PRIVACY POLICY

Clearlands & Mcnamaras Environmental Services Ltd
Last Updated: November 2025

1. INTRODUCTION
At Clearlands & Mcnamaras Environmental Services Ltd (company number [INSERT], registered office: Office above, 376-378 Shaw Road, Oldham, OL1 4AH, Greater Manchester) (“we”, “us”, “our” or the “Company”), we are committed to protecting your privacy and personal data.
This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with:
• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018 (DPA 2018)
• The Privacy and Electronic Communications Regulations 2003 (PECR)
For the purposes of data protection legislation, Clearlands & Mcnamaras Environmental Services Ltd is the data controller responsible for your personal data.
Personal data means any information relating to an identified or identifiable individual. This includes information that, when combined with other information, could identify you.

2. SCOPE OF THIS POLICY
This Privacy Policy applies to:
• Our website and any associated domains
• Our mobile applications (if applicable)
• Our products and services
• Any interaction you have with us through digital or traditional channels
This Policy does not apply to third-party websites, applications, products, or services that may be accessed through links on our website. These are owned and operated independently and have their own privacy policies. We are not responsible for the privacy practices or content of such third-party sites. We recommend reviewing their privacy policies before providing any personal data.

3. PERSONAL DATA WE COLLECT
3.1 Categories of Personal Data
We may collect and process the following categories of personal data about you:
Identity Data: First name, surname, title
Contact Data: Billing address, delivery address, email address, telephone numbers
Account Data: Username, password, account preferences
Financial Data: Payment card details, bank account details (processed securely through our payment processors)
Transaction Data: Details about payments to and from you, details of products and services you have purchased
Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device information
Usage Data: Information about how you use our website, products, and services, including browsing actions and patterns
Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences
Profile Data: Purchases or orders made by you, your interests, preferences, feedback, and survey responses
3.2 Special Categories of Personal Data
We do not ordinarily collect special categories of personal data (such as information about your health, race, ethnicity, religious beliefs, sexual orientation, or trade union membership). If we need to collect such data for a specific purpose, we will inform you and obtain your explicit consent or rely on another lawful basis as required by law.

4. HOW WE COLLECT YOUR PERSONAL DATA
4.1 Direct Interactions
You may provide us with personal data when you:
• Create an account on our website
• Purchase our products or services
• Request marketing materials or information
• Subscribe to our newsletter or mailing lists
• Enter a competition, promotion, or survey
• Contact us with an inquiry or to report a problem (by telephone, email, post, social media, or otherwise)
• Provide feedback or complete customer satisfaction surveys
• Apply for employment with us
4.2 Automated Technologies
As you interact with our website, we may automatically collect Technical Data and Usage Data using cookies, server logs, and similar technologies. Please see Section 11 (Cookies) for further details.
4.3 Third-Party Sources
We may receive personal data about you from:
• Analytics providers (such as Google Analytics)
• Advertising networks
• Social media platforms when you interact with our social media presence or use social login features
• Payment service providers
• Fraud prevention and credit reference agencies
• Other individuals (for example, if someone purchases a gift for you through our website)
• Publicly available sources

5. HOW WE USE YOUR PERSONAL DATA
5.1 Lawful Bases for Processing
We will only process your personal data where we have a lawful basis to do so. Under UK GDPR, these lawful bases include:
a) Consent: You have given clear consent for us to process your personal data for a specific purpose
b) Contract: Processing is necessary for us to perform a contract with you or to take steps at your request before entering into a contract
c) Legal obligation: Processing is necessary for us to comply with the law
d) Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests
e) Vital interests: Processing is necessary to protect someone’s life (this is rarely applicable)
f) Public task: Processing is necessary to perform a task in the public interest or for official functions
5.2 Purposes for Processing
We use your personal data for the following purposes:
Purpose Type of Data Lawful Basis
To register you as a new customer Identity, Contact Performance of contract
To process and deliver your order Identity, Contact, Financial, Transaction Performance of contract; Legitimate interests
To manage our relationship with you Identity, Contact, Profile Performance of contract; Legal obligation; Legitimate interests
To protect our business and website Identity, Contact, Technical Legitimate interests; Legal obligation
To deliver relevant content and marketing Identity, Contact, Profile, Usage Legitimate interests; Consent

