The details you provide will only be used by Acorn Limited (Data Controller) and its associated businesses as listed in this document. We will never swap, share or sell your details without your consent.
We protect any personal data that you share with us, or that we get from other organisations and we keep it safe. We always
aim to be clear with you about how we will use your data and we promise not to do anything with it that you would not reasonably expect.
We collect use and are responsible for certain personal information about you. When we do so we are subject to the General Data Protection Regulation which applies across the European Union (including the United Kingdom) and will be subject to the Data Protection Bill 2018 once it comes into force and we are responsible as “controller” of that information for the purposes
of those laws.
WHAT IS THE DEFINITION OF PERSONAL DATA?
Personal data is any information that can be used to identify you. It can include information such as your name, gender, date of birth, personal or professional interests, e-mail address, postal address, telephone numbers or bank details. It can include information taken from you to enable us to carry out credit or other financial checks on you.
The type and quantity of information we collect and how we use it depends on why you are providing it. We promise that we will only gather information from you that is adequate and relevant to be used for an explicit and specific purpose.
WHERE DO WE OBTAIN PERSONAL DATA FROM?
When you give it to us directly
We collect personal data about you when you register with us as an applicant to view, buy or rent a home; instruct us to provide you with a sales or lettings valuation or instruct us to sell or let your property. We will also require your personal data when applying for a mortgage, extending your lease, requesting a conveyancing quotation or applying for a job with us. We will collect this information in person, over the telephone, by post, by email or via our websites.
When you give it to us indirectly
We may also obtain information about you from other sources, such as a family member or friend.
We will only contact you through social media sites such as Facebook, Linked In, Instagram or Twitter if your privacy settings give us access to your contact details.
We may also collect information directly from a third party such as a credit reference agency or customer due diligence provider or directly from a third party with your consent such as a bank or building society. We may also receive personal information from websites such as Rightmove and similar.
Any payments you make to us will either be made via a bank transfer or a card payment currently via SagePay whose security policy can be found here at www.sagepay.co.uk/policies/security-policy
HOW DO WE USE YOUR PERSONAL DATA?
We use your personal data in a number of ways depending on your instructions and contact preferences. These may include but not limited to, the following:
1. Regular telephone contact to inform you about any new properties that you may be interested in.
2. Regular telephone contact following a valuation, instruction or to progress a sale or purchase.
3. Regular email contact to inform you or any new properties that you may be interested in.
4. Regular email contact following a valuation, instruction or to progress a sale or purchase.
5. Regular postal contact to inform you about any new properties that you may be interested in.
6. Regular postal contact following a valuation, instruction or to progress a sale or purchase.
7. We use your information to gain a full understanding of your situation so we can develop and offer you the best possible personalised services.
8. We use your information for internal administrative purposes (such as our accounting and records, and to let you know about changes to our services or policies.
9. We may use your personal information to look into, and respond to, complaints, legal claims or other issues.
10. We will use your bank account details to process rent, service charges, contractual fees and marketing costs associated with our services.
WHY WE USE YOUR PERSONAL INFORMATION
Under data protection law, we can only use your personal information if we have a proper reason for doing so, eg:
• to comply with our legal and regulatory obligations
• for the performance of our contract with you to take
steps at your request before entering into a contract
• for our legitimate interests or those of a third party
• where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal information for and our reasons for doing so:
|When you give it to us directly||Our Reasons|
|To provide services to you.||For the performance of our contract with you or to take steps at your request before entering into a contract.|
|To prevent and detect fraud against you or us.||For our legitimate interests or those of a third party, i.e to minimise fraud that could be damaging to us and for you.|
|Conducting checks to identify our customers and verify their identity.Screening for financial and other sanctions or embargoes.Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, eg under health and safety regulation or rules issued by our professional regulator.||To comply with our legal and regulatory obligations.|
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.||To comply with our legal and regulatory obligations.|
|Ensuring business policies are adhered to, eg policies covering security and internet use.||For our legitimate interests or those of a third party, i.e to make sure we are following our own internal procedures so we can deliver the best service to you.|
|Operational reasons, such as improving efficiency, training and quality control.||For our legitimate interests or those of a third party, i.e to be as efficient as we can so we can deliver the best service for you at the best price.|
|Ensuring the confidentiality of commercially sensitive information.||For our legitimate interests or those of a third party, i.e to protect trade secrets and other commercially valuable information.To comply with our legal and regulatory obligations.|
|Preventing unauthorised access and modifications to systems.||For our legitimate interests or those of a third party, i.e to prevent and detect criminal activity that could be damaging for us and to you.To comply with our legal and regulatory obligations.|
|Updating and enhancing customer records.||For the performance of our contract with you or to take steps at your request before entering into a contract.To comply with our legal and regulatory obligations.For our legitimate interests or those of a third party, eg making sure that we can keep in touch with our customers about existing orders and new products.|
|Statutory returns.||To comply with our legal and regulatory obligations.|
|Ensuring safe working practices, staff administration and assessments.||To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, eg to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you.|
|Marketing our services and those of selected third parties to: • existing and former customers • third parties who have previously expressed an interest in our services • third parties with whom we have had no previous dealings||For our legitimate interests or those of a third party, i.e to promote our business to existing and former customers|
|Credit reference checks via external credit reference agencies.||For our legitimate interests or those of a third party, i.e to ensure our customers are likely to be able to pay for our products and services.|
|External audits and quality checks, eg for ISO or Investors in People accreditation and the audit of our accounts.||For our legitimate interests or those of a third party, i.e to maintain our accreditations so we can demonstrate we will operate at the highest standards.To comply with our legal and regulatory obligations.|
We may use your personal information to send you updates
(by email, text message, telephone or post) about our services.
