Patrick Gardner & Co, Patrick Gardner & Co Residential Lettings Ltd, and Patrick Gardner Management Co. Ltd (as a group of Companies) are Data Controllers, are bound by the requirements of the General Data Protection Regulations (GDPR).
When submitting forms on our website we use a third-party software provider for automated data collection and processing purposes; they will not use your data for any purposes and will only hold the data in line with our policy on data retention.
You may give us information about you by completing forms on our site or by corresponding with us by phone, email or otherwise.
What is Personal Data?
Personal Data relates to any information about a person (data subject) that makes you identifiable which may include (but is not limited to):
- Names and contact information i.e. email addresses and telephone numbers
- Home and business addresses
- National Insurance Numbers
- Employment history
- Employee numbers
- Credit History
- Payroll and accounting data
What is Sensitive Personal Data?
Sensitive Personal Data refers to the above but includes genetic data and biometric data.
- Biometric data (e.g. photo of an electronic passport)
- Religious or philosophical beliefs and political opinions
- Racial or ethnic origin
Data subjects for the purpose of this policy include all living individuals about whom we hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal data.
What is a Data Controller?
For GDPR purposes, the “Data Controller” means the person or organisation who decides the purposes and means of processing Personal
What is a Data Processor?
A “data processor” is a person or organisation which processes Personal Data on behalf of the Controller.
What is a Data User?
Data users include employees whose work involves using Personal Data. Data users have a duty to protect the information they handle by following our data protection and security policies at all times.
What is Data Processing?
Data processing is any operation or set of operations performed upon Personal Data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
Who we are
For the purposes of data protection law, the “Controller” is Patrick Gardner & Co and their group of Companies (“we”). We are registered at 1-3 Church Street, Leatherhead, Surrey, KT22 8DN.
We are responsible for, and control the processing of, your personal data. If you would like to contact us in relation to this notice, please send an email to firstname.lastname@example.org
Information collected by us
We collect Personal Data in a number of ways, for example:
- in branch
- over the phone
- via email
- via online submissions
- via our terms of business
- using application forms.
We collect information for the purpose of assisting clients and customers with their property needs and identify other services that will assist them in property related matters, including:
- Property marketing
- Updating and enhancing client records
- Carrying out credit checks in relation to you
- Statutory returns
- Legal and regulatory compliance
- Crime prevention.
We collect information about you when you fill in any of the forms on our website i.e. sending an enquiry, signing up for an event, filling in a survey, giving feedback etc. Website usage information is collected using cookies.
Information collected from other sources
We will also collect personal information from other sources as follows:
Third party websites, for example Rightmove, Land Registry in order to collect:
- Names and contact information i.e. emails and telephone numbers
- Home and business addresses
How we use your personal information
How we will use information you give us:
- To contact you;
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services which you request from us;
- To provide you with information about other goods and services that we offer.
- To provide you with information about goods or services which we feel may interest you.
- To assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website (including, without limitation, via third parties);
- To notify you about changes to our service;
- To ensure that content from our site is presented in the most effective manner for you and your computer;
- To verify your identity;
- As part of our efforts to keep our site safe and secure and to prevent or detect fraud;
How we will use information we collect about you
In addition to the purposes listed above, we will use this information:
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve our site to ensure that content is presented in the most effective manner for you and your computer;
- To allow you to participate in interactive features of our service;
- To measure or understand the effectiveness of advertising we serve to you and others and to deliver advertising to you
- To make suggestions and recommendations to you and other users of our site about goods or services that may interest you
Reasons we can collect and use your information
We need to collect your information in the execution of our business and we process your Personal Data based on the following lawful reason. We will ensure that this is always the case, based on the lawful basis described below.
Legitimate Interests. We process your Personal Data for our legitimate business purposes, which include the following:
- to conduct and manage our business
- to enable us to provide our services to clients
- to ensure our website and systems are secure
- to improve and update our Services for the benefit of our customers
Whenever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.
