About this Policy
This privacy notice explains how we look after your personal data (in all situations where we collect your data) and sets out your privacy rights and also explains how the law and our approach to privacy and personal data protects you.
This privacy notice supplements any other privacy notices that we may provide to you at the point that we collect data from you and should be read in conjunction with those notices.
Our status and details
For the purpose of the GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to our Data Protection Officer using the contact details below:
Name or title: Carolyn Jones
Email address: firstname.lastname@example.org
Postal address: 33 Lower Bridge St, Chester, CH1 1RS
By using the Website, you consent to this policy. We are registered with the Information Commissioner’s Office for this purpose.
Information we collect
We will collect, process and store personal data only if it is directly provided to us by you. You may do this in your capacity as the user of this Website, by enquiring in relation to our goods or services, becoming a customer or supplier, or potential supplier.
Personal information covers any information which relates to you as an identifiable person. Below are examples of the type of data that this may include:
(a) Identity Data including forenames, last name, maiden name, date of birth, gender, marital status, and username or similar identifier.
(b) Contact Data may include invoicing; purchase order; home or work address, email address and telephone numbers, personal or job title and position.
(c) Financial Data may include bank account and payment card details.
(d) Special Category Data for example health or medical data, details about your race, religion, sex and political opinions.
(e) Transaction Data may include payments made for products and services you have purchased from us, or in relation to payments that we have made to you.
(f) Technical Data may include internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access this Website.
(g) Profile and Usage Data may include enquiries submitted by you, purchases information, feedback and survey responses, and how you use our website, products and services.
(h) Marketing Data may include details of any preference that you have advised us of in relation to marketing communications from us.
We may also collect non-personal data such as Aggregated Data which is data that may be obtained from your personal data, but which does not directly or indirectly identify you. This may include Usage Data detailing how you use our Website and the features and areas that you have interacted with.
How do we collect your personal data?
A range of different methods may be used to collect data which may include the following methods:
(a) Direct interactions with us in person, by post, phone, email or otherwise. You may give us your Identity, Contact and Financial Information.
(b) Automated technologies or interactions with our website, by using the web enquiry form, You may give us Identity, Contact and Financial Information.
(c) Third parties or publicly available sources (third parties may be used in processing Identity, Contact and Financial categories of personal data).
It is important that the data that we hold about you is accurate and up to date. In the event that your data changes please notify us so that we can update our records.
Use of your information
We may hold and process personal data that you provide to us in accordance with the GDPR.
The information that we collect and store relating to you is primarily used:
(a) To enable us to provide our services to you, to communicate with you and to meet our contractual commitments to you. This may include Identity, Contact, Financial and Transactional data.
(b) To notify you about any changes to our business, such as improvements to our Website or service/product changes, that may affect our service or relationship with you. This may include Identity and Contact data.
(c) If you are an existing customer, we may contact you with information about goods and services similar to those that were the subject of a previous sale to you. This may include Identity and Contact data.
(d) Where you have consented to receive such information, to provide information on other parties’ products or services that we feel may be of interest to you. This may include Identity, Contact and Marketing data.
(e) Where you have consented to receive our e-newsletters to provide that to you. This may include Identity and Contact data.
(f) Where we need to comply with a legal obligation. This may include Identity, Contact and Transactional data.
(g) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This may include all types of data.
Where we collect your data for marketing purposes we will always request your consent, at the point the data is collected, to use your data for that purpose.
We will always obtain your prior consent to sharing your personal data with any third party for their marketing purposes. This may be to enable relevant third parties to advise you of products or services that may be of interest to you.
We will only use your personal data for a reason other than the purpose for which it was originally obtained if we consider that we need to use it for that other purpose and have a legitimate interest in doing so.
Disclosure of your information
There are a range of circumstances where we may disclose your data to third parties. These include:
(a) Regulatory bodies. We may disclose your data to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk. This may include Identity, Contact and Transactional data.
