How your personal information is used.
Your information will be held electronically by Purple Hat Consulting LLP.
Purple Hat is committed to safeguarding the privacy of personal data and complying with the European General Data Protection Regulation (2016/679) and the UK Data Protection Bill 2017 and any future changes in data protection legislation with which Purple Hat will be required to comply.
When selling, purchasing or renting a property (including project management services) through our company we process your personal data such as name, address, contact details, email address, financial information and passport amongst other things. Processing of this data implies collecting, storing, using or disclosing your personal data.
- Ways we use your Personal Data
- Definitions of Personal Data types
- Collecting Personal Data
- Using Personal Data
- Fraud Protection Agencies (FPAs)
- Disclosing Personal Data
- Retaining Personal Data
- Securing Personal Data
- Sharing Personal Data
- International Data Transfer
- Data Subject Rights
- Updates / Amendments
- Third Party Websites
- Consents (“Opt-in”)
- Withdrawal of Consent (“Opt-out”)
- Our Details
3. Ways we use your Personal Data
We’ll process your personal data:
a) as necessary to perform and fulfil our contracts with you:
- to take steps at your request prior to entering into it;
- to exercise rights set out in agreements or contracts;
- to deliver our products and services;
- to update our records;
- to make and manage customer payments;
- to manage fees and charges due on customer transactions;
- to collect and recover money that is owed to us.
b) as necessary to comply with legal obligation, e.g.:
- when you exercise your rights under data protection law and make requests;
- for compliance and to obey laws and regulations that apply to us;
- to verify your identity, make credit, fraud prevention and anti-money laundering checks;
- to manage risk for us and our customers;
- to detect, investigate, report and seek to prevent financial crime;
- to run our business in an efficient and proper way;
- to manage how we work with other companies that provide products and services to us and our customers.
c) as necessary for our own legitimate interests, or those or other persons and organisations, e.g.:
- for good governance, accounting and managing and auditing our business operations;
- to respond to complaints and seek to resolve them;
- to run our business in an efficient and proper way;
- to develop and manage our products and services;
- to manage how we work with other companies that provide products and services to us and our customers;
- to monitor emails, calls, other communications and activities with reference to your contract;
- to provide advice or guidance about related products and services.
d) based on your consent, e.g.:
- to manage our relationship with you;
- to develop new ways to meet our customers’ needs and to grow our business;
- to develop and carry out marketing activities;
- to provide advice or guidance about related products and services.
You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.
4. Definitions of Personal Data types
We use various kinds of personal information, and group them together like this.
|Type of Personal Information||Description|
|Contact||Where you live and how to contact you.|
|Consent||Any permissions, consent or preferences that you give us, including how you would like us to contact you.|
|Financial||Your financial position, status and history.|
|Contractual||Details about the products and services we provide to you.|
|Behavioural||Details about how you use our products and services.|
|Communications||What we learn about you from conversations, emails and letters between us.|
|Social Relationships||Your family, friends and other relationships.|
|Open Data and Public Records||Details about you that are in public records such as the Electoral Register and information about you that is openly available on the internet.|
|Usage Data||Other data about how you use our products and services.|
|Documentary Data||Details about you that are stored in documents in different formats, including copies. This could include things like your passport, drivers licence, birth certificate, bank statements or utility bill.|
|Socio-demographic||This includes details about your work or profession, nationality, education and where you fit into general social or income groups.|
|National Identifier||A number or code given to you by a government to identify who you are, such as a National Insurance number or Passport Number.|
5. Collecting Personal Data
We may collect and store the following kinds of personal data:
- Information that you provided to us when applying through our website, during viewings, visits to offices, in emails or by telephone.
- Information contained in or relating to any communication that you send to us through our website, email, in writing, using Live Chat or by telephone.
- Information that you provide to us for the purpose of subscribing to our marketing communications.
- Information that you provide to us when using any services we provide, or that is generated during the use of those services.
- Information that you provide as part of electronically signing agreements with us.
- Information that you provide in performing anti-money laundering, financial and credit checks as well as for fraud and crime prevention and detection purposes.
- Information related to the security and access of our systems and applications.
- Information to help us comply with our legal and regulatory obligations, including reporting to and being audited by regulators and external auditors.
- Information to help us comply with court orders and to exercise and defend our legal rights.
- Any other personal information that may be sent to us and which we use for legitimate business purposes.
- Information shared as part of our competitions or promotions.
Data from third parties we work with:
- Companies that introduce you to us (property portals for example)
- Financial Advisors
- Comparison websites
- Social networks
We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform the services needed to progress the sale, purchase or letting of a property.
Any data collection that is optional would be made clear at the point of collection.
6. Using Personal Data
We may use your personal information to:
- Enable your use of any services that we may provide through our websites or third-party websites.
- Provide you with our products and services.
- Send statements, invoices and payment reminders to you, your lawyers who you use for conveyancing, or to collect payments from you.
- Send you marketing communications.
- Deal with enquiries and complaints.
- Perform money laundering, financial and credit checks.
- Use tracing services to obtain onward contact details and collect any unpaid debts for any default by you.
- Ensure appropriate access to systems and applications.
- Comply with our legal and regulatory obligations.
