Privacy Policy

APPLETONS EST 1884 Tel: 01642 675555         4 Silver Street, Fax: 01642 678924         Stockton-on-Tees E-mail: appletons@btinternet.com       TS18 1LS 

Privacy Policy 

This privacy notice sets out the basis on which we process any personal data that we collect from you or about you that you provide to us or that we receive from other sources. By processing, we mean when we collect, use, store, delete and access personal data. “We” means Appletons. We are required to process your personal data in accordance with the law which includes The Data Protection Act 1998 (DPA) and from 25 May 2018, the General Data Protection Regulation 2016 (the “GDPR”). If we ask you to provide information from which you can be identified, including as a result of using our website, www.appletonssurveyors.co.uk, it will be used in accordance with this privacy notice, as it is varied from time to time. 

What information do we collect about you? The personal information detailed below relating to you or anyone else or in connection with our renting of property including but limited to tenant referencing, right to rent checking and general management services, maintenance of waiting lists in relation to rented property and sale of property will be collected and processed by us and/or on our behalf by our third party service providers. We may collect and process the following personal data. This is information we may gather from you that will directly or indirectly identify you as individual. This type of data will be processed strictly in accordance with our privacy policy as set out below. This data will include but may not be limited to:  Information you give us. You may give us personal data by filling in paper or online forms or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, title, marital status and gender, current and previous postal and risk addresses, e-mail address, phone number, details of earnings, current and or previous occupation, National Insurance number, passport number, driving licence number, personal description and photograph, bank details, credit / debit card details, Next of Kin information, children’s names (optional) and their ages.  Information we receive from other sources. To help us fulfil our contractual obligations and to verify the information you have given us we may receive personal data from third parties who we work with including insurers, landlords, employers, letting and managing agents, utility brokers and companies. We may also obtain information that is readily available in the public domain through Internet Search engines Social Media, Press etc  Credit Reference Agencies. Through these agencies we obtain your credit report. These agencies keep your information and only disclose it to us as permitted by law. By submitting an application you authorise us to request your credit report. This will not affect your credit rating. The Credit Referencing Agency will use and share personal data (also called ‘bureau data’) in accordance with Credit Reference Agency Information Notice (CRAIN). Please click here for more information https://www.equifax.co.uk/crain.html. 

 We do not process special categories of personal data, for example: race, ethnic origin, politics, and health.Data for criminal convictions and offences will only be collected as permitted by UK Law. 

How we will we use the information about you and for what purposes? We collect a variety of information to enable us to provide our services and insurance. We collect this through your application form, your communications with us and your credit report. Tenant Referencing: We obtain, collect and process your personal data to enable us to fulfil our contractual obligations to landlords and in connection with the application and granting of and managing a tenancy. We will only share it for the purposes stated below and specifically in the first instance with The Lettings Hub Limited as per their Terms and Conditions which you agree to when you first submit any personal data, or in a way you would reasonably expect us to, unless we inform you otherwise. If you do not provide the data requested we will not be able to process the application. Please see Addendum 1 for our Customer User Agreement with The Lettings Hub Limited. Utility Management Service: We obtain, collect and process your personal data (which includes sharing your data with others) to enable us to fulfil our contractual and legal obligations on behalf of tenants, landlords and/or their agents to communicate and process “change of occupier” notifications to the statutory authorities, and utility providers. 

Our legal basis for processing your data (Why we process or store your personal data) In order to provide our services we will be using one or more of the following legal bases:  Processing is necessary in order for us to take steps, at your request, to carry out the day to day management activities including but not limited to, maintaining data on a waiting list, maintaining rental information for the purposes of the rental of a particular dwelling or dwellings, maintaining Landlord information for the purposes of the rental of a particular dwelling or dwellings as per our Terms and conditions, maintaining information such as bank details to permit swift payment of clients, workmen and employees, to enter into a contract of repair or maintenance, and for the implementation of that contract, or we are required to arrange insurance as part of our contract with your landlord or letting agent or where it is a requirement of a legal tenancy agreement and or when you need to make a claim.  Processing is necessary for fulfilling a contract with tenants, landlords and/or their agents for provision of references in connection with the application and granting of and managing a tenancy.  Processing is necessary for us to comply with any legal or regulatory obligation including but not limited to providing change of occupiers details to statutory authorities and utility providers. However when we share this information we disclose only the personal information that is necessary to complete our legal or regulatory obligations.  Where we believe a client is vulnerable, we may retain next of kin information to be able to provide a duty of care to that client. We will not share your data for marketing purposes with any third party organisation. We do not capture or store any personal information about individuals who access our website.  

