Data Protection Act 2018 and GDPR
This privacy notice is in accordance with the EU’s General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018 both applicable from 25th May 2018 specifically in relation to our client data in terms of what information is held, how it is stored, why we hold it, and what we do with it. This notice tells you what we do with your personal information when you make contact with us or use one of our services.
In providing you with our services, we will process and store your personal information. We have legal and professional obligations to keep your personal information confidential. We comply with UK and EU data protection laws.
We are committed to keeping your personal information secure. We have put in place physical, electronic and operational policies and procedures designed to safeguard and to secure the information we collect and hold.
What Information Do We Hold About You?
The information we hold about you may include personal information. It will typically include:
- Your name, address, phone number/s, email address/es
- Identifiers such as date of birth; National Insurance, passport, visa, driving licence numbers; photographs or other digital images
- Financial details to include bank details, mortgage account, means questionnaire
- Social media information
- Special category and (in some cases) criminal conviction data including health records, Trade Union membership, political affiliations, sexuality, ethnic origin, criminal records
We do not provide services directly to children or proactively collect their personal information. However, we are sometimes given information about children while handling a matter. The information in the relevant parts of this notice applies to children as well as adults.
Where Has the Data Come From?
The data we hold will have come from:
- You in person, by telephone, by email, by SMS/text, or from your use of our website, through your initial enquiry, request for a quote, initial instructions, and when we deal with your tenancy or sale; or when you subscribe to our e-newsletter
- An intermediary, such as an estate agent, solicitor or a financial advisor, who refers you to us
- Another company that transfers your file to us
- A client who names you as the buyer/seller/tenant/landlord/guarantor of a property we are instructed to deal with
It is very important to ensure that we hold up to date information, so please remember to tell us about any of the following as soon as possible, if relevant:
- Changes of personal circumstances, such as relationship status or the birth of children
- Changes of name or address
- change of contact details including mobile phone number and email address
- bank details (if relevant)
What Will We Do With Your Data?
We will process your data only for the purpose of providing you with the relevant property services required. If the scope changes, we will tell you. With your consent, we may also use the data for advising you of our other products and services which we think may be of interest to you.
We will never sell your personal data to anyone.
Who Is the Data Shared With and Why?
We may share information about you:
- Within the company to enable us to deal with your matter effectively and efficiently
- With other property companies acting for other parties in the same matter (where applicable)
- With our outsourced providers including for example our accounts function, IT consultant, risk and compliance consultant
- With an external credit referencing agencies, for example whilst processing your tenancy application or ID verifications
- With the intermediary who introduced you to us including for example a financial advisor or estate agent
- With utility supplier such as gas, electric, council tax and water rates suppliers, if applicable
- With the solicitors acting for your transaction, if applicable
- With local authorities or law enforcement agencies where required, for example under a Court order
What Is the Lawful Basis for Processing Your Data?
The legal bases we rely on to process your personal data are as follows:
1. Performance of our services to you under article 6(1)(b) GDPR
2. Compliance with a legal obligation to which we are subject, under article 6(1)(c) GDPR
3. Consent under article 6(1)(a) GDPR, where you have given consent to the processing of your personal data for one or more specific purposes as listed in our Terms of Business. Otherwise, we rely on (1) and (2)
Transfer of Data to Third Countries
Whilst we store our data in the United Kingdom (or the European Economic Area, to which equivalent protections apply) we will, with your consent, transfer your data to third countries if your matter requires. For example, if you are a resident of China, we will email you there. You must be aware that third countries do not offer the same degree of protection as the UK and in particular email correspondence might be subject to government surveillance or other interception or monitoring. We are not responsible for data security in third countries and by providing your email address you consent to us using it to communicate with you. If requested we will agree suitable password protection [or other encryption] for email correspondence.
Your Data Protection Rights
Under data protection law, we need to tell you about your rights. Those available to you depend on our reason for processing your information.
- Right of access - you can ask for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process
- Right to rectification - you can ask us to rectify information you think is inaccurate, or incomplete
- Right to erasure – in certain circumstances, you can ask us to erase your personal information
- Restriction of processing – in certain circumstances you can ask us to restrict processing to specified activities
- Objection to processing – for example to direct marketing
- Data portability - you can ask us to transfer the information you gave us to another company, or to give it to you
We will keep your information for only as long as necessary and in accordance with UK and EU law. We will retain your file for at least 7 years. Even if your matter does not complete, the Money Laundering Regulations 2017 require us to keep evidence of your identity, with supporting documentation, for 5 years after we complete our work for you.
Technical and Organisational Security Measures
We take great care of our clients’ data. We have robust data protection and information security policies. Our database is encrypted, and backed up frequently. All our systems are password-protected, with appropriate anti-virus and other security measures. Access is on a need-to-know basis only.