Privacy Policy - Tree Surgeons Chigwell
This Privacy Policy explains how Tree Surgeons Chigwell collects, uses, stores, shares, and protects personal data. It applies to all Tree Surgeons Chigwell customers in the area, including individuals who request quotes, make bookings, receive arboricultural services, or otherwise interact with our business in connection with tree surgery, tree maintenance, stump grinding, hedge work, emergency callouts, and related services.
We are committed to handling personal data in a lawful, fair, and transparent manner, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy should help you understand what information we collect, why we collect it, how long we keep it, who may process it on our behalf, and what rights you have.
1. Who we are
Tree Surgeons Chigwell provides arboricultural and tree care services to domestic and commercial customers. In the course of delivering our services, we may act as a data controller for personal data that we determine the purposes and means of processing. In some cases, we may also use data processors who handle information on our behalf under written contracts and instructions.
2. The information we collect
We collect only the personal data necessary to provide our services, manage customer enquiries, meet legal obligations, and operate our business effectively. The types of data we may collect include:
- Identity information such as your name, and where relevant, business name or property ownership details.
- Contact details such as address, email address, and telephone number.
- Service information including details about the trees, hedges, land, or site you need assessed or treated, along with photographs, quotations, and job notes.
- Payment information such as invoicing records, payment status, and transaction references. We do not store full card details unless provided through a secure payment provider.
- Communication records including emails, messages, notes from calls, and correspondence relating to your enquiry or ongoing service.
- Technical data when you interact with our digital systems, such as basic device or log information used for security and troubleshooting, where applicable.
- Site and access details such as property access notes, parking instructions, and information needed to carry out work safely and efficiently.
We do not intentionally collect special category data unless it is necessary and you have chosen to provide it, or we are required to process it for a lawful purpose. If such data is received incidentally, we will apply additional safeguards where appropriate.
3. How we use your data
We use personal data to manage customer relationships and provide tree surgery services. Our purposes include:
- Responding to enquiries and preparing quotations.
- Scheduling visits, completing work, and managing follow-up tasks.
- Maintaining site records, safety notes, and service history.
- Issuing invoices, processing payments, and managing account records.
- Meeting legal, tax, insurance, and regulatory obligations.
- Handling complaints, disputes, and service-related correspondence.
- Improving service quality, staff training, and business administration.
- Protecting our business, employees, customers, and property from fraud or misuse.
We only process data that is relevant and proportionate to the stated purpose. Where possible, we keep information accurate and up to date.
4. Lawful basis for processing
Under UK GDPR, we must have a lawful basis for processing personal data. Tree Surgeons Chigwell may rely on one or more of the following bases:
Contract
We process data when it is necessary to enter into or perform a contract with you, such as providing a quotation, booking work, carrying out tree surgery, or managing payment and after-service administration.
Legal obligation
We may process and retain data to comply with legal obligations, including accounting, tax records, health and safety requirements, and other duties imposed by law.
Legitimate interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. Examples include service record keeping, business administration, preventing fraud, improving operations, and maintaining site safety records.
Consent
Where required, we may rely on your consent, for example for certain optional communications or the use of specific information that you voluntarily provide. You can withdraw consent at any time where processing is based on consent.
Vital interests
In rare cases, we may process data to protect someone’s vital interests, such as where emergency action is necessary in relation to an immediate safety risk.
5. How we share and disclose information
We do not sell personal data. However, we may share information with trusted third parties when necessary for the delivery of our services or for legal and operational reasons. These may include:
- Payment and invoicing providers used to process transactions and manage accounts.
- IT, hosting, and software providers that support our booking, storage, email, and administrative systems.
- Accountants or professional advisers who support tax, financial, and legal compliance.
- Insurance providers where a claim, incident, or risk matter requires disclosure.
- Subcontractors or team members involved in delivering tree surgery and related services on our instructions.
- Authorities or regulators where we are legally required to provide information.
All processors and third parties are expected to handle personal data securely and only for the agreed purpose. Where appropriate, we put in place data processing agreements and confidentiality obligations.
6. Data retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, including legal, accounting, and reporting requirements. Retention periods may vary depending on the type of record and the reason it is held.
As a general approach:
- Customer enquiry records may be kept for a limited period if no service is booked.
- Job records, quotations, and invoices may be retained for several years to meet tax and business record obligations.
- Safety notes, site access details, and service histories may be kept where needed for future work, risk management, or legal defence.
When data is no longer needed, it is securely deleted, anonymised, or archived in a way that prevents unnecessary use. Retention is reviewed regularly to ensure we do not keep personal information longer than necessary.
7. Your rights
As a data subject under UK GDPR, you have a number of rights in relation to your personal data. These rights may apply depending on the circumstances and the lawful basis relied upon. They include:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete information.
- Right to erasure – to request deletion of your data in certain situations.
- Right to restriction – to ask us to limit how we use your data in certain cases.
- Right to object – to object to processing based on legitimate interests or direct marketing.
- Right to data portability – to receive certain data in a structured, commonly used format where applicable.
- Right to withdraw consent – where we rely on consent, you may withdraw it at any time.
We may need to verify your identity before responding to a request. Some rights may not apply if we must retain or process data for legal reasons, fraud prevention, or the establishment, exercise, or defence of legal claims.
8. Security of your data
We take reasonable technical and organisational measures to protect personal information from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality expectations, and appropriate system safeguards. While no system is completely secure, we work to reduce risks and respond appropriately to any suspected incident.
9. International transfers
Where information is processed by service providers outside the UK, we take steps to ensure appropriate safeguards are in place so that your personal data receives a level of protection consistent with UK data protection law.
10. Updates to this policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or the way we process personal data. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers to review the policy periodically.
11. Complaints
If you have concerns about how your personal data is handled, you have the right to raise a complaint with the UK data protection authority, the Information Commissioner’s Office (ICO). You may also contact us through the usual business channels to raise concerns or make a request regarding your data. We will aim to address matters promptly and fairly.
By using our services, you acknowledge that you have read and understood this Privacy Policy. This policy is intended to provide a clear and lawful explanation of how Tree Surgeons Chigwell handles personal data for customers in the area, and it should be read alongside any relevant service terms or notices provided at the time of engagement.