We value the personal data that individuals, clients and organisations choose to share with us and we take their privacy very seriously.
We are a data controller for the purpose of all personal data we process and our Data Protection Compliance Manager is Karen Price.
What personal data might we need?
We will only collect the personal data necessary to facilitate our interaction with you, such as information that that is necessary for the performance of a contract between you and us and information without which we would not be able to provide you with the requested services.
Categories of personal data we might collect from you include:
- Your identification details (e.g. your name and email address)
- Your bank details: and/or
- Information about your finances.
Why do we need your personal data?
We process your personal data on the following bases:
- Processing is necessary for the performance of a contract we have with you, such as us providing you with legal or other services;
- Processing is required of us by law, for example, to provide you with estate agency services we may need your identification details to perform an anti-money laundering check; and /or
- Processing is undertaken for a legitimate interest pursued by us. For example, our commercial interest where we have provided you with some of our services we may contact you regarding other promotions or updates we believe might be beneficial to you.
- Processing is undertaken on the basis you have consented to it. For example, if you have signed up to our newsletter.
How will we use your personal data?
We may use your data in the following ways but only ever for the purpose for which it was collected:
- For recruitment purposes;
- To provide the services detailed on our website;
- To provide you with advice;
- To contact you about our services, promotions or updates;
- For invoicing purposes; and /or
- To comply with our legal obligations.
Third party processors
From time to time, only where necessary to facilitate our relationship with you, we may transfer your personal data to our third-party data processors. Such processors include solicitors, financial advisors, EPC assessors, surveyors etc. Processors have obligations under the data protection legislation with regards to your data as we as obligations in accordance with their contractual relationship with us. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Other third-party data processors include:
- Our professional advisers and auditors;
- Our IT service providers; and
- Third parties involved in hosting or organising events or seminars where you have informed us you wish to attend.
We do not currently transfer personal data outside the EEA and do not envisage that we will need to do so. If we did need to transfer data outside the European Economic Area (EEA) and the country it’s transferred to is not on an approved list for having adequate security controls in place, we will limit when we do this and the amount of personal data we send. We will also do this with a view to ensuring that the level of protection which applies to personal information processed in these countries is similar to that which applies within Europe.
Where we have already provided you with our services in some way we may contact you with regards to other services, promotions or events that we believe you may be interested in. If you do not wish to hear from us, please let us know. If you have given us your consent to contact you by email or other means for marketing purposes we will only use the personal data provided for this purpose and your details will not be passed to any third parties.
You have the right to withdraw your consent for processing at any time and should you wish to do so, please contact the Data Protection Compliance Manager or follow the unsubscribe option in the email you receive. Once we have received notification that you have withdrawn you consent, we will no longer contact you for marketing purposes and, subject to our retention policy and we will dispose of your personal data securely.
Retaining your personal data
We have legal obligations as a company, an employer and a provider of estate agency services to retain records containing personal data, even after the main purpose of a relationship has ended, for example where we acted for you regarding the sale or letting of your property and that transaction has now completed. In accordance with our obligations, legal documents will be retained for six years, after which archived files are destroyed. Nevertheless, for all personal data, once our obligation to retain the data ceases, we will cease processing and destroy it.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes of which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
This notice is relevant whether your personal data was obtained directly from you or where your information was provided to us by a third party. Where you have been referred to us, for example by another professional, we will assume you are aware of who provided us with your information as it is standard procedure for them to inform you. If this is not the case, please let us know at your earliest convenience.
We maintain appropriate security measures to prevent the misuse, loss or disclosure of your personal data. Personal data is held in our software systems and a limited amount in hard copy format. Personal data held within a software system is securely protected with individual logins, which will only be given to those who need to access the data. Limited hard copy data will be retained in lockable cabinets, again only accessible by those who need access to the data.
You have the right to access the personal data we hold for you and the right to request that your personal data to be rectified, erased or transported to another data controller. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. You may also request that we erase all your data that we hold or that we restrict processing. Should you wish to exercise any of these rights, please contact the Data Protection Compliance Manager.
You have the right to make a complaint any time to the Information Commissioners office (ICO), The UK supervisory authority for data protection issues (www.ico.org.uk). Our registration number is Z8784396. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.