Welcome to the UK Window Cleaning Forums

Starting or own a window cleaning business? We're a network of window cleaners sharing advice, tips & experience. Rounds for sale & more. Join us today!

GDPR WHAT TO DO?

Messages
39
Location
Basingstoke
Hi guys i'm beginning to panic about this GDPR thing what's it all about and what do us window cleaners need to do, keep hearing about big fines etc if you don't obide by the rules? Any advice would be greatly appreciated. Thanks

 
Im sure i read online that it only effects certain companies but not sure if window cleaners would need to act upon it.im not sure how it would be communicated the buisnesses that need to inform there customers. we have had letters regarding it from our local garage we use and vets ect we use so im guessinf they had been informed  to do this weeks ago.

 
So what will you

Im sure i read online that it only effects certain companies but not sure if window cleaners would need to act upon it.im not sure how it would be communicated the buisnesses that need to inform there customers. we have had letters regarding it from our local garage we use and vets ect we use so im guessinf they had been informed  to do this weeks ago.
So what will you be doing about it mate?

 
As far as I know we can’t keep details of clients who are no longer using your services. You can keep some of their details in your accounts if needed for tax records. But if you want to keep their personal details so you can send them promotional info every now and again you need to contact them and ask for permission to do this. If they ignore your request you have to delete them. The law is more for people who sell and share people’s data. I doubt a window cleaning company would ever need to worry


Sent from my iPhone using Window Cleaning Forums

 
Yes, we are technically affected from what I gather. 

Now, does a name and an address count as personal information? Not really. Does a phone number? If it's in the phone book, no not really, if it's a hidden number, yes. Thus a data compromise could put you in a difficult situation if you store those kinds of data.

Now, if you use some sort of software to store data, it's important that the company that stores the data in the cloud are GPDR compliant. Most are, like Google if you use Google sheets.

If you add a note to your invoices where you mention customer data is deletable you should be good, but aren't you supposed to keep data records for accounting and tax purposes? 

What you can't do is add customers to any mailing list without their consent. But what window cleaner would do that..

Google "GPDR tradesmen" if you want more information. 

 
Yes, we are technically affected from what I gather. 

Now, does a name and an address count as personal information? Not really. Does a phone number? If it's in the phone book, no not really, if it's a hidden number, yes. Thus a data compromise could put you in a difficult situation if you store those kinds of data.

Now, if you use some sort of software to store data, it's important that the company that stores the data in the cloud are GPDR compliant. Most are, like Google if you use Google sheets.

If you add a note to your invoices where you mention customer data is deletable you should be good, but aren't you supposed to keep data records for accounting and tax purposes? 

What you can't do is add customers to any mailing list without their consent. But what window cleaner would do that..

Google "GPDR tradesmen" if you want more information. 
I can shed a little light on this as I left a job 7 weeks ago working in finance. They provided a lot of training in the run up to this to ensure they are compliant. There was a lot around the two types of data, private and personal if I remember correctly.

Personal data is something like name, address, telephone number etc. Basic details about the customer that you would have a need to make note of.

Private data (They called it sensitive personal data in some of the training) is things such as health issues, convictions etc. You need the customers expressed written (or electronically confirmed) consent to store this. Things such as writing in your diary, Mary has chemo on a Wednesday morning so make sure she's an afternoon call that day would be a big no no as an example.

The company I worked for stored customer details for 7 years after the customer closed their account. If the customer was to request this information be destroyed sooner it is now a requirement that this be adhered to. The biggest changes, as someone has already said, were around sharing data and contacting the customer. If you have a legitimate business need to contact the customer, reminder texts etc then this is ok. You must have made the customer aware that this form of contact will happen and the customer must have a way of opting out of this, i'm not really sure how we manage this bit or if a reminder text applies. The company I worked for chased around 10% of its client base for payment each week, as long as these people were made aware late payment would result in someone knocking the door, text messages, phone calls etc then this was and is going to be acceptable I believe.

