Privacy Policy

Who We Are

All Services 4U is the data controller responsible for your personal information.

Company Name: All Services 4U Limited Registered Address: [Address] Company Number: [Number] ICO Registration Number: [Number]

Data Protection Contact: Email: dataprotection@allservices4u.co.uk Phone: [Phone number] Address: Data Protection Officer, All Services 4U, [Address]

Information We Collect

We collect different types of personal information depending on your relationship with us.

Clients and Client Representatives

Data Type	Examples
Identity	Name, job title, company name
Contact	Email address, phone number, business address
Contract	Service agreements, purchase orders, instructions
Financial	Bank details, payment history, invoices
Communication	Emails, letters, meeting notes, call recordings
Service	Property details, access arrangements, service history

Residents and Property Occupants

Data Type	Examples
Identity	Name, household composition
Contact	Address, phone number, email
Access	Key holder details, access codes, preferred contact times
Service	Appointment history, work completed, photos of work
Vulnerability	Accessibility needs, health conditions affecting service (where disclosed)
Safeguarding	Concerns reported, referrals made

Suppliers and Subcontractors

Data Type	Examples
Identity	Company name, contact names, job titles
Contact	Email, phone, business address
Financial	Bank details, payment terms, invoices
Compliance	Certifications, insurance, accreditations
Performance	Work quality, audit results, incident reports

Job Applicants

Data Type	Examples
Identity	Name, date of birth
Contact	Address, email, phone number
Qualifications	CV, education, certifications, work history
Assessment	Interview notes, test results, references
Background	Right to work, DBS checks, driving licence
Equal Opportunities	Diversity monitoring data (voluntary)

Employees

Employee data is covered in our separate Employee Privacy Notice, provided during onboarding.

Website Visitors

Data Type	Examples
Technical	IP address, browser type, device information
Usage	Pages visited, time on site, referral source
Cookies	Session data, preferences, analytics
Enquiries	Contact form submissions, quote requests

How We Collect Information

We collect personal information through various means:

Directly from You

• Contact forms and enquiries
• Quote requests and service bookings
• Contract negotiations and agreements
• Phone calls and emails
• Appointments and site visits
• Job applications
• Feedback and surveys

From Third Parties

• Our clients (property managers, housing associations, landlords)
• Referees and previous employers (job applicants)
• Credit reference agencies
• Background check providers (DBS)
• Trade bodies and certification bodies
• Public sources (Companies House, professional registers)

Automatically

• Website cookies and analytics
• CCTV at our premises
• Vehicle telematics (employee vehicles)
• Call recordings (with notification)

How We Use Your Information

We use personal information for the following purposes:

Providing Our Services

Purpose	Legal Basis
Delivering maintenance and compliance services	Contract performance
Scheduling appointments and accessing properties	Contract performance
Issuing certificates and compliance documentation	Contract performance, legal obligation
Communicating about services and appointments	Contract performance
Invoicing and payment processing	Contract performance
Responding to enquiries and complaints	Contract performance, legitimate interests

Managing Client Relationships

Purpose	Legal Basis
Account management and contract administration	Contract performance
Service improvement and quality management	Legitimate interests
Client feedback and satisfaction surveys	Legitimate interests
Marketing our services (with consent)	Consent

Legal and Regulatory Compliance

Purpose	Legal Basis
Maintaining compliance records (gas, electrical, fire safety)	Legal obligation
Responding to regulatory requests	Legal obligation
Health and safety record keeping	Legal obligation
Financial record keeping and tax compliance	Legal obligation
Building Safety Act evidence and Golden Thread	Legal obligation

Business Operations

Purpose	Legal Basis
Supplier and subcontractor management	Contract performance, legitimate interests
Quality audits and performance monitoring	Legitimate interests
Business planning and analysis	Legitimate interests
Insurance and claims management	Legitimate interests, legal obligation
Legal proceedings and dispute resolution	Legitimate interests, legal claims

Recruitment

Purpose	Legal Basis
Processing job applications	Legitimate interests, contract preparation
Conducting interviews and assessments	Legitimate interests
Background checks and verification	Legal obligation, legitimate interests
Equal opportunities monitoring	Legal obligation (anonymised)

Security and Safety

Purpose	Legal Basis
CCTV monitoring at our premises	Legitimate interests
Access control and visitor management	Legitimate interests
Fraud prevention and detection	Legitimate interests
Safeguarding vulnerable individuals	Legal obligation, vital interests

Legal Basis for Processing

Under UK GDPR, we must have a legal basis for processing personal data:

Contract Performance

Processing necessary to perform a contract with you or take steps before entering a contract.

Legal Obligation

Processing necessary to comply with legal requirements, such as health and safety regulations, tax laws, or Building Safety Act requirements.

Legitimate Interests

Processing necessary for our legitimate business interests, where these are not overridden by your rights. Our legitimate interests include:

• Providing and improving our services
• Managing client and supplier relationships
• Business administration and planning
• Fraud prevention and security
• Marketing (to existing clients)

Consent

Where you have given clear consent for specific processing, such as receiving marketing communications.

