1. Introduction
GreenRun Technologies Ltd ("GreenRun", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you:
- Visit our website at greenrun.uk
- Use the GreenRun mobile application (available on iOS and Android)
- Contact us via our enquiry form, email, phone, or WhatsApp
- Book or receive any of our gardening services
GreenRun Technologies Ltd is the data controller responsible for your personal data. We are registered in England and operate in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If you have any questions about this Privacy Policy or our data practices, please contact us:
GreenRun Technologies Ltd
📧 Email: info@greenrun.uk
📞 Phone: +44 7424 053410
📍 Norwich, Norfolk, United Kingdom
2. Information We Collect
We collect personal data through several channels depending on how you interact with us. Below is a breakdown of the data we collect and the source.
2.1 Website Enquiry Form
When you submit an enquiry through the contact form on our website (powered by FormSubmit), we collect:
- Your full name
- Email address
- Phone number
- Message content (your enquiry details)
2.2 GreenRun Mobile App
When you create an account and use the GreenRun app, we collect:
- Your full name
- Email address
- Phone number
- Home or property address (including postcode)
- Payment information (processed securely via Stripe — we do not store your card details)
- Booking history and service records
- Photographs (before and after garden photos uploaded by you or our team)
- Account authentication data (managed via Firebase Authentication)
2.3 WhatsApp Messages
When you contact us via WhatsApp Business, we collect:
- Your phone number
- Message content (text, images, or voice messages you send us)
2.4 Automatically Collected Data
When you visit our website or use the GreenRun app, we may automatically collect certain technical and device data, including:
- IP address
- Browser type and version
- Device type, model, and operating system
- Screen resolution and language settings
- Pages visited, time spent, and referral source
- Analytics identifiers (via Google Analytics, where you have consented — see our Cookie Policy)
- Cookies and similar tracking technologies (see Section 9)
3. How We Use Your Data
We use the personal data we collect for the following purposes:
| Purpose | Lawful Basis |
|---|---|
| To provide and manage gardening services you have booked | Contract — necessary to fulfil our agreement with you |
| To process payments for services | Contract — necessary to fulfil our agreement with you |
| To respond to enquiries and provide quotes | Legitimate interest — to respond to potential customers |
| To create and manage your app account | Contract — necessary to provide the app service |
| To store before/after garden photographs | Contract — part of our service delivery and records |
| To communicate with you about your bookings (email, phone, WhatsApp) | Contract — necessary to perform our services |
| To maintain records for tax and legal obligations | Legal obligation — HMRC and Companies Act requirements |
| To improve our website, app, and services | Legitimate interest — to enhance the user experience |
| To analyse website traffic and usage patterns | Consent — where analytics cookies are used |
4. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data to third parties. However, we share data with trusted service providers who assist us in operating our business. These third-party processors act only on our instructions and are contractually obligated to protect your data.
Google Firebase
Purpose: Website hosting, user authentication (Firebase Auth), database storage (Cloud Firestore), and file/photo storage (Firebase Cloud Storage).
Data location: EU servers (europe-west2, London).
Privacy policy: firebase.google.com/support/privacy
Stripe
Purpose: Secure payment processing for bookings made through the GreenRun app. We do not store your credit or debit card details — all payment data is handled directly by Stripe.
Privacy policy: stripe.com/gb/privacy
FormSubmit
Purpose: Processing contact form submissions on our website and forwarding them to our email inbox.
Privacy policy: formsubmit.co/privacy.pdf
Google Analytics
Purpose: Analysing website traffic and user behaviour to improve our online services (where implemented).
Privacy policy: policies.google.com/privacy
We may also disclose your data if required to do so by law, regulation, legal process, or enforceable governmental request.
5. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are:
| Data Type | Retention Period | Reason |
|---|---|---|
| Booking and payment records | 6 years | HMRC tax obligations and legal compliance |
| Website enquiry data | 12 months | To follow up on enquiries and provide quotes |
| App account data | Duration of account + 6 years | Service provision and legal obligations |
| Garden photographs | Duration of account | Deleted upon account deletion or upon request |
| WhatsApp messages | 12 months | Customer service and records |
| Analytics data (Google Analytics) | 14 months | Website improvement and usage analysis (anonymised after expiry) |
| Device and technical data (IP address, browser info) | 90 days | Security monitoring and troubleshooting |
When your data is no longer required, we will securely delete or anonymise it.
6. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS).
- Encryption at rest: Data stored in Firebase and Stripe is encrypted at rest using industry-standard encryption.
- Access controls: Only authorised personnel have access to personal data, restricted on a need-to-know basis.
- Secure authentication: Firebase Authentication is used to manage user accounts with secure sign-in methods.
- Payment security: All payment processing is handled by Stripe, which is PCI DSS Level 1 certified — the highest level of security certification in the payments industry.
