Pendefords are committed to protecting and respecting your privacy.
This policy together with our ‘Terms and Conditions‘ sets out the privacy practices for Pendefords. In this policy we state how we process personal data collected about you (collected via your interactions with our online content, such as contact forms and tools, and/or provided directly by you).
Our website and services may contain links to other independent websites. These sites may ask you to provide information to them. Please be aware that such requests and information provided is not under our control, and we are not responsible for the privacy practices of those other sites. We encourage you to be aware when you leave our website (pendefords.co.uk) to read the privacy statement of each and every website that you enter.
For the purpose of the Data Protection Act 1998 and General Data Protection Regulation EU 2016/679, the data controller is Pendefords Ltd, a company registered in England under the company number 11765006, whose registered address is Pendeford House, Chapel Lane, Coltishall, Norwich, NR12 7DR.
Pendefords may change this policy from time to time by updating this page. You should check this page from time to time to ensure you are happy with any changes.
What Type of Information Do We Collect About You?
When you access our website (https://pendefords.co.uk) and/or register your interest in the use of our services, Pendefords and any other third-parties who host, maintain or support our delivery of services may collect personal and technical information about you.
The personal information we collect from you will typically include the following:
- Full name and contact details (including your date of birth, contact number, email and postal address).
- Any phone number or email used to get in touch with our customer services and/or offices.
- Information relating to your identity where we are required by law to collect this to comply with the Money Laundering Regulations 2017 and the Immigration Act (such as passport and/or driving license).
- Information on your close connections where we are required to conduct conflicts of interests under regulatory obligations.
- Information on any access requirements you have necessary to enable us to find suitable properties for you, which may consist of special category personal data comprising details of any disability or other health information about you.
- Details about your areas of interest where we wish to send you marketing information about similar products and/or services.
- Communication history between you and our company, including a record of the email, telephone and postal correspondence created a) when you contact us as part of a product or service query, b) during the contractual period of the delivery of services.
- Internet Protocol (IP) address used to connect your device to the Internet.
- URL clickstream to and from our site (including date and time).
- Device operating system and platform.
- Device location data (if function is not disabled on your device).
- Browser and plugin types and versions.
- Time zone settings.
- Pages and/or products viewed and/or searched for.
- Time spent on certain page and page interaction information (such as scrolling, clicks and mouse-overs).
- Methods used to land and exit from the website and/or page.
- Page response times
- Download errors.
Where we need to collect personal data by law (for example, to meet our obligations to prevent fraud and money laundering) or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to a) perform the existing contract and/or services as requested, b) enter in a contract and/or services as requested. In this case, we may have to cancel a contract or service you have with us, but we will notify you if this is the case at the time.
On What Basis Can We Process Your Information?
The legal grounds under data protection legislation for processing your personal data are as follows:
- It is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you, for us to provide you with our products and services;
- You have given us explicit consent to the processing of your personal data for one or more specific purposes, namely 1) where you have given us consent to receive electronic marketing by us and/or 2) to process your Special Category Personal Data described above. You do not need to provide us with marketing consent in order to receive our services;
- It is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine this, we shall consider a number of factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you. Our legitimate interests include processing necessary to improve and to promote our services and product and to better understand our customers’ interests and knowledge of the property market and to administer the technical aspects of our service and products;
- Where we need to comply with a legal obligation; or in rare circumstances;
- Where we need to protect your interests (or someone else’s interests); and/or
- Where it is needed in the public interest or for official purposes.
What Are We Going To Do With Your Information?
We will hold and use personal information about you in the following ways:
- To fulfil our obligations to you when providing you with our property services;
- To share your information with others where necessary to fulfil our property services for you or where acting as agent for a third party on your behalf;
- To comply with our statutory and regulatory obligations, including verifying your identity, prevention of fraud and money laundering;
- Communicate with you during the course of providing our services, for example with your enquiries and requests;
- Statistical purposes so we can analyse figures to help us manage our business and plan strategically for the future;
- To provide you, or to enable third parties to provide you, with information about goods or services we feel may interest you: where you have provided permission for us to do so or, if you are an existing customer where we choose to contact you by electronic means (including newsletter and email) with information about our own goods and services similar to those which you have already obtained from us or negotiated to obtain from us (for those marketing messages you can unsubscribe at any time);
- Track your use of our service, including your navigation of our website in order to improve the website performance and user experience;
- To ensure that content from our website is presented in the most effective manner for you and for your device;
- To notify you about changes to our service.
