff allocation.

To manage feedback, handle complaints, and resolve disputes.

To comply with applicable laws, regulations, and legal processes.

Sharing Personal Data with Processors and Other Recipients

We do not sell personal data. We may share personal data with third parties where this is necessary for the purposes set out in this Privacy Policy and where appropriate safeguards are in place.

Service providers and processors. We may share personal data with trusted third-party suppliers who provide services to us, such as payment processing, accounting, IT support, data hosting, and administrative services. These third parties act as data processors and only process personal data on our documented instructions, under written contracts, and with appropriate security measures.

Professional advisers. We may share personal data with professional advisers, such as accountants or legal advisers, where this is necessary for the services they provide to us.

Public authorities and legal bodies. We may disclose personal data where required by law or where we need to protect our rights or the rights of others, including in connection with legal claims or investigations.

Any sharing of personal data is limited to what is necessary and proportionate to achieve the relevant purpose.

International Data Transfers

Where it is necessary for us to transfer personal data outside the United Kingdom or the European Economic Area, we will only do so where appropriate safeguards are in place to protect your data, such as using standard contractual clauses approved by relevant authorities or ensuring that the destination country offers an adequate level of data protection.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to meet our legal, accounting, and reporting obligations.

In general, we keep customer records, including contact details, service history, and invoices, for as long as you remain a customer and for a defined period after services end, to handle any follow-up queries, disputes, or legal requirements. Financial and tax-related records are retained for the period required by applicable law.

When personal data is no longer needed, we will securely delete or anonymise it in line with our data retention procedures.

Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures may include restricted access to records, secure storage of physical documents, and security measures for our information systems.

While we take care to protect your personal data, no system can be completely secure. If we become aware of a personal data breach that poses a risk to your rights and freedoms, we will act in accordance with our legal obligations, which may include notifying you and relevant authorities.

Your Data Protection Rights

Under data protection law, you have a number of rights in relation to your personal data. These rights apply to all Gardeners St Giles customers in our service area, subject to certain legal limitations and exemptions.

Right of access. You can request confirmation of whether we process your personal data and request a copy of that data.

Right to rectification. You can ask us to correct or update inaccurate or incomplete personal data.

Right to erasure. You can request that we delete your personal data where there is no longer a lawful basis for us to retain or use it, subject to our legal obligations.

Right to restriction. You can ask us to restrict the processing of your personal data in certain circumstances, for example while we verify its accuracy or assess an objection.

Right to object. You can object to our processing of your personal data where we rely on legitimate interests as our lawful basis. We will stop processing unless we have compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is required for legal claims.

Right to data portability. You can request that we provide certain personal data to you or to another organisation in a structured, commonly used, and machine-readable format where the processing is based on consent or contract and carried out by automated means.

Right to withdraw consent. Where we rely on your consent to process personal data, you can withdraw your consent at any time. This will not affect the lawfulness of processing prior to withdrawal.

You also have the right to lodge a complaint with a supervisory authority if you are concerned about how your personal data is being handled. In most cases, this will be the data protection authority in the country where you live or work.

Marketing Communications

We may, where permitted by law, use your contact details to send you information about our services that we believe may be of interest to you. Where consent is required, we will only send such communications if you have chosen to receive them. You can opt out of marketing communications at any time by contacting us using your usual contact channel or by following any unsubscribe instructions provided in the communication.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or how we process personal data. Any updates will be made available through our usual communication channels. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.