Giles & Co. Giles and Company

 

Privacy Notice

 

www.gilesandcompany.co.uk

info@gilesandcompany.co.uk
 

About this notice:

This privacy notice describes how we collect and process personal data when an individual ("data subject") uses our website www.gilesandcompany.co.uk in line with the requirements of the General Data Protection Regulation 2016 ("GDPR") and Data Protection Act 2018 ("DPA"). Where applicable, this privacy notice describes where to obtain details on how your personal data will be processed when it is transferred to our office.

 

Definitions of terms within this notice:

'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether by electronic system or paper based system such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

'pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this privacy notice our office is the controller.

'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. For example, this may be a person or organisation you have appointed to act on your behalf.

'consent' of the data subject means any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to you.

Who we are and how you can contact us:

This website is operated by Giles & Co. Giles and Company. We can be contacted at info@gilesandcompany.co.uk and via the telephone on 07446 002439. For the purposes of this privacy notice and this website we are an independent family owned cleaning business.

Personal data we would like to collect from you:

If you're a customer enquiring about or wishing to book a cleaning service, we will collect the following personal data from you (this personal data will be transferred from our website directly to our office.

  • Your salutation, first name, surname, phone number(s), email address, property address (including company name if applicable), preferred contact method and preferred cleaning requirements. We collect all of this information in order to allow us to offer you a service that is tailored to you and your needs.

 

Non-personal data we would like to collect:​

Our lawful basis for processing your personal data is necessary for our legitimate business interests, which is to contact you to provide information about our services and offer you a managed cleaning service. These are legitimate business interests as these activities are vital to the success of our business.

If you're a customer who enters a contract with our office:

  • Your banking information when setting up a Direct Debit for your cleaning service or if we issue you a refund - bank account sort-code and account number or building society account information.

    For paper-based Direct Debit Instructions, our office will securely store the paper instruction for the duration of your contract and for a period of time determined by our office after your contract has been terminated. This is done to enable our office to provide proof of payment authorisation to your bank/building society should they request it, for example, in the event of an indemnity claim. You may request the specific retention period that our office will store your banking information by contacting us directly (see section 1 for details on how to contact our office).

    For refund requests made by BACS transfer, our office will ask you for your banking information in order to process the refund. Your banking information will be stored securely and then securely deleted once the payment has been made.

  • If you are paying by credit/debit card - the card PAN (the long number across the card), expiry date, valid from date, issue number, name on the card and card verification value (CVV). Giles and company do not currently accept card payments but if we did we would only use PCI DSS compliant third-party payment service providers. Our office will never store your debit/credit card information. All card details the are provided on paper forms will be securely shredded following the processing of your payment.

 

Non-personal data we require from you:

Cleaning service preferences, day/time and service requirements such as frequency of service, number of hours per clean etc.

Our lawful basis for processing your additional personal data is necessary for the performance of a contract to which you, the data subject, is party or in order to take steps at your request prior to entering into a contract.​

Consent:

When consent is required to process your personal data, or we ask you for sensitive personal data, we will ask you for your explicit consent. We will identify the specific purposes for the data, tell you why and how the information will be used in clear and plain language.

You can withdraw your consent at any time by emailing us at info@gilesandcompany.co.uk or by contacting our office. Please see section 2 of this privacy notice (who we are and how you can contact us) for details on how to find our office contact information.

How we use your personal data for direct marketing:

When you contact us, we may ask you if you'd like Giles & Co. marketing information from time-to-time. We will ask you for your explicit consent to do this. Direct marketing will only ever be carried out by our office. We will never share your personal data with any third party for their own direct marketing purposes unless you have given us your explicit consent to do so.

You can withdraw your consent at any time, or control your direct marketing preferences, by contacting our office.

Please note, our office will use mail leafleting to market our services. These are not classed as direct marketing under the Privacy and Electronic Communications Regulation, which regulates direct marketing by phone, email, text message and post. For postal marketing to be considered direct marking, the postal correspondence needs to be addressed to a person by name.

When we will share your personal data with others:

In the day-to-day running of this website and day-to-day operations of our office, your personal and non-personal data you submit never will be shared by this website.​

 

If you are a customer who has signed up with for a cleaning service, our office will share your personal data with the following recipient:

  • The cleaner who will provide your cleaning service. This will include each cleaner you choose to interview prior to starting a cleaning service and each cleaner who may provide you temporary cover if you have requested one should your regular cleaner be unavailable. The personal data we will share with a cleaner is limited to your name, the address of the post code.

