Rubbishes Privacy Policy for Customers

This Privacy Policy explains how Rubbishes collects, uses, stores and protects personal data relating to customers and prospective customers. It applies to all Rubbishes customers in your area who use our services or interact with us by any means, including in person, by telephone, by email, through our website or through social media. We are committed to complying with the General Data Protection Regulation and applicable data protection laws.

Data Controller

The data controller responsible for your personal data is Rubbishes. This means that Rubbishes determines the purposes and means of processing your personal data and is responsible for ensuring that such processing is carried out in accordance with data protection law.

If you have any questions about this Privacy Policy or about how we handle your personal data, you can contact us using our usual customer communication channels.

Personal Data We Collect

We may collect and process the following categories of personal data about you:

Identification and contact details, such as name, title, address, email address, telephone numbers and any account identifiers assigned by us.

Service and usage information, such as the type of Rubbishes services you use, service location, collection schedules, service preferences, records of interactions with our staff and any complaints or enquiries you make.

Billing and payment information, such as billing address, payment method details provided to us, transaction history, invoice information and records of payments made or owed.

Technical and communication data, such as device and browser information, IP address, access times, and records of communications with us, including emails, calls and messages.

Marketing and preference data, such as your preferences for receiving marketing from us and records of your participation in surveys, feedback or promotions.

We collect this information directly from you when you interact with us, from your use of our services and from limited publicly available sources where appropriate and lawful.

Purposes and Lawful Bases for Processing

We process your personal data for specific purposes and only when we have a lawful basis for doing so under the GDPR. The main purposes and lawful bases are:

To provide and manage our services. We use your personal data to set up and administer your account, schedule and perform collections, manage your service preferences and respond to your enquiries. The lawful basis is that processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

To manage billing, payments and debt recovery. We process your data to issue invoices, collect payments, manage refunds and pursue overdue amounts. The lawful basis is performance of a contract and our legitimate interests in managing our business and preventing fraud.

To communicate with you. We send service-related communications, such as changes to services, safety notices or policy updates. The lawful basis is performance of a contract and our legitimate interests in keeping you informed about services you use.

To improve our services and operations. We may analyse aggregated and pseudonymised data to understand usage patterns, improve customer experience and develop new services. The lawful basis is our legitimate interests in developing and improving our business.

To comply with legal and regulatory obligations. We may process your personal data to meet our obligations under tax, accounting, environmental, health and safety or other laws. The lawful basis is compliance with a legal obligation.

To send marketing communications. With your consent where required by law, or otherwise based on our legitimate interests where permitted, we may contact you about products and services that may be of interest to you. You can opt out of marketing at any time.

Where we rely on legitimate interests, we balance those interests against your rights and freedoms and will not use your data where your interests or fundamental rights override our interests.

Sharing of Personal Data and Processors

We may share your personal data with trusted third parties who act as data processors on our behalf. These processors only process your data in accordance with our instructions and are subject to appropriate contractual and security obligations.

Types of processors we may use include:

IT and cloud service providers who host our systems, provide software tools or support our communications and data storage.

Payment service providers and banks who process payments and manage financial transactions on our behalf.

Customer service and communication platforms that help us manage enquiries, service notifications and marketing communications.

Professional advisers, such as accountants, auditors or legal advisers, who provide services to us and may need limited access to your data for these purposes.

We may also share personal data with third parties acting as independent controllers where required by law, such as regulatory authorities, law enforcement agencies or courts, or in connection with business restructuring, mergers or transfers, where permitted by law.

International Data Transfers

Where we transfer your personal data to countries outside the United Kingdom or European Economic Area that do not provide an equivalent level of data protection, we will ensure that appropriate safeguards are in place. These may include standard contractual clauses approved by the European Commission or other lawful transfer mechanisms. You can contact us for further information on the safeguards in place.

Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected and to meet any legal, accounting or reporting requirements.

Customer account and service data are generally retained for the duration of your relationship with us and for a period after termination of services to resolve disputes, enforce contracts and comply with legal obligations.

Billing and financial records are retained for the period required under tax and accounting laws.

Marketing and preference data are retained until you withdraw your consent or object to processing, or until they are no longer needed for the purpose for which they were collected.

When data are no longer required, we will delete or anonymise them in a secure manner.

Your Data Protection Rights

Under the GDPR and applicable data protection laws, you have a number of rights in relation to your personal data. Subject to certain conditions and exemptions, these include:

Right of access. You have the right to obtain confirmation as to whether we process personal data about you and, if so, to receive a copy of that data and information about our processing.

Right to rectification. You have the right to request correction of inaccurate personal data and completion of incomplete data.

Right to erasure. In certain circumstances, you have the right to request that we delete your personal data, for example where the data are no longer necessary for the purposes for which they were collected or where you withdraw consent and there is no other legal basis for processing.

Right to restriction of processing. You have the right to request that we restrict the processing of your data in specific situations, for example while we verify the accuracy of your data or assess an objection.

Right to data portability. Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine readable format and to request that we transmit it to another controller where technically feasible.

Right to object. You have the right to object to processing based on our legitimate interests, including profiling, on grounds relating to your particular situation. We will stop processing unless we demonstrate compelling legitimate grounds. You always have the right to object to processing of your data for direct marketing purposes.

Right to withdraw consent. Where we rely on your consent to process personal data, you may withdraw that consent at any time. This will not affect the lawfulness of processing before consent was withdrawn.

Right to lodge a complaint. You have the right to lodge a complaint with your local data protection authority if you believe that your data protection rights have been infringed. We encourage you to contact us first so we can try to resolve your concerns.

Security of Personal Data

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include access controls, encryption where appropriate, staff training and regular review of our security procedures.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or for other operational reasons. When we make significant changes, we will take reasonable steps to inform you through our usual communication channels. The updated version will apply to all Rubbishes customers in your area from the date it is published.