We may also process your personal data on grounds of legitimate interest in order to let you know about our products or services that we consider may be of interest to you. We carry out this processing on the legal basis that we have a legitimate interest in marketing our Services and only to the extent that we are permitted to do so by applicable direct marketing laws. Please see the clause titled “Marketing” below for further information about our marketing activities and regarding your right to opt out.
Special category personal data. Sometimes we process “special category personal data”. Wherever we process your special category personal data we ensure that your interests, rights and freedoms are carefully considered. The lawful basis for processing this information is as follows.
Contractual Necessity. Where you are our customer, we may process your personal data for the following purposes on the legal basis that it is necessary for us to provide our Services to you:
- to identify you
- to respond to your enquiry if you contact us through our Website, by telephone, through a 3rd party portal or in person
- to provide pre-contractual information about our Services
- to provide our Services
- to carry out billing and administration activities
- to provide our services to you.
Accordingly, your failure to provide such personal data may hinder or prevent us from providing our Services to you.
Compliance with laws. We may process your personal data in order to comply with applicable laws (for example, we are required by law to ensure that tenants have the Right to Rent).
Sharing your personal information
We may provide your personal information to the following recipients for the purposes set out in this notice:
- Other companies within our group
- Our employees, agents and service providers
- Law enforcement agencies in connection with any investigation to help prevent unlawful activity
How long your personal information will be kept
The period for which we will keep your personal information will depend on the type of service you have requested from us. The retention period may be longer than the period for which we are providing services to you where we have statutory or regulatory obligations to retain personal information for a longer period, or where we may need to retain the information in case of a legal claim.
We may store your contact details, and carry out marketing profiling activities, for direct marketing purposes. If you have given your consent, or if we are otherwise permitted to do so, we may contact you about our products or services that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by sending an email to email@example.com.
Transferring your information outside the EEA
While we are based in the United Kingdom, we may transfer your personal information to a location (for example a secure server) outside the European Economic Area (EEA) if we consider it necessary for the purposes set out in this notice. In such cases, to safeguard your privacy rights, transfers will be made to recipients to which a European Commission adequacy decision applies (this is a decision from the Commission confirming that adequate safeguards are in place for the protection of personal data)
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way
GDPR requires us to put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data may only be transferred to a third-party data processor if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves.
Maintaining data security means guaranteeing the confidentiality, integrity and availability of the personal data, defined as follows:
(a) Confidentiality means that only people who are authorised to use the data can access it.
(b) Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
(c) Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data is therefore stored on our central computer system as well as individual PCs.
Security procedures include:
(a) Secure lockable desks and cupboards – Desks and cupboards should be kept locked if they hold confidential information of any kind. (Personal information is always considered confidential.)
(b) Methods of disposal – Paper documents should be shredded.
(c) Equipment - Data users should ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.
(d) All our computer systems are protected by a minimum of 128bit encryption
Your information rights
We draw your attention to your following rights under data protection law
- the right to be informed about the collection and use of your personal data;
- the right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information
- the right to have inaccurate personal data that we process about you rectified
- the right (in certain circumstances) to have personal data that we process about you blocked, erased or destroyed
- the right to object to the processing of your personal information in the ways described in the Data retention and Legitimate sections
- the right (in certain circumstances) to request a copy your personal data that you have provided to us, in a machine-readable format, in order for you to transmit those data to another organisation.
Further information about your information rights is available on the ICO’s website: https://ico.org.uk/ .
Subject Access Requests
A formal request from a data subject for information that we hold about them must be made in writing. A Subject Access Request form is then sent which asks for more details of what is required, which must be returned for provision of this information. There is then a 30 day (20 working day) window in which the data needs to be provided.
We keep our privacy notice under regular review and we will place any updates on this web page. This privacy notice was last updated on 1st May 2018
How to complain
We are responsible for, and control the processing of, your personal data. If you would like to contact us in relation to this notice, please send an email to Show Email.