(b) Our Suppliers. We may disclose your data to third parties that are involved in the fulfilment of our services to you. This may include Identity, Contact and Transactional data.
(c) Third party marketing. Where you have consented for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in. This may include Identity, Contact and Marketing data.
Please be advised that we do not reveal information about identifiable individuals to our advertisers, but we may, on occasion, provide them with Aggregated Data about our Website visitors and customers.
If you do not want us to share your data with third parties you will have the opportunity to withhold your consent to this when you provide your details to us on the form on which we collect your data, or you can do so by writing to us at the address detailed above or sending us an email to email@example.com at any time.
Controlling the use of your data
Where we rely on consent as the lawful basis for processing your data you can revoke or vary that consent at any time.
If you do not want us to use your data or want to vary the consent that you have provided you can write to us at the address detailed in clause 2 or email us at firstname.lastname@example.org at any time.
Data storage and the transfer your data
As part of the services offered to you, for example through our Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, payment processing provider, or work for us when temporarily outside of the EEA.
A transfer of your personal data may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA.
If you use our service while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with these services.
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk.
We have put in place security measures to prevent your data from accidental, loss or disclosure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential. You should choose a password it is not easy for someone to guess.
In the event of a data breach we will notify the ICO and you in the event that the breach results in any likelihood of loss or damage to you.
The length of time that we retain, and store data depends on the purpose for which it was collected. We will only store data for as long as is required to fulfil that purpose, or for the purpose of satisfying legal requirements.
It is a legal requirement that we keep certain data about our customers and suppliers for at least six years. The type of data includes Contact, Identity, Financial and Transaction Data.
Where you have requested that we provide you with marketing materials we will retain your data until such time as consent is withdrawn by you.
We may also gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website and the service that we provide to you.
The GDPR gives you a range of rights in relation to the personal data that we collect from. You have the right to:
(a) Access your personal data. This right is commonly known as the ‘data subject access request’ and enables you to receive a copy of the personal data we hold about you. You will not need to pay a fee to access your personal data unless we can justifiably demonstrate that the request is repetitive or excessive. We will respond to all legitimate data access requests within one month, but we may need to obtain further information from you in order to confirm your identity and the legitimacy of the request.
(b) Request update of the personal data. This enables you to have any incomplete or inaccurate data corrected.
(c) Erasure of your personal data. This enables you to ask us to delete personal data where there is no justifiable reason for us continuing to retain and process it. We may not always be able to delete the data such as if there is an ongoing contractual relationship between us or if we are legally required to retain the data.
(d) Object to processing of your personal data where we are relying on consent or our legitimate interests (or those of a third party) as the justification for processing the data.
(e) Restrict the processing of your personal data. This enables you to ask us to change the processing of your personal data. For example, you may wish to vary the basis on which we contact you.
(f) Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, machine-readable format.
(g) Withdraw consent. Where we are relying on consent to process your personal data you may withdraw that consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You can exercise these rights at any time by writing to us at the address detailed above, or by email to email@example.com.
Third party links
You might find links to third party websites on our website. If you click a link to a third-party website and visit that site, you may be allowing that site to collect and share certain data about you. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
If you wish to raise a complaint regarding our use of your personal data then you can contact the Information Commissioner’s Office (ICO), who are the UK supervisory authority for data protection issues. (www.ico.org.uk).
If you do wish to raise a complain then we would welcome the opportunity to discuss your concerns before you contact the ICO to see if we can resolve the issue for you.
Changes to this policy
We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.
Version: June 2023
General Data Protection Notice
Thank you for visiting our website, we hope we can help you with your enquiry. We want to let you know that we will respond to any questions or request as soon as possible and will send you other information that we think you might be interested in. We promise not to bombard you with emails, phone calls or letters and feel free to tell us to stop at any time by simply contacting us by email to: firstname.lastname@example.org
It is important to tell you that we take your privacy very seriously and that we have completed our EU wide General Data Protection Regulations (GDPR) compliance processes. Whether you are contacting us a potential vendor, purchaser, tenant, landlord, investor, supplier, or in any capacity we will ensure to keep your personal information safe. This means that we promise to keep your data secure and will not share with anyone except where this is necessary to fulfil our commitments to you and our customer, meet the terms of our contract with you, or meet our obligations to our suppliers, partners, investors, landlords, and other third parties but always as you would reasonably expect, with your consent where necessary, or as required by law or other regulations. We will only store your details for as long as necessary and will dispose of any data securely when no longer required.
