Privacy Policy - Tree Surgeons Bermondsey
This Privacy Policy explains how Tree Surgeons Bermondsey collects, uses, stores, shares, and protects personal data when providing tree surgery and related services. It applies to all Tree Surgeons Bermondsey customers in the area, including people who enquire about our services, receive quotations, book work, or use our arboricultural services in any residential, commercial, or public setting.
We are committed to handling personal data in a lawful, fair, and transparent way in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We only collect information that is necessary for the services we provide and we take reasonable steps to keep it secure.
1. Who this policy applies to
This policy applies to individuals whose personal data we process in connection with our services in Bermondsey and surrounding areas. This includes:
- Customers who request a quotation or consultation
- Property owners, tenants, landlords, or managing agents
- People who communicate with us about tree work, inspections, surveys, or maintenance
- Individuals whose details are included in job instructions, invoices, or site access arrangements
This policy does not apply to unrelated third-party websites or services.
2. Personal data we collect
We may collect and process the following categories of personal data:
Information you provide directly
- Identity details: name, title, and in some cases company name
- Contact details: address, email address, and telephone number
- Property and site details: location of the work, access notes, and relevant instructions
- Service information: details of the trees or vegetation requiring work, quotation requests, and preferences
- Billing information: invoice details, payment records, and transaction references
- Communication records: messages, emails, notes from calls, and feedback
Information collected automatically or indirectly
- Technical information from emails, forms, or digital systems, such as IP address or device data where relevant
- Information from land registry records, property agents, site access providers, or other third parties when needed to deliver the service
- Photographs or site images taken for quotation, safety, planning, or evidence of completed work
We do not collect more data than is reasonably necessary for the purpose of providing tree surgery services and managing customer relationships.
3. How we use personal data
We use personal data for the following purposes:
- To respond to enquiries and provide quotations
- To assess the work required and arrange site visits
- To deliver tree surgery, pruning, removal, stump grinding, and related services
- To manage bookings, access arrangements, and customer instructions
- To issue invoices, process payments, and maintain accounting records
- To communicate about changes, confirmations, or follow-up actions
- To meet legal, health and safety, insurance, and record-keeping obligations
- To deal with complaints, claims, or disputes
- To improve our service quality, customer experience, and operational efficiency
We may also use limited personal data to protect our legitimate business interests, provided that such use does not override your rights and freedoms.
4. Lawful basis for processing
Under data protection law, we must have a lawful basis for using your personal data. We rely on the following lawful bases:
Contract
We process personal data where it is necessary to enter into or perform a contract with you. This includes providing quotations at your request, carrying out agreed work, taking payment, and managing related service communications.
Legal obligation
We may process personal data to comply with legal requirements, including tax rules, accounting obligations, health and safety requirements, and insurance or regulatory duties.
Legitimate interests
We may process personal data where it is necessary for our legitimate interests, such as managing our business, keeping records, preventing fraud, improving services, and maintaining safe operations. We always balance our interests against your rights.
Consent
In limited situations, we may rely on your consent, for example where it is needed for a particular communication or optional use of information. You may withdraw consent at any time where consent is the lawful basis.
5. Data sharing and processors
We may share personal data with trusted third parties where necessary to operate our business and provide services. These third parties act as processors when they process data on our instructions, or as independent controllers where they use data for their own legal obligations.
Examples of processors may include:
- IT and cloud service providers who store emails, files, or customer records
- Accounting and bookkeeping providers who support invoicing and financial administration
- Payment service providers who handle transactions securely
- Scheduling or communication tools used for appointments and job management
- Subcontractors or specialist contractors engaged to support specific tree work, where required
- Professional advisers such as insurers, solicitors, or auditors where necessary
Where we use processors, we ensure appropriate contracts and safeguards are in place so that personal data is processed only in accordance with our instructions and applicable law.
We may also disclose information to public authorities, courts, or regulators if required by law or where reasonably necessary to protect our rights, customers, staff, or the public.
6. Retention of personal data
We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, tax, insurance, and operational requirements.
- Quotation and enquiry records: kept for a reasonable period to manage follow-up or future service requests
- Customer and job records: kept for the duration of the service relationship and for a period afterwards for warranty, dispute, and compliance purposes
- Financial and invoice records: retained in line with statutory accounting and tax requirements
- Health and safety or incident records: retained as long as needed for legal and insurance purposes
When personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention practices.
7. International transfers
If any processor stores or accesses personal data outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms. We only allow transfers where suitable protection is available.
8. Security of personal data
We take the security of personal data seriously and use reasonable organisational and technical measures to protect information from loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, secure storage, password protection, and restricted sharing on a need-to-know basis.
While we take appropriate precautions, no system can be guaranteed to be completely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will handle it in accordance with legal requirements.
9. Your rights
Under data protection law, you have a number of rights in relation to your personal data. These may include:
- Right of access - to request a copy of the personal data we hold about you
- Right to rectification - to ask us to correct inaccurate or incomplete information
- Right to erasure - to request deletion of your data in certain circumstances
- Right to restrict processing - to ask us to limit how we use your data in certain cases
- Right to object - to object to processing based on legitimate interests
- Right to data portability - to receive certain data in a structured, commonly used format
- Right to withdraw consent - where processing is based on consent
These rights are not absolute and may be subject to exceptions under data protection law, particularly where we must keep records for legal, insurance, or contractual reasons.
10. Complaints and supervisory authority
If you have concerns about how we handle your personal data, you may raise them with us so that we can review and address the issue. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in the law, our services, or how we process personal data. Any updated version will apply from the date it is published or otherwise communicated.
By using our services, making an enquiry, or engaging with Tree Surgeons Bermondsey, you acknowledge that this Privacy Policy applies to your personal data as described above.