Crystal Palace Removals Privacy Policy
This Privacy Policy explains how Crystal Palace Removals collects, uses, stores and protects personal data relating to our customers and prospective customers. It applies to all Crystal Palace Removals customers and enquiries in our service area, regardless of the specific services requested or the communication channel used.
We are committed to handling personal data in accordance with the UK General Data Protection Regulation and related data protection laws. This Privacy Policy sets out our approach in clear terms so that you understand what we do with your information and how you can exercise your rights.
Data Controller
Crystal Palace Removals is the data controller in respect of the personal data we process about you. This means we determine the purposes and means of processing your personal data when you engage with us, request a quote, or use our removals and related services.
Personal Data We Collect
We may collect and process the following categories of personal data when you contact us, request a quotation, book a service, or communicate with us in any way:
Identification details such as name, title or salutation.
Contact details such as postal address, service address, email address and communication preferences.
Service details including information about your property, access details, inventory lists, special handling requirements, origin and destination addresses, and preferred dates and times.
Contract and transaction information such as quotations, bookings, contracts for services, invoices, payment status and service history.
Payment-related information such as payment method details processed via secure payment providers. We do not store full card details, but we may receive limited payment confirmation data and transaction references.
Communication records such as enquiries, complaints, feedback, and any correspondence or notes relating to your interactions with us, including records of telephone conversations where applicable.
Technical data such as basic device or browser information and general usage data relating to how you interact with our website, where applicable, using cookies or similar technologies.
Lawful Basis for Processing
We only process your personal data where we have a lawful basis for doing so. Depending on the context, we rely on one or more of the following lawful bases under the UK GDPR:
Contract: We process your personal data when it is necessary to enter into, or to perform, a contract with you. This includes providing quotations, confirming and delivering removals services, processing payments, and managing your booking.
Legal obligation: We may process personal data when it is necessary to comply with our legal obligations, such as record-keeping, tax and accounting requirements, or responding to lawful requests from public authorities.
Legitimate interests: We process personal data for our legitimate business interests, provided that those interests are not overridden by your rights and freedoms. These interests may include managing and improving our services, handling customer enquiries, ensuring the security of our operations, and exercising or defending legal claims.
Consent: Where required by law, we rely on your consent to process certain data, for example for optional marketing communications. When we rely on consent, you are free to withdraw it at any time, and we will stop that specific processing.
How We Use Your Personal Data
We may use the personal data we collect for the following purposes:
To provide quotations, estimate services and respond to your requests and enquiries.
To set up, manage and deliver removals and related services, including planning logistics, scheduling teams, and coordinating access at collection and delivery addresses.
To communicate with you about your booking, including confirmations, reminders, updates and any changes to your service.
To process payments, issue invoices, manage billing and handle any related queries.
To manage our relationship with you, including handling complaints, feedback, aftercare, and any follow-up services.
To keep accurate business and financial records in compliance with legal and regulatory requirements.
To monitor, maintain and improve our services, operations, website and customer experience, including through internal reporting and staff training.
To protect our rights, property, safety and those of our staff, contractors and customers, and to prevent or investigate fraud or other misuse of our services.
To send you service-related information and, where permitted, relevant marketing communications about our services, which you can opt out of at any time.
Data Sharing and Processors
We do not sell your personal data. However, we may share your personal data with carefully selected third parties where this is necessary for the purposes described in this Privacy Policy, or where we are legally required to do so.
Service providers and data processors: We may engage third party companies to provide services on our behalf, such as payment processing, bookkeeping and accounting support, secure data storage and backup, customer relationship management systems, email or messaging systems, and information technology support. These providers act as data processors and only process your personal data in accordance with our documented instructions and for the purposes specified by us.
Professional advisers: We may share personal data with professional advisers such as accountants, auditors, or legal advisers where this is necessary for the provision of their services to us and for compliance or legal reasons.
Public authorities and law enforcement: We may disclose personal data when required by law, regulation, or legal process, or where we consider it necessary to protect our rights or the rights and safety of others.
In all such cases, we take steps to ensure that any third party given access to your personal data complies with relevant data protection laws and provides appropriate safeguards.
International Transfers
Our primary data processing activities are carried out within the United Kingdom or the European Economic Area. If we ever need to transfer personal data outside the UK or EEA, we will ensure that appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses, and that your rights continue to be protected.
Data Retention
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law or regulation.
In general, we retain core customer and contract information for a period necessary to fulfil your service and to comply with applicable legal, accounting and tax obligations. This may include retaining records relating to your bookings and payments for a number of years after the end of your contract, as required by law.
Where we hold personal data based solely on your consent, such as certain marketing information, we will retain it until you withdraw your consent or until it is no longer necessary for the relevant purpose, whichever occurs first.
When personal data is no longer required, we will securely delete or anonymise it so that it can no longer be associated with you.
Your Data Protection Rights
Under the UK GDPR, you have a number of rights in relation to your personal data. These rights apply in certain circumstances and may be subject to legal limitations. Your rights include:
Right of access: You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it.
Right to rectification: You have the right to request that inaccurate or incomplete personal data is corrected or updated.
Right to erasure: You may request that we delete your personal data where there is no longer a valid reason for us to keep it, for example where we relied solely on consent and you withdraw it, or where the data is no longer necessary for the purposes for which it was collected.
Right to restrict processing: You may ask us to restrict the processing of your personal data in certain situations, for example while we verify its accuracy or consider an objection you have raised.
Right to object: You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing. Where you object to direct marketing, we will stop this processing.
Right to data portability: Where our processing is based on your consent or on a contract and is carried out by automated means, you may have the right to receive your personal data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller.
Right to withdraw consent: Where we rely on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You also have the right to lodge a complaint with the relevant data protection supervisory authority if you are concerned about how we handle your personal data.
Security of Your Personal Data
We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include access controls, staff training, and secure handling of both electronic and paper records. While no system can be completely secure, we work to ensure a level of security appropriate to the risks associated with our processing of your data.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or for other operational reasons. Any changes will take effect when the updated policy is made available. We encourage you to review this Privacy Policy periodically so that you remain informed about how we handle your personal data.
