Privacy and Cookie Policy
As the controller of your data, Gordons Property Limited (GPL) will comply with Data Protection laws in the United Kingdom and the EU General Data Protection Regulation (GDPR). This Privacy Policy details how GPL processes your personal data.
We keep our Privacy Notice under regular review and we will place any updates on this web page. This Privacy Notice was last updated on 22 May 2018. Historic versions can be obtained by contacting us.
This website may contain links to other websites. This Privacy Policy applies to this website only and we are not responsible for the privacy practices of other websites. We recommend that you read the privacy policies of those other websites if you visit them.
The personal data we collect about you
Personal data collected, used, stored and transferred by us may include:
- Identity Data including forenames, last name, and username or similar identifier
- Contact Data including office address, email address and telephone numbers
- Occupation
- Change of name documentation
- Data relating to any occupier other than the registered owners
- Data contained within the verification documentation provided by you
- Financial Data including payment card details,
- Transaction Data including payments made for products and services you have purchased from us
- Technical Data including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access the GPL website
- Profile and Usage Data including purchases made by you, feedback and survey responses, and how you use our website, products and services
- Marketing and Communications Data including your preferences in receiving marketing from us and our business partners and your communication
This is not intended to be an exhaustive list and other Personal Data not listed may be required.
How do we collect your personal data?
Personal data is collected by us using the following methods:
- Direct interactions with our staff by post, phone, email or
- Automated technologies or interactions with our website, by using any web enquiry form or quotation engine, processing Identity, Contact, Financial and Technical categories of personal data
- Third parties or publicly available sources
How do we use your personal data?
We use your personal data in the following circumstances and relying on the following lawful basis for processing:
| User type | Purpose/Activity | Type(s) of data may include | Lawful bases for processing |
|---|---|---|---|
| All Users | To initially engage with you when you interact with us or our systems | Identity Contact | Contractual |
| B2B | To initially engage with you when you interact with us or our systems | Identity Contact Financial Marketing & Comms | Contractual |
| All Users | To manage our relationship with you which will include: • Notifying you about changes to our terms of use or privacy policy • Reviews & Surveys • Re-engagement | Identity Contact | Contractual Legitimate interest (to re-engage with you and to comply with legal obligations) |
| All Users | To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Identity Contact Technical | To comply with legal obligation Necessary for our legitimate interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) |
| All Users | To deliver relevant website content and marketing to you and measure or understand the effectiveness of the marketing we serve to you. | Identity Contact Profile & Usage Marketing & Comms Technical | Necessary for our legitimate interests (to analyse how customers use our products/ services, to develop them, to grow our business and to inform our marketing strategy) |
| All Users | To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | Technical Profile & Usage | Necessary for our legitimate interests (to analyse customer usage, update our website, to develop our business and to inform our marketing strategy) |
Change of purpose
We will only use your personal data for the purposes stated above, unless we reasonably consider that we need to use it for another reason and it is compatible with the original purpose. Please contact us for an explanation as to how any new processing compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Marketing communications
You will also have the choice to opt-in to receiving marketing information on related products and services.
You can opt-out of receiving these types of communications at any time.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We also limit access to your personal data to only those GPL and group company employees, appointed representatives, advisers, business partners and suppliers who have a business need to know. They are also subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Cookies
When using the GPL website, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.
Sharing of personal data outside of the European Economic Area
Some of our external suppliers may process personal data outside the European Economic Area (EEA). If we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
We may also use specific contracts approved by the European Commission that provide the same level of protection for personal data as it has in the EEA.
Who we disclose personal data to
Your personal data may be shared with third parties for the following purposes:
| User type | Type of recipient | Reason |
|---|---|---|
| All Users | Other service providers | It may be necessary to share your personal data with specialist service providers in order to provide relevant services. |
| B2B | Lenders | As part of contractual requirements with lenders for the provision of panel audit information. |
| All Users | External Suppliers | Specialist IT system providers to facilitate the sourcing of products, to provide advice, to inform you of relevant products and services, and to request feedback on customer service standards. It may also be necessary to share your personal information with non-affiliated companies who perform support services on our behalf including those that provide professional, legal or accounting advice to GPL. |
| All Users | Others | 3rd parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice. |
These companies are required to ensure appropriate security measures are in place and maintain the confidentiality of your personal data, and to use your personal data only in the course of providing such services and in accordance with GPL’s instructions.
How long is your personal data retained?
We only retain your personal data for as long as necessary. The table below outlines how long data is retained, and depends on the reason the personal data is used for:
| User type | Purpose of Processing | Retention |
|---|---|---|
| B2B | Where a product or service is ordered and completed | 7 years from the last transaction |
Your legal rights regarding your personal data
After these retention periods if there is no other on-going client relationship your personal data will either be securely deleted or anonymised so that it can be used for statistical purposes but without any method of identifying you individually.
You have the right to:
Request access to your personal data: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data: This enables you to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data: This enables you to ask us to delete personal data where there is no good reason for us continuing to process it. You can also to ask us to delete your personal data where you have successfully objected to the processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to delete the data for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data: Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use
Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data: However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Questions
If you have any questions or complaints relating to how we use your personal data, or if you wish to exercise any of your rights regarding your personal data, please contact Customer Services by writing to us at Gordons Property Lawyers, SC House, Vanwall Road, Maidenhead, Berks SL6 4UB. We will respond to you as soon as is possible. The length of time will depend on the type and complexity of the request, but you will receive a response no later than one month from the initial request.
What if I am still not satisfied?
If you are not satisfied with how GPL has responded to your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO), who is the regulator for data protection in the United Kingdom. Their website is www.ico.org.uk.
