Protecting Your Personal Information
All Services 4U is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy applies to personal information we collect about clients, residents, suppliers, job applicants, website visitors, and anyone who interacts with our business.
Last updated: [Date]
Who We Are
All Services 4U is the data controller responsible for your personal information.
Company Name: All Services 4U Limited Registered Address: [Address] Company Number: [Number] ICO Registration Number: [Number]
Data Protection Contact: Email: dataprotection@allservices4u.co.uk Phone: [Phone number] Address: Data Protection Officer, All Services 4U, [Address]
Information We Collect
We collect different types of personal information depending on your relationship with us.
Clients and Client Representatives
| Data Type | Examples |
| Identity | Name, job title, company name |
| Contact | Email address, phone number, business address |
| Contract | Service agreements, purchase orders, instructions |
| Financial | Bank details, payment history, invoices |
| Communication | Emails, letters, meeting notes, call recordings |
| Service | Property details, access arrangements, service history |
Residents and Property Occupants
| Data Type | Examples |
| Identity | Name, household composition |
| Contact | Address, phone number, email |
| Access | Key holder details, access codes, preferred contact times |
| Service | Appointment history, work completed, photos of work |
| Vulnerability | Accessibility needs, health conditions affecting service (where disclosed) |
| Safeguarding | Concerns reported, referrals made |
Suppliers and Subcontractors
| Data Type | Examples |
| Identity | Company name, contact names, job titles |
| Contact | Email, phone, business address |
| Financial | Bank details, payment terms, invoices |
| Compliance | Certifications, insurance, accreditations |
| Performance | Work quality, audit results, incident reports |
Job Applicants
| Data Type | Examples |
| Identity | Name, date of birth |
| Contact | Address, email, phone number |
| Qualifications | CV, education, certifications, work history |
| Assessment | Interview notes, test results, references |
| Background | Right to work, DBS checks, driving licence |
| Equal Opportunities | Diversity monitoring data (voluntary) |
Employees
Employee data is covered in our separate Employee Privacy Notice, provided during onboarding.
Website Visitors
| Data Type | Examples |
| Technical | IP address, browser type, device information |
| Usage | Pages visited, time on site, referral source |
| Cookies | Session data, preferences, analytics |
| Enquiries | Contact form submissions, quote requests |
How We Collect Information
We collect personal information through various means:
Directly from You
- Contact forms and enquiries
- Quote requests and service bookings
- Contract negotiations and agreements
- Phone calls and emails
- Appointments and site visits
- Job applications
- Feedback and surveys
From Third Parties
- Our clients (property managers, housing associations, landlords)
- Referees and previous employers (job applicants)
- Credit reference agencies
- Background check providers (DBS)
- Trade bodies and certification bodies
- Public sources (Companies House, professional registers)
Automatically
- Website cookies and analytics
- CCTV at our premises
- Vehicle telematics (employee vehicles)
- Call recordings (with notification)
How We Use Your Information
We use personal information for the following purposes:
Providing Our Services
| Purpose | Legal Basis |
| Delivering maintenance and compliance services | Contract performance |
| Scheduling appointments and accessing properties | Contract performance |
| Issuing certificates and compliance documentation | Contract performance, legal obligation |
| Communicating about services and appointments | Contract performance |
| Invoicing and payment processing | Contract performance |
| Responding to enquiries and complaints | Contract performance, legitimate interests |
Managing Client Relationships
| Purpose | Legal Basis |
| Account management and contract administration | Contract performance |
| Service improvement and quality management | Legitimate interests |
| Client feedback and satisfaction surveys | Legitimate interests |
| Marketing our services (with consent) | Consent |
Legal and Regulatory Compliance
| Purpose | Legal Basis |
| Maintaining compliance records (gas, electrical, fire safety) | Legal obligation |
| Responding to regulatory requests | Legal obligation |
| Health and safety record keeping | Legal obligation |
| Financial record keeping and tax compliance | Legal obligation |
| Building Safety Act evidence and Golden Thread | Legal obligation |
Business Operations
| Purpose | Legal Basis |
| Supplier and subcontractor management | Contract performance, legitimate interests |
| Quality audits and performance monitoring | Legitimate interests |
| Business planning and analysis | Legitimate interests |
| Insurance and claims management | Legitimate interests, legal obligation |
| Legal proceedings and dispute resolution | Legitimate interests, legal claims |
Recruitment
| Purpose | Legal Basis |
| Processing job applications | Legitimate interests, contract preparation |
| Conducting interviews and assessments | Legitimate interests |
| Background checks and verification | Legal obligation, legitimate interests |
| Equal opportunities monitoring | Legal obligation (anonymised) |
Security and Safety
| Purpose | Legal Basis |
| CCTV monitoring at our premises | Legitimate interests |
| Access control and visitor management | Legitimate interests |
| Fraud prevention and detection | Legitimate interests |
| Safeguarding vulnerable individuals | Legal obligation, vital interests |
Legal Basis for Processing
Under UK GDPR, we must have a legal basis for processing personal data:
Contract Performance
Processing necessary to perform a contract with you or take steps before entering a contract.
