Privacy Policy – Tree Surgeons Sudbury
This Privacy Policy explains how Tree Surgeons Sudbury collects, uses, stores, shares, and protects personal data. It applies to all customers, prospective customers, and website visitors in the Sudbury area who use or enquire about our tree surgery services. We are committed to handling personal information in a lawful, fair, and transparent manner in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our services, making an enquiry, or providing information to us, you acknowledge that your personal data may be processed in accordance with this policy.
1. Personal Data We Collect
We only collect data that is necessary for providing and managing our services safely and effectively. Depending on your interaction with us, the information we may collect includes:
- Identity details such as your name and title
- Contact details such as address, email address, and telephone number
- Service details relating to tree surgery enquiries, quotations, appointments, work instructions, and service history
- Property information where relevant to assessing access, tree locations, site conditions, or work requirements
- Payment and billing information where needed to process invoices and payments
- Communication records including calls, emails, messages, and notes from discussions
- Technical information if you interact with our online channels, such as device details, browser type, and basic usage data
We do not intentionally collect special category data unless it is necessary and you have provided it, or there is another lawful basis allowing us to process it. If you volunteer information that is sensitive or unnecessary for our services, we will handle it carefully and only where permitted by law.
2. How We Use Personal Data
Tree Surgeons Sudbury uses personal data to operate our business and deliver services to customers in the area. We may use your data for the following purposes:
- To respond to enquiries and provide quotations
- To assess work requirements and plan tree surgery services
- To arrange appointments, site visits, and service delivery
- To carry out work safely and efficiently
- To issue invoices, manage payments, and maintain financial records
- To communicate important updates about scheduled work
- To maintain internal records, quality control, and service history
- To comply with legal and regulatory obligations
- To deal with complaints, disputes, or insurance matters
We process personal data only for specified, explicit, and legitimate purposes. We will not use your data in a way that is incompatible with those purposes unless we have a valid legal basis to do so.
3. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis for each type of processing activity. The lawful bases we rely on are:
Contract
We process personal data where it is necessary to enter into or perform a contract with you. This includes providing quotations you have requested, delivering tree surgery services, managing appointments, and processing payment information.
Legal obligation
We may process your personal data to meet legal obligations, such as record-keeping, tax requirements, health and safety obligations, and responding to lawful requests from authorities.
Legitimate interests
We may process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include managing our client relationships, improving our services, preventing fraud, maintaining security, and keeping internal business records.
Consent
Where required, we will rely on your consent. For example, this may apply if we need to use your data in a way that is not covered by another lawful basis. If consent is used, you have the right to withdraw it at any time.
4. Sharing Your Data and Processors
We may share personal data with trusted third parties only when necessary for business operations, legal compliance, or service delivery. These third parties may act as data processors or independent controllers.
Examples of processors and service providers may include:
- Accounting and bookkeeping providers for invoicing and financial administration
- IT and cloud storage providers for secure data hosting and document management
- Payment service providers to process payments securely
- Communication platforms used for email, messaging, and scheduling
- Professional advisers such as insurers, legal advisers, or auditors where required
Any processor we use is required to protect your data, process it only on our instructions, and maintain appropriate security measures. We do not sell personal data.
We may also disclose information if required by law, if necessary to protect our rights or property, or to prevent fraud, abuse, or safety risks.
5. Data Retention
We keep personal data only for as long as necessary for the purpose for which it was collected, or as required by law. Retention periods may vary depending on the type of information and the reason it is held.
- Customer and service records are generally retained for a reasonable period after completion of work to manage queries, warranties, complaints, or follow-up issues
- Financial records are retained for the period required by tax and accounting law
- Communication records may be retained to support service continuity and evidence of instructions or agreements
When personal data is no longer needed, we will securely delete, anonymise, or archive it in line with our retention procedures.
6. Data Security
We take appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures may include access controls, secure storage, password protection, staff confidentiality obligations, and careful management of records.
Although we work hard to protect your information, no system can be guaranteed completely secure. If a data incident occurs that affects your rights and freedoms, we will follow the legal requirements for assessing and reporting the matter.
7. Your Data Protection Rights
Under data protection law, you have several rights regarding your personal data. These rights may be subject to conditions or exemptions, depending on the circumstances.
- Right of access – you can ask for a copy of the personal data we hold about you
- Right to rectification – you can request correction of inaccurate or incomplete data
- Right to erasure – you can ask us to delete your data in certain situations
- Right to restriction – you can request that we limit how we use your data in certain cases
- Right to data portability – you can request that we provide data you have given us in a structured, commonly used format where applicable
- Right to object – you can object to processing based on legitimate interests or direct marketing
- Right to withdraw consent – where processing is based on consent, you may withdraw it at any time
We will respond to rights requests within the time limits set by law. If we cannot comply with a request, we will explain why where appropriate.
8. International Transfers
Where personal data is transferred outside the United Kingdom, we will ensure that appropriate safeguards are in place. These may include adequacy regulations, approved contractual clauses, or other lawful transfer mechanisms designed to protect your information to the standard required by law.
9. Children’s Data
Our services are not directed at children, and we do not knowingly collect personal data from children unless it is necessary in the context of a service request and is provided by a responsible adult. If we become aware that we have collected data unlawfully, we will take appropriate steps to delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, business practices, or service arrangements. Any revised version will apply from the date it is published or otherwise communicated. We encourage customers in the Sudbury area to review this policy periodically.
11. Summary of Our Commitment
Tree Surgeons Sudbury is committed to using personal data responsibly, securely, and transparently. We only collect the information we need, use it for clear and lawful purposes, keep it no longer than necessary, and respect your rights at every stage. This policy applies to all Tree Surgeons Sudbury customers in the area.