Soho Cleaner Privacy Policy and Data Protection Notice

This Privacy Policy explains how Soho Cleaner collects, uses, shares, and protects personal data when providing cleaning and related services. It applies to all Soho Cleaner customers within our service area, including prospective, current, and former customers, as well as individuals who contact us to request information or a quotation.

Soho Cleaner acts as the data controller for the personal data described in this Privacy Policy. We are committed to processing your personal data lawfully, fairly, and transparently, in line with the General Data Protection Regulation and applicable data protection laws.

Scope of this Privacy Policy

This Privacy Policy applies to personal data we collect about you when you:

Make an enquiry about our services; book a cleaning service; communicate with us by phone, messaging tools, or in writing; visit premises we operate; or otherwise interact with Soho Cleaner as a customer or potential customer in our service area.

This Privacy Policy does not apply to third party websites, apps, or services that may be referenced in our marketing materials or that you may use separately.

Types of Personal Data We Collect

We may collect and process the following categories of personal data about you:

Identification and contact details: your name, address, postcode, and preferred method of contact.

Service-related information: details about your property relevant to the service, such as property type, access instructions, and any notes you ask us to record to help us carry out the service.

Booking and transaction information: date and time of bookings, service history, payment status, and related administrative information. Payment card details may be processed by a secure payment provider acting as a data processor, and we do not store full card details.

Communication records: records of communications with you, such as notes of calls and messages relating to bookings, feedback, or complaints.

Technical information: where applicable, technical information related to online bookings or interactions, such as device and browser information, and information necessary to ensure the security of our systems. We only collect this information to the extent necessary for the proper functioning and security of our services.

Purposes and Lawful Bases for Processing

We process your personal data for the following purposes and on the following lawful bases under the GDPR:

To provide and manage cleaning services: to register you as a customer, schedule and manage bookings, and carry out our services at your premises. The lawful basis is performance of a contract or taking steps at your request before entering into a contract.

To manage payments and invoicing: to process payments, manage billing, and maintain accounting records. The lawful basis is performance of a contract and compliance with legal obligations, such as tax and accounting requirements.

To respond to enquiries and provide quotations: to answer your questions, issue estimates, and follow up where necessary. The lawful basis is performance of a contract or taking steps at your request before entering into a contract.

To communicate about your bookings: to send you confirmations, reminders, updates, or changes to your appointments and to manage any issues that arise. The lawful basis is performance of a contract and our legitimate interests in ensuring the quality and reliability of our services.

To improve our services and customer experience: to request feedback, handle complaints, monitor service quality, and improve our operations. The lawful basis is our legitimate interests in developing and improving our business and services, balanced against your rights and freedoms.

To comply with law and manage disputes: to meet legal, regulatory, and professional obligations and to establish, exercise, or defend legal claims. The lawful basis is compliance with legal obligations and our legitimate interests in protecting our business.

Where we rely on legitimate interests, we assess and balance those interests against your privacy rights and will not process personal data where our interests are overridden by your rights and interests.

Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In general:

Customer and booking records are retained for a period that allows us to manage our relationship with you, handle potential queries, and demonstrate that we have performed our services properly.

Financial records and information relevant to tax and accounting obligations are retained for the period required by applicable law.

Communications related to enquiries, feedback, or complaints may be retained for a period that enables us to respond to your requests and, if needed, to resolve or document any disputes.

When personal data is no longer needed, it will be securely deleted or anonymised so that it can no longer be associated with you.

Data Processors and Third Party Recipients

We may share your personal data with trusted third parties who act as data processors on our behalf. These service providers are only permitted to process your personal data in accordance with our instructions and for the purposes identified in this Privacy Policy. They are required to implement appropriate technical and organisational measures to protect your data.

Examples of data processors and third party recipients may include:

Payment processing providers that securely handle your payment transactions.

IT and hosting providers that support our systems, booking tools, and data storage.

Professional advisers, such as accountants or legal advisers, where necessary for business or legal reasons.

We may also share personal data with public authorities, regulators, or law enforcement agencies when required to do so by law or where necessary to protect our rights or the rights of others.

We do not sell your personal data for marketing purposes.

International Data Transfers

Where our service providers or systems involve the transfer of personal data outside the United Kingdom or the European Economic Area, we will ensure that appropriate safeguards are in place to protect your data. These safeguards may include adequacy regulations or standard contractual clauses approved by relevant data protection authorities. Further details of such safeguards can be provided upon request.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include access controls, secure storage, and restrictions on the use of personal data by staff and service providers. While we take reasonable steps to protect your data, no system can be guaranteed as completely secure.

Your Data Protection Rights

Under the GDPR and applicable data protection laws, you have several rights in relation to your personal data, subject to certain conditions and exemptions:

Right of access: you can request confirmation of whether we process your personal data and obtain a copy of the data we hold about you.

Right to rectification: you can ask us to correct or complete any inaccurate or incomplete personal data.

Right to erasure: in certain circumstances, you can request the deletion of your personal data, for example where it is no longer necessary for the purposes for which it was collected and we have no legal obligation to retain it.

Right to restriction of processing: you can request that we limit the processing of your personal data in certain situations, such as while we are considering a request for rectification.

Right to data portability: where processing is based on your consent or on a contract and carried out by automated means, you may request that we provide your data in a structured, commonly used, and machine-readable format, or that it be transmitted directly to another controller where technically feasible.

Right to object: you can object to the processing of your personal data where we rely on legitimate interests as our lawful basis. We will stop processing unless we can demonstrate compelling legitimate grounds or the processing is required for legal reasons.

Right to withdraw consent: where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before consent was withdrawn.

To exercise any of your rights, please contact us using the usual Soho Cleaner contact channels. We may need to verify your identity before fulfilling your request. We aim to respond to all valid requests within the timeframes set by data protection law.

Children’s Data

Our services are intended for adults. We do not knowingly collect personal data relating to children in the context of providing cleaning services. If we become aware that we have inadvertently collected personal data relating to a child, we will take steps to delete it where appropriate.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. Any changes will be effective from the date of publication of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

Contact and Complaints

If you have any questions about this Privacy Policy, how we process your personal data, or if you wish to exercise your data protection rights, you can contact Soho Cleaner using the normal contact details you use to reach us as a customer in our service area.

You also have the right to lodge a complaint with your local data protection authority if you believe that your data protection rights have been infringed. We would, however, appreciate the opportunity to address your concerns directly before you contact a supervisory authority.