Privacy Policy - Tree Surgeons Millhill
This Privacy Policy explains how Tree Surgeons Millhill collects, uses, stores, shares, and protects personal data. It applies to all Tree Surgeons Millhill customers in the area, including prospective customers, existing customers, property owners, and anyone who contacts us about our services. We are committed to handling personal information in a lawful, fair, and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who This Policy Applies To
This policy applies to all Tree Surgeons Millhill customers in the area and to individuals who interact with us in relation to tree surgery services, quotations, site visits, emergency work, maintenance work, and related services. It also applies where we receive information about a customer from a third party such as a landlord, managing agent, contractor, or neighbour arranging access or making an enquiry on someone else’s behalf.
2. Information We Collect
We may collect and process different types of personal data depending on the service requested and the nature of our relationship with you.
Information you provide directly
- Identity details such as your name.
- Contact details such as your address, email address, and telephone number.
- Service details including information about your property, trees, access requirements, job instructions, and preferred dates.
- Payment and billing details where required for invoicing and payment processing.
- Communication records including emails, messages, notes from calls, and service-related correspondence.
- Feedback and complaints you share with us after a service.
Information we collect automatically or during service delivery
- Site records such as photographs of trees, land, access points, and completed work.
- Technical and usage information if you interact with any digital booking or enquiry systems we use, such as device data and log information.
- Operational records relating to quotations, risk assessments, work carried out, and follow-up actions.
We do not deliberately collect special category personal data unless it is necessary and lawful to do so. If such data is provided to us incidentally, for example in a message or complaint, we will only process it where a lawful basis applies and appropriate safeguards are in place.
3. How We Use Personal Data
We use personal data to provide safe, efficient, and reliable tree surgery services. Typical purposes include:
- responding to enquiries and providing quotations;
- arranging surveys, visits, and appointments;
- assessing work requirements, access, and safety considerations;
- delivering tree surgery, maintenance, pruning, removal, and related services;
- issuing invoices, processing payments, and maintaining records;
- managing customer communication and service updates;
- handling complaints, claims, and disputes;
- meeting legal, tax, insurance, and regulatory obligations;
- maintaining internal records for quality control and business administration.
Where appropriate, we may also use data to improve our services, maintain service standards, and keep accurate records of work completed. Any such use will be limited to what is necessary and proportionate.
4. Lawful Basis for Processing
Under UK GDPR, we must identify a lawful basis for each type of processing. Tree Surgeons Millhill relies on the following bases:
Contract
We process personal data where it is necessary to enter into or perform a contract with you, such as preparing quotations, arranging services, carrying out work, invoicing, and communicating about the agreed service.
Legitimate interests
We may process personal data where it is necessary for our legitimate interests and where your rights do not override those interests. This may include managing our business, keeping service records, preventing fraud, maintaining safety, and improving our operations. We always consider whether the processing is necessary and balanced against your privacy rights.
Legal obligation
We process data where required to comply with legal obligations, including tax records, accounting duties, health and safety requirements, and any lawful request from a public authority.
Consent
In limited cases, we may rely on your consent, for example for optional communications or where consent is the appropriate basis for a specific activity. Where we rely on consent, you may withdraw it at any time.
5. Sharing Personal Data and Processors
We may share personal data only when necessary and only with trusted third parties who support our business operations. These third parties act as data processors or independent controllers depending on the service they provide.
Processors we may use
- IT and cloud service providers for storing emails, files, and business records.
- Accounting and invoicing providers for managing payments, tax records, and financial administration.
- Customer management or booking systems for scheduling and tracking work.
- Payment service providers for securely handling card or transfer transactions.
- Marketing or communication platforms where used lawfully and appropriately.
We require processors to handle data securely, only on our instructions where applicable, and in compliance with data protection law. We do not sell personal data.
Other disclosures
We may also share personal data with:
- insurers or legal advisers where necessary to resolve claims or disputes;
- regulators, law enforcement, or public authorities where required by law;
- subcontractors or specialist contractors assisting with service delivery, where relevant to your job and subject to confidentiality and data protection safeguards.
6. Retention of Personal Data
We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, insurance, and operational requirements. Retention periods vary depending on the type of information and the reason it is held.
Typical retention approach
- Customer and job records are retained for a period necessary to manage the relationship, service history, and any follow-up work.
- Financial and tax records are retained in line with statutory accounting and tax requirements.
- Claims, disputes, and incident records may be kept for longer where needed to defend legal claims or satisfy insurance requirements.
- Communication records are retained only as long as needed for administration and quality assurance.
When personal data is no longer required, we will securely delete it or anonymise it where appropriate.
7. Data Security
We take reasonable and appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, password protection, staff confidentiality obligations, and careful selection of service providers.
While no method of transmission or storage is completely secure, we work to reduce risks and protect the information entrusted to us.
8. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights may apply depending on the circumstances and the lawful basis we rely on.
Your rights include:
- Right of access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete information.
- Right to erasure – to request deletion of your data in certain circumstances.
- Right to restriction – to ask us to limit how we use your data in certain situations.
- Right to object – to object to processing based on legitimate interests or direct marketing.
- Right to data portability – to receive certain data in a structured, commonly used format where applicable.
- Right to withdraw consent – where processing is based on consent.
If you wish to exercise any of these rights, your request will be considered in line with applicable legal requirements. We may need to verify your identity before responding.
9. International Transfers
If any service provider stores or processes data outside the UK, we will ensure appropriate safeguards are in place, such as approved contractual protections or equivalent transfer mechanisms required by law.
10. Children’s Data
Our services are not directed at children, and we do not knowingly collect personal data from children except where it is necessary in relation to property ownership, access arrangements, or safety matters and where lawful to do so.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data handling practices. Any revised version will apply from the date it is published or otherwise communicated.
12. Summary of Our Commitment
Tree Surgeons Millhill is committed to protecting personal data and using it responsibly. We collect only the information needed to provide tree surgery services, rely on clear lawful bases, use trusted processors, retain data only for as long as necessary, and respect the rights of all Tree Surgeons Millhill customers in the area. If you have concerns about how your personal data is handled, we encourage you to review this policy carefully and understand the choices and rights available to you.