Estates 17 Limited (trading as Estates 7, Estates 10 and Estates 17) is committed to safeguarding the privacy of personal data and complying with the European General Data Protection Regulation (GDPR) and any future changes in data protection legislation with which Estates 17 will be required to comply.
Estates 17 Limited is a data controller of your personal data.
Reference in this document to “we”, “us” and “our” means Estates 17 Limited and its various trading styles.
This privacy notice was last amended in May 2018. It supersedes any earlier version.
Information we collect and hold about you
We will collect and process the following data about you. Most of this will be provided by you when you contact us:
For buyers, we will also collect:
For sellers, we will also collect:
For landlords, we will also check:
For tenants, we will also collect:
As part of our referencing procedure for prospective tenants, we may also obtain information from third party sources (as applicable) such as:
Lettings Reference Agencies
If you are a prospective tenant and have agreed to rent a property from one of our clients, as part of the application process we will perform credit, identity and referencing checks on you with one or more Lettings Reference Agencies (“LRAs”). To do this, we will supply your personal information to LRAs and they will give us information about you. This will include information from your application and about your financial situation, financial history, employment status and employers contact details, lettings history and current landlord’s contact details (if applicable), and the address and rental value of the property you are seeking to rent. LRAs will supply to us both public and shared credit, financial situation and financial history information and fraud prevention information.
We will us this information to:
Fraud Prevention Agencies
The personal information we collect from you will be shared with fraud prevention agencies, who will use it to prevent fraud and money laundering, and to verify your identity. If fraud is suspected or detected, we are obliged under UK law to report the same to the appropriate statutory and regulatory bodies.
The legal grounds for processing your personal data
We can only process your data for certain reasons (including when we share it with other organisations). We have set out these reasons below.
The UK’s data protection laws allow the use of personal data where its processing is legitimate and isn’t outweighed by the interests, rights and freedoms of data subjects. We will use your data for the following legitimate interests:
There may be circumstances where we need to obtain your consent, such as:
How and when can you withdraw your consent?
For processing that is based upon your consent, you have the right to withdraw your consent. You can do this by contacting us using the details on our website, by calling us on 020 8520 9300, or by emailing us at firstname.lastname@example.org.
Is your personal data transferred outside the UK or EEA?
What should you do if your personal information changes?
You should tell us without delay so that we can update our records. You can do this by:
Do you have to supply your personal data to us?
We are unable to enter into a business relationship with you without having personal information about you. Your personal information is required:
Do we do any monitoring involving processing of your personal information?
Monitoring means any listening to, recording of, or taking and keeping any records (as the case may be) of calls, emails, text messages, social media messages and other communications.
Some of our monitoring may be to comply with regulatory rules, procedures relevant to the business, to prevent or detect crime, to have a record of what we have discussed with you and actions agreed with you, to protect you and provide security for you (such as in relation to fraud risks), and for quality and staff training purposes.
For how long is your personal information retained by us?
We will keep information for a reasonable amount of time in order to perform our business and professional roles, and/or to comply with any legal and/or statutory duty imposed upon us.
We only keep your information for as long as necessary. We generally keep personal information for 7 years after last contact with you. However, we reserve the right to keep information for longer if we feel that this is in our legitimate interests.
What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. These include:
If you wish to exercise any of these rights against the CRAs or FPAs, you should contact them separately.
How to get a copy of your personal information (Data Subject Access Request)
You can obtain a copy of your personal information held by contacting us. You can do this by:
We’ll need address verification and identification documents for each individual making a Data Subject Access Request.
Original or certified documents which are acceptable include:
We can accept photocopies of ID, but these must be certified and stamped either by a solicitor, licensed conveyancer or independent financial adviser. It has to be clear that the ID has been certified by one of these people, providing their name and business address.
We’ll deal with your request as quickly as possible, but in no more than 30 calendar days from receipt of all required identification.
We hope that we will be able to answer any questions or concerns that you have. You have the right at any time to raise your concern with the Information Commissioner’s Office at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (www.ico.org.uk).