Vital Interests

Processing necessary to protect someone’s life, such as emergency contact in case of accident.

Special Category Data

Some personal data is classified as special category data and requires additional protection:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic or biometric data
• Health data
• Sex life or sexual orientation

When We Process Special Category Data

We may process special category data in limited circumstances:

Data Type	Purpose	Legal Basis
Health information	Vulnerability flags for service delivery, reasonable adjustments	Explicit consent, vital interests
Disability status	Reasonable adjustments, equal opportunities monitoring	Explicit consent, legal obligation
Religious observance	Scheduling appointments, dietary requirements	Explicit consent
Ethnic origin	Equal opportunities monitoring (anonymised)	Legal obligation

We will always tell you why we need special category data and obtain your explicit consent where required.

Criminal Record Data

We process criminal record data for:

• DBS checks on employees working in residents’ homes
• Compliance with safeguarding requirements
• Assessment of supplier and subcontractor suitability

This processing is necessary for compliance with legal obligations and our policies on safeguarding and safer recruitment.

Who We Share Your Information With

We may share personal information with:

Service Delivery Partners

Recipient	Purpose
Subcontractors	Delivering services on our behalf
Material suppliers	Ordering and delivering materials
Specialist contractors	Specialist works (e.g., asbestos, scaffolding)

Our Clients

Recipient	Purpose
Property managers	Service updates, appointment scheduling, certificates
Housing associations	Compliance reporting, resident communication
Landlords	Service records, compliance documentation

Professional Advisers

Recipient	Purpose
Accountants	Financial reporting, tax compliance
Lawyers	Legal advice, dispute resolution
Insurers	Claims, underwriting
Auditors	Compliance audits

Regulatory Bodies

Recipient	Purpose
Health and Safety Executive	Incident reporting, investigations
Gas Safe Register	Engineer registration, compliance
Building Safety Regulator	Building Safety Act compliance
Local authorities	Building control, environmental health
Information Commissioner	Data protection compliance

Technology Providers

Recipient	Purpose
IT service providers	System hosting, support, maintenance
Software providers	Job management, scheduling, CRM
Cloud storage providers	Secure data storage
Communication providers	Email, phone systems

Other Parties

Recipient	Purpose
Credit reference agencies	Credit checks on clients/suppliers
Background check providers	DBS checks, right to work
Debt collection agencies	Recovering unpaid debts
Police and law enforcement	Legal requirements, crime prevention

Safeguards

When sharing data with third parties:

• We only share data necessary for the specific purpose
• We have contracts requiring data protection compliance
• We ensure adequate security measures are in place
• We do not sell personal data to third parties

International Transfers

We primarily process personal data within the UK and European Economic Area (EEA).

If we transfer data outside the UK/EEA, we ensure appropriate safeguards:

• Transfers to countries with adequate data protection laws
• Standard contractual clauses approved by the ICO
• Binding corporate rules (where applicable)
• Explicit consent for specific transfers

Data Retention

We retain personal data only for as long as necessary.

Retention Periods

Data Type	Retention Period
Client contracts and service records	Duration of contract + 6 years
Compliance certificates (gas, electrical, fire)	Duration of validity + 6 years
Building Safety Act evidence	Life of the building
Financial records and invoices	7 years
Correspondence and communications	3 years (6 years if contractual)
Resident contact details	Duration of service + 2 years
Photographs of work	6 years
CCTV footage	30 days (unless incident)
Job applications (unsuccessful)	6 months
Employee records	Duration of employment + 6 years
Health and safety records	40 years (where health surveillance)
Accident and incident reports	6 years (40 years for serious injuries)
Website analytics	26 months

Retention Review

We regularly review retained data and securely delete or anonymise data that is no longer needed.

Exceptions

We may retain data longer if:

• Required by law or regulation
• Needed for legal proceedings
• Subject to a legal hold
• Required for Building Safety Act Golden Thread

Data Security

We implement appropriate security measures to protect personal data.

Technical Measures

• Encryption of data in transit and at rest
• Secure password policies and multi-factor authentication
• Firewalls and intrusion detection systems
• Regular security updates and patching
• Secure backup and disaster recovery
• Access controls and user permissions

Organisational Measures

• Data protection policies and procedures
• Staff training on data protection
• Confidentiality obligations in contracts
• Incident response procedures
• Regular security audits and testing
• Supplier due diligence

Physical Measures

• Secure premises with access controls
• Locked storage for paper records
• Clear desk policy
• Secure disposal of documents
• CCTV monitoring

Breach Response

If a data breach occurs:

• We will contain and assess the breach
• We will notify the ICO within 72 hours if required
• We will notify affected individuals if there is high risk
• We will take steps to prevent recurrence

Your Rights

Under UK GDPR, you have the following rights:

Right to Be Informed

You have the right to know how we use your personal data. This Privacy Policy provides that information.

Right of Access

You have the right to request a copy of the personal data we hold about you (a Subject Access Request).

