About this Privacy Notice
We value the personal data that individuals, clients and organisations choose to share with us and we take their privacy very seriously.
This Privacy Notice sets out the categories of personal data we may ask you to supply, why we need that data, how we will use it and how long we will retain it.
We are a data controller for the purpose of all personal data we process, and our Data Protection Compliance Manager is Mark Newman.
We undertake to draw this Privacy Notice to the attention of all relevant parties, and should you engage our services we will take it to mean that you are satisfied with its contents. Should you have any concerns or wish to discuss the contents of this notice further, please contact our Data Protection Compliance Manager at firstname.lastname@example.org. We may update this notice from time to time and we recommend you refer to it regularly on our website.
What personal data might we need?
We will only collect the personal data necessary to facilitate our interaction with you, such as information that is necessary for the performance of a contract between you and us and information without which we would not be able to provide you with the requested services.
Categories of personal data we may collect from you include:
We do not seek to obtain personal data that falls outside the scope of this Privacy Notice and we kindly request that individuals do not furnish us with any unnecessary personal data. In accordance with data protection legislation we may destroy personal data supplied to us where we do not believe we have a sufficient legal basis to retain it. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Why do we need your personal data?
We process your personal data on the following bases:
How will we use your personal data?
We may use your data in the following ways but only ever for the purpose for which it was collected:
Third party processors
From time to time, only where necessary to facilitate our relationship with you, we may transfer your personal data to our third- party data processors. Processors have obligations under the data protection legislation with regards to your data as well as obligations in accordance with their contractual relationship with us. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. These third-party data processors include:
Where we have already provided you with our services in some way we may contact you with regards to other services, promotions or events that we believe you may be interested in. If you do not wish to hear from us, please let us know.
If you have given us your consent to contact you by email or other means for marketing purposes we will only use the personal data provided for this purpose and your details will not be passed to any third parties. You have the right to withdraw your consent for processing at any time and should you wish to do so, please contact the Data Protection Compliance Manager or follow the unsubscribe option in the email you receive. Once we have received notification that you have withdrawn your consent, we will no longer contact you for marketing purposes and, subject to our retention policy, we will dispose of your personal data securely.
Retaining your personal data
We have legal obligations as a company, an employer and a provider of services to retain records containing personal data, even after the main purpose of a relationship has ended. In accordance with our obligations, transaction details will be retained for 6 years, after which archived files are destroyed. Nevertheless, for all personal data, once our obligation to retain the data ceases, we will cease processing and destroy it.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting our Data Protection Compliance Manager.
We maintain appropriate security measures to prevent the misuse, loss or disclosure of your personal data.
This notice is relevant whether your personal data was obtained directly from you or where your information was provided to us by a lettings/managing agent or recommendations. Where you have been referred to us, for example by a letting agent, we will assume you are aware of who provided us with your information as it is standard procedure for them to inform you. If this is not the case, please let us know at your earliest convenience.
You have the right to access the personal data we hold for you and the right to request that your personal data be rectified, erased or transported to another data controller. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. You may also request that we erase all your data that we hold or that we restrict processing. Should you wish to exercise any of these rights, please contact the Data Protection Compliance Manager.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).