GDPR Compliance & Cookie Policy

Maxpro Cleaning Services Ltd.
Effective Date: 03 December 2025
Last Updated: 03 December 2025

---

PART A: GDPR COMPLIANCE STATEMENT

1. Introduction to GDPR

Maxpro Cleaning Services Ltd. is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This document outlines our GDPR compliance measures and practices.

Contact Details:
Email: info@maxproclean.co.uk
Telephone: 01908488847
Website: https://maxproclean.co.uk

2. Data Controller Information

Maxpro Cleaning Services Ltd. acts as the Data Controller for all personal data we process. This means we determine the purposes and means of processing your personal data.

Data Protection Contact:
For all data protection inquiries, please contact us at info@maxproclean.co.uk

3. Lawful Basis for Processing

We process personal data only when we have a lawful basis under Article 6 of the GDPR:

3.1 Consent (Article 6(1)(a))

• Marketing communications
• Non-essential cookies
• Optional data collection activities

3.2 Contract Performance (Article 6(1)(b))

• Processing bookings and service requests
• Delivering cleaning services
• Managing customer accounts
• Processing payments

3.3 Legal Obligation (Article 6(1)(c))

• Tax and accounting records
• Health and safety compliance
• Responding to legal requests
• Employment law obligations

3.4 Legitimate Interests (Article 6(1)(f))

• Fraud prevention and security
• Business administration
• Improving our services
• Internal communications

We conduct Legitimate Interest Assessments (LIAs) to ensure processing does not override your rights and freedoms.

4. Data Protection Principles

We adhere to the GDPR’s six data protection principles:

4.1 Lawfulness, Fairness, and Transparency

• We process data lawfully with a valid legal basis
• We are transparent about our data practices
• We provide clear privacy information

4.2 Purpose Limitation

• We collect data for specific, explicit, and legitimate purposes
• We do not process data in ways incompatible with those purposes

4.3 Data Minimization

• We collect only the data necessary for our purposes
• We avoid collecting excessive information

4.4 Accuracy

• We take reasonable steps to ensure data accuracy
• We provide mechanisms for you to update your information
• We correct inaccurate data promptly

4.5 Storage Limitation

• We retain data only as long as necessary
• We have clear retention schedules
• We securely delete data when no longer needed

4.6 Integrity and Confidentiality

• We implement appropriate security measures
• We protect data against unauthorized processing, loss, or damage
• We train staff on data protection

5. Your Rights Under GDPR

You have the following rights regarding your personal data:

5.1 Right of Access (Article 15)

Request a copy of your personal data we hold. We will respond within one month.

5.2 Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

5.3 Right to Erasure / “Right to be Forgotten” (Article 17)

Request deletion of your personal data when:

• Data is no longer necessary
• You withdraw consent
• You object to processing
• Data has been unlawfully processed
• Legal obligation requires erasure

Exceptions apply when we have legal obligations to retain data (e.g., accounting records).

5.4 Right to Restriction of Processing (Article 18)

Request that we limit how we use your data in certain circumstances.

5.5 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format and transfer it to another controller.

5.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

5.7 Rights Related to Automated Decision-Making (Article 22)

We do not currently use automated decision-making or profiling that produces legal effects.

5.8 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent (does not affect prior lawful processing).

5.9 Right to Lodge a Complaint

Contact the Information Commissioner’s Office (ICO) if you believe we have not complied with data protection laws.

ICO Contact Information:
Website: https://ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

6. How to Exercise Your Rights

To exercise any GDPR rights:

1. Contact us at info@maxproclean.co.uk or call 01908893211
2. Specify which right you wish to exercise
3. Provide sufficient information to identify yourself
4. We may request additional verification for security purposes

We will respond to your request within one month (extendable by two months for complex requests).

