Legal | Paez Brothers Painters & Decorators

Legal Information

Everything you need to know about our terms and policies.

Last updated: 21 February 2026

Paez Brothers Painters & Decorators ("we", "us", "our") respects your privacy and is committed to protecting your personal data in line with UK GDPR, the Data Protection Act 2018, and applicable UK privacy laws.

1. Data Controller

Data Controller: Paez Brothers Painters & Decorators
Email: [email protected]
Location: London, United Kingdom

2. Personal Data We Collect

We may collect:

Identity and contact data: name, email, phone number, address.
Service enquiry data: quote details, property/service information, notes, preferred dates.
Communication data: contact form messages, call/email follow-ups.
Booking/appointment data: consultation requests, schedule slots, status updates.
Transaction/document data: estimates, invoices, receipts, payment status (we do not store full card data).
Technical/security data: IP/device/session metadata, auth and audit logs needed for security and operations.
Marketing/review data: review request tokens, unsubscribed preferences, communication history.

3. How We Collect Data

Directly from you (forms, email, phone, booking/quote requests).
Automatically through necessary website/session technologies.
From service providers used to operate the website and communications.

4. Purposes and Lawful Bases

We process personal data under one or more lawful bases:

Performance of a contract / steps before contract: preparing and managing quotes, bookings, and service delivery.
Legitimate interests: business operations, fraud prevention, service quality, internal analytics, record keeping.
Legal obligation: accounting/tax compliance, legal claims handling, regulatory requirements.
Consent (where required): non-essential cookies/technologies and optional marketing communications.

5. Recipients / Processors

We may share data with trusted providers:

Supabase (database/auth/hosting components)
Resend (transactional/admin email delivery)
Telegram (internal operational notifications where configured)
Infrastructure/hosting and security providers
Professional advisers (legal/accounting), where required

All providers are used under appropriate contractual and security controls.

6. International Transfers

Some providers may process data outside the UK. Where this happens, we use appropriate safeguards (e.g. UK IDTA or equivalent lawful mechanisms).

7. Retention

We keep data only as long as necessary:

Quote/contact data: typically up to 24 months unless a longer period is needed for claims/compliance.
Service/transaction records: (estimates/invoices/accounting): typically 6 years to meet legal/tax obligations.
Marketing preferences/unsubscribe logs: retained to honour your preferences.
Security/audit logs: retained for security and operational integrity.

8. Your Rights

You may request: access to your personal data, correction of inaccurate data, deletion (where applicable), restriction or objection to certain processing, portability (where applicable), withdrawal of consent (for consent-based processing).

To exercise rights: [email protected]

9. Complaints

If you are unhappy with how we handle your data, contact us first at [email protected]. You can also complain to the UK Information Commissioner’s Office (ICO): https://ico.org.uk

10. Security

We use technical and organisational measures to protect personal data. No system is 100% secure, but we apply proportionate safeguards.

11. Children

Our services are not directed to children under 16, and we do not knowingly collect children’s personal data.

12. Changes

We may update this policy from time to time. We will post the latest version on this page with the updated date.