5.3 Marketing Communications
We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view on what products or services may be of interest to you. You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving marketing communications.
You have the right to opt out of receiving marketing communications at any time by:
• Following the unsubscribe links in any marketing email we send
• Contacting us using the details in Section 17
• Updating your marketing preferences in your account settings
Where you opt out of receiving marketing messages, we will continue to send you service-related (non-marketing) communications, such as order confirmations and important updates about our services.

6. DISCLOSURE OF YOUR PERSONAL DATA
We may share your personal data with the following categories of recipients:
6.1 Service Providers
We may share your data with third-party service providers who perform services on our behalf, including IT service providers, payment processors, delivery providers, marketing agencies, customer relationship management providers, website hosting providers, email service providers, analytics providers, and professional advisers. These service providers are contractually obligated to process your personal data only on our instructions and to maintain appropriate security measures.
6.2 Legal and Regulatory Authorities
We may disclose your personal data to law enforcement agencies, courts, tribunals, regulatory authorities, HM Revenue & Customs, and fraud prevention agencies when legally required to do so, to enforce our terms and conditions, or to protect the rights, property, or safety of our business, our customers, or others.
6.3 Business Transfers
If we are involved in a merger, acquisition, reorganisation, asset sale, or in the unlikely event of insolvency, your personal data may be transferred to the new owner or controlling party. We will notify you of any such transfer and any choices you may have regarding your personal data.
6.4 Other Third Parties
With your consent, we may share your data with selected third parties for marketing purposes or social media platforms for targeted advertising.

7. INTERNATIONAL DATA TRANSFERS
Your personal data is primarily stored and processed within the United Kingdom. However, some of our service providers may be located outside the UK, which may involve transferring your personal data to countries that do not provide the same level of data protection as UK law.
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including International Data Transfer Agreements (IDTAs) or Addendums to the EU Standard Contractual Clauses as approved by the UK Information Commissioner’s Office, transfers to countries with an adequacy decision from the UK Government, or binding corporate rules or approved codes of conduct.
You may request further information about the safeguards we use for international transfers by contacting us using the details in Section 17.

8. DATA SECURITY
We have implemented appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
Our security measures include encryption of data in transit using secure socket layer (SSL) technology, secure storage systems with access controls, regular security assessments and penetration testing, staff training on data protection and security, and contractual obligations on third-party processors to maintain security.
Despite these measures, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.
8.1 Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where required by law, notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.

9. DATA RETENTION
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data and whether we can achieve those purposes through other means, and applicable legal, regulatory, tax, accounting, or other requirements.
Typical retention periods:
• Customer account data: Retained for the duration of your relationship with us, plus 6 years after account closure
• Transaction records: 6 years from the date of transaction
• Marketing data: Until you unsubscribe or withdraw consent, or after 2 years of inactivity
• Website analytics data: Typically 26 months
When we no longer need your personal data, we will securely delete or anonymise it so that it cannot be linked back to you.

10. CHILDREN’S PRIVACY
Our services are not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately using the details in Section 17, and we will take steps to delete such information.
For certain online services, the age of consent for processing personal data is 13 in the UK under the UK GDPR and the Age Appropriate Design Code. Where we rely on consent as the lawful basis for processing a child’s personal data, we will obtain parental consent where required by law.

