Order From Chaos - Customer Privacy Notice

Registered name: JdS Consulting Ltd.
Company Number: 14974139
ICO Registration: ZB705394

This privacy notice tells you what to expect us to do with your personal information.

Contact Details

Email: hello@order-from-chaos.co.uk
Phone: 07769 065404
Address: 71-75 Shelton Street, London. WC2H 9JQ

What Information We Collect, Use, and Why for Providing Our Decluttering and Organising Services

We collect and use the following information:

Names and contact details (phone, email, address)
Health information - to tailor our services to your needs and ensure we can work safely in your environment
Property information - details about spaces we're organising
Usage data - how you interact with our website and services
Communication records - emails, WhatsApp messages, meeting notes
Video and photographic recordings - with your explicit consent, for marketing purposes on social media
Financial information - payment details and transaction history

For Customer Account Management

Account registration details
Service history and preferences
Marketing preferences
Billing and payment information

For Marketing (with your consent)

Contact details
Service preferences
Before/after photos/videos of your spaces
Testimonials and reviews

For Legal Compliance

Identity verification information
Financial transaction records
Correspondence and complaint records

Our Lawful Bases for Processing Your Data

We process your personal data under the following legal grounds:

Contract - We need your information to provide our decluttering services and manage your account.

Consent - For marketing communications, photography/videography, and sharing health information.

Legitimate Interests - For improving our services, preventing fraud, and business administration. Our legitimate interests include providing tailored organising services and maintaining business records.

Legal Obligation - For tax records, regulatory compliance, and safeguarding requirements.

Special Category Data (Health Information): We process health data under Article 9(2)(a) GDPR - with your explicit consent.

Circumstances Where We May Share Your Information:

With Your Consent

Marketing photos/videos on our social media platforms
Testimonials and case studies
Referrals to other service providers you've requested

Without Your Consent (Legal Requirements)

We may share your personal information without consent only in exceptional circumstances:

Safeguarding concerns - Where we have reasonable concerns about the safety of a child, vulnerable adult, or any person at risk of harm
Legal obligations - Where required by law to disclose to authorities
Emergencies - Where immediate disclosure is necessary to prevent serious harm
Court orders - Where compelled by a court or tribunal
Regulatory investigations - To comply with ICO or other regulatory body requests

In such cases, we will only share the minimum information necessary and will inform you unless doing so would increase the risk of harm or if we are legally prevented.

Service Providers

We may share data with trusted service providers who help us deliver our services:

Cloud storage and email providers - For secure data storage and communication
Website hosting and domain services - For maintaining our online presence
Customer relationship management systems - For managing client relationships
Payment processors - For handling transactions securely
Video editing and content creation platforms - For creating marketing materials (with consent)
Design and marketing tools - For business communications and content creation
Appointment booking and automation systems - For scheduling and workflow management
Professional advisors - Accountants, lawyers, and business consultants

We may also work with other service providers as our business needs evolve. All service providers are carefully selected and are contractually required to protect your data and use it only for the specified purposes.

International Transfers

Some of our service providers store or process data outside the UK, including:

Cloud storage and email services - For secure data storage and communication
Website hosting and domain services - For our online presence and booking systems
Customer relationship management systems - For managing client records and communications
Video editing and content creation platforms - For creating marketing materials with your consent
Design and marketing tools - For business communications and social media content
Appointment booking and automation systems - For scheduling and workflow management
Social media platforms - For marketing content with your explicit consent

We may also use other business software and online services that process data internationally as our business needs evolve.

All international transfers are protected by:

Adequacy decisions by the UK government, or
Standard contractual clauses approved by the ICO, or
Other appropriate safeguards under UK GDPR

Data Security

We implement appropriate technical and organisational measures to protect your data:

Digital security: Password protection with two-factor authentication (2FA)
Cloud storage: Secure Microsoft cloud services with encryption
Access controls: Only authorised personnel (currently just the business owner) can access personal data
Communication security: WhatsApp end-to-end encryption for client communications
Regular updates: Software and security systems kept current
Data minimisation: We only collect and retain data necessary for our services

How Long Do We Keep Your Information

We retain personal data for 8 years after our last interaction with you. This allows us to:

Handle any queries about past services
Comply with tax and legal record-keeping requirements
Maintain professional insurance coverage

Marketing photos/videos are retained indefinitely with your ongoing consent (which you can withdraw at any time).

Automated Decision-Making

We do not use automated decision-making or profiling that would significantly affect you. Humans make all decisions about our services.

Your Data Protection Rights

Under UK data protection law, you have the following rights:

Right of Access - Request copies of your personal data and information about how we use it

Right to Rectification - Ask us to correct inaccurate or incomplete data

Right to Erasure - Request deletion of your data (subject to legal retention requirements)

Right to Restrict Processing - Limit how we use your data in certain circumstances

Right to Object - Object to processing based on legitimate interests or for marketing

Right to Data Portability - Request transfer of your data to another organisation

Right to Withdraw Consent - Remove consent for processing that requires it (e.g., marketing, health data)

To exercise any of these rights, contact us using the details above. We will respond within one month.

Note: Some rights may be limited where we need to retain data for legal compliance or safeguarding purposes.

Marketing Communications

We will only send marketing communications with your consent. You can:

Unsubscribe at any time using the links in our emails
Contact us to update your preferences
Withdraw consent for use of your photos/videos in marketing

Complaints

If you're unhappy with how we handle your personal data:

Contact us first: hello@order-from-chaos.co.uk
Contact the ICO: If we cannot resolve your concern

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint

Changes to This Notice

We may update this privacy notice from time to time. Any significant changes will be communicated to you directly.

Last Updated: 4th January 2026

This privacy notice should be read alongside our service contract, which contains additional information about confidentiality and data processing.