How Long Do We Keep Your Data For?
We will retain your personal data for different periods depending on the service you have chosen to use us for, which may be a longer period than that for which we need to hold your data to provide those services, i.e. where we are under regulatory or statutory duties to hold your data for a longer period or need to retain it in the event of a legal claim or complaint.
Who Do We Share Your Information With?
We will pass your details to the following organisations (our “data processors”) who carry out certain activities on our behalf as part of us providing our services: payment service providers, credit reference and fraud prevention agencies, cloud computing host providers, technical support service providers, advertising networks services, email marketing services, financial services, business partners, sub-contractors, services, etc.
We will also pass your details where necessary to your property solicitors and those of the other party to your transaction. We will also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If our company or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We will not share your information with third parties for marketing purposes without first obtaining your prior consent.
We are committed to ensuring that your information is secure. Your data is held on secure servers within the European Economic Area (“EEA”) with all the necessary technological and operation measures put in place to safeguard it from unauthorised access. Where possible any identifiable information will be encrypted or minimised.
Whereas cases of your data being held out of the EEA, we have taken all the necessary steps to ensure that the data processor is aware of the General Data Protection Regulation EU 2016/679 to ensure compliance with our obligations under these regulations, to keep personal data up to date and secure.
All information collected via our website is stored and encrypted (using SSL technology) on secure servers. We regularly check our website’s performance and security, to prevent any downfalls which may put at risk the website’s security and data collected. If you have any reasons to believe that our website is not performing at its best in securing your data, please get in touch via firstname.lastname@example.org
The data that we collect from you may be stored and processed by staff operating inside and outside the EEA, who work for us and one of our suppliers. Such staff may be engaged in the fulfilment of the contract and/or services to you. Pendefords has taken all the necessary steps to ensure that your data is treated securely and in accordance with this policy and the General Data Protection Regulation EU 2016/679.
How to access and update your information?
You have a right to request a copy of the personal information we hold about you, known as a data subject access request. You also have the right to request that information we hold about you which may be incorrect, or which has been changed since you first told us, to be updated or removed. These requests are free of charge and can be sent to The Data Controller, Pendefords Ltd, Pendeford House, Chapel Lane, Coltishall, Norwich, NR12 7DR.
How to request erasure of your data
You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where you have withdrawn consent for us to process it (as explained below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
How to withdraw your consent
You have the right at any time to withdraw any consent you have given us to process your personal data. Please note if you withdraw your consent it will not affect the lawfulness of any processing of your personal data we have carried out before you withdrew your consent. Should you wish to do so you can change your consent preferences at any time by contacting us at email@example.com or on 01603 334433.
How to restrict or object us using your data?
You can ask us to suspend the way in which we are using your information in certain scenarios, or object to our processing your data where we are relying on a legitimate interest ground (or those of a third party) and you feel it impacts on your fundamental rights and freedoms, or where we are processing your personal data for direct marketing purposes. In some cases where you object, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Please note that if you want us to restrict or stop processing your data this may impact on our ability to provide our services. Depending on the extent of your request we may be unable to continue providing you with our service.
Any queries or concerns about the way in which your data is being used can be sent to The Data Controller, Pendefords Ltd, Pendeford House, Chapel Lane, Coltishall, Norwich, NR12 7DR.
Moving your information to another organisation
In the event that we process your data by automated means where you have either provided us with consent for us to use your information or where we used the information to perform a contract with you, you have the right to request that we send to you or to another organisation, a copy of the personal data we hold about you, for example when you are dealing with a different service provider. If you would like us to move, copy, or transfer your information please let us know by email to firstname.lastname@example.org. We will respond to you within one month after assessing whether this is possible, taking into account the technical compatibility with the other organisation in question.
Complaints about the use of your personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by writing to The Data Controller, Pendefords Ltd, Pendeford House, Chapel Lane, Coltishall, Norwich, NR12 7DR.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the UK data protection regulator, the Information Commissioner’s Office. Further details can be found at www.ico.org.uk or 0303 123 1113.