020 7946 0321
support@vaxlimo.com

GDPR Compliance

Our commitment to protecting your personal data under UK GDPR

Last updated: 19 March 2026

Data Controller: Vaxlimo Ltd, Kossuth Lajos sugárút 8, 6720 Szeged

Data Protection Contact: support@vaxlimo.com

1. Our Commitment to Data Protection

Vaxlimo Ltd is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognise that protecting your personal data is not merely a legal obligation but a fundamental part of building and maintaining trust with our clients.

We have implemented comprehensive technical and organisational measures to ensure that all personal data we process is handled lawfully, fairly, and transparently. Our data protection practices are regularly reviewed and updated to reflect changes in legislation, technology, and our business operations.

This page provides detailed information about our GDPR compliance framework. For information about the specific personal data we collect and how we use it, please also refer to our Privacy Policy.

2. Data Protection Officer

While Vaxlimo is not legally required to appoint a Data Protection Officer (DPO) under Article 37 of the UK GDPR, we have designated a senior member of our management team to oversee data protection compliance. This individual is responsible for:

  • Monitoring our compliance with UK GDPR and the Data Protection Act 2018
  • Managing data subject access requests and other rights requests
  • Conducting and overseeing Data Protection Impact Assessments (DPIAs)
  • Acting as the point of contact for the Information Commissioner’s Office (ICO)
  • Training staff on data protection obligations
  • Reporting to senior management on data protection matters

You can contact our data protection lead at:

  • Email: support@vaxlimo.com
  • Post: Data Protection, Vaxlimo Ltd, Kossuth Lajos sugárút 8, 6720 Szeged
  • Phone: 020 7946 0321

3. Data Processing Details

3.1 Categories of Personal Data

We process the following categories of personal data:

  • Client data: Names, addresses, email addresses, phone numbers, property details, cleaning preferences, and payment information
  • Employee data: Names, addresses, national insurance numbers, DBS check results, bank details, and employment records
  • Website visitor data: IP addresses, browser information, page views, and cookie data
  • Enquiry data: Names, contact details, and message content submitted through our contact form

3.2 Purposes and Legal Bases

Each category of data processing has a clearly defined purpose and lawful basis:

  • Service delivery: Contract performance — to fulfil our cleaning service agreements
  • Customer communication: Legitimate interests — to manage appointments, provide updates, and handle enquiries
  • Marketing: Consent — to send promotional materials (opt-in only)
  • Financial records: Legal obligation — to comply with HMRC requirements
  • Website analytics: Consent — to understand website usage and improve our online presence
  • Employment: Contract performance and legal obligation — to manage our employment relationships

3.3 Data Minimisation

We adhere to the principle of data minimisation by collecting only the personal data that is necessary for the stated purpose. We regularly review our data collection practices to ensure we do not hold unnecessary information.

4. Consent Management

Where we rely on consent as a lawful basis for processing, we adhere to the following principles:

  • Freely given: Consent is never a precondition for receiving our services (except where data is essential for service delivery)
  • Specific: We obtain separate consent for each distinct purpose
  • Informed: We clearly explain what you are consenting to before you provide consent
  • Unambiguous: Consent is obtained through clear affirmative action (e.g., ticking a checkbox)
  • Withdrawable: You can withdraw consent at any time by contacting us, and withdrawal is as easy as giving consent

We maintain records of all consent given, including when it was given, what information was provided, and the method of consent.

5. Cookie Policy

Our website uses cookies in compliance with the Privacy and Electronic Communications Regulations (PECR) 2003 and UK GDPR. Below is a detailed breakdown of the cookies we use:

Cookie Name Type Purpose Duration
vaxlimo_cookies Essential Stores your cookie consent preference 1 year
_ga Analytics Google Analytics — distinguishes unique users 2 years
_ga_* Analytics Google Analytics — maintains session state 2 years
_gid Analytics Google Analytics — distinguishes users 24 hours

5.1 Managing Your Cookie Preferences

When you first visit our website, a cookie consent banner allows you to accept or decline non-essential cookies. You can change your preferences at any time by:

  • Clearing your browser’s cookies and revisiting our site (the consent banner will reappear)
  • Adjusting cookie settings in your browser preferences
  • Contacting us at support@vaxlimo.com to request we stop processing your data

Please note that essential cookies cannot be disabled as they are necessary for the website to function correctly.