The biggest problem for window cleaners is going to be for anyone wanting to sell parts of a round (Not the entire business) because if you sell on some customers details to someone else you need to conform to the standards of the new legislation. If I buy a few customers details from a windy and just start calling them, they haven't asked me to and they haven't given him permission to sell them, this is the biggest area of change.

It would be worth giving the customer a fact sheet during the quote explaining you will text the night before to ensure they know that you're coming the next day, maybe put on there how often you will come round etc etc... I dunno, just an idea.

 
https://www.bbc.co.uk/programmes/p065j8lj

Do we have the little info we have about a customer secure? What do we do with printed job lists? I would imagine the majority of us just use the information we have as a data base which we need to keep for the benefit of the Receiver. We don't use it to send out promotions and special offers.

So we either talk to our customer directly about add on services, or attach an info flyer to the 'job completed invoice/ticket' and post it through their letter box.

So for me, security and transparency are the main things. To date, I haven't had one person ask me about what info I keep on my computer about them. I don't believe I need to get each customers approval to keep what little info I have on them.

Over the years we have had a couple of customers refuse to give us their names. Over time when a trust has been developed I've eventually been told what it was. The crazy thing is that a long standing customer next door actually commented, "I see you do Sharon's next door." Note to myself her first name is Sharon. Now in view of GDPR, I need to be a little more cautious about how I gather that info.

We had a new customer buy a house in the street I was working in. We did the house on occassion for the previous owner. We chatted for a while and I just asked her, "Sorry, your name is Mrs?" and see told me. When the job was complete she paid me. We chatted a bit more and I asked her for her first name. She told me. So she has volunteered that snippet of information. I don't have a telephone number, I haven't asked as she will be home most of the time and wants fronts done in our schedule and backs as and when she asks.

If she had a locked side gate and we needed to contact her on the day, then I would have asked her for a telephone number. 

 
Last edited by a moderator:
I've been reading some interesting discussions on the window cleaning page on Facebook. It's well worth a look

 
https://www.bbc.co.uk/programmes/p065j8lj

Do we have the little info we have about a customer secure? What do we do with printed job lists? I would imagine the majority of us just use the information we have as a data base which we need to keep for the benefit of the Receiver. We don't use it to send out promotions and special offers.

So we either talk to our customer directly about add on services, or attach an info flyer to the 'job completed invoice/ticket' and post it through their letter box.

So for me, security and transparency are the main things. To date, I haven't had one person ask me about what info I keep on my computer about them. I don't believe I need to get each customers approval to keep what little info I have on them.

Over the years we have had a couple of customers refuse to give us their names. Over time when a trust has been developed I've eventually been told what it was. The crazy thing is that a long standing customer next door actually commented, "I see you do Sharon's next door." Note to myself her first name is Sharon. Now in view of GDPR, I need to be a little more cautious about how I gather that info.

We had a new customer buy a house in the street I was working in. We did the house on occassion for the previous owner. We chatted for a while and I just asked her, "Sorry, your name is Mrs?" and see told me. When the job was complete she paid me. We chatted a bit more and I asked her for her first name. She told me. So she has volunteered that snippet of information. I don't have a telephone number, I haven't asked as she will be home most of the time and wants fronts done in our schedule and backs as and when she asks.

If she had a locked side gate and we needed to contact her on the day, then I would have asked her for a telephone number. 
That link was like watching prime ministers questions, he didn't give a straight answer to anything. Just tried their website and its down for maintenance.... 4 days before the deadline!!!! ?

@spruce your post made me think about some of the conversations I have with my customers. I cleaned a customers roof the other day and she started talking to me about getting one of those roof conversions or an extension. I said 'Have a look at Tracey's extension, its really nice' blah blah blah you get the idea... Problem is Tracey is a customer and under the new legislation I probably have no right to talk to her about Tracey's property or her extension... When they say 'I've seen you round here before haven't I?' I say yeah I clean Malcom's windows.... Might be another no no.

Anyway, i'm not gonna panic about it all but it seemed a good idea to write a privacy policy. Googled it and used a site called freeprivacypolicy.com, really simple tick box exercise and they give you a policy to add to your website. Won't take much to adapt this to include the stuff we do face to face.

