Privacy Policy

1. Introduction

Welcome to Electrician Near Me. We protect your personal information and respect your privacy.

This policy explains how we collect, use, and keep safe your information when you visit our website.

This policy applies to everyone who uses our website. This includes visitors, customers, and electricians who are registered with us.

2. Information We Collect

We collect several types of information from and about users of our service:

2.1 Personal Information

• Account Information: Name, email address, phone number, postal code
• Business Information: Business name, description, service areas, certifications, photos
• Quote Requests: Service descriptions, contact details, location information
• Reviews: Review content, ratings, user name

2.2 Automatically Collected Information

• Usage Data: IP address, browser type, pages visited, time spent on pages
• Cookies: Session cookies for authentication and preferences
• Session Information: Login times, device information, user agent strings

3. How We Use Your Information and Lawful Basis

Under GDPR, we must have a lawful basis for processing your personal data. Below we explain each processing activity and its legal basis under Article 6 of the GDPR:

4. Cookies and Tracking

Cookies are small files we save on your computer. We use them to:

• Keep you logged in to your account
• Remember your settings and preferences
• See how people use our website
• Keep your account secure

You can turn off cookies in your web browser settings. If you do this, some parts of our website may not work properly.

For more details, see our Cookie Policy.

5. Who We Share Your Information With

We may share your information with:

• Electricians: When you request a quote, we share your contact details with electricians so they can respond
• Public profiles: Electrician business details and customer reviews can be seen by anyone
• Service providers: Companies that help us run our website
• Legal authorities: When the law requires us to share information
• Business buyers: If we sell our business, your information may go to the new owner

Important: We never sell your personal information to other companies.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). We ensure appropriate safeguards are in place for all international transfers in compliance with UK GDPR Chapter V and the requirements established by the Court of Justice of the European Union in the Schrems II judgment.

6.1 Countries Where Data May Be Transferred

• United Kingdom: Primary data storage location (no transfer)
• European Union/EEA: Some service providers - covered by bridging mechanism maintaining GDPR equivalence
• United States: Email delivery services, font delivery (Google Fonts), optional advertising services (Google Ads)

6.2 Transfer Mechanisms and Safeguards

We use the following mechanisms to protect your data during international transfers:

For transfers to the United States:

• UK Extension to EU-US Data Privacy Framework: Where processors are certified under the Data Privacy Framework with UK Extension, transfers are covered by the UK adequacy decision (effective 12 October 2023). We verify processor certifications annually.
• UK International Data Transfer Agreement (UK IDTA): For processors not certified under the Data Privacy Framework, we use the ICO-approved UK IDTA with supplementary measures.
• Transfer Impact Assessments: We conduct Transfer Impact Assessments for each US-based processor, evaluating US surveillance laws (including FISA Section 702, CLOUD Act, and Executive Order 12333) and implementing supplementary technical and organizational measures where necessary.

For transfers to EU/EEA countries:

• Bridging Mechanism: Transfers to EU/EEA countries are covered by the UK's bridging mechanism, which maintains GDPR equivalence. No additional safeguards are required.

For transfers to other countries:

• UK Adequacy Decisions: We prioritize transfers to countries with UK adequacy decisions (including Japan, South Korea, Canada, Switzerland, and others).
• UK IDTA or UK Addendum to EU SCCs: For transfers to non-adequate countries, we use the UK International Data Transfer Agreement or the UK Addendum to EU Standard Contractual Clauses.

6.3 Supplementary Measures

Following the Schrems II judgment requirements, we implement supplementary measures including:

• Technical measures: TLS 1.3 encryption in transit, encryption at rest, data minimization, and pseudonymization where possible
• Organizational measures: Strict access controls, staff training, regular processor audits, and incident response procedures
• Contractual measures: Government access notification clauses, breach notification within 24-48 hours, audit rights, and subprocessor controls

6.4 Your Rights Regarding International Transfers

You have the right to:

• Obtain a copy of the safeguards we use for international transfers (SCCs, UK IDTA, etc.)
• Request information about which countries your data is transferred to
• Object to transfers based on legitimate interests

To exercise these rights or request copies of our transfer mechanisms, please contact our Data Protection Officer at [email protected].

7. Automated Decision-Making and Profiling (Article 22)

We do not use automated decision-making that produces legal effects or similarly significantly affects you.

