Legal

Privacy Policy

Last updated: 7 May 2026

1. Who we are

This website and our home services are provided by Trades People Local Ltd trading as TradesLocal (company number 14725356, VAT number 499375225), registered in England & Wales at Tagus House, 9 Ocean Way, Southampton, Hampshire, United Kingdom, SO14 3TJ.

For the purposes of UK data protection law, Trades People Local Ltd (trading as TradesLocal) is the data controller of your personal data.

You can contact us by phone on 0800 711 7711 or by email at [email protected].

2. Data protection law we follow

We process personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK privacy laws.

3. Data we collect

Depending on how you interact with us — for example by enquiring through this website, booking a job, having an engineer attend your property, or signing in to the customer portal — we may collect and process the following:

a. Enquiry and website data

  • Contact details such as your name, phone number, and email address.
  • Service enquiry details you provide in callback or contact forms.
  • Information you provide in live chat messages and support conversations.
  • Address or location information needed to provide services.
  • Website usage data via analytics tools (for example, GA4) where you have consented.

b. Customer and job records (CRM)

When you book a job or an engineer attends your property for plumbing, drainage, heating, or electrical works, we create a customer record in our internal customer relationship management (CRM) system and link each job to it. The CRM holds:

  • Customer details: name, email, phone, billing name and email, and any optional notes you or our office team add to your account.
  • Property details: postcode, address lines, town/city, and county.
  • Job details: a job reference, source (web form, manual, API), the assigned engineer, status, scheduled time, the issue summary or description, the resolution summary, the half-hour rate that applied, and the calculated total (inc. VAT).
  • On-site agreement:your typed full name, a drawn signature image, the timestamp of signing, and the generated PDF of the signed agreement (which embeds your address, the work scope, our rates, our cancellation notice, and your signature). If extra works are added during the visit, a separate “variation of contract” PDF is generated and signed in the same way.
  • Photos and videos uploaded by the engineer as evidence of the work carried out (before, during, and after).
  • Time on site: from the moment the agreement is signed to when the engineer marks works finished, used to calculate billable time in half-hour increments.
  • Extras: any ad-hoc items the engineer adds with a price (for example, parts or materials).

c. Payment data

Card payments are taken through Stripe (see section 7). We do not see or store your full card number, CVC, or expiry date. Against your job we keep only:

  • The Stripe PaymentMethod identifier (a token that represents your card).
  • Card brand and last four digits (for display and identification only).
  • The Stripe Customer identifier and PaymentIntent identifier.
  • The final charge status (for example: succeeded, requires_action, failed).

d. Customer portal account data

If you use our customer portal to view your past jobs, signed documents, and the photos or videos taken at your property, we hold your email address, a securely hashed password, password-reset tokens we send to your email, and basic sign-in metadata such as the time of your last login.

e. Staff and engineer accounts

We hold internal user accounts for our office staff and engineers so they can operate the service (for example, attend jobs, generate agreements, and take payment). This is internal operational data and is not used for marketing.

4. How we use your data

We use personal data to:

  • Respond to enquiries and arrange requested services.
  • Manage appointments, callbacks, and customer support.
  • Attend your property and carry out the agreed works.
  • Generate, present, and store the on-site service agreement and any variation-of-contract documents that you sign electronically on the engineer's device.
  • Calculate chargeable time on site, apply the agreed half-hour rate, and produce your invoice (inc. VAT).
  • Take payment by card via Stripe and handle refunds, retries, and disputes.
  • Operate the customer portal so you can sign in and review your jobs, documents, photos, and videos.
  • Provide and manage live chat support services (for example, via Tidio).
  • Improve website performance, content, and user experience.
  • Meet legal, regulatory, tax, and record-keeping requirements (for example, VAT and accounting records).

5. Legal basis for processing (UK GDPR Article 6)

We process personal data on the following lawful bases:

  • Performance of a contract: providing the services you have booked, attending your property, generating and storing the agreement and variation PDFs, taking payment for completed works, and operating your customer portal account.
  • Legal obligation: keeping VAT and accounting records, dealing with complaints, and responding to lawful requests from regulators or authorities.
  • Legitimate interests: preventing fraud (including fraud screening carried out by Stripe), recovering unpaid invoices, keeping our systems and the customer portal secure, improving how we operate, and capturing on-site photo and video evidence to protect both you and us in the event of a quality issue or dispute. Where we rely on legitimate interests, we have considered your rights and interests and only use the data in ways you would reasonably expect.
  • Consent: where required, for optional analytics, marketing communications, and non-essential cookies. You can withdraw consent at any time without affecting any processing carried out before withdrawal.