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as:

• Data is no longer needed for the original purpose
• You withdraw consent (where consent is the legal basis)
• You object to processing and there are no overriding legitimate grounds
• Data was unlawfully processed

This right does not apply where we need to retain data for legal obligations or legal claims.

Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances, such as:

• You contest the accuracy of the data
• Processing is unlawful but you do not want deletion
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format where:

• Processing is based on consent or contract
• Processing is carried out by automated means

Right to Object

You have the right to object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.

You have an absolute right to object to direct marketing at any time.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects.

We do not currently use automated decision-making that would be subject to this right.

Exercising Your Rights

How to Make a Request

To exercise any of your rights, contact us:

Email: dataprotection@allservices4u.co.uk Phone: [Phone number] Post: Data Protection Officer, All Services 4U, [Address]

Please provide:

• Your name and contact details
• Details of your request
• Any information to help us locate your data
• Proof of identity (we may request this)

Our Response

• We will respond within one month
• We may extend this by two months for complex requests
• We will inform you of any extension and the reasons
• We will provide information free of charge (reasonable fees may apply for excessive requests)

Verification

To protect your data, we may ask you to verify your identity before processing requests.

Complaints

If you are not satisfied with our response:

1. Contact our Data Protection Officer
2. Escalate to senior management
3. Complain to the Information Commissioner’s Office

Information Commissioner’s Office Website: www.ico.org.uk Phone: 0303 123 1113 Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Cookies

Our website uses cookies to improve your experience.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and understand how you use the site.

Cookies We Use

Cookie Type	Purpose	Duration
Essential	Required for website functionality	Session
Functional	Remember your preferences	1 year
Analytics	Understand how visitors use our site	26 months
Marketing	Deliver relevant advertisements	Varies

Essential Cookies

These cookies are necessary for the website to function. They cannot be disabled.

• Session management
• Security features
• Load balancing

Analytics Cookies

We use Google Analytics to understand how visitors use our website. These cookies collect anonymous information about:

• Pages visited
• Time spent on site
• How you arrived at our site
• Your general location (country/city)

Managing Cookies

You can manage cookies through:

• Our cookie consent banner
• Your browser settings
• Opting out of Google Analytics: tools.google.com/dlpage/gaoptout

More Information

For more details, see our separate Cookie Policy.

Marketing

How We Market

We may send marketing communications about our services if:

• You are an existing client and have not opted out
• You have given consent to receive marketing
• You have enquired about our services

Your Choices

You can opt out of marketing at any time:

• Click “unsubscribe” in any marketing email
• Contact us at marketing@allservices4u.co.uk
• Call us on [Phone number]

We will action opt-out requests within 10 working days.

What We Will Not Do

• We will not sell your data to third parties for marketing
• We will not share your data with unrelated companies for their marketing
• We will not send excessive communications

Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children.

If we become aware that we have collected data from a child under 16 without parental consent, we will delete it.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of other websites. Please read their privacy policies.

CCTV

We operate CCTV at our premises for security purposes.

Purpose

• Preventing and detecting crime
• Protecting staff, visitors, and property
• Health and safety monitoring

Signage

Signs are displayed to notify people that CCTV is in operation.

Retention

CCTV footage is retained for 30 days unless:

• An incident requires longer retention
• Footage is requested by law enforcement
• Footage is needed for legal proceedings

Access

You may request access to CCTV footage featuring you. We may redact or withhold footage featuring other individuals.

Call Recording

We may record phone calls for:

• Training and quality purposes
• Accurate record of instructions
• Dispute resolution
• Regulatory compliance

You will be informed at the start of a call if it is being recorded.

Changes to This Policy

We may update this Privacy Policy from time to time.

Notification

• Significant changes will be notified via email or website notice
• Minor changes will be reflected in the “last updated” date
• Continued use of our services constitutes acceptance of changes

Version History

Version	Date	Changes
1.0	[Date]	Initial publication

Contact Us

If you have questions about this Privacy Policy or how we handle your personal data:

Data Protection Officer Email: dataprotection@allservices4u.co.uk Phone: [Phone number] Address: Data Protection Officer, All Services 4U, [Address]

General Enquiries Email: info@allservices4u.co.uk Phone: [Phone number]

Quick Reference

We Will

✓ Only collect data we need
✓ Tell you how we use your data
✓ Keep your data secure
✓ Respect your rights
✓ Only keep data as long as necessary
✓ Train our staff on data protection
✓ Report breaches as required

We Will Not

✗ Sell your data to third parties
✗ Use your data for purposes you wouldn’t expect
✗ Keep data longer than necessary
✗ Share data without appropriate safeguards
✗ Ignore your rights requests
✗ Send marketing without consent or legitimate basis

Your Rights

✓ Access your data
✓ Correct inaccurate data
✓ Request deletion (in certain circumstances)
✓ Restrict processing
✓ Object to processing
✓ Data portability
✓ Withdraw consent
✓ Complain to the ICO

All Services 4U is committed to protecting your privacy. This policy explains how we handle your personal information in compliance with UK data protection law.