We have a legitimate interest in processing your personal information for promotional purposes (see “Why we use your personal information”). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal information with the utmost respect and never sell or share it with other organisations outside the Acorn group for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
• Contacting us by the methods shown in the paragraphsbelow entitled “How can you ask us to stop using yourpersonal data?”
• Using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
WHO DO WE SHARE YOUR INFORMATION WITH?
We will not share or sell your personal data with any third parties without your consent other than with the following Group businesses.
• Acorn Estate Agents
• Langford Russell Estate Agents
• John Payne Estate Agents
• Start Financial Services
• Start Mortgage Services
• Start Lease Extensions
• Start Inventory Services
• Acorn Property Management
• Acorn Estate Management
• Acorn Land & Commercial
In order to fulfil our obligations under the Money Laundering regulations 2017,we may have to pass your data to a third party to perform Money Laundering checks , currently this work is performed by Lifetime Legal Limited and their
If you ask us to obtain a quotation for conveyancing services or a mortgage we may have to share your information with relevant service providers.
We only share personal information with outside service providers if we are satisfied that they take appropriate measures to protect your personal information. We will carry out a suitable risk assessment on such third parties to ensure this is the case.
It may also be necessary to share your personal data with a number of contractors to fulfil our duties as a managing agent.
We may disclose information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need share some personal information with other parties such as a potential buyer of some or all of our business or during a restructuring. Usually the information will be anonymized but this may not always be possible. The recipient of such data will be bound by confidentiality obligations.
WHERE YOUR PERSONAL INFORMATION IS STORED
Information may be held at the offices of Acorn group companies, third party agencies service providers representatives and agents as described above in paragraph entitled “Who do we share your personal information with?”
You have the following rights, which you can exercise free of charge:
The right to be provided with a copy of your personal information (the right of access).
The right to require us to correct any mistakes in your personal information.
To be forgotten
The right to require us to delete your personal information – in certain situations.
Restriction of processing
The right to require us to restrict processing of your personal information – in certain circumstances, eg if you contest the accuracy of the data.
The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain circumstances.
The right to object:
• at any time to your personal information being processed for direct marketing (including profiling)
• in certain other situations to our continued processing of your personal information, eg processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Informational Commissioner’s Office (ICO) on individuals’ rights under the General Data
HOW CAN YOU ASK US TO STOP USING YOUR
You have the right to withdraw consent for us to contact you at any time by the following methods:
By email: firstname.lastname@example.org
By phone: 020 8315 6929
By post: The Acorn Group, 1 Sherman Road,
Bromley, BR1 3JH
We will endeavour to make sure that your preferences
are updated as soon as possible and within a maximum
of 72 hours.
Withdrawing this consent may limit the services you receive from us and our ability to communicate effectively with you. Your rights will not be affected.
HOW CAN YOU UPDATE OR CORRECT THE PERSONAL DATA THAT WE HAVE HOLD ON YOU?
You can contact us at any time to update the personal details that we have on our database - in fact, that would be a great help to us.
Again, contact us on one of the following methods:
By email: email@example.com
By phone: 020 8315 6929
By post: The Acorn Group, 1 Sherman Road, Bromley, BR1 3JH
We will endeavour to make sure that your preferences are updated as soon as possible and within a maximum of 72 hours.
YOUR RIGHT TO ACCESS THE DATA WE HOLD ON YOU
You will always have control over your personal data. You have the right to request information about the data we hold on you at any time for free. We promise to provide access to that data, free of charge and within 1 month of your request.
You have the right to correct your data and update your preferences at any time. You have the right to have your data erased at any time.
You have a right to ask us to stop processing your personal data at any time. If at any time you wish to withdraw your consent and tell us not to contact you then please contact a member of the Data Compliance team:
By email: firstname.lastname@example.org
By phone: 020 8315 6929
By post: The Acorn Group, 1 Sherman Road, Bromley, BR1 3JH
HOW CAN YOU LODGE A COMPLAINT ABOUT THE WAY IN WHICH THE WE HAVE USED YOUR DATA?
If you have contacted us and you are unhappy with the way in which we have dealt with your query regarding the use of your data then it is within your rights to lodge a complaint with a supervisory authority.
The ICO (Information Commissioner’s Office) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
You can find out more information or report a concern through the ICO website: www.ico.org.uk/concerns/handling/
HOW LONG DO WE KEEP YOUR DATA FOR AND WHO HAS ACCESS TO IT?
Everyone who handles your data has a responsibility to protect it in accordance with the law. Acorn Limited has a comprehensive Computer Use & Data Protection Policy in place to ensure that staff members are aware of the regulations surrounding the use of personal data.
All staff that has access to your data are sufficiently trained and where your data is stored on our encrypted servers, passwords are required for access.
We will keep information for a reasonable amount of time in order to perform the purposes listed above. We only keep your information for as long as necessary. In line with
The Property Ombudsman’s (www.tpos.co.uk) code of practice, we generally keep personal information for 7 years after our last contact with you. However we reserve the right to keep information for longer if we feel that this is in our legitimate interests.
We will not transfer or store your personal details outside of the EU.
WHAT SECURITY IS IN PLACE TO PROTECT THE LOSS, MISUSE OR ALTERATION OF YOUR INFORMATION?
A data breach can be defined as, ‘accidental or unlawful destruction, loss alteration, unauthorised disclosure of,
access to, personal data’.
We have appropriate security measures in place to prevent personal information being accidentally lost or used or accessed unlawfully. We limit access to your information to those who have a business need for it.
In the event of a data breach we will contact the ICO (Information Commissioner’s Office) within 72 hours where we are legally required to do so. The consequences
of the breach will be documented and the appropriate actions will be taken to mitigate the consequences.
We will also notify you without undue delay should the breach poses a high risk to your rights and freedoms.