Menu
Privacy Policy

This Privacy Notice is intended to be read in conjunction with Terms of Use, and Cookie policy contained on our website and any other documents referred to within this policy. We ask that you read this privacy policy carefully as it contains information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us. It also contains information on the correct body to contact in the unlikely event that you have a complaint that we cannot address.

Patrick Gardner & Co, Patrick Gardner & Co Residential Lettings Ltd, and Patrick Gardner Management Co. Ltd (as a group of Companies) are Data Controllers, are bound by the requirements of the General Data Protection Regulations (GDPR).

By accessing, browsing, or otherwise using our patrickgardner.com website (“the website”) or mobile application you confirm that you have read, understood and agree to the terms of this Privacy Policy.

When submitting forms on our website we use a third-party software provider for automated data collection and processing purposes; they will not use your data for any purposes and will only hold the data in line with our policy on data retention.

You may give us information about you by completing forms on our site or by corresponding with us by phone, email or otherwise.

What Is Personal Data?

Personal Data relates to any information about a person (data subject) that makes you identifiable which may include (but is not limited to):

♦  Names and contact information i.e. email addresses and telephone numbers
♦  Home and business addresses
♦  National Insurance Numbers
♦  Employment history
♦  Employee numbers
♦  Credit History
♦  Payroll and accounting data

What Is Sensitive Personal Data?

Sensitive Personal Data refers to the above but includes genetic data and biometric data.

For example:

♦  Biometric data (e.g. photo of an electronic passport)
♦  Religious or philosophical beliefs and political opinions
♦  Racial or ethnic origin
♦  Convictions

Data subjects for the purpose of this policy include all living individuals about whom we hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal data.

What Is A Data Controller?

For GDPR purposes, the “Data Controller” means the person or organisation who decides the purposes and means of processing Personal

What Is A Data Processor?

A “data processor” is a person or organisation which processes Personal Data on behalf of the Controller.

What Is A Data User?

Data users include employees whose work involves using Personal Data. Data users have a duty to protect the information they handle by following our data protection and security policies at all times.

What Is Data Processing?

Data processing is any operation or set of operations performed upon Personal Data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.

Who We Are

For the purposes of data protection law, the “Controller” is Patrick Gardner & Co and their group of Companies (“we”). We are registered at 1-3 Church Street, Leatherhead, Surrey, KT22 8DN.

We are responsible for, and control the processing of, your personal data. If you would like to contact us in relation to this notice, please send an email to privacy@patrickgardner.com

Information Collected By Us

We collect Personal Data in a number of ways, for example:

♦  in branch
♦  over the phone
♦  via email
♦  via online submissions
♦  via our terms of business
♦  using application forms.

We collect information for the purpose of assisting clients and customers with their property needs and identify other services that will assist them in property related matters, including:

♦  Property marketing
♦  Updating and enhancing client records
♦  Carrying out credit checks in relation to you
♦  Statutory returns
♦  Legal and regulatory compliance
♦  Crime prevention.

We collect information about you when you fill in any of the forms on our website i.e. sending an enquiry, signing up for an event, filling in a survey, giving feedback etc. Website usage information is collected using cookies.

Information Collected From Other Sources

We will also collect personal information from other sources as follows:

Third party websites, for example Rightmove, Land Registry in order to collect:

♦  Names and contact information i.e. emails and telephone numbers
♦  Home and business addresses

How We Use Your Personal Information

How we will use information you give us:

♦  To contact you;
♦  To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services which you request from us;
♦  To provide you with information about other goods and services that we offer.
♦  To provide you with information about goods or services which we feel may interest you.
♦  To assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website (including, without limitation, via third parties);
♦  To notify you about changes to our service;
♦  To ensure that content from our site is presented in the most effective manner for you and your computer;
♦  To verify your identity;
♦  As part of our efforts to keep our site safe and secure and to prevent or detect fraud;

If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property or safety of Patrick Gardner & Co, our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

How We Will Use Information We Collect About You

In addition to the purposes listed above, we will use this information:

♦  To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
♦  To improve our site to ensure that content is presented in the most effective manner for you and your computer;
♦  To allow you to participate in interactive features of our service;
♦  To measure or understand the effectiveness of advertising we serve to you and others and to deliver advertising to you
♦  To make suggestions and recommendations to you and other users of our site about goods or services that may interest you

Reasons We Can Collect And Use Your Information

We need to collect your information in the execution of our business and we process your Personal Data based on the following lawful reason. We will ensure that this is always the case, based on the lawful basis described below.