Legal Obligation
Processing necessary to comply with legal requirements, such as health and safety regulations, tax laws, or Building Safety Act requirements.
Legitimate Interests
Processing necessary for our legitimate business interests, where these are not overridden by your rights. Our legitimate interests include:
- Providing and improving our services
- Managing client and supplier relationships
- Business administration and planning
- Fraud prevention and security
- Marketing (to existing clients)
Consent
Where you have given clear consent for specific processing, such as receiving marketing communications.
Vital Interests
Processing necessary to protect someone’s life, such as emergency contact in case of accident.
Special Category Data
Some personal data is classified as special category data and requires additional protection:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic or biometric data
- Health data
- Sex life or sexual orientation
When We Process Special Category Data
We may process special category data in limited circumstances:
| Data Type | Purpose | Legal Basis |
| Health information | Vulnerability flags for service delivery, reasonable adjustments | Explicit consent, vital interests |
| Disability status | Reasonable adjustments, equal opportunities monitoring | Explicit consent, legal obligation |
| Religious observance | Scheduling appointments, dietary requirements | Explicit consent |
| Ethnic origin | Equal opportunities monitoring (anonymised) | Legal obligation |
We will always tell you why we need special category data and obtain your explicit consent where required.
Criminal Record Data
We process criminal record data for:
- DBS checks on employees working in residents’ homes
- Compliance with safeguarding requirements
- Assessment of supplier and subcontractor suitability
This processing is necessary for compliance with legal obligations and our policies on safeguarding and safer recruitment.
Who We Share Your Information With
We may share personal information with:
Service Delivery Partners
| Recipient | Purpose |
| Subcontractors | Delivering services on our behalf |
| Material suppliers | Ordering and delivering materials |
| Specialist contractors | Specialist works (e.g., asbestos, scaffolding) |
Our Clients
| Recipient | Purpose |
| Property managers | Service updates, appointment scheduling, certificates |
| Housing associations | Compliance reporting, resident communication |
| Landlords | Service records, compliance documentation |
Professional Advisers
| Recipient | Purpose |
| Accountants | Financial reporting, tax compliance |
| Lawyers | Legal advice, dispute resolution |
| Insurers | Claims, underwriting |
| Auditors | Compliance audits |
Regulatory Bodies
| Recipient | Purpose |
| Health and Safety Executive | Incident reporting, investigations |
| Gas Safe Register | Engineer registration, compliance |
| Building Safety Regulator | Building Safety Act compliance |
| Local authorities | Building control, environmental health |
| Information Commissioner | Data protection compliance |
Technology Providers
| Recipient | Purpose |
| IT service providers | System hosting, support, maintenance |
| Software providers | Job management, scheduling, CRM |
| Cloud storage providers | Secure data storage |
| Communication providers | Email, phone systems |
Other Parties
| Recipient | Purpose |
| Credit reference agencies | Credit checks on clients/suppliers |
| Background check providers | DBS checks, right to work |
| Debt collection agencies | Recovering unpaid debts |
| Police and law enforcement | Legal requirements, crime prevention |
Safeguards
When sharing data with third parties:
- We only share data necessary for the specific purpose
- We have contracts requiring data protection compliance
- We ensure adequate security measures are in place
- We do not sell personal data to third parties
International Transfers
We primarily process personal data within the UK and European Economic Area (EEA).
