Anglian Septics

Data Protection

Data Protection & Privacy Policy

1. Introduction

1.1 Purpose of this Policy
This Data Protection & Privacy Policy explains how we collect, use, store, share, and protect personal data in the course of operating our business, providing services, and running our website and customer portals.

1.2 Who we are (Data Controller)
For the purposes of UK data protection law (including UK GDPR and the Data Protection Act 2018), the data controller is:

Anglian Septics Ltd
[Registered address]
[Company number]
Email: [Insert email]
Telephone: [Insert phone number]

References in this Policy to “we”, “us”, or “our” mean Anglian Septics Ltd (including any trading names within The Septics Group).

1.3 Scope
This Policy applies to:

  • clients and prospective clients

  • website visitors and online enquirers

  • account customers, suppliers, and subcontractors

  • individuals whose personal data we process in connection with drainage, septic, pumping station, and related services

  • users of any client portal, booking platform, or digital tools provided by us

1.4 Legal Basis
We process personal data in compliance with UK GDPR and the Data Protection Act 2018 using one or more of the following lawful bases:

  • Performance of a contract or to take steps at your request before entering into a contract

  • Compliance with legal obligations (e.g., tax, environmental, waste legislation)

  • Our legitimate interests (e.g., running and protecting our business, managing customer relationships, credit control, marketing to existing customers)

  • Your consent, where required (e.g., certain marketing communications, non-essential cookies)

1.5 Changes to this Policy
We may update this Policy from time to time. The then-current version published on our website will apply to all processing carried out after the effective date of the update.

2. Definitions

For the purposes of this Policy:

“Personal Data” – Any information relating to an identified or identifiable individual (e.g., name, contact details, vehicle registration, IP address, job history).

“Special Category Data” – Sensitive categories such as health data. We generally do not seek to collect these, and if we do, it is only where strictly necessary and lawful.

“Processing” – Any operation performed on personal data, such as collection, recording, storage, use, disclosure, or erasure.

“Data Subject” – The individual whose personal data is being processed.

“Data Controller” – The organisation that decides how and why personal data is processed (in most cases, this is Anglian Septics).

“Data Processor” – A third party that processes personal data on our behalf in accordance with our instructions.

3. Categories of Personal Data We Collect

Depending on your relationship with us and the services we are providing, we may collect and process some or all of the following categories of personal data:

3.1 Identity & Contact Details

  • Name, title, and job role

  • Company name (for commercial accounts)

  • Postal address (billing and site address)

  • Email address(es)

  • Telephone numbers (landline and mobile)

3.2 Service & Site Information

  • Property details, access notes, and location data

  • Drainage system information (tanks, pumping stations, treatment plants, cesspits)

  • Photographs of site conditions, assets, or works undertaken

  • Job history, quotes, invoices, and correspondence relating to works

3.3 Financial & Account Information

  • Payment history and outstanding balances

  • Bank/payment details where provided for payment processing (handled via secure providers)

  • Credit terms, credit checks (where applicable), and account status

3.4 Communication & Enquiry Data

  • Emails, letters, forms, and telephone notes

  • Enquiry forms submitted via the website, portals, or advertising platforms

  • Call recordings (where in use and legally notified)

3.5 Website & Technical Data

  • IP address and approximate location

  • Device type, browser type, and version

  • Pages visited, interaction data, and referral sources

  • Cookies and analytics data (as described in our Cookies Policy)

3.6 Marketing & Preference Data

  • Marketing preferences (email, SMS, calls, post)

  • Records of consent or opt-out

  • Engagement with campaigns and promotions

We do not intentionally collect children’s data as a target group. If you believe a child’s data has been provided to us inappropriately, please contact us so we can address this.

4. How We Collect Personal Data

We collect personal data through:

  • Direct contact (phone calls, emails, site visits, meetings)

  • Website forms and online booking/enquiry tools

  • Customer portals and account management systems

  • Social media messaging and advertising lead forms

  • Quotations, work orders, job sheets, and invoices

  • Waste Transfer Notes and legal documents

  • Third-party referrals (e.g., estate agents, managing agents, other contractors)

  • Public sources (e.g., Companies House, public websites) where appropriate

Where we receive personal data from third parties, we take reasonable steps to ensure those parties have a lawful basis to share the information with us.

5. Purposes for Which We Use Personal Data

We process personal data only where necessary and proportionate. Main purposes include:

5.1 Quotations & Contract Management

  • Responding to enquiries and preparing quotes/estimates

  • Scheduling, managing, and carrying out works

  • Communicating about site access, job status, and variations

5.2 Service Delivery & Operations

  • Performing surveys, installations, repairs, tank empties, and maintenance

  • Generating and managing Waste Transfer Notes and compliance documentation

  • Organising subcontractors and logistics (e.g., HGVs, Jet Vacs, disposal facilities)

5.3 Billing, Payments & Credit Control

  • Issuing invoices and processing payments

  • Managing account balances, credit limits, and overdue accounts

  • Engaging debt recovery agents or solicitors where necessary

5.4 Legal & Regulatory Compliance

  • Compliance with waste, environmental, and health & safety legislation

  • Maintaining accurate records for tax, accounting, and regulatory purposes

  • Responding to lawful requests from authorities, regulators, or courts

5.5 Customer Service & Relationship Management

  • Handling complaints and resolving issues

  • Maintaining service history for future works

  • Providing advice, aftercare, and maintenance reminders

5.6 Marketing & Business Development

  • Sending service reminders (e.g., tank empty due, maintenance due)

  • Informing you of relevant services, legal changes, or offers

  • Analysing data to improve services and target communications

We do not undertake automated decision-making that produces legal or similarly significant effects on individuals without human involvement.

6. Legal Bases for Processing

Depending on the specific processing activity, our legal bases include:

  • Contract – Processing necessary to enter into or fulfil a contract with you (e.g., providing services, invoicing).

  • Legal obligation – Processing necessary to comply with legal obligations (e.g., tax records, waste documentation, health & safety).

  • Legitimate interests – Processing necessary for our legitimate interests, provided these are not overridden by your rights (e.g., managing operations, preventing fraud, pursuing unpaid debts, sending service reminders to existing customers).

  • Consent – For certain marketing communications and non-essential cookies, where you have given clear consent.

Where consent is used, you may withdraw it at any time (see Section 11).

7. Sharing Personal Data

We may share personal data with:

7.1 Internal Staff & Group Companies
Employees and authorised personnel within Anglian Septics and The Septics Group, on a need-to-know basis only.

7.2 Subcontractors & Service Partners
Trusted contractors, engineers, HGV operators, jetting teams, and specialist service providers engaged to carry out work on our behalf.

7.3 Professional Advisers
Accountants, auditors, solicitors, insurers, and other professional advisers.

7.4 IT & Software Providers

  • CRM, scheduling, and job management platforms

  • Email and communication service providers

  • Cloud hosting, backup, and security providers

  • Analytics and marketing platforms

7.5 Waste Disposal Facilities & Authorities

  • Licensed waste treatment and disposal facilities

  • Local authorities, environmental regulators, and water companies

  • Other authorities where we are legally required to provide information

7.6 Debt Recovery & Enforcement

  • Debt collection agencies

  • Solicitors and enforcement officers

  • Courts and tribunals

Whenever third parties act as our data processors, they are contractually required to:

  • process personal data only on our instructions

  • implement appropriate security measures

  • maintain confidentiality and data protection standards

We do not sell personal data to third parties.

8. International Transfers

Our core systems are primarily hosted within the UK or EEA where possible. However, some third-party providers may store or access data outside the UK/EEA.

Where this occurs, we will ensure appropriate safeguards are in place, such as:

  • adequacy regulations by the UK government, or

  • standard contractual clauses or equivalent safeguards

You can request more information about international transfers by contacting us.

9. Data Security

We take data security seriously and implement appropriate technical and organisational measures, including:

  • access controls and role-based permissions

  • secure passwords and, where appropriate, multi-factor authentication

  • encryption in transit (e.g., HTTPS) and, where appropriate, at rest

  • regular backups and testing of restore processes

  • staff training on data protection and confidentiality

  • secure disposal and deletion of data and devices

While we take all reasonable steps to protect your data, no system is completely risk-free. You play an important role by keeping your login credentials and devices secure.

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to:

  • provide services and support

  • comply with legal, accounting, and regulatory requirements

  • manage warranties, disputes, or claims

Indicative retention periods:

  • Job records, invoices, and Waste Transfer Notes: typically 6–7 years from the end of the financial year, or longer where required by law or in case of disputes.

  • Customer account information: as long as the account is active and for a reasonable period thereafter.

  • Enquiries that do not lead to work: typically up to 2 years.

  • Marketing data: until you unsubscribe or object, plus a short period to record your request.

  • CCTV or call recordings (if used): limited short-term retention unless required for an investigation.

We may anonymise data so it can no longer be associated with an identifiable individual and use such information indefinitely without further notice.

11. Your Data Protection Rights

Under UK data protection law, you have the following rights (subject to certain conditions and exemptions):

11.1 Right of Access
To request confirmation that we process your personal data and to obtain a copy of that data, along with certain information.

11.2 Right to Rectification
To request correction of inaccurate or incomplete personal data.

11.3 Right to Erasure (“Right to be Forgotten”)
To request deletion of your personal data in specific circumstances (e.g., where it is no longer needed, you withdraw consent, or you successfully object to processing).

11.4 Right to Restrict Processing
To request that we temporarily suspend processing of your data in certain circumstances.

11.5 Right to Data Portability
To request that we provide your personal data in a structured, commonly used, machine-readable format, and/or transmit it to another controller where technically feasible and lawful.

11.6 Right to Object
To object to processing based on our legitimate interests, including profiling. You also have an absolute right to object to processing for direct marketing purposes.

11.7 Rights in Relation to Automated Decision-Making
We do not carry out automated decision-making that produces legal effects without human involvement. If this changes, this Policy will be updated and your rights explained.

To exercise any of these rights, please contact us using the details in Section 13.

12. Complaints

12.1 Contacting Us First
If you have any concerns about how we handle your personal data, we encourage you to contact us first so we can try to resolve the issue:

Email: [Insert email]
Telephone: [Insert phone number]
Postal: [Insert address]

12.2 Right to Complain to the ICO
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Website: www.ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Contact Details

For any questions, requests, or concerns about this Data Protection & Privacy Policy or our data practices, you can contact:

Data Protection Contact
Anglian Septics Ltd
[Registered address]
Email: [Insert email]
Telephone: [Insert phone number]

14. Policy Version

  • Version: 1.0