Photos and videos taken on site are captured under contract or legitimate interest, not consent. Where reasonably possible, our engineers will avoid or omit incidental third parties or items unrelated to the work.

6. Data sharing and sub-processors

We only share personal data where necessary to deliver our services, run our business, or meet a legal obligation. Our key recipients include:

  • Stripe Payments Europe Ltd (“Stripe”):our payment processor for taking and refunding card payments. Stripe acts as a processor on our behalf for payment processing and as an independent controller for its own fraud-prevention and regulatory purposes. See Stripe's privacy notice at stripe.com/privacy.
  • Ideal Postcodes: for UK address autocomplete when our office team or engineers create or update a customer or job record.
  • Live chat (Tidio): for managing live chat conversations on the marketing site, where you have consented.
  • Analytics and marketing measurement (Google, Meta): only where you have consented via the cookie banner.
  • Hosting, email, and infrastructure providers: our [hosting provider] hosts our website, CRM and customer portal, and our email provider sends transactional emails such as password resets and document notifications.
  • Professional advisers, accountants, and authorities: where reasonably required for advice, audit, tax, or legal obligations.

Service agreement and variation PDFs are rendered on our own infrastructure using a headless browser (Browsershot / headless Chromium). No third-party transfer of your document content is involved in that step.

All providers act under appropriate contractual and data-protection safeguards.

7. Card payments and Stripe

We use Stripe to capture and charge card payments on our behalf. When the engineer takes payment at the end of a visit, you are asked to enter your card details on the engineer's device. Those details are collected by Stripe Elements directly in the browser and sent straight to Stripe; we receive only a token (a Stripe PaymentMethod identifier) along with the card brand and last four digits.

We create a Stripe Customer record per customer account so that, for the duration of your works, a saved card can be reused for example for a retry after a declined payment, or for a signed variation of contract, without you having to re-enter your card details. You can ask us to remove a saved card at any time.

Where required by your bank under the Payment Services Regulations 2017 (PSD2), Stripe will trigger Strong Customer Authentication (3-D Secure). This appears as a Stripe security check on the engineer's device and you will be asked to approve the transaction with your bank.

We do not receive or store your full card number (PAN), CVC, or expiry date. Storage of the underlying card data is the responsibility of Stripe, which is certified to PCI DSS Level 1. We are out of scope for storing primary card data.

8. International transfers

Some of our providers (including Stripe and certain analytics or hosting services) may transfer personal data outside the United Kingdom. Where this happens, we rely on appropriate safeguards, such as UK adequacy regulations, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, to keep your data protected.

9. Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy. Typical retention periods are:

DataRetention period
Customer and job records, signed service agreements, variation-of-contract PDFs, and invoices.Minimum 6 years from completion of the works (statutory limitation period plus tax/VAT requirements), then archived or securely deleted.
On-site photo and video evidence.Up to 6 years where needed for dispute or legal record; sooner where no longer required.
Stripe references (PaymentMethod, PaymentIntent, Customer ids, card brand and last four digits).Retained alongside the related job for refund and chargeback handling. Deletion of the underlying card data is governed by Stripe's own retention policies.
Customer portal account credentials and sign-in metadata.For as long as your account is active, then deleted on closure.
Marketing data (for example, mailing-list contact details).Until you withdraw consent or unsubscribe.
General website enquiry data and analytics.As long as needed to handle the enquiry or as set out in our Cookie Policy.

10. Your rights under UK GDPR

Under the UK GDPR you have the right to:

  • Access the personal data we hold about you (right of access).
  • Correct inaccurate or incomplete data (right to rectification).
  • Erasure in certain circumstances (right to be forgotten).
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests, including direct marketing.
  • Data portability for data you provided to us, where applicable.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at [email protected]. We will respond within one calendar month, although in complex cases we may extend this by a further two months and will let you know if we need to do so.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk. We'd appreciate the chance to address your concerns first, so please consider contacting us before raising a complaint with the ICO.

11. Automated decision-making

We do not carry out solely automated decision-making or profiling that produces legal or similarly significant effects. Stripe may perform automated fraud screening on payment attempts as part of its payment-processing service.

12. Security

We use technical and organisational measures appropriate to the data we hold — including encryption in transit, access controls, role-based permissions in the CRM, hashed passwords, and supplier due diligence — to protect personal data from loss, misuse, and unauthorised access.

13. Policy updates

We may update this policy from time to time to reflect changes in our services or the law. Any changes will be posted on this page with a revised “last updated” date.

Back to homepageTerms & ConditionsCookie Policy