How long do we keep your data? For legal reasons we hold your data securely for a minimum of 7 years from your last interaction with us, before we delete it unless we are required to retain the data for a longer period due to business, legal or regulatory requirements. This is to enable us to respond to any legal claim or similar. After seven years, this may be destroyed without notice to you. The information will be deleted from any computer which held it and all paper documentation may be shredded and/or burnt. You should therefore retain all documentation issued to you. 

However under the GDPR personal data may be erased earlier than this, if there ceases to be any ‘legitimate interest’ to process the data. Please see ‘Your rights in relation to your personal data’ below. 

Who do we share data with? In order to process your data we may be sharing your data with one or more other third party organisations (for example, insurance companies who underwrite our insurance policies, credit reference agencies, utility companies, and letting agents and landlords) to fulfil our contractual and legal obligations: 

Letting agents, property managers and landlords 

To manage and progress tenancy applications including obtaining and verifying references, arranging ancillary insurances and administration associated with any changes in tenancy terms or breaches 

Statutory authorities, and utility providers 

To manage and progress tenancy applications and terminations including administration associated with any changes in tenancy 

Insurers Quotation, cover, to manage and progress claims 

Insurance Providers, (Placing Brokers, Delegated Authority Schemes, Wholesalers and the like) 

Quotation, cover, to manage and progress claims 

Loss Adjusters To manage and progress claims 

Insurance Fraud Bureau Potential policy fraud 

Loss Assessor To manage and progress claims 

Financial Conduct Authority Regulatory obligations 

Financial Services & Compensation Scheme 

Compensation in the event of insurer failure, if eligible 

Financial Ombudsman Service Unresolved Complaints, if eligible 

National Crime Agency Suspected criminal / fraudulent activity 

HM Treasury Sanctions Checking clients are not on the banned list 

Premium Finance Company Payment of insurance premiums 

Police Legal obligations 

Claims Management Company To manage and progress insurance claims 

Surveyor 

Risk survey to analyse, report upon risk.  Also in the event of an insured loss, the opportunity to survey post-loss 

Debt Collection Agency To collect unpaid monies due 

IT Providers – Hardware. 

To detect issues, secure the system, and test the system. Also backup of data. 

Third Party Insurers To manage and progress claims 

Third Party Assessor To manage and progress claims 

Credit Reference Agencies 

To obtain credit data, credit scores and ratings, to support applications for tenant references 

Employers Liability Tracing Office To provide confirmation of cover being in place 

Our own Insurers Where we need to provide information about you 

Solicitor Claims by us or on behalf of our clients, or claims against us 

Other Data Controllers not detailed above 

To be shared only for the purposes stated, or in a way you would reasonably expect us to, unless we inform you otherwise. 

Under some circumstances we may be required to disclose or share your information, for example if we are required to by the police, the courts, or for other legal reasons. We will never sell or give your data to another company for marketing or research purposes. 

We do not transfer your data to countries outside the European Union 

Data security  Data security is of great importance to us and we have always taken the management of data extremely seriously as part of best practice In line with the General Data Protection Regulation (GDPR) we have been working to ensure we are compliant as follows:  Updating our processes and policies for privacy and data protection  Training / updating staff on the new Regulations

 Destroying old and obsolete records  Improving IT security and testing which includes but is not limited to ensuring we have up to date IT systems and software in place.  We will never give or sell your personal information with or to a third party for marketing purposes furthermore we will not use your personal information for direct marketing unless we have your express and informed agreement to do so. Whilst we endeavour to carry out our best to protect your personal data, transmission of information over the internet is not entirely secure and is done at your own risk. To protect your data, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data. Where and how is your data stored? Electronic data is stored on one computer within the office which is password protected and only the Directors of Appletons Surveyors have access. In addition one Memory Stick is occasionally used to transport data if home working is required and every effort is made to maintain its safety at all times. The data maintained upon this memory stick is limited to names, addresses, and telephone numbers. The following information is not stored on the Memory Stick; details of earnings, current and or previous occupation, National Insurance number, passport number, driving licence number, personal description and photograph, bank details, credit / debit card details.  Manual records are maintained within our filing cabinets at our office which is locked and alarmed when personnel are not present. Only those employees with the correct level of clearance are permitted to access this information. Any bank details or title deeds held are kept within a locked safe. We maintain a clear desk policy and any information not stored within the filing cabinets is locked into a safe overnight, over weekend and other time when personnel are not present. 

Data Breaches We have procedures in place to monitor any data breaches and we will inform the Information Commissioner’s Office if we have a breach of data that is likely to result in a risk to the rights and freedoms of you, within 72 hours of the Breach. If we have a Breach which is likely to result in a high risk to the rights and freedoms of you we will notify those concerned directly. 

