Privacy Policy & Notice

Privacy Notice

About us

Sansome and George, is the so-called ‘Controller’ of the personal data you provide to us, as we make decisions on what information we hold and what we do with it. Our contact details are as follows:

We have appointed a Data Protection Officer (DPO) to ensure we manage information, and information security, in the best way, and in line with data privacy laws. The DPO can be reached using:

What we need

We collect basic personal data from you, including your name, postal address, email address, telephone and/or fax number, date of birth, demographic information, payment information (such as a credit card/bank account details), future communication preferences for interest-based marketing.

Why we need it

We require this personal information in order to provide services and information to you in line with the contract. We do not collect any personal information from you that we do not need to provide and manage this service to you.

What we do with it

All the personal data we collect is processed by our staff in the UK. However, this information is located (hosted) on servers within the European Union. We engage third-party service providers to perform a variety of business operations on our behalf. In so doing, we may share your personal information with them. We provide our service providers with only the personal information they need in order to perform the services we request, and we contractually require that they protect this information appropriately and not use it for any other purpose. If you would like any further information on which third party providers, we use please contact

How we protect it

We recognise your rights concerning this information and take every possible measure to respect these rights and protect your personal data. We have implemented technical, administrative and physical procedures designed to protect your personal data from loss, misuse or alteration.

How long we keep your data

We will retain your information for up to one year after the contract ends, in order to handle any outstanding or future enquiries. After this time, it will be destroyed unless a longer retention period is required or permitted by law.

What we would also like to do with your data

We would like to use your name, email address, postal address and contact number to inform you of our future offers and similar products. We also collect information when you visit our sites, view our online ads or promotions or use our mobile applications, the information we collect from these services are; IP address, web pages you view, information about your device browser and operating system, links you click, information about how you use the application and any Sansome and George emails you open. This information is not shared with third parties and you can unsubscribe at any time via phone, email or through our website. Please indicate below if this is something you would like to sign up to.

Your rights

As a citizen, you have a number of rights over your personal information, including:

  • The right to access the data we hold on you
  • The right to correct or update this data
  • The right to have the data erased, once this contract is completed, and within the set retention period, unless you renew
  • The right to inform us if you feel your information is being used in an inappropriate way
  • The right to receive a downloaded file of the personal information we hold
  • If we are making automated decisions based on your information, or profiling you, you have the right to have an employee of (organisation name) conduct a review
  • If you request that we cease to use your data, this may prevent us from providing the contracted services to you
  • If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated. Please email
  • If you are not satisfied with our response, or believe we are not processing your personal data in accordance with the law, you can complain to the UK Information Commissioner’s Office:

GDPR Data Protection Policy

Aim of Policy

As an Estate Agent Sansome & George processes personal data in relation to its own staff, former employees, job applicants, property seekers and vendors, tenants and landlords


Sansome & George holds data on individuals for the following general purposes:

  • Administration and processing of property seekers/tenants personal data for the purpose of property seeking/letting services
  • Administration and processing of vendors/landlords personal data for the purpose of sale/letting of property services
  • Employee recruitment, promotion, training, redeployment and/or career development such as references, CVs and appraisal documents
  • Employee administration, payment of wages, emergency contact details and bank/building society details
  • Calculation of certain benefits including pensions
  • Disciplinary or grievance issues
  • Performance management purposes and performance review
  • Recording of communication with employees and their representatives
  • Compliance with legislation
  • Staffing levels and career planning
  • Advertising, marketing, contracting and communicating with suppliers, and public accounts and records
  • Contractors for letting purposes

The General Data Protection Regulations require Sansome and George as a data controller to process data in accordance with the principles of data protection. These require that data shall be:

1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate
5. Not kept longer than necessary
6. Processed in accordance with the data subject’s rights
7. Kept securely
8. Not transferred to countries outside the European Economic Area without adequate protection

Personal data means data which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of Sansome & George.