11. COOKIES AND SIMILAR TECHNOLOGIES
11.1 What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.
11.2 Our Use of Cookies
We do not currently use cookies on our website.
Should we implement cookies in the future, we will update this Privacy Policy to provide full details of the cookies used, obtain your consent before placing non-essential cookies on your device, and provide you with clear information about how to manage your cookie preferences.
11.3 Similar Technologies
Even without cookies, we may collect certain Technical Data automatically, such as your IP address, through server logs. This information is used for system administration, security purposes, and to analyse website usage in aggregate form.

12. YOUR RIGHTS UNDER UK GDPR
Under UK data protection law, you have the following rights regarding your personal data:
12.1 Right of Access (Subject Access Request)
You have the right to request a copy of the personal data we hold about you and to verify the lawfulness of the processing. This is known as a Subject Access Request (SAR).
12.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
12.3 Right to Erasure (‘Right to be Forgotten’)
You have the right to request deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purpose for which it was collected, you withdraw consent, you object to the processing, the data has been unlawfully processed, or erasure is required to comply with a legal obligation. This right is not absolute and may not apply where we have a legal obligation to retain the data.
12.4 Right to Restrict Processing
You have the right to request restriction of processing of your personal data in certain circumstances, including where you contest the accuracy of the data, the processing is unlawful, we no longer need the data but you need it for legal claims, or you have objected to processing pending verification of our legitimate grounds.
12.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where the processing is based on consent or performance of a contract and the processing is carried out by automated means.
12.6 Right to Object
You have the right to object to processing of your personal data where processing is based on legitimate interests or performance of a public task, for direct marketing purposes (including profiling), or for research or statistical purposes. Where you object to processing for direct marketing purposes, we will stop processing your data for that purpose.
12.7 Right to Withdraw Consent
Where we rely on consent as the lawful basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
12.8 Right Not to be Subject to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you, unless it is necessary for entering into or performing a contract with you, it is authorised by law, or it is based on your explicit consent. We do not currently use automated decision-making processes that would significantly affect you.
12.9 How to Exercise Your Rights
To exercise any of these rights, please contact us using the details provided in Section 17.
We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
We will not charge a fee for processing your request unless it is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or refuse to act on the request.
For your security, we may need to verify your identity before responding to your request.

13. RIGHT TO COMPLAIN TO THE ICO
You have the right to lodge a complaint with the UK supervisory authority for data protection:
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk
Online reporting: https://ico.org.uk/make-a-complaint/
We would appreciate the opportunity to address your concerns before you contact the ICO, so please do contact us first using the details in Section 17.

14. THIRD-PARTY LINKS AND SERVICES
Our website may contain links to third-party websites, applications, and services. If you follow a link to a third-party site, please be aware that these sites have their own privacy policies, and we are not responsible for their practices. We recommend that you review the privacy policy of any third-party site before providing any personal data.

15. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.
When we make material changes to this Policy, we will update the ‘Last Updated’ date at the top of this Policy, notify you by email (if you have provided us with your email address), display a prominent notice on our website, and where required by law, seek your consent to the changes.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. The current version of this Policy will always be available on our website.

16. LEGAL BASIS SUMMARY TABLE
For your convenience, here is a summary of the lawful bases we rely on for processing your personal data:
Processing Activity Lawful Basis
Account registration and management Performance of contract
Processing orders and payments Performance of contract
Customer service and support Performance of contract; Legitimate interests
Fraud prevention and security Legitimate interests; Legal obligation
Marketing communications (email/SMS) Consent
Marketing communications (post/telephone) Legitimate interests (with opt-out right)
Website analytics and improvement Legitimate interests
Legal compliance and regulatory reporting Legal obligation

17. CONTACT US
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:
Data Protection Officer
Clearlands & McNamaras Environmental Services Ltd
Email: info@clearlands.co.uk
Post:
Clearlands & Mcnamaras Environmental Services Ltd
Office above, 376-378 Shaw Road
Oldham
Greater Manchester
OL1 4AH
United Kingdom
Telephone: 0161 652 9558
We aim to respond to all enquiries within 5 working days.