GDPR data processing policy

Under the General Data Protection Regulation you have the right to know how we use your personal data. This page outlines our processing policy.

What personal data do we use?

When you engage with our business, we have to record some basic details about you in order to facilitate that engagement. These include your name, address, and contact details. We also record details of any payment you make to us.

This data may be provided directly by yourself, or via an associated party, such as your insurance company.

What do we use it for?

All the data we collect is only for the purpose of providing our core business services. We do not sell or pass on your personal data to anyone not directly involved in this aim. We never sell your personal data or use it for targeted advertising. Financial records, including details of any payments you make to us, are kept for accounting purposes.

In some cases, to provide our services, we have to exchange a limited amount of personal data with third parties. These include (but are not limited to):

  • Government agencies (e.g. local planning departments)
  • Contractors (e.g. tree surgeons)

For example:

  • We may have to pass on your name and address to the local planning authority in order to make an application on your behalf to remove a tree.
  • We may have to discuss with your architect the implications of your proposed house extension plans.

These third parties will be located in the EU and your rights under the GDPR (General Data Protection Regulation) will still apply. Furthermore, we check that any third parties we recommend, such as suppliers, have taken steps to implement the GDPR themselves.

How long do we keep it for?

We retain your personal data for at least as long as the relationship between us exists. This allows us to, for example, contact you while we carry out work on your behalf.

Once we have completed the work we have been engaged to do, our records of the work will be archived for future reference.

Additionally, if you require us to delete any of your personal data, we will do so, subject to safeguarding our own legitimate interests (for instance, retaining payment history for our accounting purposes).

What is our lawful basis for processing?

Our lawful basis for processing under the GDPR is legitimate interests. This means our processing is justified on the basis that it furthers our interests without undue negative impact on yours. In fact, in the vast majority of cases, both our interests and your interests are furthered by this processing: it allows us to be of service to you.

What are your rights?

You have the right to be informed.

We inform you of our collection of personal data at the earliest opportunity. For example:

  • When we send you an email, a link to our privacy policy is found in our email footer.
  • When you email us through our website, the privacy policy is provided there.
  • When engaging us to provide services, our privacy policy is provided with our terms and conditions.

You have right of access.

We will provide, on request, confirmation of whether your data is being processed, a copy of your data, and details of who, if anyone, the data has been passed to.

We will take reasonable steps to verify your identity before releasing any personal data.

You have the right to object, in some cases.

You may make an objection to our processing on grounds relating to your particular situation. Should we not have compelling legitimate grounds to overrule your request, we will cease processing your data.

You have the right to rectification.

If you believe that the personal data we hold is inaccurate or incomplete, we will on your request investigate and correct it if we agree. In the event that we do not agree that it is inaccurate or incomplete, we will not change it. In such a case you have the right to lodge a complaint with a supervisory authority.

As with right of access, we will verify your identity before we release any personal data.

You have the right to erasure, in some cases.

If you believe the personal data we hold is no longer necessary for us to pursue our legitimate interests, you may request erasure. If we agree, we will do so. If we decline to erase, you may make a complaint to the supervisory authority if you disagree with our decision.

Example 1: you are a neighbour of our client who is having work done on his trees. Although you have been incidentally involved in discussing our client’s trees, you then move out of the area and have no further interest in the matter. You request that your contact details be removed from our system, and we are happy to comply.

Example 2: we have provided a tree safety report for your insurance company. Our report indicates the tree poses danger to the general public, but you disagree. You ask us to erase the report and your details. We refuse, on the bases that we need to protect ourselves against claims of negligence, and that there is a significant public interest in the information.

You have the right to a temporary restriction of processing.

If you request erasure or rectification, our processing of your personal data will be restricted while we consider your request.

Furthermore, you may request that we not delete your personal data even after our need for it has ended, for the purposes of allowing you to establish, exercise or defend a legal claim.

Supervisory authority details

The supervisory authority for the UK is the ICO, to whom you have the right to complain. Details of how to contact them can be found on their website, https://ico.org.uk/.