- EU-based infrastructure: Our Firebase services are hosted in the europe-west2 (London) region, keeping your data within the UK/EU.
While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. If you become aware of any security issues, please contact us immediately at info@greenrun.uk.
7. Your Rights Under UK GDPR
Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data:
Right of Access
You can request a copy of the personal data we hold about you (a Subject Access Request).
Right to Rectification
You can request that we correct any inaccurate or incomplete personal data.
Right to Erasure ("Right to Be Forgotten")
You can request that we delete your personal data, subject to legal retention requirements (e.g., tax records must be kept for 6 years).
Right to Data Portability
You can request a copy of your data in a structured, commonly used, machine-readable format.
Right to Restrict Processing
You can request that we limit how we use your data in certain circumstances.
Right to Object
You can object to processing based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.
Right to Withdraw Consent
Where we process data based on your consent (e.g., analytics cookies), you can withdraw that consent at any time.
To exercise any of these rights:
Please email us at info@greenrun.uk with the subject line "Data Rights Request". We will respond within one calendar month as required by UK GDPR. We may need to verify your identity before processing your request.
8. International Data Transfers
We primarily store and process your data within the United Kingdom and European Economic Area (EEA). Our Firebase infrastructure is hosted in the europe-west2 (London) region.
Some of our third-party service providers (such as Stripe and Google) may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO)
- The UK International Data Transfer Agreement (UK IDTA) and/or the UK Addendum to the EU SCCs, as required under UK GDPR
- Adequacy decisions by the UK Government recognising the destination country's data protection standards
- The service provider's binding corporate rules or equivalent safeguards
Specifically, Google/Firebase and Stripe may process certain data in the United States. Both providers have entered into Standard Contractual Clauses and comply with the UK IDTA framework to ensure your data receives an equivalent level of protection when transferred outside the UK.
9. Cookies and Tracking Technologies
Our website uses a limited number of cookies and similar technologies:
| Cookie / Technology | Type | Purpose |
|---|---|---|
| Tailwind CSS CDN | Strictly necessary | Delivers CSS styling for the website. No personal data is collected. |
| Firebase Hosting | Strictly necessary | Serves website content. May set technical cookies for load balancing. |
| Google Analytics | Analytics (optional) | Tracks page views and user behaviour to help us improve our website. Only active where implemented with consent. |
You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling cookies may affect the functionality of our website.
For more information, please see our Cookie Policy.
10. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@greenrun.uk and we will promptly delete the information.
11. Third-Party Links
Our website and app may contain links to third-party websites or services (such as app stores or social media platforms). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal data.
12. Complaints
If you are unhappy with how we have handled your personal data, we would like the opportunity to resolve your concerns. Please contact us first at info@greenrun.uk.
If you remain dissatisfied, you have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO)
🌐 Website: ico.org.uk
📞 Helpline: 0303 123 1113
📧 Email: casework@ico.org.uk
📍 Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
13. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the ICO: We will report the breach to the Information Commissioner's Office within 72 hours of becoming aware of it, as required by UK GDPR Article 33.
- Notify affected individuals: Where the breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay, explaining the nature of the breach and the steps we are taking to address it.
- Investigate and mitigate: We will promptly investigate the cause, take steps to contain and mitigate the breach, and implement measures to prevent future occurrences.
- Maintain records: We will document all personal data breaches, including the facts, effects, and remedial action taken, regardless of whether they are reportable to the ICO.
If you believe your personal data has been compromised, please contact us immediately at info@greenrun.uk.
14. Automated Decision-Making and Profiling
Under Article 22 of the UK GDPR, you have the right to know about and challenge decisions made solely by automated means that produce legal or similarly significant effects.
We use automated pricing algorithms to calculate the cost of gardening services when you request a quote through the GreenRun app. Our pricing engine takes into account factors such as:
- The type of service requested (e.g., lawn mowing, hedge trimming)
- The estimated size of the area to be serviced
- The complexity and condition of the garden
- Your location and travel distance
- Current demand and scheduling availability
This automated pricing is necessary for the performance of our contract with you (Article 22(2)(a) UK GDPR), as it enables us to provide instant, consistent quotes. The pricing calculation does not use any special category data and does not make decisions about your eligibility for services.
Your rights regarding automated decisions:
- You can request human review of any automated pricing decision by contacting us
- You can express your point of view and contest any price you believe is unfair
- You can request an explanation of how your specific quote was calculated
To exercise any of these rights, please email info@greenrun.uk with the subject line "Automated Decision Review".
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify app users via an in-app notification where appropriate
- Post a notice on our website for significant changes
We encourage you to review this page periodically. Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to get in touch:
GreenRun Technologies Ltd
📧 Email: info@greenrun.uk
📞 Phone: +44 7424 053410
💬 WhatsApp: Chat with us
📍 Location: Norwich, Norfolk, United Kingdom