Sansome and George, is the so-called ‘Controller’ of the personal data you provide to us, as we make decisions on what information we hold and what we do with it. Our contact details are as follows: firstname.lastname@example.org.
We have appointed a Data Protection Officer (DPO) to ensure we manage information, and information security, in the best way, and in line with data privacy laws. The DPO can be reached using: email@example.com.
We collect basic personal data from you, including your name, postal address, email address, telephone and/or fax number, date of birth, demographic information, payment information (such as a credit card/bank account details), future communication preferences for interest-based marketing.
We require this personal information in order to provide services and information to you in line with the contract. We do not collect any personal information from you that we do not need to provide and manage this service to you.
All the personal data we collect is processed by our staff in the UK. However, this information is located (hosted) on servers within the European Union. We engage third-party service providers to perform a variety of business operations on our behalf. In so doing, we may share your personal information with them. We provide our service providers with only the personal information they need in order to perform the services we request, and we contractually require that they protect this information appropriately and not use it for any other purpose. If you would like any further information on which third party providers, we use please contact firstname.lastname@example.org.
We recognise your rights concerning this information and take every possible measure to respect these rights and protect your personal data. We have implemented technical, administrative and physical procedures designed to protect your personal data from loss, misuse or alteration.
We will retain your information for up to one year after the contract ends, in order to handle any outstanding or future enquiries. After this time, it will be destroyed unless a longer retention period is required or permitted by law.
We would like to use your name, email address, postal address and contact number to inform you of our future offers and similar products. We also collect information when you visit our sites, view our online ads or promotions or use our mobile applications, the information we collect from these services are; IP address, web pages you view, information about your device browser and operating system, links you click, information about how you use the application and any Sansome and George emails you open. This information is not shared with third parties and you can unsubscribe at any time via phone, email or through our website. Please indicate below if this is something you would like to sign up to.
As a citizen, you have a number of rights over your personal information, including:
As an Estate Agent Sansome & George processes personal data in relation to its own staff, former employees, job applicants, property seekers and vendors, tenants and landlords
Sansome & George holds data on individuals for the following general purposes:
The General Data Protection Regulations require Sansome and George as a data controller to process data in accordance with the principles of data protection. These require that data shall be:
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
5. Not kept longer than necessary
6. Processed in accordance with the data subject’s rights
7. Kept securely
8. Not transferred to countries outside the European Economic Area without adequate protection
Personal data means data which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of Sansome & George.
Processing means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organiszing, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. It is difficult to envisage any activity involving data which does not amount to processing. It applies to any processing that is carried out on computer including any type of computer however described, main frame, desk top, laptop, palm top etc. Processing also relates to any personal data stored on paper or anything that is stored on mobile phones, USB’s or storage discs.
Data will be reviewed on an annual basis to ensure that it is accurate. Sansome and George will make every effort to ensure that data is accurate and will make changes based on requests from individuals within 7 working days.
Data can be processed under a lawful basis or through consent obtained directly from the individual involved. By instructing Sansome & George to look for a property/sell/rent or let a property and providing us with personal data, property seekers/property vendors/ landlords and tenants will be giving their consent to processing details for property seeking/sale of a property/letting of a property/renting of a property. If Sansome & George intend to use data for any other purpose; Sansome & George must obtain specific consent unless being processed under a lawful basis.
Data in respect of the following is ‘sensitive personal data’ and any information held on any of these matters MUST not be passed on to any third party without the express written consent of the individual:
In addition, all employees should ensure that adequate security measures are in place. For example:
It should be remembered that the incorrect processing of personal data eg. sending all individual’s details to the wrong person; allowing unauthorised persons access to personal data; or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of contract and/or negligence leading to a claim against Sansome & George for damages from an employee, home-seeker, vendor or client contact. A failure to observe the contents of this policy will be treated as a disciplinary offence.
Data subjects, ie. Those on whom personal data is held, are entitled to obtain access to their data on request and after payment of a fee. Any requests for access to a reference given by a third party should be treated with caution even if the reference was given in relation to the individual making the request. This is due to the person writing the reference, also has a right to have their personal details handled in accordance with the General Data Protection Regulations, and not disclosed without their consent. Therefore, when taking up references an individual should always be asked to give their consent to the disclosure of the reference to a third party and/or individual who is the subject of the reference if they make a subject access request. However, if they do not consent then consideration should be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymised form.
Any form of technology used for work/business ie. work mobile, USB’s, laptops etc must all be password protected with a strong standard and unique password.
Finally, it should be remembered that all individuals have the following rights under the Human Rights Act 1998 and in dealing with personal data these should be respected at all times:
This is Sansome & George’s Data Protection Policy as at April 2018
The policy is owned by the Director who will field any queries. It is not contractual and is subject to change at the discretion of Sansome & George. Any changes will be appropriately published and communicated. This policy does not form part of your contract of employment unless otherwise stated.