The rules on the processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
“Data Controller” – the entity that determines the purposes and means of processing personal data.
“Data Processor “- the entity that is responsible for processing personal data on behalf of a controller.
“Data Subject” – a natural person
“Personal Data” – any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies. “Special Categories Personal Data” – includes genetic data and biometric data where processed to uniquely identify an individual, information on racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
“Processing” – means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Third party” – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Louch Shacklock and Partners LLP is the Data Controller. This means we decide how your personal data is processed and for what purposes.
The categories of personal data concerned
We may collect the following personal information:
• name and job title
• contact information comprising postal and email addresses together with fixed line and mobile telephone numbers
• details of client instructions and applicants needs and requirements; and,
• data needed to discharge our duties as an HM Revenue and Customs supervised Estate Agent under the Money Laundering Regulations.
The purposes of processing your personal data
Data is collected during discussions and/or correspondence with you in order:
• to help you sell, let, buy, fund or rent property
• facilitate associated professional services; and,
• for our own record-keeping purposes.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
The legal basis for processing your personal data
We only collect information that:
• you disclose to us
• is in the public domain
• is required law or to satisfy Money Laundering Regulations; or,
• is necessary for a contract we or our client has with you, or because you have asked us to take steps before entering into such a contract.
We do not collect any Special Categories Personal Data.
Sharing your personal data
We may share information on applicant enquiries about individual properties with:
• a joint agent instructed on the same property
• our instructing client for that property (but during the initial stages of enquiry reporting it will generally be limited to a company or trading name)
• other professional advisors involved in the transaction or service; and,
• public authorities as required by law.
We do not transfer personal data outside the EEA.
Your data is treated as confidential. We do not undertake data profiling nor do we sell, rent or trade contact information with other companies and businesses. We will not contact you other than in relation to the purpose of your enquiry or contract.
We use the services of GDPR compliant external IT consultants and software and data hosting service providers (Data Processors).
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary and generally for the longer of:
• a period as required by law
• the duration of a contract entered into with you
• a period after contact expiry as specified under the Limitation Act 1980
• the time during which we have a legitimate reason; or, • the date when you properly exercise the right to erasure of personal data (the “right to be forgotten”), and no other lawful ground for retention exists.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
You have the following rights (if not subject to GDPR exemptions):
• to receive a written copy of your personal data we have in our possession
• to require us to correct any information that may inadvertently be incorrect or out of date
• to require us to object to our processing of your personal data that is no longer necessary for the original purpose, but the data is still required by us to establish, exercise or defend legal rights
• to request your personal data is erased where it is no longer necessary to retain such data; and,
• other rights as detailed in the GDPR.
Our website: www.louchshacklock.com
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes to assist with the maintenance of the site and then the data is removed from the system. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Should you have any queries or complaints or which to exercise any relevant rights under GDPR please in the first instance contact our Managing Partner who is the firm’s Data Protection Officer.