7. Data Security Measures

We implement comprehensive security measures, including:

7.1 Technical Measures

• SSL/TLS encryption for data transmission
• Encrypted data storage
• Secure password policies
• Regular security updates and patches
• Firewalls and intrusion detection systems
• Secure backup procedures

7.2 Organizational Measures

• Staff training on data protection and GDPR
• Access controls and role-based permissions
• Confidentiality agreements
• Clear data handling procedures
• Regular security audits and assessments
• Incident response procedures

7.3 Third-Party Security

• Due diligence on all data processors
• Data Processing Agreements (DPAs) with all processors
• Regular review of third-party security practices

8. Data Breach Procedures

In the event of a personal data breach:

8.1 Internal Response

• Immediate containment and investigation
• Assessment of breach severity and impact
• Documentation of the breach and response

8.2 Notification to ICO

We will notify the ICO within 72 hours of becoming aware of a breach that poses a risk to individuals’ rights and freedoms.

8.3 Notification to Data Subjects

We will notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms.

9. International Data Transfers

9.1 Transfer Safeguards

When transferring data outside the UK/EEA, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): Approved by the ICO
• Adequacy Decisions: Transfers to countries deemed adequate by the UK government
• Explicit Consent: Where appropriate and legally valid

9.2 Current Transfers

We primarily process data within the United Kingdom. Any international transfers are documented and protected as required by law.

10. Data Retention

We retain personal data only as long as necessary:

Data Type	Retention Period	Legal Basis
Client records and bookings	7 years after service completion	Legal obligation (accounting/tax)
Payment information	7 years after transaction	Legal obligation (financial records)
Marketing data	3 years of inactivity or until consent withdrawn	Consent
Website analytics	26 months	Legitimate interest
Complaint records	7 years after resolution	Legal obligation
Employee records	6 years after employment ends	Legal obligation
CCTV footage (if applicable)	30 days	Legitimate interest (security)

After retention periods expire, we securely delete or anonymize data.

11. Children’s Data

Our services are not directed at children under 16. We do not knowingly collect or process personal data from children. If we become aware of such data, we will delete it promptly.

12. Data Processing Records

We maintain comprehensive records of our processing activities as required by Article 30 of the GDPR, including:

• Categories of data processed
• Purposes of processing
• Categories of data subjects and recipients
• International transfers
• Retention periods
• Security measures

13. Privacy by Design and Default

We implement privacy-focused practices:

• Privacy by Design: Building data protection into all systems and processes
• Privacy by Default: Processing only necessary data with appropriate settings
• Data Protection Impact Assessments (DPIAs): Conducted for high-risk processing

14. Staff Training and Awareness

All staff receive:

• Initial data protection and GDPR training
• Regular refresher training
• Updates on policy changes
• Specific training for roles involving data processing

15. Third-Party Data Processors

We work with carefully selected third-party processors, including:

• Payment processors
• IT service providers
• Email service providers
• Cloud storage providers
• Analytics services

All processors:

• Sign Data Processing Agreements (DPAs)
• Comply with GDPR requirements
• Implement appropriate security measures
• Process data only on our instructions

---

PART B: COOKIE POLICY

1. What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience, remember your preferences, and analyze website performance.

2. How We Use Cookies

We use cookies for the following purposes:

2.1 Essential Cookies (Strictly Necessary)

These cookies are necessary for the website to function properly and cannot be disabled.

Purpose:

• Enable basic website functionality
• Maintain security and prevent fraud
• Remember your cookie consent preferences
• Session management

Legal Basis: Legitimate interest / necessary for service provision

Examples:

• Session cookies for maintaining login state
• Security tokens to prevent cross-site request forgery (CSRF)
• Cookie consent preferences

2.2 Performance Cookies (Analytics)

These cookies help us understand how visitors interact with our website.

Purpose:

• Analyze website traffic and usage patterns
• Identify popular pages and content
• Improve website performance
• Detect and diagnose technical issues

Legal Basis: Consent (can be disabled in cookie settings)

Examples:

• Google Analytics cookies (_ga, _gid)
• Traffic analysis tools
• Page load time monitoring

Data Collected:

• Pages visited
• Time spent on site
• Browser and device information
• Approximate location (country/city level)

2.3 Functionality Cookies

These cookies enable enhanced functionality and personalization.

