Introduction
At Sweetened Cleaning Services, we take the privacy and security of your personal information seriously. Please read this Privacy Policy carefully, as it explains:
- What personal information we collect about you
- How we use your information
- Who we may share your information with
We will never disclose your information to anyone without your knowledge and consent, except as outlined in this Privacy Policy and any applicable terms and conditions.
Service Area Notice
Availability of our services may vary by area. Sweetened Cleaning Services only covers areas within Kent.
Our Commitment to Privacy
In the course of providing our cleaning services and managing our daily operations, Sweetened Cleaning Services collects and uses personal data relating to:
Employees
Current, past, and prospective employees
Customers
Customers and clients
Website Users
Users of our website and online platforms
Subscribers
Subscribers and other stakeholders
We are committed to handling your data responsibly and in compliance with applicable laws and regulations.
Legal Compliance
When collecting and using your personal information, Sweetened Cleaning Services complies with relevant data protection laws, including the General Data Protection Regulation (GDPR). This regulation safeguards the personal data of individuals in the European Union and establishes strict guidelines for its processing and protection.
Scope and Application
This policy applies to all systems, staff, processes, and parties engaged with Sweetened Cleaning Services. This includes:
- Board members and directors
- Employees and contractors
- Suppliers and service providers
- Any third parties with access to Sweetened Cleaning Services' information systems
Related Policies and Procedures
- Risk Assessment Process (DPIA)
- Data Mapping Procedure
- Legitimate Interest Assessment Procedure
- IT Incident Response Procedure
- GDPR Roles and Responsibilities Policy
- Records Retention and Protection Policy
- Privacy and Personal Data Protection Policy
Definitions
Key terms used in this policy include:
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on personal data, such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, or deletion.
- Controller: The entity which determines the purposes and means of processing personal data.
- Data Subject: The individual to whom personal data relates.
- Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes.
Principles of Data Processing
Sweetened Cleaning Services processes personal data in accordance with the core principles set out in the GDPR:
- Lawfulness, fairness and transparency: We process data lawfully, fairly, and in a transparent manner
- Purpose limitation: We collect data for specified, explicit, and legitimate purposes
- Data minimisation: We ensure data is adequate, relevant, and limited to what is necessary
- Accuracy: We keep data accurate and up to date
- Storage limitation: We keep data only as long as necessary
- Integrity and confidentiality: We process data securely
- Accountability: We are responsible for and can demonstrate compliance
Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right to be Informed
You have the right to know how your personal data is being collected and used.
Right of Access
You have the right to request copies of your personal data from us.
Right to Rectification
You have the right to request correction of inaccurate or incomplete data.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances.
Right to Restrict Processing
You have the right to request restriction of processing of your personal data.
Right to Data Portability
You have the right to receive your data in a portable format and transfer it to another controller.
Right to Object
You have the right to object to certain types of processing, including direct marketing.
Automated Decision Rights
You have rights related to automated decision-making and profiling.
Lawfulness of Processing
We identify and document a lawful basis for each processing activity. The lawful bases we rely on may include:
- Consent: You have given clear consent for us to process your personal data for a specific purpose
- Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- Legal obligation: Processing is necessary for us to comply with the law
- Vital interests: Processing is necessary to protect someone's life
- Public task: Processing is necessary for us to perform a task in the public interest
- Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party
How We Use Your Personal Information
We use your personal data for the following purposes:
- Managing customer relationships and service bookings
- Processing payments and maintaining financial records
- Communicating with you about our services
- Sending marketing communications (with your consent)
- Improving our services and customer experience
- Complying with legal and regulatory requirements
- Ensuring the security of our systems and premises
- Managing employee relationships and recruitment
Processing Special Categories of Personal Data
We process sensitive personal data (special categories) only when strictly necessary and permitted by law. This may include:
- Health information (for health and safety purposes)
- Criminal records information (for background checks where legally required)
We ensure appropriate safeguards are in place when processing special categories of data.
Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data
- Regular security assessments and testing
- Access controls and authentication measures
- Staff training on data protection
- Secure data storage and backup procedures
- Incident response procedures
Data Breach Notification
In case of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals where required by law.
Privacy by Design
We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities to ensure privacy is built into our services and processes from the outset.
International Transfers
We ensure third parties processing personal data on our behalf comply with GDPR requirements. Any transfers of personal data outside the UK/EU are safeguarded with appropriate measures such as:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions
- Appropriate safeguards as required by data protection law
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
When determining retention periods, we consider:
- The amount, nature, and sensitivity of the personal data
- The purposes for which we process the data
- Legal requirements for retention
- Whether we can achieve those purposes through other means
Ongoing Compliance
We regularly review and update our data protection practices to ensure continued compliance with applicable laws. This includes:
- Regular staff training on data protection
- Periodic reviews of our privacy policies and procedures
- Monitoring of data protection legislation changes
- Internal audits of data processing activities
Questions About Your Privacy?
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Privacy Team: