Privacy Policy
Last updated: 16 June 2026
Nimbl Services ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our website at nimblservicesltd.com (the "Site") and our cleaning services.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
1. Data Controller
Nimbl Services is the data controller responsible for your personal data.
Contact: hello@nimblservicesltd.com
2. What Data We Collect
We collect the following categories of personal data:
| Category | Data Collected | Source |
|---|---|---|
| Identity | Full name | Booking form, enquiry form |
| Contact | Email address, phone number, property address | Booking form, enquiry form |
| Booking | Service type, date, time, special instructions, price, referral code | Booking form |
| Technical | IP address, browser type (user agent), pages visited, timestamps | Automated collection when you visit the Site |
| Communication | Messages sent via the enquiry form, email correspondence | Enquiry form, email |
We do not collect any special category data (e.g. health, biometric, racial/ethnic origin).
3. How We Use Your Data
We process your personal data for the following purposes and lawful bases under UK GDPR Article 6(1):
| Purpose | Lawful Basis |
|---|---|
| Processing and managing your booking | Contract — necessary to perform our agreement with you |
| Responding to enquiries | Legitimate interest — to provide customer service |
| Sending booking confirmation and service emails | Contract — necessary to perform our agreement with you |
| Operating the referral programme | Consent / Contract — participation is voluntary |
| Website analytics and performance monitoring | Legitimate interest — to improve our Site and services |
| Security and fraud prevention | Legitimate interest — to protect our business and users |
4. Data Sharing
We do not sell your personal data to third parties. We may share your data with:
- Email service provider (Resend) — to send transactional emails such as booking confirmations. Resend processes data on our behalf under a data processing agreement.
- Hosting provider (Render) — our Site and database are hosted on Render's infrastructure within secure data centres.
- Google Analytics — if enabled, anonymised usage data may be shared with Google for website analytics. You may opt out using browser settings or the Google Analytics opt-out browser add-on.
We do not transfer personal data outside the United Kingdom unless the recipient country provides adequate data protection as recognised by the UK Government, or appropriate safeguards are in place (such as Standard Contractual Clauses).
5. Data Retention
We retain personal data only for as long as necessary for the purpose it was collected:
- Booking records: 6 years from the date of service (for tax and legal obligations)
- Enquiry records: 2 years from submission, then deleted
- Page view data: 12 months, then automatically deleted
- Referral programme data: retained while your referral code is active, plus 2 years after deactivation
When data is no longer needed, it is securely deleted or anonymised.
6. Your Rights
Under the UK GDPR, you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data (subject to legal obligations)
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, commonly used format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at hello@nimblservicesltd.com. We will respond within 30 days.
7. Cookies and Tracking
Our Site uses the following types of cookies and tracking technologies:
- Essential cookies: session cookies required for the website to function (e.g. admin login sessions). These are strictly necessary and do not require consent.
- Analytics cookies: if Google Analytics (GA4) is enabled, it places cookies to collect anonymised usage statistics. These are only activated with your consent.
We do not use advertising cookies or tracking pixels. You can control cookies through your browser settings.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption for all data in transit
- Secure session management with HTTP-only cookies
- Password hashing using bcrypt for admin accounts
- CSRF protection on all form submissions
- HTTP security headers (Content Security Policy, HSTS, X-Frame-Options)
- Rate limiting on authentication and form endpoints
- Input validation and output encoding to prevent injection attacks
9. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
11. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
12. Contact Us
For any questions about this Privacy Policy or your personal data, contact us:
- Email: hello@nimblservicesltd.com
- Phone: 0776 106 6023