Purpose:

• Remember your preferences and settings
• Provide personalized features
• Remember your location for local services

Legal Basis: Consent (can be disabled in cookie settings)

Examples:

• Language preferences
• Region/location settings
• Display preferences

2.4 Marketing Cookies (Advertising)

These cookies track your online activity to deliver relevant advertisements.

Purpose:

• Show relevant advertisements
• Measure advertising campaign effectiveness
• Prevent repetitive ads

Legal Basis: Consent (can be disabled in cookie settings)

Examples:

• Google Ads cookies
• Social media pixels (Facebook, LinkedIn)
• Retargeting cookies

Note: We only use marketing cookies with your explicit consent.

3. Specific Cookies We Use

Cookie Name	Type	Purpose	Duration	Provider
cookie_consent	Essential	Stores your cookie preferences	1 year	Maxpro Cleaning
_ga	Analytics	Google Analytics – distinguishes users	2 years	Google
_gid	Analytics	Google Analytics – distinguishes users	24 hours	Google
_gat	Analytics	Google Analytics – throttles request rate	1 minute	Google
PHPSESSID	Essential	Session management	Session	Maxpro Cleaning

This list may be updated as we add or remove services.

4. Third-Party Cookies

Some cookies are set by third-party services that appear on our website:

4.1 Google Analytics

We use Google Analytics to analyze website traffic. Google may use this data per their privacy policy.

• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://tools.google.com/dlpage/gaoptout

4.2 Social Media

If we embed social media content, those platforms may set cookies:

• Facebook: https://www.facebook.com/policy/cookies
• LinkedIn: https://www.linkedin.com/legal/cookie-policy
• Twitter/X: https://twitter.com/en/privacy

5. Managing Your Cookie Preferences

You have several options to control cookies:

5.1 Cookie Consent Banner

When you first visit our website, you’ll see a cookie consent banner where you can:

• Accept all cookies
• Reject non-essential cookies
• Customize your preferences by cookie category

5.2 Cookie Settings

You can change your cookie preferences at any time by:

• Clicking the “Cookie Settings” link in the website footer
• Revisiting the cookie consent banner

5.3 Browser Settings

You can control cookies through your browser settings:

Chrome: Settings → Privacy and Security → Cookies and other site data

Firefox: Settings → Privacy & Security → Cookies and Site Data

Safari: Preferences → Privacy → Manage Website Data

Edge: Settings → Cookies and site permissions → Manage and delete cookies

Note: Disabling essential cookies may affect website functionality.

5.4 Browser “Do Not Track” Signals

We respect “Do Not Track” signals where possible, but some features may require cookies to function properly.

6. Mobile App (If Applicable)

If we develop a mobile application, we will update this policy to include information about mobile tracking technologies and device identifiers.

7. Cookie Consent for EU/UK Visitors

For visitors from the EU and UK:

• We obtain explicit consent before placing non-essential cookies
• We provide clear information about cookies in our consent banner
• We allow you to withdraw consent at any time
• We document your consent preferences

8. How Long Do Cookies Last?

Cookies have different lifespans:

Session Cookies: Deleted when you close your browser Persistent Cookies: Remain for a set period (from days to years) as specified in the cookie table above

9. Updates to Our Cookie Policy

We may update this Cookie Policy to reflect:

• Changes in cookie usage
• New technologies
• Legal requirements
• Business practices

Significant changes will be communicated through:

• Website notification banner
• Email to registered users (where applicable)
• Updated “Last Updated” date

10. Contact Us About Cookies

If you have questions about our use of cookies:

Maxpro Cleaning Services Ltd.
Email: info@maxproclean.co.uk
Telephone: 01908488847
Website: https://maxproclean.co.uk

---

Additional GDPR & Privacy Resources

For more detailed information about how we process your personal data, please refer to our comprehensive Privacy Policy available at https://maxproclean.co.uk/privacy-policy

Your privacy matters to us. We are committed to transparency, security, and compliance with all applicable data protection laws.

---

Last Updated: 03 December 2025
Next Review: December 2026