7.1 What This Means

Under Article 22 of the GDPR, you have the right not to be subject to decisions based solely on automated processing that significantly affect you. We confirm that:

• We do not use fully automated systems to make decisions about you without human involvement
• We do not use profiling to automatically approve or reject your requests
• We do not use algorithms to determine your access to our services
• All significant decisions affecting your account or service are reviewed by our team

7.2 Limited Automated Processing

We use some automated processes that do not fall under Article 22 because they do not produce legal or similarly significant effects:

• Spam filtering: Automatic detection of spam in contact forms (you can contact us directly if a message is blocked)
• Session security: Automatic detection of suspicious login attempts (with human review before any action)
• Search results: Automatic ordering of electrician listings based on relevance (does not affect your rights)

7.3 Your Rights

If we ever introduce automated decision-making that significantly affects you, we will:

• Inform you clearly before implementation
• Explain the logic involved
• Explain the significance and consequences
• Provide a way to request human review
• Allow you to express your point of view and contest the decision

8. Your Rights Under GDPR

Under GDPR law, you have the following rights:

Right of Access (Article 15)

You can ask us for a copy of all the information we have about you. We will provide this within 30 days.

Right to Rectification (Article 16)

If any of your information is wrong or incomplete, you can ask us to correct it.

Right to Erasure (Article 17)

You can ask us to delete your information. This is sometimes called the "right to be forgotten". We will comply unless we have a legal obligation to retain the data.

Right to Data Portability (Article 20)

You can download your information in a structured, commonly used format (JSON) that works with other services.

Right to Object (Article 21)

You have the right to object to processing of your personal data in the following circumstances:

• Legitimate interests: You can object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Direct marketing: You can object to processing for direct marketing purposes at any time. We will stop immediately upon receiving your objection.
• Research and statistics: You can object to processing for research or statistical purposes unless it is necessary for a task in the public interest.

Right to Restrict Processing (Article 18)

You have the right to request restriction of processing in the following situations:

• You contest the accuracy of your data (restriction applies while we verify)
• The processing is unlawful but you prefer restriction over erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing and we are verifying our legitimate grounds

When processing is restricted, we will only store your data and will not process it further without your consent (except for legal claims, protecting others' rights, or important public interest).

Right to Withdraw Consent (Article 7)

If you gave us permission to use your information, you can take that permission back at any time. This will not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In the UK, this is the Information Commissioner's Office (ICO):

9. Data Retention Schedule

We retain different types of data for specific periods. Below is our detailed retention schedule:

9.1 Criteria for Determining Retention

We determine retention periods based on:

• Legal requirements: UK tax law, limitation periods for legal claims
• Contractual necessity: Duration needed to provide our services
• Legitimate business needs: Record-keeping, dispute resolution
• User expectations: What users reasonably expect us to retain
• Data minimisation: Deleting data as soon as it's no longer needed

9.2 Secure Deletion

When data reaches the end of its retention period, we securely delete or anonymise it using industry-standard methods that prevent recovery.

10. Keeping Your Information Safe

We take steps to protect your information:

• Encrypted connections: We scramble your information when it travels over the internet (TLS 1.2+)
• Secure passwords: We store your password using bcrypt hashing that keeps it safe
• Security checks: We protect forms from fake submissions using CSRF tokens
• Secure login: We use safe methods including optional two-factor authentication
• Regular updates: We check our security regularly and fix any problems
• Controlled access: Only authorized personnel can access your information
• Encryption at rest: Data stored on our servers is encrypted

Please note: While we try hard to protect your information, no website is 100% secure. We cannot guarantee complete security.

11. Children's Privacy

Our website is not for people under 16 years old.

We do not knowingly collect information from children. If you think a child has given us their information, please contact us. We will delete it.

12. Changes to This Policy

We may update this privacy policy from time to time.

When we make changes, we will:

• Update the "Last updated" date at the top of this page
• Tell you about important changes via email if you have an account
• For material changes, provide at least 30 days notice before they take effect

If you keep using our services after we make changes, it means you accept the new policy.

13. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR.

14. Contact Us

If you have questions about this policy or want to use your rights, please contact us:

• General questions:
• Phone: 0800 208 8842
• Privacy and data protection: [email protected]

We will reply to you within 30 days.