Under the General Data Protection Regulation (“GDPR”), which took effect 25 May 2018, we have obligations to protect the personal data which we hold concerning you. This notice explains when and why we collect personal data about you, how we use it, the conditions under which we may disclose it to others, and how we keep it secure. For clients of this firm, you should read this notice alongside our general terms and conditions. This notice does not apply to any websites that may have a link to any website we may have.
- Who we are
- What we need
- Sources of information
- Why we need it
- Who has access to it
- How do we protect your personal data
- How long we will keep your personal data
- Your rights
- Complaints about the use of personal data
- Marketing and other legitimate business purposes
1. Who we are
Data is collected, processed and stored by Leaf Property Services Limited and we are what is known as the ‘data controller’ of the personal data you provide to us. Leaf Property Services Limited is a company registered in England and Wales under company number 8193598 with its registered office located at 2 Cheltenham Road, The Annex, Cirencester, Gloucestershire GL7 2HX. Any issues relating to data control should be referred Anthony Bolger who can be contacted by e-mail at firstname.lastname@example.org.
2. What we need
The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you.
There are two types of personal data (personal information) that you may provide to us:
a. Personal data: this is the general information that you supply about yourself, such as your name, address, gender, date of birth, contact details, and financial information.
b. Sensitive personal data: this is, by its nature, information about you which you may wish to keep private, one reason for doing so being that such information could be used against you in a discriminatory way, and may include your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and genetic data.
In the majority of cases, personal data will be restricted to basic information and information needed to complete.ID checks. However, some of the work we do may require us to ask for more sensitive information which will be “sensitive personal data”.
3. Sources of information
Information about you may be obtained from a number of sources, including:
a. You may volunteer the information about yourself; and
b. Information passed to us by third parties in order that we can undertake your legal work on your behalf. Typically these third parties will be banks, building societies, and credit reference agencies.
4. Why we need it
The primary reason for asking you to provide us with your personal data is to allow us to verify your identity to ensure you are the legal owner of a property to be let if you are a landlord or to confirm references and your trustworthiness and credit history if you are a tenant or licensee.
The following are some examples, although not exhaustive, of what we may use your information for:
a. Verifying your identity;
b. Verifying source of any monies to be paid to us or to a client;
c. Communicating with you;
d. Obtaining insurance policies;
e. Preparing documents such as tenancy agreements or other contractual documentation; and
f. Our own marketing purposes
5. Who has access to it
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties, for any purpose whatsoever.
Generally, we will only use your information within Leaf Property Services Limited. However, there may be circumstances while carrying out our work where we may need to disclose some information to third parties such as:
a. HM Revenue & Customs;
b. Banks, building societies, or other financial institutions;
c. Insurance Companies;
d. Providers of identity verification; and/or
e. To those individuals or entities we consider appropriate in the event of any emergency or if we think you or others are at risk.
The above list is not exhaustive and there may be individuals or third parties not stated in the list to whom we may need to disclose personal data about you in appropriate circumstances. However, in the event any of your information is shared with the aforementioned third parties or other third parties we consider appropriate, we shall ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal data for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
6. How do we protect your personal data
We recognize that your information is valuable and we take all reasonable measures to protect it whilst it is in our care. We have technology and security procedures in order to protect personally identifiable data from loss, misuse, alteration, or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations with third parties to whom we must disclose personal data, ensuring that such third parties meet our standards when handling personal data in that such third parties have personal data controls of a high level, either by the business nature of the third party (such as banks, for example) or through the third party providing us with evidence that their confidentiality procedures meet our standards. We use computer safeguards, such as firewalls and data encryption, and we enforce, where possible, physical access controls to our buildings and files to keep data safe.
