Privacy Policy - Tree Surgeons Lewisham
This Privacy Policy explains how Tree Surgeons Lewisham collects, uses, stores, shares, and protects personal data. It applies to all Tree Surgeons Lewisham customers in the area, including current, former, and prospective customers who enquire about or receive tree surgery services. We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Tree Surgeons Lewisham provides tree surgery and related arboricultural services to residential and commercial customers in the local area. For the purposes of data protection law, we act as the data controller for personal data collected through our customer relationships, quotations, site visits, bookings, invoicing, service delivery, and communications.
This policy explains the types of data we may collect, why we collect it, the lawful bases we rely on, how long we keep it, who may process it on our behalf, and what rights individuals have regarding their personal data.
2. Personal Data We Collect
We collect only the information needed to provide our services, manage our business, and meet legal obligations. The personal data we may collect includes:
- Identity data such as your name and title.
- Contact data such as your address, email address, and telephone number.
- Property and service data such as site access details, tree location, job requirements, photos of trees or site conditions, and notes from surveys or assessments.
- Payment and transaction data such as billing information, payment status, invoices, and records of services purchased.
- Communication data such as emails, text messages, call notes, complaint records, and enquiry history.
- Technical data if you interact with us through digital systems, such as basic device or usage data collected for security or service performance purposes.
We do not intentionally collect special category data unless it is necessary and lawful to do so, for example where a customer voluntarily provides information relevant to access needs, safety, or another specific service requirement. Where such data is processed, we do so with additional care and only where a valid legal basis applies.
3. How We Collect Personal Data
We may collect your data directly from you when you request a quote, book a service, make an enquiry, provide feedback, or correspond with us. We may also collect data from third parties where needed for service delivery, for example from property owners, managing agents, business clients, insurers, or public bodies. In some cases, data may be collected through site visits, photographs, and operational records created during the course of work.
4. Why We Use Personal Data and Our Lawful Basis
We only process personal data where we have a lawful basis under UK GDPR. The main reasons we use personal data are set out below:
Performance of a Contract
We process your data where it is necessary to provide quotations, arrange appointments, carry out tree surgery services, issue invoices, and manage service-related communications. This includes using your contact details, property information, and job records to fulfil our agreement with you.
Legitimate Interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include:
- responding to enquiries and managing customer relationships;
- keeping business and operational records;
- improving service quality and efficiency;
- ensuring site safety and assessing work requirements;
- preventing fraud, misuse, and security incidents.
Where we rely on legitimate interests, we consider whether the processing is proportionate and necessary. We also take steps to minimise the impact on your privacy.
Legal Obligation
We may need to process and retain certain information to comply with legal obligations, including tax, accounting, health and safety, insurance, and record-keeping requirements. This may include invoices, payment records, safety-related documentation, and work records.
Consent
In limited situations, we may rely on your consent, for example where it is required for optional communications or the processing of certain information beyond what is necessary for service delivery. Where consent is used, you may withdraw it at any time. Withdrawal of consent will not affect processing already carried out lawfully before withdrawal.
5. How We Use Your Data
We use personal data to:
- prepare quotations and assess service requirements;
- communicate with customers about bookings and work progress;
- carry out tree surgery and related services safely and effectively;
- maintain job records and customer accounts;
- process payments and issue invoices;
- handle queries, complaints, and feedback;
- meet regulatory, tax, and insurance obligations;
- protect our business, staff, and customers from fraud or security risks.
We do not use personal data for unrelated purposes unless we have informed you and have a valid lawful basis to do so.
6. Sharing Personal Data and Processors
We may share personal data with trusted third parties who act as processors on our behalf or as independent controllers where legally required. These may include:
- IT and cloud service providers who store or manage business records;
- accountants and bookkeeping services;
- payment service providers and invoicing systems;
- business administration or communications service providers;
- subcontractors or arboricultural specialists engaged to assist with service delivery;
- insurers, legal advisers, or professional advisers where needed;
- regulatory bodies, law enforcement, or other authorities where disclosure is required by law.
All processors are required to handle personal data securely, only in accordance with our instructions, and in line with data protection law. We seek to ensure appropriate contractual protections are in place with processors, including confidentiality, security, and data handling obligations.
We do not sell personal data.
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including satisfying legal, accounting, insurance, or reporting requirements. Retention periods may vary depending on the type of record and the nature of the service.
As a general approach:
- customer enquiry records may be kept for a limited period after the enquiry ends;
- service, quotation, and invoice records may be retained for several years to support tax and accounting obligations;
- safety, compliance, and work records may be retained for a period consistent with legal and insurance needs;
- obsolete or unnecessary data is securely deleted or anonymised when no longer required.
Where it is no longer necessary to keep personal data, we will take reasonable steps to delete, anonymise, or securely destroy it.
8. Data Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and careful management of digital and paper records. While no system can be guaranteed completely secure, we work to maintain a level of protection appropriate to the risk.
9. International Transfers
Where personal data is transferred outside the UK, we will only do so where appropriate safeguards are in place and the transfer complies with data protection law. This may include the use of approved contractual protections or transfers to countries with an adequate level of protection.
10. Your Rights
Under data protection law, you have rights in relation to your personal data. These rights may include:
- the right of access to request a copy of the personal data we hold about you;
- the right to rectification to correct inaccurate or incomplete data;
- the right to erasure in certain circumstances, also known as the right to be forgotten;
- the right to restrict processing in certain circumstances;
- the right to object to processing based on legitimate interests or direct marketing;
- the right to data portability for certain information processed by automated means and based on consent or contract;
- the right to withdraw consent where processing is based on consent;
- the right to complain to the Information Commissioner’s Office if you are unhappy with how your data is handled.
We may need to verify your identity before responding to a request. We aim to respond to valid requests within the time limits required by law.
11. Children’s Data
Our services are generally directed to adults and business customers. We do not knowingly collect personal data from children except where it is incidentally provided by an adult customer in connection with a property or service matter. If we become aware that we have collected data from a child without a proper lawful basis, we will take appropriate steps to delete it.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any updated version will apply from the date it is published or otherwise communicated to customers. We encourage customers to review this policy periodically so they remain informed about how their data is used.
13. Summary of Our Commitment
Tree Surgeons Lewisham is committed to treating personal data with care, confidentiality, and respect. We collect only the information needed to provide our services, rely on lawful bases such as contract, legitimate interests, legal obligation, and consent where appropriate, retain data only as long as necessary, and use processors who are bound to protect your information. This policy applies to all Tree Surgeons Lewisham customers in the area and is intended to explain our privacy practices clearly and transparently.
By using our services or contacting us, you acknowledge that your personal data may be processed in accordance with this Privacy Policy.