We will of course respect your rights under the data protection regulations, ensuring that your information is collected, processed and stored in accordance with the data protection laws as defined in the GDPR and all other applicable regulations and kept safe at all times.
For more info and access to the full privacy statement, see below:
|Who will use my data?||Town & Country Estate and Letting Agents|
|What for?||We will store and process your data in order to allow us to provide our estate agent, letting agent, auctioneering and associated property management services to you whether you contact us a tenant, landlord, investor, or in any other capacity. We will respect your rights under all data protection regulations and take precautions to keep your data safe. As a tenant or prospective tenant we will process your data as required to provide our services to you including recommending accommodation options, completing credit vets, reference checks, employment checks and other processes as required. With your explicit consent may also use your data to process financial transactions including payments and where strictly necessary we may process more sensitive information about you. As a vendor, buyer, landlord or investor we will use your data in order to provide our services to you. With your explicit consent may also use your data to process financial products and services and where strictly necessary we may process more sensitive information about you.|
|What will happen if I contact you?||If you contact us, we will use your information to send you the information you have requested and updates, offers and other information that we think you will be interested in. If you choose to use our services, we may collect more information from you and where necessary share your information with carefully selected third parties required to provide the services you have requested. Where we share your data this will be as you would reasonably expect and always with your consent.|
|What data will be stored?||We will store your personal details, and where necessary family, employment, financial, and other information, in order to provide our services to you. We will store your details plus relevant information relating to enquiries, contracts, financial, and other information as required. This may include sensitive personal information but only with your explicit consent.|
|What data will be shared?||We will not share your data with any third parties other than as described here. We are obliged to share your information with any regulator or legal body that requests it. We will use your personal data for the provision of our estate agency service we offer you. To comply with the law, we need to get evidence of your identity, ownership and establish source of funds. Personal data received from you may be processed and verified by a third party for the purposes of preventing money laundering or terrorist financing. More details of the third parties we share information with can be found in your terms of business engagement letter.|
|How long?||Your data will be stored only for as long as strictly necessary to provide our services to you and meet our legal obligations after which time your data will be deleted. We will of course respect your rights under data protection laws to rectify your data, delete your data and stop processing should you request this.|
|Who can access my data?||We will never sell, share or otherwise distribute your data to any other third party other than as required to provide our services to you. We ensure access is restricted to only those persons authorised by us to access your data.|
|How is my data kept secure?||We will store your data on secure UK based servers which will be processed in the UK. We use industry standard security protocols/technology to secure data.|
We take your privacy seriously and will only use your personal information to provide the services you have requested from us and to send you information about services you may be interested in. We will never sell, share or use your personal information other than as described here.
This policy sets out how we will use and share the information that you give us. This policy describes your relationship with Town & Country. The General Data Protection Regulation (GDPR) describes how organisations must collect, handle, process and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. GDPR is underpinned by eight important principals. These say that personal data must:
· Be processed fairly and lawfully
· Be obtained only for specific, lawful purposes
· Be adequate, relevant and not excessive
· Be accurate and kept up to date
· Not be held for any longer than is necessary
· Processed in accordance with the rights of the data subjects
· Be protected in appropriate ways
· Not be transferred outside the European Economic Area, unless that country or territory also ensures an adequate level of protection
We take these responsibilities seriously, this document describes our approach to data protection. This policy helps to protect us from data security risks, including:
· Breaches of confidentiality. For instance, information being given out inappropriately.
· Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
· Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.
· Loss, damage, or other consequences of such a breach or security failure