Data Protection Officer Our Data Protection Officer is Mrs Sarah Smith. 

Your rights in relation to your personal data You have several rights in relation to how we use your information. They are: 

Right to be informed The General Data Protection Regulation sets out the information we must provide to you about your Data. All of the information we are required to give you is contained within this Privacy Notice. If you do not understand any part of this, you should contact us immediately and we will be happy to explain it to you. 

Right of access You have the right of access to your personal information. If you wish to receive a copy of the personal information we have about you, you can send us a request for access to this information using the contact details set out at the end of this privacy statement. After receiving your request and sufficient information to verify your identity we will provide you with a copy of the personal information we have about you which you are entitled to have under applicable law. We will also confirm the purposes for which such personal information is being used, its recipients and the origin of the information. 

Right to request that your personal information be rectified If your personal information is inaccurate or incomplete, you can request that it is corrected. 

Right to request erasure You have the right to request that we erase your Personal Data. For example, you may exercise this right in the following circumstances:  your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;  you withdraw consent and no other legal ground permits the processing;  you object to the processing and there are no overriding legitimate interests for the processing;  your Personal Data was unlawfully processed; or  your Personal Data must be erased for compliance with a legal obligation. We refuse the right to delete your information when it falls within our data retention period stated above, as this data may be required to exercise or defend litigation in the event of a claim whether covered or not by an insurance policy. 

Right to restrict processing You have the right to restrict our processing of your Personal Data where any of the following circumstances apply, although we will still be allowed to store it:  where you feel that the Personal Data which we hold about you are not accurate. Processing will be restricted until you verify the accuracy of the information  where the processing is unlawful and you do not want your Personal Data be erased and request the restriction of its use instead;  where we no longer need to process your Personal Data but the data may be required to establish, exercise or defend a legal claim  where you have objected to our processing of your Personal Data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms. Where you exercise your right to restrict our processing of your Personal Data, we will only continue to process it in accordance with the requirements of this notice or our legal obligations. 

Right to data portability You have a right to receive and transfer the Personal Data that we hold about you. This only applies to:  personal data you have provided to us where the data was processed by you giving us your individual consent or for the performance of a contract  and where processing was carried out by automated means. Where you make such a request, this will be provided in a structured, commonly used, machine readable format such as a CSV file. 

Right to object In certain circumstances, you have a right to object to our processing of your Personal Data.  Where we have processed it as a legitimate interest (including profiling)  Direct Marketing (including profiling)  Processing for scientific / historical research and statistics We will still be able to process your Personal Data where  We can demonstrate compelling legitimate grounds for us to process your Personal Data which override your interests, rights and freedoms  The processing is for establishment, exercise and defence of legal claims. 

Rights related to automatic decision making We may process your data by automated means via a Credit Reference Agency (Currently The Lettings Hub Limited). We will only process data in the way you would expect it to be used, and you will be entitled to have a person from our firm to review the decision so that you can query it and set out your point of view and circumstances to us. 

Withdrawing consent Where the legal basis of consent has been used you have the right to withdraw that consent at any time. 

How to request access, deletion or correction of your personal data If you would like to exercise any of your rights detailed above, please contact us using the contact details set out at the end of this privacy notice. You may write to us at any time requesting amendments to certain personal information that you consider to be incorrect or irrelevant or to request that we block, erase or otherwise remove your personal information. You may also write to us at any time to object to our use of your personal information, restrict our use of your personal information, or request that we provide your personal information in a usable electronic format and transmit to a third party (right to data portability).  You may also write to us at any time to request a copy of some or all of your personal information we hold. We will comply with these requests in relation to your personal information in line with current law. We aim to respond to requests for information within 28 days of receipt of s request, 

Cookies We do not use cookies and we do not analyse web traffic.  

Appletons does not capture and store any personal information about individuals who access our website. 

Changes to this privacy notice We keep our privacy notice under regular review to keep pace with new developments and stay in line with applicable law. This privacy notice was last updated on 18th May 2018. 

How to make a complaint You may raise any concerns with us about our processing of your Personal Data, using the contact details below. If you are not happy with how we have investigated your complaint you can refer your concerns to the Information Commissioner’s Office (or ICO), the body that regulates the handling of personal data in the UK. You can contact them by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF or going to their website at www.ico.org.uk. 

How to contact us If you want to change the way in which we use your data, exercise your rights or if you have a question about how your personal information is used please contact us using the methods below:  Email: appletons@btinternet.com  Phone: 01642 675555  Postal address: 4 Silver Street, Stockton-On-Tees. TS18 1LS.