Processing means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organiszing, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. It is difficult to envisage any activity involving data which does not amount to processing. It applies to any processing that is carried out on computer including any type of computer however described, main frame, desk top, laptop, palm top etc. Processing also relates to any personal data stored on paper or anything that is stored on mobile phones, USB’s or storage discs.

Data will be reviewed on an annual basis to ensure that it is accurate. Sansome and George will make every effort to ensure that data is accurate and will make changes based on requests from individuals within 7 working days.

Data can be processed under a lawful basis or through consent obtained directly from the individual involved. By instructing Sansome & George to look for a property/sell/rent or let a property and providing us with personal data, property seekers/property vendors/ landlords and tenants will be giving their consent to processing details for property seeking/sale of a property/letting of a property/renting of a property. If Sansome & George intend to use data for any other purpose; Sansome & George must obtain specific consent unless being processed under a lawful basis.

Data in respect of the following is ‘sensitive personal data’ and any information held on any of these matters MUST not be passed on to any third party without the express written consent of the individual:

  • Any offence committed or alleged to be committed by you
  • Proceedings in relation to any offence and any sentence passed
  • Physical or mental health or condition
  • Racial or ethnic origins
  • Sexual life
  • Political opinions
  • Religious beliefs or beliefs of a similar nature
  • Whether someone is a member of a trade union

In addition, all employees should ensure that adequate security measures are in place. For example:

  • Computer screens should not be left open by individuals who have access to personal data.
  • Screen locks/screen timeouts should be switched on and firewalls/anti-virus software not deactivated
  • Passwords should not be disclosed and must be encrypted
  • Email should be used with care
  • Personnel files and other personal data should be stored in a place in which any unauthorised attempts to access them will be noticed. They should not be removed from their usual place of storage without good reason
  • Personnel files should always be locked away when not in use and when in use should not be left unattended
  • Any breaches of security should be treated as a disciplinary issue
  • Care should be taken when sending personal data in internal or external mail
  • Destroying or disposing of personal data counts as processing. Therefore, care should be taken in the disposal of any personal data to ensure that it is appropriate. For example, it is compulsory that all personal data kept on paper is appropriately disposed of ie. shredding.

It should be remembered that the incorrect processing of personal data eg. sending all individual’s details to the wrong person; allowing unauthorised persons access to personal data; or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of contract and/or negligence leading to a claim against Sansome & George for damages from an employee, home-seeker, vendor or client contact. A failure to observe the contents of this policy will be treated as a disciplinary offence.

Data subjects, ie. Those on whom personal data is held, are entitled to obtain access to their data on request and after payment of a fee. Any requests for access to a reference given by a third party should be treated with caution even if the reference was given in relation to the individual making the request. This is due to the person writing the reference, also has a right to have their personal details handled in accordance with the General Data Protection Regulations, and not disclosed without their consent. Therefore, when taking up references an individual should always be asked to give their consent to the disclosure of the reference to a third party and/or individual who is the subject of the reference if they make a subject access request. However, if they do not consent then consideration should be given as to whether the details of the individual giving the reference can be deleted so that they cannot be identified from the content of the letter. If so the reference may be disclosed in an anonymised form.

Any form of technology used for work/business ie. work mobile, USB’s, laptops etc must all be password protected with a strong standard and unique password.

Finally, it should be remembered that all individuals have the following rights under the Human Rights Act 1998 and in dealing with personal data these should be respected at all times:

  • Right to respect for private and family life [Article 8]
  • Freedom of thought, conscience and religion [Article 9]
  • Freedom of expression [Article 10]
  • Freedom of assembly and association [Article 11]
  • Freedom from discrimination [Article 14]


This is Sansome & George’s Data Protection Policy as at April 2018

The policy is owned by the Director who will field any queries. It is not contractual and is subject to change at the discretion of Sansome & George. Any changes will be appropriately published and communicated. This policy does not form part of your contract of employment unless otherwise stated.