GDPR Policy

Kriss Professional Cleaning is the data controller responsible for your personal information. We are based in Watford, United Kingdom.

Contact: info@krissprocleaning.co.uk · 07387 007943

• Identity & contact details: name, phone, email, service address.
• Booking details: type of clean, date, time, access notes.
• Communications: messages sent by email, WhatsApp, contact form or phone.
• Financial data: invoicing and payment records (no card details stored).
• Technical data: anonymous analytics, IP address, browser type.

• Contract — to provide the cleaning services you book.
• Legitimate interests — to respond to enquiries, manage bookings and run our business.
• Legal obligation — to keep financial, tax and insurance records.
• Consent — where required, e.g. for non-essential cookies or marketing.

You have the right to:

• Be informed about how your data is used.
• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Request erasure (“right to be forgotten”).
• Restrict or object to processing.
• Data portability — receive your data in a portable format.
• Withdraw consent at any time, where consent is the lawful basis.
• Not be subject to solely automated decision-making.

Email info@krissprocleaning.co.uk with the subject line “GDPR request”. We will respond within 30 days, free of charge. We may ask you to verify your identity before releasing any data.

• Enquiry data: up to 24 months.
• Booking & invoicing records: 6 years (HMRC requirement).
• Marketing consents: until you withdraw consent.

After these periods, data is securely deleted or anonymised.

We only share your data with vetted providers who help us deliver our service (email hosting, accounting software, WhatsApp, website hosting, analytics). All processors are bound by data-processing agreements and are required to keep your data secure. We do not sell your personal data.

Some of our providers (e.g. Meta/WhatsApp) may transfer data outside the UK. Where this happens, transfers are protected by adequacy decisions or Standard Contractual Clauses approved by the UK ICO.

We use appropriate technical and organisational measures — including encrypted email, access controls, secure devices and staff training — to protect your data against unauthorised access, loss or disclosure.

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will report it to the Information Commissioner's Office (ICO) within 72 hours and notify you without undue delay where required.

Our website uses only essential cookies needed for it to function, plus anonymous analytics where you have consented. See our privacy policy for details.

If you are not satisfied with how we handle your data, please contact us first so we can put things right. You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO) · 0303 123 1113

We review this policy regularly and will publish any updates on this page with a refreshed “last updated” date.