 
Also just made another one at Rocketlawyer.co.uk. It is free to view but can't be copied and if you want to download it in word or PDF you need to sign up for a trial or pay £30.

The other one was aimed at the USA so it had some bits in there about Californian law.

 
I've been reading some interesting discussions on the window cleaning page on Facebook. It's well worth a look


Last place I would look for substantive information on anything factually legal.  

The whole GDPR thing is about junk mail lists being sold and bought with no real interest by the end user in the companine targeting them.  For example Mary uses a Plumbers website to book an appointment to get the ball **** fixed on her toilet.  There is a 'pre checked' check box that says 'Bobs Plumbing may from time to time share your information with it's partners who may send you promotional information and offers from time to time'     The translation is you have given Bob permission to sell on your details to pretty much anyone he wants that can spam you with anything to do with home improvements and this is what the GDPR wants to crack down on.  

As a window cleaner we hold name, address, telephone and email.   This is all information the customer needs to provide for us to provide a service.  Breaks down as such.  

Name:  We want to not only know whom we are working for but who booked the service

Address:  Cant do a job if we don't know where it is

Phone:  We text all clients the night prior to ensure access

Email:  As we only accept GoCardless we require the email for GoCardless purposes.  

We never share this information, it is stored on Cleaner Planer and hard copy in the office which is updated bi-monthly (just incase CP ever crashes itself) old data bases are destroyed.  

We do not delete customer information when it becomes 'dead' information such as cancellations etc as we have a financial transaction history with all clients and may be asked to prove income at some point by HMRC so they remain on file.  Also if they are a PITA we have a record of the house so we know to avoid it.  

As you know we also have a lead generation company generating leads for other window cleaners across the UK and beyond.  

Now when we get a request for a quote we reply with 'No problem Mary, we will pass your detail onto Michael from Super Shiny Squeegee Services (no that's not a real company) our Window Cleaner in your area and he will be in touch with you shortly to arrange your quotation'    

By letting the person enquiring know this we have informed them that we are sharing their information, also when they enquire they know that to receive a quote we need a name address and contact number any how.  

Once we have passed the lead on to who ever we have in that area it becomes dead information for us and these lists are deleted weekly as we have no further need for the information nor do we need to keep it as a record of any financial transaction. 

The GDPR really is a service aimed at reducing all the unsolicited junk mail and telesales calls people get from firms they genuinely have no interest in. 

Regarding selling part or whole rounds I see no issue with this as long as you send a letter to all clients telling them exactly whom is taking over, when and what information of the customers you are going to provide them with.  You will need to do this in advance however to allow an acceptable 'opt out' period.  

 
Last place I would look for substantive information on anything factually legal.  

The whole GDPR thing is about junk mail lists being sold and bought with no real interest by the end user in the companine targeting them.  For example Mary uses a Plumbers website to book an appointment to get the ball **** fixed on her toilet.  There is a 'pre checked' check box that says 'Bobs Plumbing may from time to time share your information with it's partners who may send you promotional information and offers from time to time'     The translation is you have given Bob permission to sell on your details to pretty much anyone he wants that can spam you with anything to do with home improvements and this is what the GDPR wants to crack down on.  

As a window cleaner we hold name, address, telephone and email.   This is all information the customer needs to provide for us to provide a service.  Breaks down as such.  

Name:  We want to not only know whom we are working for but who booked the service

Address:  Cant do a job if we don't know where it is

Phone:  We text all clients the night prior to ensure access

Email:  As we only accept GoCardless we require the email for GoCardless purposes.  

We never share this information, it is stored on Cleaner Planer and hard copy in the office which is updated bi-monthly (just incase CP ever crashes itself) old data bases are destroyed.  

We do not delete customer information when it becomes 'dead' information such as cancellations etc as we have a financial transaction history with all clients and may be asked to prove income at some point by HMRC so they remain on file.  Also if they are a PITA we have a record of the house so we know to avoid it.  

As you know we also have a lead generation company generating leads for other window cleaners across the UK and beyond.  

