Privacy Policy

Last Updated: May 2026

At Cocoon Housekeeping, we take your privacy seriously and we understand that sharing personal information with a home service provider requires real trust. This policy explains what information we collect, how we use it, and your rights in relation to it.

Cocoon Housekeeping is operated as a sole trader business by Eve Thorne, trading as Cocoon Housekeeping (referred to in this policy as “we”, “us”, or “our”). We are the data controller for any personal information collected through our website or services.

This policy applies to clients, prospective clients, and visitors to our website.

1. What Information We Collect
We may collect the following types of personal information:
• Your name, email address, and phone number
• Your home address, alarm codes, and access instructions necessary for service delivery
• Key holder details, where relevant
• Pet information, where relevant to safe and appropriate service delivery
• Household preferences, lifestyle notes, and any other personal context you choose to share with us to help us tailor our service
• Photographs taken during consultations, to help us understand your home and deliver a thorough service
• Payment and invoicing information
• Communications between us, including enquiries, appointment details, and feedback
• Technical information from our website, such as your browser type, pages visited, and time spent on the site (collected via cookies and analytics tools)

We only collect information that is relevant to delivering a thoughtful, professional, and personalised service.

2. How We Use Your Information
We use your information to:
• Respond to enquiries and arrange consultations
• Provide and manage our housekeeping services
• Maintain service notes and home care preferences where relevant
• Communicate about appointments, schedules, or changes to services
• Process payments and maintain internal records
• Improve our services and website experience
• Meet legal or regulatory obligations where required

Our legal basis for processing
Under UK GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following:
• Contractual necessity: to provide the services you have engaged us for, including managing appointments, service delivery, and payments
• Legitimate interests: to run and improve our business in a way that is reasonable and does not unduly affect your rights (for example, keeping service notes that help us do our job well)
• Legal obligation: to meet our legal and accounting requirements, including those set by HMRC
• Consent — where you have actively chosen to share information with us (for example, signing up to receive communications from us)

3. Confidentiality
We understand that inviting someone into your home requires trust. Any information shared with us during consultations or while delivering services is treated with the utmost discretion, and used only where necessary to provide and manage your service appropriately.

As a sole trader business, your information is held by us directly. Should we engage any authorised team members to assist with service delivery, access to client information would be limited strictly to what is necessary for operational purposes.

4. Third-Party Processors
We use a small number of trusted third-party platforms to help us run our business. Each processes personal data on our behalf and is bound by appropriate data processing agreements and security standards. These are:
• Xero: a cloud-based accounting platform used to manage invoicing and financial records
• GoCardless: a payment processing platform used to collect Direct Debit payments securely on our behalf
• Microsoft OneDrive: a secure cloud storage platform used to store client documents, service notes, and related records

We do not sell or share your information for marketing purposes, and we will never pass your details to third parties beyond those listed above, except where required by law.

Information may only be disclosed to others where required by law, legal process, or regulatory obligation.

5. International Data Transfers
Your personal data is stored and processed within the United Kingdom. We do not transfer your information outside of the UK.

6. Data Retention
We retain personal information only for as long as is reasonably necessary to provide our services, maintain appropriate business records, or meet our legal and accounting obligations.

If you request deletion of your information, we will securely remove it where we are legally permitted to do so. In some circumstances, we may be required to retain certain records for a statutory period (for example, financial records for HMRC purposes).

7. Security
We take appropriate measures to protect your personal information against unauthorised access, loss, misuse, or disclosure. Information is stored using reputable, secure systems. Where third-party platforms are used (such as Xero, GoCardless, and Microsoft OneDrive), we rely on providers with robust security protections in place.

8. Cookies & Website Analytics
We use minimal, privacy-conscious analytics to understand how our website is being used, so we can continue to improve it. These tools may collect limited technical information, such as your browser type, the pages you visited, and time spent on the site but do not directly identify you as an individual.

You can manage your cookie preferences at any time through your browser settings.

9. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
• The right to access: you can request a copy of the personal information we hold about you
• The right to rectification: you can ask us to correct any information that is inaccurate or incomplete
• The right to erasure: you can request that we delete your personal data, where we are legally permitted to do so
• The right to restrict processing: you can ask us to limit how we use your data in certain circumstances
• The right to object: you can object to our processing of your data where we are relying on legitimate interests as our legal basis
• The right to data portability: you can request that we provide your data in a portable format where technically feasible

If you have a concern about how your information has been handled, we would always encourage you to contact us directly in the first instance via the contact details below. We will respond to all requests and complaints within one month. You also have the right to lodge a complaint with the ICO at any time.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection, at ico.org.uk or by calling 0303 123 1113.

10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. We encourage you to review this policy periodically.

11. Contact

If you have any questions about this Privacy Policy or how your information is handled, please don’t hesitate to get in touch: eve@cocoonhousekeeping.com