Privacy & Data Protection Policy

This Privacy and Data Protection Policy (“Policy”) explains how The Valleys Handyman (“the Company”, “we”, “us”, “our”) collects, uses, stores, shares, and protects personal data in accordance with the United Kingdom General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

This Policy applies to all personal data collected through our website, telephone, email, messaging services, social media platforms, and in the course of providing services.

By contacting us, using our website, booking services or otherwise providing personal data, you acknowledge that you have read and understood this Policy.

1. DATA CONTROLLER

For the purposes of UK data protection law, The Valleys Handyman is the data controller in respect of all personal data collected and processed in connection with our business.

Any queries relating to this Policy or the handling of personal data should be directed to us using the contact details published on our website.

2. PERSONAL DATA WE COLLECT

We may collect and process personal data including, but not limited to:

  • Names, addresses, email addresses, and telephone numbers

  • Property addresses where services are requested

  • Details relating to enquiries, quotations, bookings, and services provided

  • Communications sent to us by email, telephone, messaging applications or website forms

  • Payment-related information (excluding full card details, which are not stored by us)

  • Photographs or videos of work carried out, where relevant

  • Technical data such as IP addresses, browser type, and website usage information

We do not knowingly collect personal data relating to children.

3. LAWFUL BASIS FOR PROCESSING

We process personal data only where we have a lawful basis to do so. This includes:

  • Contractual necessity, where processing is required to provide requested services or respond to enquiries

  • Legitimate interests, including operating, protecting, and improving our business, managing bookings, preventing fraud, and maintaining service quality

  • Legal obligation, where processing is required to comply with applicable laws or regulations

  • Consent, where explicitly given, such as for marketing communications

Where consent is relied upon, it may be withdrawn at any time.

4. PURPOSES OF PROCESSING

Personal data is processed for purposes including, but not limited to:

  • Responding to enquiries and providing quotations

  • Booking, scheduling, and delivering services

  • Communicating with customers regarding services

  • Invoicing and payment administration

  • Managing complaints and disputes

  • Sharing necessary information with subcontractors to complete work

  • Maintaining internal records and audit trails

  • Complying with legal and regulatory obligations

We do not use personal data for automated decision-making or profiling.

5. SHARING OF PERSONAL DATA

We may share personal data where necessary and proportionate, including:

  • With independent subcontractors, solely for the purpose of carrying out requested services

  • With professional advisers, insurers or legal representatives where required

  • With regulatory or law enforcement authorities where legally required

We do not sell personal data or share it for third-party marketing purposes.

All subcontractors and third parties are required to handle personal data in accordance with applicable data protection laws.

6. DATA SECURITY

We take reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

While we take data protection seriously, the transmission of information over the internet is not entirely secure, and we cannot guarantee absolute security. Any transmission of personal data is therefore at the individual’s own risk.

7. DATA RETENTION

We retain personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including for legal, accounting or dispute resolution purposes.

Data may be retained beyond the completion of services where necessary to protect our legal position or comply with statutory obligations.

8. YOUR DATA PROTECTION RIGHTS

Under UK GDPR, you have rights including:

  • The right to access personal data we hold about you

  • The right to request correction of inaccurate data

  • The right to request erasure of personal data, subject to legal limitations

  • The right to restrict or object to certain processing

  • The right to data portability where applicable

Requests to exercise these rights must be made in writing. We may require proof of identity before responding.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.

9. COOKIES AND WEBSITE DATA

Our website may use cookies and similar technologies to improve functionality and analyse usage. Cookies do not typically identify individuals directly.

You may control or disable cookies through your browser settings. Further details may be provided in a separate Cookie Policy.

10. MARKETING COMMUNICATIONS

We may contact you regarding our services where permitted by law. You may opt out of marketing communications at any time by following the unsubscribe instructions provided or by contacting us directly.

We do not engage in unsolicited third-party marketing.

11. THIRD-PARTY LINKS

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of such websites, and this Policy does not apply to them.

12. CHANGES TO THIS POLICY

We reserve the right to amend this Policy at any time. Any changes will be published on our website. Continued use of our services following such changes constitutes acceptance of the revised Policy.

13. GOVERNING LAW

This Policy and any disputes arising from it shall be governed by and construed in accordance with the laws of England and Wales.