1. Who we are
Smart Klean Services Ltd ("we", "us", "our") is the data controller for your personal data unless we state otherwise.
Company details
Legal name: Smart Klean Services Ltd
Company number: 16682721
Registered office: 15 Paxton Road, Coventry, CV6 1AF, United Kingdom
Trading address: [Insert if different]
Email: [insert contact email]
Telephone: [insert phone number]
Website: smartklean.co.uk
If you have questions about this Policy or how we handle your personal data, please contact us using the details above. If appointed, our data protection contact is reachable at: [insert DPO/privacy contact email].
2. Scope of this Policy
This Policy applies to individuals in the United Kingdom and the European Economic Area who interact with us as website visitors, customers, prospective customers, supplier contacts, job applicants and self‑employed cleaners/contractors (collectively, “you”).
Please read this Policy alongside our Terms of Service and any service‑specific notices we provide at the point of data collection.
3. How we collect personal data
We collect personal data directly from you and indirectly from third parties or publicly available sources. For example:
- When you make a booking or update your booking details through our online booking system (hosted by a third‑party provider).
- When you contact us by phone, email, web form, social media or messaging apps.
- When you sign up for marketing communications.
- When you apply to work with us (e.g., CV, right‑to‑work documents, references) or onboard as a self‑employed cleaner/contractor.
- From third parties we work with (e.g., payment providers, background‑check providers, address/postcode look‑up tools) and from publicly available sources (e.g., Companies House for supplier checks).
4. The personal data we collect
Depending on your relationship with us, we may collect the following categories of data:
- Identity and contact data: name, title, postal address, billing address, service address, email, telephone, emergency contact.
- Booking and service data: property type/size, access instructions, requested services, frequency, date/time, special instructions (e.g., areas to avoid, parking), feedback and complaint history.
- Payment and transaction data: amount paid, refunds, payment method (last four digits/expiry if provided by the payment processor), billing records. We do not store full card details; these are handled by our payment processor.
- Communications data: emails, messages, call notes, support tickets.
- Marketing preferences: opt‑in/opt‑out status, communication history.
- Technical and usage data: IP address, device identifiers, browser type, pages viewed, time on page, referrers, cookie identifiers and similar technologies.
- Applicant/contractor data (self‑employed cleaners): CV, work history, right‑to‑work information, identity documents, references, training records, availability, bank details for payments, insurance details (where applicable).
- Vetting/background‑check data (where lawful and appropriate): results of basic identity checks, and where roles require, information about criminal convictions/offences from Disclosure and Barring Service (DBS) checks, obtained via an authorised intermediary.
- Special category data (only if you choose to provide it or where necessary): health or accessibility information relevant to delivering a safe service at your premises.
We ask customers not to include more personal information than is necessary (e.g., avoid storing alarm codes in plain text; use the secure fields provided).
5. Purposes and lawful bases for processing
We process personal data only where we have a lawful basis under the UK GDPR and the Data Protection Act 2018. The main purposes and their lawful bases are:
| Purpose | Lawful basis |
|---|---|
| Accepting, scheduling and fulfilling bookings; managing your account; handling payments and charges. | Contract (Article 6(1)(b)); Legal obligation for accounting/tax (Article 6(1)(c)); Legitimate interests (Article 6(1)(f)) for efficient operations. |
| Customer support, complaint handling and quality assurance. | Legitimate interests (to provide and improve services); Contract where related to your booking. |
| Sending service‑related communications (e.g., reminders, changes, safety notices). | Contract; Legitimate interests. |
| Marketing communications (email/SMS). | Consent (Article 6(1)(a)) and PECR compliance; you can withdraw consent at any time. |
| Website analytics, performance and security (including fraud prevention). | Legitimate interests; Consent for non‑essential cookies/analytics as required by PECR. |
| Recruitment and onboarding of self‑employed cleaners/contractors (including right‑to‑work checks and references). | Legitimate interests; Legal obligation (immigration/employment law). |
| Criminal offence data for roles requiring DBS checks (via authorised providers). | Article 10 UK GDPR with conditions under DPA 2018, Sch. 1 (e.g., employment, social protection or regulatory requirements) and/or with your explicit consent where required. |
| Health/accessibility information to accommodate service needs and ensure safety at premises. | Explicit consent (Article 9(2)(a)); or vital interests (Article 6(1)(d)/Article 9(2)(c)) if necessary in an emergency. |
6. Marketing and your choices
We will only send you email or SMS marketing where permitted by law. You can opt out at any time by using the unsubscribe link in our emails or by contacting us. We may still send non‑marketing messages related to your bookings or our contract with you.
