Having a lawful basis for collecting, using and storing personal data is not new and at Park & Bailey we have always taken our commitments under the Data Protection Act 1998 very seriously. The new GDPR regulations place greater emphasis on being accountable and transparent about the way you use and keep customer data. This policy aims to set out our commitment to these regulations and protecting your privacy, using and storing your personal information.
This policy is set out as follows:
- Who we are
- Basis for collecting and processing data
- Personal information/data
- How we use your personal data
- Who your information is shared with
- Retention of your data
- Your duty to inform us of any changes
- Your legal rights
- Subject access request
- External Links
- Your acceptance and right to withdraw your consent
- Changes to the privacy notice
- Concerns and complaints
Who we are
Park & Bailey are a group of companies headed by Park & Bailey Limited – Company Registration 03056438. The other companies are Park & Bailey Letting and Management Limited, Park & Bailey Estate Agents Limited, Park & Bailey (Coulsdon) Limited, Park & Bailey Southern Limited and Park & Bailey (Woldingham) Limited. Each company has its own Data Protection registration. All Data Protection administration is carried out at the Registered Office 41 High Street, Caterham, Surrey CR3 5UF.
Basis for collecting and processing data
Park & Bailey collect and process data under the GDPR using the lawful bases of performance of contract, consent, legal or regulatory obligations and legitimate interests.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Consent means you have given us explicit consent to the processing of your personal data for one or more specific purposes.
Comply with a legal or regulatory obligation means processing your personal data where necessary for compliance with a legal or regulatory obligation that we are subject to.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. In line with GDPR requirements we have completed a Legitimate Interests Assessment – LIA.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel the service you have with us but we will notify you if this is the case at the time.
We may collect, use, store and transfer different kinds of personal data about you which are:-
- Identity Data includes first name, last name, employment status, marital status, title.
- Contact Data includes home address (previous, current and forwarding), email address and telephone numbers.
- Property Data includes type, number of rooms, locks, energy usage, easements, keys, utility meter information, services records, insurance documents and mortgage documents.
- Financial Data includes bank account details.
- Transaction Data includes card payment details & details about payments to and from you
- Usage Data includes information about how you use our website and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Any non-personal information such as IP address, pages accessed, and files downloaded will only be used to determine how many individuals use our site, how many people visit on a regular basis, which pages are most popular, and which pages are least popular. This information doesn’t tell us anything about who you are or where you live, it is simply used to enable us to monitor and improve our service. This is done by way of cookies on our website and the use of analytical services such as Google Analytics. To find out more please visit our Cookies Policy.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you. In order to provide a requested service.
- Where data is held for our/your legitimate interests (or those of a third party), fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Who your information is shared with
Retention of your data
We will only retain your personal data for as long as necessary to fulfil the purposes which we collected it for. We are also obligated to retain your personal data under our legal and statutory duties such as the Estate Agents Act 1979, Anti Money Laundering regulations and any other regulatory bodies.
Your duty to inform us of any changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Your rights in respect to your data
Any personal information submitted via our website is treated in accordance with the Data Protection regulations.
As a user you have the following rights:-
- A right to be informed about our collection and use of personal information
- A right to access your personal information – please read the section below on SAR’s
- A right to correct your personal information
- A right to delete your personal information
- A right to restrict processing or use of your personal information
- A right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
- Right to complain to a supervisory authority - ICO
Subject access request – SAR’s
You have the right to have a copy of your personal data. This is known as a subject access request. This has to be provided to you free of charge. However, we may charge a reasonable fee if your request is repetitive or excessive. Please address any such requests to the Branch Manager/Director and or the DDPO – details in the section headed concerns and complaints.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We follow strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission, and to prevent unauthorised access. The servers that store the information are kept up to date and secured with appropriate firewalls/virus protection and have restricted access. They will be held on secure servers within the European Economic Area (EAA) or if held elsewhere it will be in compliance with the GDPR.
Your Acceptance and right to withdraw your consent
You have the right to withdraw your consent to us using your data and to request that we delete it. There is the option to do so on our website under the member log in or contact the relevant Branch Manager/Director.
Changes to the privacy notice
This privacy notice was last updated on the 23rd May, 2018 and sets out your rights under the new laws, however is subject to change on or after the 25th May 2018.
Concerns & complaints
By submitting your personal data you consent to the use of the data as set out in this policy. If you have any questions, concerns, comments or complaints about this privacy notice/and or our collection or use of your personal date, or if you believe the data that we hold is inaccurate or you wish us to stop processing your data for any particular purpose or purposes, then please contact the Branch Manager/Director of the relevant branch in the first instance in writing.
Or our Deputy Data Protection Officer (DDPO) who is able to assist with any further concerns or complaints:- Park & Bailey Caterham Head office 41 High Street, Caterham on the Hill, Surrey, CR3 5UF, 01883 342205/345169, firstname.lastname@example.org .
Our DDPO works closely with our Data Protection Officers on all matters. A list of our DPO’S is available on request
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for Data Protection issues (www.ico.org.uk). We would welcome the opportunity to deal with any of your concerns before you approach the ICO and would appreciate it if you contact us in the first instance.