Now when we get a request for a quote we reply with 'No problem Mary, we will pass your detail onto Michael from Super Shiny Squeegee Services (no that's not a real company) our Window Cleaner in your area and he will be in touch with you shortly to arrange your quotation'    

By letting the person enquiring know this we have informed them that we are sharing their information, also when they enquire they know that to receive a quote we need a name address and contact number any how.  

Once we have passed the lead on to who ever we have in that area it becomes dead information for us and these lists are deleted weekly as we have no further need for the information nor do we need to keep it as a record of any financial transaction. 

The GDPR really is a service aimed at reducing all the unsolicited junk mail and telesales calls people get from firms they genuinely have no interest in. 

Regarding selling part or whole rounds I see no issue with this as long as you send a letter to all clients telling them exactly whom is taking over, when and what information of the customers you are going to provide them with.  You will need to do this in advance however to allow an acceptable 'opt out' period.  
So Green are you saying us window cleaners have nothing to worry about as i'm mainly domestic and just have customers name, address and phone number stored in my phone which is linked to google contacts as it's a google phone and a customer log in my diary, i have nothing stored on my pc? 

 
So Green are you saying us window cleaners have nothing to worry about as i'm mainly domestic and just have customers name, address and phone number stored in my phone which is linked to google contacts as it's a google phone and a customer log in my diary, i have nothing stored on my pc? 
I'm saying nothing as I am no lawyer.  I am just proffering an opinion. 

 
I have done as much reading on this as i can and see no reason at the moment to do anything. If you have basic essential info which enable you to run your business so for us name address contact be it phone or email and cost and frequency of clean. That's essential to doing job and info given voluntarily by the customer. A message the night before if gate normally locked is also essential to running business. No worries here.

If I collect customers preference for takeaways this is not then essential to my business so info customer needs to know I have and can opt to delete it. 

If i start sending customers offers or the details of my mate who cleans ovens for example this is not essential to running my business so again customer needs to decide if they want this sort of advertising.

I'm no a soliciter or lawyer but have spent hours researching and asking other business owners and believe until I know more us window cleaners in general have no need to panic or change unless you do any of sort of things above or store that sort of info. Hope this helps but please dont take as gospel I'm always willing to be told if I'm wrong! 

 
Now when we get a request for a quote we reply with 'No problem Mary, we will pass your detail onto Michael from Super Shiny Squeegee Services (no that's not a real company) our Window Cleaner in your area and he will be in touch with you shortly to arrange your quotation'
How the hell did you get my customer details. Mary won't be pleased. And I Michael don't appreciate you using my business name "Super Shiny Squeegee Services" on a public forum.

LOL joking aside, I dont't think we need to worry too much. As Green Pro says we only hold critcal info to offer our service.

 
That link was like watching prime ministers questions, he didn't give a straight answer to anything. Just tried their website and its down for maintenance.... 4 days before the deadline!!!! ?

@spruce your post made me think about some of the conversations I have with my customers. I cleaned a customers roof the other day and she started talking to me about getting one of those roof conversions or an extension. I said 'Have a look at Tracey's extension, its really nice' blah blah blah you get the idea... Problem is Tracey is a customer and under the new legislation I probably have no right to talk to her about Tracey's property or her extension... When they say 'I've seen you round here before haven't I?' I say yeah I clean Malcom's windows.... Might be another no no.

Anyway, i'm not gonna panic about it all but it seemed a good idea to write a privacy policy. Googled it and used a site called freeprivacypolicy.com, really simple tick box exercise and they give you a policy to add to your website. Won't take much to adapt this to include the stuff we do face to face.


Interesting thoughts. But I feel this is going a little too far. I wonder how 'reasonable' would be defined with regard to GDPR enforcement. I would have no problem with mentioning to another customer what a lovely conservatory roof Tracy has, but I certainly wouldn't say anything about any of Tracy's property or disclose anything personal about Tracy. But would I be breaking the rules if I mentioned how good Tracy was at cake decoration. If this is taken to the ultimate, then we could be infringing on another's personal data by asking a customer if they have any firends living close by that would also appreciate/make use of our services (networking). So what happens to breakfast clubs?

