Privacy Policy

Last updated: [DD Month YYYY]

1. Controller

[Legal company name], [legal form]
[Street, ZIP, City, Country]
Email: privacy@3s-clean.com
Phone: [phone]

2. Categories of Personal Data

Depending on the services used, we process in particular:

• Identification & contact data (name, email, phone)
• Booking & contract data (service, add-ons, address, appointment, access instructions)
• Payment & invoicing data (payment method, invoice data, transaction references)
• Technical usage data (IP address, device/browser data, logs)
• Video & audio data for service documentation/livestreaming (if booked)

3. Purposes of Processing

• Contract performance and booking management
• Payment processing and invoicing
• Customer support and complaint handling
• Quality assurance and internal documentation
• Employee safety
• Dispute resolution and legal evidence
• Compliance with legal obligations

4. Legal Bases (Art. 6 GDPR)

• Art. 6(1)(b) GDPR (contract)
• Art. 6(1)(c) GDPR (legal obligation, e.g. tax law)
• Art. 6(1)(f) GDPR (legitimate interests: security, fraud prevention, legal claims, quality)
• Art. 6(1)(a) GDPR (consent, where required, e.g. analytics/marketing)

5. Video Recording & Livestreaming

If booked, we record/livestream footage for transparency, quality control, evidence and employee safety.

Scope limits:

• only within the booked service scope
• no filming inside drawers/wardrobes/containers unless explicitly requested
• we avoid personal documents/photos/sensitive items where reasonably possible

Access: secure, individual, time-limited links and role-based access control.
Hosting/processing: via specialised video hosting providers acting as processors (Art. 28 GDPR). No automated decision-making or profiling (Art. 22 GDPR).
Retention: standard retention is 7 business days after service completion; then automatic, irreversible deletion. Retention may be extended for disputes or legal obligations.

Advertising use: only anonymised clips (e.g., blurring faces, documents, addresses, licence plates). If anonymisation is not feasible, we obtain separate explicit consent.

6. Payment Processing (Stripe)

We use external payment service providers (e.g. Stripe). We do not store full card or bank account details on our systems; we typically receive only confirmations and references required for accounting and invoicing. Payment data is processed by the payment provider according to applicable security standards (e.g. PCI-DSS).

7. Cookies & Google Analytics

We use cookies and similar technologies.

Strictly necessary cookies: for login/sessions, security, language preferences, and booking/payment flows.
Legal basis: Art. 6(1)(b) and (f) GDPR and §25(2) No. 2 TTDSG.

Google Analytics: only with your consent (Art. 6(1)(a) GDPR in conjunction with §25(1) TTDSG). IP anonymisation is enabled. You can withdraw consent at any time via cookie settings.

8. Recipients / Processors

We use service providers as processors (Art. 28 GDPR), e.g. for hosting/cloud, email/communication, payments, video hosting, and analytics. They are contractually bound to confidentiality and security.

9. Transfers Outside the EU/EEA

Where data is processed outside the EU/EEA (e.g. in connection with analytics), this is done only with appropriate safeguards (e.g. adequacy decision, EU-U.S. Data Privacy Framework, or Standard Contractual Clauses – SCCs).

10. Retention Periods

• Account data: while the account exists
• Booking/invoice data: up to 10 years (statutory tax retention)
• Video footage: 7 business days (may be longer for disputes/legal obligations)

11. Your Rights

You have the rights of access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent. You also have the right to lodge a complaint with a supervisory authority.

12. Contact

privacy@3s-clean.com