If we transfer data outside the UK/EEA, we ensure appropriate safeguards:
- Transfers to countries with adequate data protection laws
- Standard contractual clauses approved by the ICO
- Binding corporate rules (where applicable)
- Explicit consent for specific transfers
Data Retention
We retain personal data only for as long as necessary.
Retention Periods
| Data Type | Retention Period |
| Client contracts and service records | Duration of contract + 6 years |
| Compliance certificates (gas, electrical, fire) | Duration of validity + 6 years |
| Building Safety Act evidence | Life of the building |
| Financial records and invoices | 7 years |
| Correspondence and communications | 3 years (6 years if contractual) |
| Resident contact details | Duration of service + 2 years |
| Photographs of work | 6 years |
| CCTV footage | 30 days (unless incident) |
| Job applications (unsuccessful) | 6 months |
| Employee records | Duration of employment + 6 years |
| Health and safety records | 40 years (where health surveillance) |
| Accident and incident reports | 6 years (40 years for serious injuries) |
| Website analytics | 26 months |
Retention Review
We regularly review retained data and securely delete or anonymise data that is no longer needed.
Exceptions
We may retain data longer if:
- Required by law or regulation
- Needed for legal proceedings
- Subject to a legal hold
- Required for Building Safety Act Golden Thread
Data Security
We implement appropriate security measures to protect personal data.
Technical Measures
- Encryption of data in transit and at rest
- Secure password policies and multi-factor authentication
- Firewalls and intrusion detection systems
- Regular security updates and patching
- Secure backup and disaster recovery
- Access controls and user permissions
Organisational Measures
- Data protection policies and procedures
- Staff training on data protection
- Confidentiality obligations in contracts
- Incident response procedures
- Regular security audits and testing
- Supplier due diligence
Physical Measures
- Secure premises with access controls
- Locked storage for paper records
- Clear desk policy
- Secure disposal of documents
- CCTV monitoring
Breach Response
If a data breach occurs:
- We will contain and assess the breach
- We will notify the ICO within 72 hours if required
- We will notify affected individuals if there is high risk
- We will take steps to prevent recurrence
Your Rights
Under UK GDPR, you have the following rights:
Right to Be Informed
You have the right to know how we use your personal data. This Privacy Policy provides that information.
Right of Access
You have the right to request a copy of the personal data we hold about you (a Subject Access Request).
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances, such as:
- Data is no longer needed for the original purpose
- You withdraw consent (where consent is the legal basis)
- You object to processing and there are no overriding legitimate grounds
- Data was unlawfully processed
This right does not apply where we need to retain data for legal obligations or legal claims.
Right to Restrict Processing
You have the right to request restriction of processing in certain circumstances, such as:
- You contest the accuracy of the data
- Processing is unlawful but you do not want deletion
- We no longer need the data but you need it for legal claims
- You have objected to processing pending verification
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format where:
- Processing is based on consent or contract
- Processing is carried out by automated means
Right to Object
You have the right to object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.
You have an absolute right to object to direct marketing at any time.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects.
We do not currently use automated decision-making that would be subject to this right.
Exercising Your Rights
How to Make a Request
To exercise any of your rights, contact us:
Email: dataprotection@allservices4u.co.uk Phone: [Phone number] Post: Data Protection Officer, All Services 4U, [Address]
Please provide:
- Your name and contact details
- Details of your request
- Any information to help us locate your data
- Proof of identity (we may request this)
Our Response
- We will respond within one month
- We may extend this by two months for complex requests
- We will inform you of any extension and the reasons
- We will provide information free of charge (reasonable fees may apply for excessive requests)
Verification
To protect your data, we may ask you to verify your identity before processing requests.