9. International data transfers
Some providers may process data outside the UK. Where this occurs, we rely on lawful transfer mechanisms such as adequacy regulations (including UK‑EEA adequacy), the UK Extension to the EU‑US Data Privacy Framework (UK‑US Data Bridge), and/or the International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses. You can contact us for a copy of the relevant safeguards.
10. How long we keep your data
We keep personal data only for as long as necessary for the purposes described, including satisfying legal, accounting and reporting requirements. Typical retention periods are:
| Record type | Typical retention |
|---|---|
| Booking and service records | 6 years from the end of the contract (limitation periods). |
| Invoices, payments and accounting records | 7 years to meet tax obligations. |
| Customer support correspondence | 3 years after resolution. |
| Marketing contact details | Until you opt out or 24 months of inactivity, whichever is sooner. |
| Unsuccessful job applicants | 12 months after the recruitment decision unless you consent to a longer period. |
| Cleaner/contractor records | 6 years after end of engagement (core records). |
| DBS certificate details | We do not keep a copy of certificates; we keep only the fact and date of a check and its outcome for up to 6 months unless a longer period is necessary or justified by law. |
| CCTV (if used at our premises) | Typically 30 days unless required for an incident investigation. |
11. Security
We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit where applicable, secure configuration, staff training and supplier due diligence. No method of transmission or storage is completely secure; if we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will act in line with our legal obligations.
12. Your rights
You have rights under data protection law, including the right to request access to your data, rectification, erasure, restriction of processing, portability and to object to processing (including where based on legitimate interests). Where we rely on consent, you may withdraw it at any time. These rights are subject to conditions and exemptions.
To exercise your rights, please contact us using the details in Section 1. We may need to verify your identity before responding and may ask for further information to locate your data. We will respond within one month or inform you if an extension is needed for complex requests.
13. Complaints
If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Information Commissioner’s OfficeWycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113
ico.org.uk
14. Children’s data
Our services are not directed at children and we do not knowingly collect personal data relating to children.
15. Automated decision‑making
We do not use your personal data to make decisions that have legal or similarly significant effects on you solely by automated means. If this changes, we will inform you and explain your rights.
16. Links to other websites
Our website may contain links to third‑party sites (including the external booking system). We are not responsible for the privacy practices of those sites. We encourage you to read their privacy notices.
17. Changes to this Policy
We may update this Policy from time to time. We will post the updated version on our website with a new “Last updated” date. If changes are material, we may also notify you by email or when you next use our services.
18. Criminal offence data (DBS) – additional information
Where roles require a DBS check, we process criminal offence data in accordance with Article 10 UK GDPR and the Data Protection Act 2018, Schedule 1. We use authorised intermediaries to obtain checks and only retain a record of the check (date, reference, outcome). We do not retain copies of DBS certificates. Access to this information is strictly limited and stored securely. A separate policy on the processing of criminal records information is available on request.
19. UK or EEA representatives
If we offer services to individuals in the EEA and do not have an establishment there, we will appoint an EU representative as required by Article 27 GDPR. Details will be provided here if applicable.
20. Glossary of key legal bases
- Contract: processing necessary to perform a contract with you or to take steps at your request before entering into a contract.
- Legal obligation: processing necessary to comply with a legal obligation (e.g., tax, accounting, right‑to‑work checks).
- Legitimate interests: processing necessary for our legitimate interests (or those of a third party), provided your interests and fundamental rights do not override those interests.
- Consent: you have given clear consent to process your personal data for a specific purpose.
- Vital interests: processing necessary to protect someone’s life (used rarely).
21. How to contact us about this Policy
If you have questions about this Policy or wish to exercise your rights, please write to “Privacy” at Smart Klean Services Ltd, 15 Paxton Road, Coventry, CV6 1AF, United Kingdom, or email [insert privacy contact email].
This document is provided for general information only and does not constitute legal advice. You should tailor it to your specific processing activities and seek legal advice where appropriate.