  • We are under a duty to disclose your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms and conditions of supply or any other legal agreements we enter into with you; or to protect the rights, property, or safety of our customers, ourselves or other parties we share a relationship with. This includes exchanging information with appropriate organisations for the purposes of fraud protection and credit risk reduction.

Cookies and other web tracking activities:

A cookie is a small text file that is downloaded onto your device when you access our website. It allows our website to recognise your device and store some information about your preferences and past actions.

Our website uses several different cookies in order to provide you with the information you need and to help us optimise our website to improve our services and website content to provide a better user experience. We will regularly ask for your consent to use cookies when you visit our website.

 

The cookies we use and the reasons why we use them are:

Cookie Type PHP Session ID

What doesit do?

This is added automatically by our webserver whenever you visit our website. It allows the webserver to know what information you are requesting so it can deliver the correct content to you. No personal data is collected from your device by this cookie. You are assigned a random ID when you visit our website and this ID only relates to the ID on the cookie. This cookie is automatically deleted from your device when you close your web browser.

Why we use it?

Without this type of cookie, we would not be able to provide you with the information you are looking for on our website i.e. the webserver wouldn't be able to tell which user is requesting information.

 

Cookie Type Google Analytics

What does it do?

This cookie tracks how you use our website e.g. which pages were visited, what type of device you are accessing the website from i.e. mobile device or desktop. No directly identifiable personal data is collected so we are unable to single out specific users. IP addresses from your device are anonymised automatically so they are no longer considered personal data. All the information we collect about how the website is used is aggregated i.e. we only see how many times a page was visited, or how many mobile/desktop devices visited us as a grouped number.

Why we use it?

This information helps us understand what type of content is important to you, so we can make sure it is relevant and kept up-to-date. We also use this information to improve our content in order to grow our business.

Cookie Type Microsoft Bing Ads

What does it do?

This cookie records the completion of your transaction on our website and promote our business to you online via Bing Ads. Any information gathered about you will remain anonymous and cannot be used to identify you. For more information, visit: https://about.ads.microsoft.com/en-gb/resources/policies/microsoft-advertising-privacy-policy

Why we use it?

To more effectively market our services.

Cookie Type Live Chat

What does it do?

This allows one of our office staff to engage with you when you visit one of our webpages.

  • Track origin and website entry

  • Track chats in progress

  • Prevent prompting users who visited the site recently

  • Track chats in progress and transcript position

  • Message type by visitor persistence across pages

  • Check logic handling

  • Keep track of visitor visits and chat history

  • Detect new chat sessions

  • Visitor email addresses (where provided and will be encrypted)

  • Tracking banned visitors

  • Detect chat box position and minimised status.

Why we use it?

We want to give you the best customer service experience possible and we feel that offering you an in-browser chat service may be preferred by some users of our website. If you choose to disable cookies when visiting our website, this service will not be shown to you.

Cookie Type Cookie Consent Status

What does it do?

This cookie is required as it tracks whether or not you have given us your consent to install cookies on your device. If you choose not to allow cookies, some features of our website will not work.

Why we use it?

To comply with the law this cookie is required so we are able to enable or disable cookies for your web session. You will be presented with a cookie notification banner from time to time asking for your consent. This is done at regular intervals because there may be more than one user of your device and we will need to ask them for their consent too.

Cookie Type Facebook Pixel

What does it do?

This is a small text file that is similar to a cookie though it is placed directly within some of the web pages of our website. It collects data that helps our office track conversations from Facebook ads, optimise ads, build target audiences for future ads, and remarket to people who have already taken some kind of action on our website. The data collected is anonymous and is processed by Facebook. Giles & Co. are not able to identify a particular data subject at any time. For more information, please visit https://www.facebook.com/about/privacy/

Why we use it?

Our office may use this to monitor the performance of their Facebook ads and understand what type of audiences are interested in a Giles & Co. service.

How long we keep your personal data:

This website stores some of your data for a specific period of time and for specific reasons, which are detailed in the table below.

Personal data that is processed by Giles & Co.

Data we store?

Online booking: your salutation, full name, full address and postcode, contact phone numbers, email address, contact preferences, cleaning preferences.

Retention Period?

One month.

Why we store it?

As a back-up copy to ensure our office has received your enquiry, after which your personal data is anonymised so it can no longer identify you and it is used for statistical purposes (postcode is kept).

Lawful Basis?

Legitimate business interests.

Data we store?

Phone call back request: your name, email address, contact phone number, postcode and reason for your call back request.

Retention Period?

One month.

Why we store it?

