Privacy Policy - Man And A Van Crystal Palace
This Privacy Policy explains how Man And A Van Crystal Palace collects, uses, stores, shares, and protects personal data. It applies to all Man And A Van Crystal Palace customers in the area, including prospective customers, current customers, and anyone who contacts us or uses our services. We are committed to handling personal information in a lawful, fair, and transparent way in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Man And A Van Crystal Palace provides moving, transport, and related logistics services in and around Crystal Palace. In the context of data protection law, we act as the data controller for the personal data we collect and process for our own business purposes. This means we decide why and how your personal data is used.
2. Personal Data We Collect
We collect only the information necessary to provide our services, manage bookings, communicate with customers, and meet our legal obligations. The types of data we may collect include:
- Identity details such as your name and title.
- Contact details such as your phone number, email address, and service address.
- Booking details including move date, collection and delivery addresses, property access information, inventory notes, and any special instructions.
- Payment information such as transaction records and invoice details. We do not intentionally store full card details where payment processing is handled securely by third parties.
- Communication records including emails, messages, quotes, complaints, and customer service notes.
- Service-related information such as preferred moving requirements, access restrictions, and parking arrangements.
- Technical data if you interact with our digital systems, such as IP address, device type, and basic usage information, where applicable.
In some cases, we may also receive personal data from third parties, such as someone making a booking on your behalf, estate agents, landlords, insurers, or payment processors. We only use such information for legitimate business purposes connected to your service.
3. How We Use Your Data
We use personal data for the following purposes:
- To provide quotes, confirm bookings, and deliver moving services.
- To communicate with you about your service request, schedule, or changes to arrangements.
- To process payments, issue invoices, and maintain financial records.
- To handle customer service enquiries, complaints, and follow-up communication.
- To manage insurance, liability, and dispute resolution matters.
- To comply with legal, tax, accounting, and regulatory obligations.
- To improve our operations, service quality, and business efficiency.
- To protect against fraud, misuse, and unlawful activity.
We will only use your personal data for the purposes for which it was collected, unless we reasonably determine that it is needed for a compatible purpose or required by law.
4. Lawful Basis for Processing
We process personal data only where we have a lawful basis under UK GDPR. Depending on the circumstances, the lawful bases we rely on are:
Contract
Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes providing quotes, arranging moves, confirming details, and delivering the service you requested.
Legal Obligation
We may process data where it is necessary to comply with legal obligations, such as record-keeping, tax, accounting, and responding to lawful requests from public authorities.
Legitimate Interests
We may rely on legitimate interests where processing is necessary for the operation of our business and your interests or fundamental rights do not override those interests. This may include service improvement, fraud prevention, customer support, and secure record management. We always consider whether such processing is necessary and proportionate.
Consent
In limited cases, we may rely on your consent, for example where we ask to use your information for optional marketing activities. Where consent is used, you may withdraw it at any time. Withdrawal of consent will not affect any processing already carried out lawfully before withdrawal.
5. Sharing Your Personal Data
We may share personal data with carefully selected third parties who help us run our business and deliver services. These third parties act as processors or independent controllers depending on the service they provide.
We may share data with:
- Payment processors who handle secure payment transactions.
- Accounting and bookkeeping providers who support financial administration.
- IT and cloud service providers who store or support our business systems.
- Communication service providers who enable email, messaging, or booking notifications.
- Insurance providers, claims handlers, or legal advisers where required for protection of our business or resolution of disputes.
- Regulators, law enforcement, or public bodies where disclosure is required by law.
We require processors to process personal data only on our instructions, to keep it secure, and to comply with applicable data protection requirements. We do not sell personal data.
6. International Transfers
Where any processor or service provider stores or accesses personal data outside the UK, we will ensure appropriate safeguards are in place. These may include adequacy regulations, standard contractual clauses, or other legally recognised protections designed to keep your information secure and compliant.
7. Data Retention
We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods depend on the type of data and the purpose of processing.
- Booking and service records are typically retained for a period needed to manage the service and handle any follow-up issues.
- Financial and tax records are retained for the period required by law.
- Customer correspondence may be retained for as long as needed to resolve queries, maintain service history, or support legitimate business interests.
When data is no longer required, it will be securely deleted, anonymised, or otherwise disposed of in a safe manner. Where possible, we apply the principle of data minimisation and keep only the information we genuinely need.
8. Data Security
We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, secure storage, staff confidentiality obligations, and careful management of third-party access. While no system can be guaranteed completely secure, we take data protection seriously and review our practices regularly.
9. Your Rights
Under data protection law, you have a number of rights in relation to your personal data. These rights may not apply in every situation, but we will always assess requests carefully and respond within the required timeframe.
- Right of access – you can request a copy of the personal data we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete data.
- Right to erasure – in certain circumstances, you can request deletion of your data.
- Right to restrict processing – you can ask us to limit how we use your data in specific situations.
- Right to data portability – where applicable, you may request a copy of certain data in a structured format.
- Right to object – you may object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent – if we rely on consent, you may withdraw it at any time.
You also have the right to lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been infringed. We encourage you to raise concerns with us first so we can try to resolve them promptly and fairly.
10. Children’s Data
Our services are intended for adults. We do not knowingly collect personal data from children except where it is necessary in the context of a household move and provided by an adult customer. If we learn that we have collected data from a child without appropriate justification, we will take steps to delete it where required.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. Any updated version will apply from the date it is published. We encourage customers to review this policy periodically so they remain informed about how their information is handled.
12. Summary of Key Principles
In summary, Man And A Van Crystal Palace processes personal data fairly, lawfully, and transparently. We collect only what we need, use it for clear purposes, retain it for appropriate periods, and share it only with trusted processors or where required by law. We respect your rights and aim to ensure that all customers in the Crystal Palace area can use our services with confidence that their personal information is handled responsibly.
This Privacy Policy applies to all Man And A Van Crystal Palace customers in the area. We are committed to keeping your data safe, accurate, and used only in ways that are necessary, proportionate, and compliant with applicable data protection law.