top of page

The Garden Handyman Service
Data Protection Policy – 2026

Introduction

At The Garden Handyman Service, we are committed to safeguarding the personal data of our clients and partners in full compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). This policy outlines how we collect, process, store, share, and protect personal data, ensuring that all information is handled responsibly and transparently.

 

1. Data We Collect

We only collect data necessary for the delivery and management of our services. This typically includes:

  • Full name

  • Contact details (e.g., phone number, email address)

  • Property address(es) relevant to gardening or maintenance work

  • Any access instructions or preferences provided voluntarily

  • Payment information (processed securely via third-party payment providers — we do not store full card details)

No unnecessary or excessive personal data is collected.

2. Purpose of Data Use

We process personal data strictly for the following purposes:

  • Scheduling and providing gardening or handyman services

  • Communicating with clients regarding appointments or work updates

  • Issuing invoices and processing payments

  • Maintaining records for lawful business operation

  • Complying with legal and regulatory obligations

We do not use personal data for unsolicited marketing, profiling, or data sharing without explicit consent.

3. Lawful Basis for Processing

We rely on the following legal bases under UK GDPR Article 6:

  • Contractual necessity (Art. 6(1)(b)) – where processing is required to deliver agreed services

  • Legal obligation (Art. 6(1)(c)) – to comply with applicable laws (e.g., tax record-keeping)

  • Legitimate interests (Art. 6(1)(f)) – in ensuring smooth business operations, where these are not overridden by your rights and freedoms

  • Consent (Art. 6(1)(a)) – where required, particularly for any optional communications

Where we rely on legitimate interests, we have carried out a Legitimate Interests Assessment (LIA) to ensure our interests do not override the rights of data subjects.

 

 

4. Data Storage and Security

We take appropriate technical and organisational measures to ensure the security of all personal data.

Physical Security:

  • Paper documents are stored securely in a locked cabinet or drawer with restricted access

  • Physical records are not left unattended in vehicles or public spaces

Digital Security:

  • Data is stored on password-protected devices with strong, unique passwords

  • Where applicable, files are encrypted, and backups are stored securely

  • Anti-virus software and operating systems are kept up to date

  • Access is limited to authorised personnel only

  • We do not use unsecured public Wi-Fi when accessing or transmitting personal data

 

 

5. Data Retention

We retain personal data only for as long as necessary:

  • Client records are typically held for up to 6 years to comply with HMRC requirements (in line with the Limitation Act 1980)

  • After this period, data is securely deleted digitally (e.g., using secure deletion software) or physically shredded

  • If a client ceases services and requests early deletion, we will assess the request and act in line with UK GDPR obligations, balancing this against any legal retention requirements

A retention schedule is maintained internally to ensure compliance.

 

 

6. Data Sharing

We do not sell or trade personal data. However, limited sharing may occur:

  • With trusted third-party service providers (e.g., payment processors, accountancy software) under binding confidentiality or data processing agreements

  • With legal or regulatory bodies when required by law

  • We do not transfer personal data outside the UK. If this changes, we will ensure appropriate safeguards are in place (e.g., UK adequacy decisions or standard contractual clauses)

All third parties are vetted to ensure they comply with relevant data protection laws. Where a third party processes data on our behalf, a Data Processing Agreement (DPA) is in place.

7. Data Breach Procedures

In the event of a suspected or confirmed personal data breach:

  • We will assess the nature and risk of the breach without undue delay

  • Where there is a likely risk to individuals' rights and freedoms, we will report the breach to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it

  • Affected individuals will be informed promptly where there is a high risk to their rights or freedoms

  • A record of all breaches (whether reported or not) will be maintained internally in a breach log

  • We will review and improve our procedures following any breach to prevent recurrence

 

 

8. Client Rights Under UK GDPR

Clients have full control over their personal data. Under UK GDPR, your rights include:

  • Right to be Informed – to know how and why your data is used (this policy fulfils that obligation)

  • Right to Access – to request a copy of the data we hold about you (Subject Access Request)

  • Right to Rectification – to correct inaccurate or incomplete data

  • Right to Erasure ("Right to be Forgotten") – to request deletion under certain lawful conditions

  • Right to Restrict Processing – to request that data usage be limited in certain circumstances

  • Right to Data Portability – to receive your data in a structured, commonly used, machine-readable format

  • Right to Object – to object to certain types of processing (e.g., direct marketing)

  • Rights related to automated decision-making – we do not carry out automated decision-making or profiling

We will respond to all valid requests within one calendar month. We will not charge a fee for reasonable requests.

To exercise any of these rights, please contact us directly using the details in Section 10.

 

 

9. Complaints

If you are unhappy with how we have handled your data, please contact us in the first instance so we can try to resolve your concern. You also have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO):

 

 

10. Policy Review

This policy is reviewed annually, or sooner if changes in legislation, technology, or service processes require it. The current version is dated May 2026. Clients will be notified of any significant updates that affect how their data is used.

11. Contact Information

For questions, data access requests, concerns, or to exercise your data rights, please contact:

The Garden Handyman Service 📧 Email: thegardenhandymanservice@gmail.com 📞 Phone: 07360 642319

bottom of page