As a back-up copy to ensure the local franchisee office has received your enquiry, after which your personal data is anonymised so it can no longer identify you and it is used for statistical purposes (postcode is kept).

Lawful Basis?

Legitimate business interests.

If you're a customer that enquires or signs up for a cleaning service:

 

Data we store?

Customer enquiries: Customers first name and surname, phone number, address, email address, cleaning service preferences.

Retention Period?

12 months from the date of the enquiry.

Why we store it?

To allow adequate identification should the client return and also send information where there is a legitimate business interest.

Lawful Basis?

Legitimate business interests.

Data we store?

Customers: Details about you and your cleaning service preferences (your salutation, first name, surname, phone number(s), email address, property address (including company name if applicable), preferred contact method and preferred cleaning requirements.

Retention Period?

Your personal data is retained for the duration of your cleaning service. Our office will continue to retain your personal data for a minimum of 12 months from the date your service ends. If there is an unsettled debt on your account or if payments have been made, we will continue to retain your personal details for at least 7 years from the date of last payment or the date the debt is settled.

Why we store it?

In order to provide you with a cleaning service and also send information where there is a legitimate business interest. Your personal data is retained after the service has been terminated in order to identify you as a previous customer so that we are able to verify online reviews should you make one, to recommence your cleaning service with ease should you decide to return, in the pursuit of an unpaid debt or to comply with applicable financial, tax and accountancy legal obligations such as financial, tax and accountancy laws.

Lawful Basis?

Performance of a contract, legal obligation and legitimate business interests.

Data we store?

Bank account information: Your banking information in the form of a Direct Debit Instruction (Mandate) when setting up a Direct Debit for a regular cleaning service - bank account sort-code and account number or building society account information.

Retention Period?

The minimum duration for retaining Direct Debit Instructions is for the duration of your regular cleaning service. Our office may retain this for longer as evidence of authorisation in the situation that an indemnity claim is made after your cleaning service has been terminated. Please contact our office to request more information on their specific retention period.

Why we store it?

In order to set up a direct debit and to provide evidence of payment authorisation should it be requested by your bank or building society.

Lawful Period?

Performance of a contract and legitimate business interests.

Credit/debit card information: Giles & Co. currently do not accept payment by card. If we were ever to do so we would use a company that is PCI DSS compliant. This third-party payment service provider will not store any credit or debit card information when collected from you over the phone. Credit or debit card information that is collected by our office on a paper form or via a text-based system for the deaf will be securely shredded or deleted immediately after payment has been processed.

How we keep your personal data safe:

Giles & Co. take reasonable security measures to ensure that your personal data is kept safe whilst at our office. The security measures we take are:

  • When we decide to take credit or debit card payments we will make sure the provider is based within the UK and is both ISO27001 certificated and PCI DSS compliant. This validates that the data centre has sufficient technical and organisational measures in place to protect your personal data.

  • Only persons authorised by us will have access to your personal data on a 'need-to-know' basis only to perform their job role e.g. database administrator, web developer. We protect access using IT access controls such as user account permissions and strong passwords.

  • We apply the latest security patches to our IT systems in line with manufacturers recommendations.

Your rights as a data subject:

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access - you have the right to request a copy of the information that we hold about you.

  • Right of rectification - you have a right to correct data that we hold about you that is inaccurate or incomplete.

  • Right to be forgotten - in certain circumstances, you can ask for the data we hold about you to be erased from our records.

  • Right to restriction of processing - where certain conditions apply to have a right to restrict the processing.

  • Right of portability - you have the right to have the data we hold about you transferred to another organisation.

  • Right to object - you have the right to object to certain types of processing such as direct marketing.

  • Right to object to automated processing, including profiling - you also have the right not to be subject to the legal effects of automated processing or profiling.

  • Right to judicial review: in the event that Giles & Co. refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in the clause below.

All of the above requests will be forwarded on should there be a third party processor involved in the processing of your personal data.

How you can make a complaint:

In the event that you wish to make a complaint about how your personal data is being processed, or how your complaint has been handled, you have the right to lodge a complaint directly with us by emailing info@gilesandcompany.co.uk.

How we keep this privacy notice up to date:

We will review and update this privacy notice from time to time. To ensure you have the opportunity to review the updated notice before you choose to continue using our services, we will notify you by placing a prominent banner at the bottom of our home page for up to 2 weeks after the privacy policy has been updated. We will include a summary of the changes at the top of the privacy notice so that it is clear and easy to understand what has changed. This is version 1 of our privacy notice and was updated on 01/07/2020.