GDPR Compliance
Last updated: 19 March 2026
Tivqelo is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we meet our obligations and protect your data rights as a customer or website visitor.
1. Our Commitment
As a data controller, Tivqelo takes its responsibilities under UK GDPR seriously. We are committed to:
- Processing personal data lawfully, fairly, and transparently
- Collecting data only for specified, explicit, and legitimate purposes
- Ensuring data is adequate, relevant, and limited to what is necessary
- Keeping personal data accurate and up to date
- Retaining data only for as long as necessary
- Processing data securely with appropriate technical and organisational measures
2. Data We Process
In the course of providing carpet and upholstery cleaning services, we process the following categories of personal data:
| Data Category | Examples | Lawful Basis | Retention |
|---|---|---|---|
| Contact Details | Name, email, phone number | Contract / Legitimate Interest | 6 years after last service |
| Address | Property address for service delivery | Contract | 6 years after last service |
| Service Details | Service type, room count, stain information | Contract | 6 years after last service |
| Payment Data | Transaction records (not full card numbers) | Contract / Legal Obligation | 6 years (HMRC requirement) |
| Enquiry Data | Messages via contact form, email, phone | Consent / Legitimate Interest | 12 months if no booking |
| Website Data | IP address, browser, pages visited | Consent (analytics) / Legitimate Interest (essential) | 26 months |
| Marketing Preferences | Consent records for marketing communications | Consent | Until consent withdrawn |
3. Your Rights Under UK GDPR
You have the following rights in relation to your personal data. We are committed to facilitating these rights promptly and free of charge:
3.1 Right of Access (Article 15)
You can request a copy of all personal data we hold about you. We call this a Subject Access Request (SAR). We will respond within 30 days of receiving your request and verifying your identity.
3.2 Right to Rectification (Article 16)
If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will update our records without undue delay.
3.3 Right to Erasure (Article 17)
You can request deletion of your personal data where:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Please note: we may be unable to erase data where retention is required for legal obligations (e.g., HMRC tax records) or the establishment, exercise, or defence of legal claims.
3.4 Right to Restrict Processing (Article 18)
You can request that we limit how we process your data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing pending verification of legitimate grounds.
3.5 Right to Data Portability (Article 20)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV).
3.6 Right to Object (Article 21)
You have the right to object to processing based on legitimate interests or direct marketing at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
3.7 Rights Related to Automated Decision-Making (Article 22)
We do not use automated decision-making or profiling that produces legal effects or significantly affects you.
4. How to Exercise Your Rights
To exercise any of the rights listed above, please contact us using one of the following methods:
- Email: support@tivqelo.com (subject line: "GDPR Request")
- Phone: 0113 510 0274
- Post: Tivqelo — GDPR Request, Andrássy út 45, 1061 Budapest
We may need to verify your identity before processing your request. This is to protect your data from unauthorised access. We will respond to all valid requests within 30 calendar days.
5. Data Protection Measures
We implement appropriate technical and organisational measures to ensure the security of your personal data, including:
- Encryption: Our website uses HTTPS/TLS encryption for all data transmitted between your browser and our servers.
- Access Controls: Personal data access is limited to authorised personnel on a need-to-know basis.
- Secure Storage: Digital records are stored securely with appropriate access controls. Physical records are stored in locked cabinets.
- Staff Training: All team members receive training on data protection responsibilities and best practices.
- Regular Reviews: We conduct periodic reviews of our data processing activities and security measures.
- Incident Response: We have procedures in place to detect, report, and investigate personal data breaches.
6. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
- Notify you directly without undue delay if the breach is likely to result in a high risk to your rights and freedoms
- Document all breaches, including the facts, effects, and remedial actions taken
7. Third-Party Data Processors
Where we share personal data with third parties who process data on our behalf (e.g., payment processors, email service providers), we ensure that:
- Appropriate data processing agreements are in place
- Third parties provide sufficient guarantees of GDPR compliance
- Data transfers outside the UK are subject to adequate safeguards (e.g., Standard Contractual Clauses)
8. Cookies and Website Tracking
We use a cookie consent mechanism on our website that allows you to choose which cookies are set:
- Essential Cookies: Necessary for core functionality (e.g., remembering your cookie preferences). These do not require consent.
- Analytics Cookies: Used to understand website usage patterns. Only activated with your explicit consent.
You can change your cookie preferences at any time by clearing your browser cookies and revisiting our site. For full details, see our Privacy Policy.
9. Data Protection Impact Assessments
For any new processing activities that are likely to result in a high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise risks before processing begins.
10. Supervisory Authority
If you believe we have not handled your personal data correctly or you are dissatisfied with our response to your data protection request, you have the right to lodge a complaint with the UK's supervisory authority:
- Information Commissioner's Office (ICO)
- Website: ico.org.uk
- Phone: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO.
11. Updates to This Policy
We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page will be revised accordingly. We encourage you to review this page periodically.
12. Contact
For any questions, concerns, or requests relating to GDPR compliance or data protection, please contact us:
- Email: support@tivqelo.com
- Phone: 0113 510 0274
- Address: Tivqelo, Andrássy út 45, 1061 Budapest