6. Data Breach Procedures

We have robust procedures in place to detect, report, and investigate personal data breaches:

6.1 Detection and Containment

All staff are trained to recognise potential data breaches and report them immediately to our data protection lead. Upon discovery, we take immediate steps to contain the breach and prevent further unauthorised access.

6.2 Risk Assessment

We assess each breach to determine the likelihood and severity of risk to individuals’ rights and freedoms. This assessment considers the type and sensitivity of data involved, the number of individuals affected, and the potential consequences.

6.3 Notification to the ICO

Where a breach is likely to result in a risk to individuals’ rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours of becoming aware of it, in accordance with Article 33 of UK GDPR.

6.4 Notification to Affected Individuals

Where a breach is likely to result in a high risk to individuals’ rights and freedoms, we will notify affected individuals without undue delay, in accordance with Article 34 of UK GDPR. This notification will include clear information about the breach, its likely consequences, and the measures we have taken to address it.

6.5 Documentation

We maintain a comprehensive record of all data breaches, regardless of whether they meet the threshold for ICO notification. This record includes the facts of the breach, its effects, and the remedial action taken.

7. International Data Transfers

Vaxlimo primarily processes and stores all personal data within the United Kingdom. We do not routinely transfer personal data to countries outside the UK.

In the limited circumstances where an international transfer may be necessary (for example, through the use of cloud-based tools with servers outside the UK), we ensure that:

  • The transfer is to a country with an adequacy decision from the UK government, or
  • Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), or
  • A specific derogation applies under Article 49 of UK GDPR

We conduct transfer risk assessments to evaluate the level of data protection in the recipient country and implement supplementary measures where necessary.

8. Children’s Data

Our services and website are not directed at children under the age of 18. We do not knowingly collect, process, or store personal data from children.

If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete that data from our records. If you believe that we hold personal data about a child, please contact us immediately at support@vaxlimo.com.

Where our cleaning services are provided at a household where children reside, we only collect personal data from the adult account holder.

9. Your Rights

Under UK GDPR, you have the following rights, which we are committed to upholding:

  • Right to be informed (Articles 13 & 14): You have the right to clear, transparent information about how we use your data. This GDPR page and our Privacy Policy fulfil this obligation.
  • Right of access (Article 15): You can request a copy of all personal data we hold about you. We will respond within one calendar month.
  • Right to rectification (Article 16): You can request correction of any inaccurate or incomplete personal data without undue delay.
  • Right to erasure (Article 17): You can request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing (Article 18): You can request that we limit the way we use your data in certain circumstances.
  • Right to data portability (Article 20): You can request your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): You can object to the processing of your personal data in certain circumstances, including for direct marketing.
  • Rights related to automated decision-making (Article 22): You have the right not to be subject to a decision based solely on automated processing. We do not currently use automated decision-making that has legal or significant effects.

To exercise any of these rights, please email support@vaxlimo.com with the subject line “Data Subject Rights Request”. We may need to verify your identity before processing your request. All requests are handled free of charge, unless manifestly unfounded or excessive.

10. Complaints

If you believe that we have not handled your personal data appropriately, we encourage you to contact us first so we can try to resolve the matter. You also have the right to lodge a complaint with the UK’s supervisory authority:

  • Information Commissioner’s Office (ICO)
  • Website: https://ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

11. Updates to This Policy

We review and update this GDPR compliance page at least annually, or whenever there are significant changes to our data processing activities, legal requirements, or regulatory guidance.

Significant changes will be communicated to our clients via email. The “Last updated” date at the top of this page reflects the most recent revision.

Previous versions of this policy are retained for a period of three years and are available upon request.

12. Contact Us

If you have any questions about our GDPR compliance, data protection practices, or wish to exercise your rights, please do not hesitate to contact us:

  • Email: support@vaxlimo.com
  • Phone: 020 7946 0321
  • Post: Data Protection, Vaxlimo Ltd, Kossuth Lajos sugárút 8, 6720 Szeged