We do windows for a couple who both work for the NHS in different fields. They do discuss issues with each other when relevant, but they always start by saying, "I have a patient who ........." They never mention a name but they can discuss a case. That I understand.

I recently asked a carer how our very ill, frail neighbour was. Her response was; "she just lives there, why not knock on the door, speak to her and ask her yourself how she is." On reflection, that was a good answer.

I someone asks me if I can recommend a good painter and decorator, what reply can I give that person? "Yes, but considering new GDPR regulations, I'm not at liberty to give you his name, his address or a number to contact him on." Then am I also breaking the rules by not being gender neutral?

.

 
Last edited by a moderator:
If a potential new customer refuses to give me their name, then I'm well within my rights not to supply a service. If at sometime in the future he doesn't pay for services rendered, then I need his name if I decide to take legal action against him to recover outstanding debt.

I have done as much reading on this as i can and see no reason at the moment to do anything. If you have basic essential info which enable you to run your business so for us name address contact be it phone or email and cost and frequency of clean. That's essential to doing job and info given voluntarily by the customer. A message the night before if gate normally locked is also essential to running business. No worries here.

If I collect customers preference for takeaways this is not then essential to my business so info customer needs to know I have and can opt to delete it. 

If i start sending customers offers or the details of my mate who cleans ovens for example this is not essential to running my business so again customer needs to decide if they want this sort of advertising.

I'm no a soliciter or lawyer but have spent hours researching and asking other business owners and believe until I know more us window cleaners in general have no need to panic or change unless you do any of sort of things above or store that sort of info. Hope this helps but please dont take as gospel I'm always willing to be told if I'm wrong! 


Well said that man! For us its more about keeping the info we have in a secure environment.

 
If a potential new customer refuses to give me their name, then I'm well within my rights not to supply a service. If at sometime in the future he doesn't pay for services rendered, then I need his name if I decide to take legal action against him to recover outstanding debt.
Also as stated elswhere, you need to keep records for six years for accounts purposes.

 
 
I'm no a soliciter or lawyer but have spent hours researching and asking other business owners and believe until I know more us window cleaners in general have no need to panic or change unless you do any of sort of things above or store that sort of info. Hope this helps but please dont take as gospel I'm always willing to be told if I'm wrong! 


I've spent less than 20 minutes and worked out it won't affect us window cleaners [emoji23]





County Durham Lad

 
Clients name, address, phone and email are stored on password protected off site servers - Cleaner Planner - You have so little chance of hacking my password no worries there. Even if you do this is a deliberate hack and not me carelessly sharing information. 

Payment info is handled by GoCardless whom im sure have paid a fat lawyer somewhere to ensure they are compliant so no worries there. 

So what I wonder is what happens when your round list (for those still keeping note books) falls out your back pocket in Costa with 300 customers details in it. 

Are you then looking at 300 breaches of GDPR rules? 

 
So Green are you saying us window cleaners have nothing to worry about as i'm mainly domestic and just have customers name, address and phone number stored in my phone which is linked to google contacts as it's a google phone and a customer log in my diary, i have nothing stored on my pc? 
It isn't about where you store the information its about what you store and what you do with it. Your customers need to know what information you are holding about them.... they already know this because they gave it to you. Everything you've described there the customer would know you have already. You then need to tell them what you will do with the information, in most cases the information will simply be used by yourself to provide the services discussed.

Theres a lot around not taking information that is unnecessary, you need name, address, postcode, email, phone number.... you don't need account number and sort code because this information is stored by GoCardless who have their own policies in place. You don't need a copy of the customers passport as you don't need ID but a bank would need this so their policy would incorporate keeping the customers ID safe.

Keeping former customers details is a difficult one. @Green Pro Clean Ltd is right, you do need to have a record of the financial transaction. If you have done a quote for someone and are waiting to hear back you would need to destroy that information within a set period of time. The law comes into effect when you try to market these previous customers, unless they have given consent you aren't allowed to start calling, texting or mailing random people even if you have a previous business relationship with them! Lead generation is a little different, these people have requested a service and you have told them clearly what you will do with the information.

 
Last edited by a moderator:

Latest Posts

Back
Top