Privacy Policy

Compliant with UK GDPR and the Data Protection Act 2018

Last updated: March 2026

IMPORTANT

We operate a lead generation marketplace. When you submit an enquiry on this website, your personal data will be shared with vetted tree surgery businesses for the purpose of providing you with quotes. By submitting an enquiry, you explicitly consent to this sharing. Please read this policy carefully before submitting your details.

Key Details

Website

www.treesurgeon.org.uk

Data Controller

UK Tree Surgeons Ltd

Data Protection Contact

privacy@treesurgeon.org.uk

ICO Registration

[To be inserted]

1. Who We Are

UK Tree Surgeons Ltd operates this website and the associated supplier marketplace platform. We are a lead generation business that connects members of the public requiring tree surgery services across the United Kingdom with vetted, professional tree surgery businesses ("suppliers") across all regions.

We are registered as a Data Controller with the Information Commissioner's Office (ICO) under the Data Protection Act 2018. Our supplier businesses who receive personal data via this platform act as independent Data Controllers in their own right once they receive that information.

2. What Personal Data We Collect

2.1 Consumer Data

Collected when an enquiry form is submitted:

  • Full name, phone number, email address
  • Postcode, service type, job description
  • Date and time of submission
  • IP address and device/browser information
  • Following job completion: reported invoice value, job confirmation, star rating and review, responses to follow-up messages

2.2 Supplier Data

Collected at registration:

  • Business name, contact name, phone, email
  • Company registration number, registered address
  • Public liability insurance documentation
  • NPTC certification
  • Service areas and services offered
  • Stripe Connect bank details (processed by Stripe directly)
  • Login credentials (encrypted)
  • Job outcome reports, invoice values, account activity and communication logs

2.3 Automatically Collected Data

  • IP address, browser type and version, operating system
  • Referring URL, pages visited, time on page
  • Clickstream data, cookie identifiers

3. How We Use Your Data

Consumer Data Lawful Basis

PurposeLawful BasisDetails
Matching enquiry with local tree surgeonsConsent (Article 6(1)(a))Explicit consent given at point of form submission
Sharing contact details with up to 3 matched suppliersConsent (Article 6(1)(a))Clearly disclosed at point of data collection
Follow-up messages to verify job outcome and invoice valueLegitimate Interests (Article 6(1)(f))Necessary to verify commission and prevent fraud
Requesting a rating and review of your supplierLegitimate Interests (Article 6(1)(f))Maintains platform quality and protects future consumers
Responding to enquiries or complaintsLegitimate Interests (Article 6(1)(f))Necessary for communication related to your request
Complying with legal obligationsLegal Obligation (Article 6(1)(c))Financial records, regulatory compliance

Supplier Data Lawful Basis

PurposeLawful BasisDetails
Account creation and identity verificationContract (Article 6(1)(b))Necessary to enter into our supplier agreement
Delivering matched leads to supplier accountsContract (Article 6(1)(b))Core platform service delivery
Collecting commission via StripeContract (Article 6(1)(b))Fulfilment of the revenue share agreement
Sending SMS and email notifications about new leadsContract (Article 6(1)(b))Essential to the platform service
Maintaining Verified Partner profilesContract (Article 6(1)(b))Agreed as part of Verified Partner subscription
Monitoring trust scores and flagging fraudLegitimate Interests (Article 6(1)(f))Protecting platform integrity and consumer interests
Marketing communicationsConsent (Article 6(1)(a))Only where supplier has opted in
Tax and legal complianceLegal Obligation (Article 6(1)(c))HMRC and Companies Act obligations

4. How We Share Your Data

4.1 Lead Sharing

Lead sharing is the core commercial activity of this platform. When an enquiry is submitted, personal data is shared with a maximum of 3 vetted supplier businesses in the relevant area.

  • Suppliers on the free tier see a partial preview only
  • Full contact details are revealed only when a supplier actively accepts the lead
  • Verified Partner suppliers receive full details during their 2-hour priority window

If you do not consent to your details being shared with tree surgery businesses for the purpose of receiving quotes, you should not submit your details through this website.

4.2 Third-Party Processors

ProviderPurposeData Shared
StripePayment processing and commission collectionSupplier bank details, commission data
SupabaseDatabase and real-time infrastructureAll platform data (EU region)
TwilioSMS notification deliveryPhone numbers and message content
ResendTransactional email deliveryEmail addresses and email content
VercelWebsite and application hostingWeb traffic data and logs

4.3 Legal Disclosures

We may share data to comply with legal obligations, protect safety, prevent fraud, or enforce our Terms of Service.