Legitimate Interests. We process your Personal Data for our legitimate business purposes, which include the following:

♦  to conduct and manage our business
♦  to enable us to provide our services to clients
♦  to ensure our website and systems are secure
♦  to improve and update our Services for the benefit of our customers

Whenever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.

We may also process your personal data on grounds of legitimate interest in order to let you know about our products or services that we consider may be of interest to you. We carry out this processing on the legal basis that we have a legitimate interest in marketing our Services and only to the extent that we are permitted to do so by applicable direct marketing laws. Please see the clause titled “Marketing” below for further information about our marketing activities and regarding your right to opt out.

Special category personal data. Sometimes we process “special category personal data”. Wherever we process your special category personal data we ensure that your interests, rights and freedoms are carefully considered. The lawful basis for processing this information is as follows.

Contractual Necessity. Where you are our customer, we may process your personal data for the following purposes on the legal basis that it is necessary for us to provide our Services to you:

♦  to identify you
♦  to respond to your enquiry if you contact us through our Website, by telephone, through a 3rd party portal or in person
♦  to provide pre-contractual information about our Services
♦  to provide our Services
♦  to carry out billing and administration activities
♦  to provide our services to you.

Accordingly, your failure to provide such personal data may hinder or prevent us from providing our Services to you.

Compliance with laws. We may process your personal data in order to comply with applicable laws (for example, we are required by law to ensure that tenants have the Right to Rent).

Sharing Your Personal Information

We may provide your personal information to the following recipients for the purposes set out in this notice:

♦  Other companies within our group
♦  Our employees, agents and service providers
♦  Law enforcement agencies in connection with any investigation to help prevent unlawful activity

How Long Your Personal Information Will Be Kept

The period for which we will keep your personal information will depend on the type of service you have requested from us. The retention period may be longer than the period for which we are providing services to you where we have statutory or regulatory obligations to retain personal information for a longer period, or where we may need to retain the information in case of a legal claim.

Marketing

We are responsible for, and control the processing of, your personal data. If you would like to contact us in relation to this notice, please send an email to privacy@patrickgardner.com

Transferring Your Information Outside The EEA

While we are based in the United Kingdom, we may transfer your personal information to a location (for example a secure server) outside the European Economic Area (EEA) if we consider it necessary for the purposes set out in this notice. In such cases, to safeguard your privacy rights, transfers will be made to recipients to which a European Commission adequacy decision applies (this is a decision from the Commission confirming that adequate safeguards are in place for the protection of personal data)

Keeping Your Personal Information Secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way

GDPR requires us to put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data may only be transferred to a third-party data processor if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves.

Maintaining data security means guaranteeing the confidentiality, integrity and availability of the personal data, defined as follows:

(a) Confidentiality means that only people who are authorised to use the data can access it.
(b) Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
(c) Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data is therefore stored on our central computer system as well as individual PCs.

Security procedures include:

(a) Secure lockable desks and cupboards – Desks and cupboards should be kept locked if they hold confidential information of any kind. (Personal information is always considered confidential.)
(b) Methods of disposal – Paper documents should be shredded.
(c) Equipment – Data users should ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.
(d) All our computer systems are protected by a minimum of 128bit encryption

Your Information Rights

We draw your attention to your following rights under data protection law

♦  the right to be informed about the collection and use of your personal data;
♦  the right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information
♦  the right to have inaccurate personal data that we process about you rectified
♦  the right (in certain circumstances) to have personal data that we process about you blocked, erased or destroyed
♦  the right to object to the processing of your personal information in the ways described in the Data retention and Legitimate sections
♦  the right (in certain circumstances) to request a copy your personal data that you have provided to us, in a machine-readable format, in order for you to transmit those data to another organisation.

Further information about your information rights is available on the ICO’s website: https://ico.org.uk/.

Subject Access Requests

A formal request from a data subject for information that we hold about them must be made in writing. A Subject Access Request form is then sent which asks for more details of what is required, which must be returned for provision of this information. There is then a 30 day (20 working day) window in which the data needs to be provided.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to optimise your experience of our website and services and also allows to improve our site. For detailed information on the cookies we use, the purposes for which we use them and our Cookie Policy, please see Cookies and Tracking. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

Changes To This Privacy Policy

We keep our privacy notice under regular review and we will place any updates on this web page. This privacy notice was last updated on 1st May 2018

How To Complain

We are responsible for, and control the processing of, your personal data. If you would like to contact us in relation to this notice, please send an email to privacy@patrickgardner.com.