Complaints
If you are not satisfied with our response:
- Contact our Data Protection Officer
- Escalate to senior management
- Complain to the Information Commissioner’s Office
Information Commissioner’s Office Website: www.ico.org.uk Phone: 0303 123 1113 Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Cookies
Our website uses cookies to improve your experience.
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and understand how you use the site.
Cookies We Use
| Cookie Type | Purpose | Duration |
| Essential | Required for website functionality | Session |
| Functional | Remember your preferences | 1 year |
| Analytics | Understand how visitors use our site | 26 months |
| Marketing | Deliver relevant advertisements | Varies |
Essential Cookies
These cookies are necessary for the website to function. They cannot be disabled.
- Session management
- Security features
- Load balancing
Analytics Cookies
We use Google Analytics to understand how visitors use our website. These cookies collect anonymous information about:
- Pages visited
- Time spent on site
- How you arrived at our site
- Your general location (country/city)
Managing Cookies
You can manage cookies through:
- Our cookie consent banner
- Your browser settings
- Opting out of Google Analytics: tools.google.com/dlpage/gaoptout
More Information
For more details, see our separate Cookie Policy.
Marketing
How We Market
We may send marketing communications about our services if:
- You are an existing client and have not opted out
- You have given consent to receive marketing
- You have enquired about our services
Your Choices
You can opt out of marketing at any time:
- Click “unsubscribe” in any marketing email
- Contact us at marketing@allservices4u.co.uk
- Call us on [Phone number]
We will action opt-out requests within 10 working days.
What We Will Not Do
- We will not sell your data to third parties for marketing
- We will not share your data with unrelated companies for their marketing
- We will not send excessive communications
Children’s Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children.
If we become aware that we have collected data from a child under 16 without parental consent, we will delete it.
Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of other websites. Please read their privacy policies.
CCTV
We operate CCTV at our premises for security purposes.
Purpose
- Preventing and detecting crime
- Protecting staff, visitors, and property
- Health and safety monitoring
Signage
Signs are displayed to notify people that CCTV is in operation.
Retention
CCTV footage is retained for 30 days unless:
- An incident requires longer retention
- Footage is requested by law enforcement
- Footage is needed for legal proceedings
Access
You may request access to CCTV footage featuring you. We may redact or withhold footage featuring other individuals.
Call Recording
We may record phone calls for:
- Training and quality purposes
- Accurate record of instructions
- Dispute resolution
- Regulatory compliance
You will be informed at the start of a call if it is being recorded.
Changes to This Policy
We may update this Privacy Policy from time to time.
Notification
- Significant changes will be notified via email or website notice
- Minor changes will be reflected in the “last updated” date
- Continued use of our services constitutes acceptance of changes
Version History
| Version | Date | Changes |
| 1.0 | [Date] | Initial publication |
Contact Us
If you have questions about this Privacy Policy or how we handle your personal data:
Data Protection Officer Email: dataprotection@allservices4u.co.uk Phone: [Phone number] Address: Data Protection Officer, All Services 4U, [Address]
General Enquiries Email: info@allservices4u.co.uk Phone: [Phone number]
Quick Reference
We Will
✓ Only collect data we need
✓ Tell you how we use your data
✓ Keep your data secure
✓ Respect your rights
✓ Only keep data as long as necessary
✓ Train our staff on data protection
✓ Report breaches as required
We Will Not
✗ Sell your data to third parties
✗ Use your data for purposes you wouldn’t expect
✗ Keep data longer than necessary
✗ Share data without appropriate safeguards
✗ Ignore your rights requests
✗ Send marketing without consent or legitimate basis
Your Rights
✓ Access your data
✓ Correct inaccurate data
✓ Request deletion (in certain circumstances)
✓ Restrict processing
✓ Object to processing
✓ Data portability
✓ Withdraw consent
✓ Complain to the ICO
All Services 4U is committed to protecting your privacy. This policy explains how we handle your personal information in compliance with UK data protection law.