4.4 Business Transfers

Data may transfer in a merger or acquisition. Users will be notified in advance.

5. Automated Processing

Our matching algorithm is automated and considers postcode, service type, supplier coverage areas, and account tier. This does not produce legal effects on consumers.

Supplier trust scores are calculated automatically. Suppliers may request human review of any automated decision affecting their account by emailing privacy@londontreesurgeons.co.uk.

7. Data Retention

Data CategoryPurposeRetention Period
Consumer enquiry dataLead matching and delivery3 years from date of enquiry
Consumer job outcome dataCommission verification and fraud prevention6 years (statutory limitation period)
Consumer ratings and reviewsSupplier quality assuranceDuration of supplier account + 1 year
Supplier account dataAccount administrationDuration of account + 6 years
Supplier financial dataFinancial records and tax compliance6 years from financial year end
Supplier trust score and flag historyFraud preventionDuration of account + 2 years
SMS and email communication logsAudit trail2 years
Website usage data and analyticsPlatform performance26 months
Cookie consent recordsDemonstrating compliance3 years

8. Security

Technical Measures

  • TLS encryption
  • Bcrypt password hashing
  • Restricted database access
  • ISO 27001-certified infrastructure
  • Role-based access controls
  • Supabase Row Level Security
  • Rate-limited API endpoints

Organisational Measures

  • Staff data protection training
  • Data processing agreements with all processors
  • Regular reviews

In the event of a breach likely to risk individual rights, the ICO will be notified within 72 hours and affected individuals notified without undue delay where risk is high.

9. International Transfers

All data is stored within the UK or EEA where possible. International transfers rely on Standard Contractual Clauses.

Stripe, Twilio, and Resend may transfer data to the US under SCCs. Contact privacy@londontreesurgeons.co.uk for details of specific safeguards.

10. Your Rights

Your RightWhat It MeansLegal Basis
Right of AccessRequest a copy of all personal data we holdArticle 15 UK GDPR
Right to RectificationAsk us to correct inaccurate dataArticle 16 UK GDPR
Right to ErasureRequest deletion where there is no compelling reason to retainArticle 17 UK GDPR
Right to Restrict ProcessingAsk us to pause processing in certain circumstancesArticle 18 UK GDPR
Right to Data PortabilityReceive your data in a structured machine-readable formatArticle 20 UK GDPR
Right to ObjectObject to processing based on legitimate interests or direct marketingArticle 21 UK GDPR
Right to Withdraw ConsentWithdraw at any time where consent is the lawful basisArticle 7 UK GDPR
Right to ComplainLodge a complaint with the ICO at ico.org.ukSection 165 DPA 2018

We respond to all valid requests within one calendar month. To exercise your rights, email privacy@londontreesurgeons.co.uk with the subject line "Data Subject Request".

11. Cookies

  • Strictly necessary cookies - Cannot be disabled
  • Analytics cookies - Consent required
  • Functional cookies - Consent required

No third-party advertising or retargeting cookies currently used. Users can manage cookie preferences via the consent banner or browser settings.

12. Children

Services are for individuals 18 and over. We do not knowingly collect data from children. Contact privacy@londontreesurgeons.co.uk if you believe a child's data has been collected.

13. Supplier-Specific Provisions

Suppliers become independent Data Controllers when they receive consumer data and are responsible for:

  • Lawful processing
  • Restricting use to the original enquiry purpose
  • Not retaining beyond 12 months
  • Not adding consumer data to marketing lists without separate consent
  • Not selling or transferring consumer data to third parties

Breach constitutes a material breach of the Supplier Agreement.

14. Legitimate Interests Assessment

Post-job Follow-up Messages

Our interest is commission verification and fraud prevention. Consumer impact is minimal — a small number of relevant messages directly related to their transaction. Consumers can opt out by replying STOP.

Supplier Trust Score Monitoring

Our interest is consumer protection and platform integrity. Scores are not public. Suppliers are informed at registration and can appeal any flag.

15. Changes to This Policy

Material changes will be noted with an updated date, a homepage notice for 30 days, and fresh consent where required.

16. Contact and Complaints

Response Time

5 working days

ICO Complaints

ico.org.uk | 0303 123 1113

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Return to Homepage