7. How long will we keep your personal data
Your personal data will be retained, usually in computer or physical files, only for as long as necessary to fulfil the purposes for which the information was collected, as required by law, or as long as is set out in any relevant contract you may hold with us. For example:
a. For the duration of any property management or tenancy or licence agreement which you may have with Us; and
b. For a minimum of 6 years from the end of any property management or tenancy or licence agreement, to protect our legal rights in the event of a claim being brought against us;
8. Your rights
Under GDPR, you are entitled to access your personal data (otherwise known as a “right to access”). If you wish to make a request, please do so in writing addressed to us at Leaf Property Services Limited 2 Cheltenham Road, The Annex, Cirencester, Gloucestershire GL7 2HX.
A request for access to your personal data means you are entitled to details of the personal data we hold on you — such as your name, address, contact details, date of birth, or information regarding your health, for example – but it does not mean you are entitled to the documents that contain this personal data.
Under certain circumstances, in addition to the entitlement of a “right to access”, you have the following rights:
a. The right to be informed: which is fulfilled by way of this privacy notice and our transparent explanation as to how we use your personal data;
b. The right to rectification: you are entitled to have personal data rectified if it is inaccurate or incomplete;
c. The right to erasure (the “right to be forgotten”): you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued retention by us (such as in compliance with any of the purposes referred to in Paragraph 7 above). This right only applies in the following specific circumstances:
i. Where the personal data is no longer necessary in regards to the purpose for which it was originally collected;
ii. Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent;
iii. Where you object to the retention of such personal data and there is no overriding legitimate interest for continuing the retention;
iv. The personal data was unlawfully processed; or
v. Where you object to the retention for direct marketing purposes
d. The right to object: you have the right to object to the processing of your personal data based in the following circumstances:
i. An objection to stop processing personal data for direct marketing purposes. This objection is absolute — there are no exemptions or grounds for us to refuse and we must stop processing in this context; or
ii. You have an objection on grounds relating to your particular situation.
We must stop processing your personal data in these circumstances unless we can demonstrate compelling legitimate grounds for the processing which override your interests and rights and freedoms or the processing is for the establishment, exercise, or defence of legal claims.
e. The right to restrict processing: you have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances:
i. Where you contest the accuracy of the personal data, in which case we should restrict the processing until we have verified the accuracy of that data;
ii. Where you object to the processing – where we consider it was necessary in the public interest or purpose of our business’s legitimate interests and we are considering whether the public interest or our business’s legitimate interests override your right to restrict processing;
iii. Where processing is unlawful and you request restriction; or
iv. If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
9. Complaints about the use of personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact Leaf Property Services Limited at 2 Cheltenham Road, The Annex, Cirencester, Gloucestershire GL7 2HX and we will investigate further.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) whose details are Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
10. Marketing and other legitimate business purposes
How we collect personal data retained for marketing and other legitimate business purposes
The following are examples, although not exhaustive, of how you may have provided us with your personal information which may be retained for marketing and other legitimate business purposes:
a. Contacting us, either directly or indirectly;
b. Following/liking/subscribing to our social media channels;
c. Agree to fill in a questionnaire or survey;
d. Ask us a question or submit any queries or concerns you have via email or on social media channels;
e. Post information to the our website or social media channels, for example when we offer the option for you to comment on, or join, discussions; or
f. Leave a review about us on review websites;
Whenever we collect your personal data, you will be provided the opportunity to ‘opt in’ to receiving marketing communications from us. We hope you will provide this information so you find our communications useful but if you choose not to this will have no effect on accessing our legal services.
How we may use your personal data for marketing and other legitimate business purposes
The following are examples, although not exhaustive, of how we may use your personal data for marketing and other legitimate business interests:
- Fraud prevention;
- Direct marketing;
- Network and information systems security;
- Data analysis, enhancement, modifying, or improving our services;
- Identifying client trends; or
- Determining the effectiveness of promotional campaigns and advertising.
We may use your personal data for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our products, services and offers.
How we protect your personal information
We will only ever use non-sensitive personal data, such as name, address, telephone, email, job description, and previous legal services usage behaviour, for our marketing and other legitimate business purposes. Sensitive information will never be used to for marketing purposes.
If you do not wish to be contacted by us for marketing purposes, please follow the unsubscribe” instructions on any of our communications to you or contact us by emailing email@example.com or writing to us at our postal address.