7. Fraud Prevention Agencies (FPAs)
We may need to confirm your identity before we provide products or services to you or your business. Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use Fraud Prevention Agencies to help us with this.
Both we and fraud prevention agencies can only use your personal information if we have a proper reason to do so. It must be needed for either of us to obey the law, or for a ‘legitimate interest’.
8. Disclosing Personal Data
- Across our business as part of a need to know or as part of improving our existing products and services or as part of providing new services.
- To third parties who process personal data on our behalf.
- To third parties’ who process personal data on their own behalf but provide us, or you, with a service on our behalf.
- To third parties’ with whom information is shared for anti-money laundering checks, credit risk reduction, debt collection and other fraud and crime prevention purposes.
- To any regulator, external auditor or applicable body or court where we are required to do so by law or regulation or as part of any investigation.
- To any central or local government department and other statutory or public bodies, such as HMRC.
- If the law or a public authority says we must share the personal data;
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud or reducing credit risk);
- To any other successors in title to our business;
We do not sell, rent or trade any of your personal data.
We will not, without your consent, disclose or supply your personal data to any third party for the purpose of their or any other third party’s direct marketing.
9. Retaining Personal Data
The following criteria are used to determine data retention periods for your personal data (whether or not you become a customer):
- Retention in case of queries – we will retain your personal data as long as necessary to deal with your queries (e.g. if your potential transaction is unsuccessful);
- Retention in case of claims – we will retain your personal data for as long as you might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements – we will retain your personal data after your contract or service with us has come to an end based on legal and regulatory requirements.
10. Securing Personal Data
Where Purple Hat acts as the controller of personal data, it will ensure that necessary and adequate safeguards (e.g. encryption) are in place to prevent unauthorised access, loss, misuse or alteration of your personal data.
Where data is stored electronically we store all personal information on secure servers with relevant access and firewall controls.
Where data is stored on paper or forms all personal data is locked away when not in use and disposed of securely after use either using document shredders or third-party disposal organisations who have been contracted to dispose of documents appropriately.
Any personal data sent to us, either in writing or email, may be insecure in transit and we cannot guarantee its delivery.
Where you use a Password to access any service provided by Purple Hat this must be kept confidential and not disclosed to anyone else. Purple Hat does not ask you for your password.
11. Sharing Personal Data
To provide the services to you we may share the personal data that you supply with several third parties to:
- provide us with property management software.
- undertake the electronic digital signing of agreements.
- provide lettings related referencing and insurance products.
- provide us with data storage.
- provide us with financial software services.
- provide us with lettings related property visit and inventory services.
- provide us with email processing services.
- provide banking services to collect and make payments.
- provide deposit protection to tenancy deposits
- provide legal, accounting services.
- notify utility companies and local authorities of tenancy responsibilities.
Unless otherwise defined under section 12 all personal data shared with third parties is stored and processed in the UK or EU.
12. International Data Transfers
Personal data that we collect, is predominantly stored and processed in the UK, but for specific services may be transferred, stored, processed outside of the EU (designated under GDPR as “Third Countries”).
As part of providing our services to You under an agency agreement we will use third party data processors from Third Countries as outlined below:
- Docusign Inc which is based in USA.
- Dropbox Inc whose services are based in USA
- Google, Inc whose services are based in USA.
Purple Hat has agreed contractual agreements with these third-party data processors to safeguard your personal data as required by GDPR when transfers are undertaken to Third Countries. If You wish to know more about the safeguards that are in place, please contact Purple Hat as outlined in Section 20.
You expressly consent to the transfers of personal data described in this section for the purposes stated.
13. Log Files and Statistics
Purple Hat may use IP addresses, URLs of requested resources, timestamps and HTTP user agents to administer the system, analyse trends and gather broad demographic information for aggregate use.
In addition to this we may use third party services to monitor your use of our website, including Google Analytics, a web analytics service provided by Google, Inc (‘Google’). This information allows us to track how many visitors we have, how often they visit and where they originated from. It also gives the ability to gather which terms were used when searching for properties.
14. Data Subject Rights
Your rights are as follows (noting that these rights don’t apply in all circumstances):
- The right to be informed about our processing of your personal data;
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
- The right to object to processing of personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data (“data portability”); and
- Rights in relation to automated decision making including profiling.
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: www.ico.org.uk
For more details on all the above You can contact our Data Protection Office (DPO) using the details in Section 20.
15. Updates / Amendments
16. Third Party Websites
17. Consents (“Opt-in”)
Your personal data is provided for the purpose of selling or purchasing a property, letting or being a tenant of a property, project management services as agreed under the terms of an Agreement between you and us.
However, Purple Hat would like to support you throughout the entire process of selling or letting your property by offering you additional relevant and related services, and keep you informed about all Purple Hat services (marketing) which You can elect to, or decline from, receiving.
18. Withdrawal of Consent (“Opt-out”)
You have the right, at any time, to ask us not to process your personal data for marketing purposes and any additional services that you have consented to receive.
You can opt-out of receiving any of these services and communications simply by clicking the unsubscribe link on any emails You receive or contacting our office.
Please note it can take up to one calendar month for a request to be fulfilled for general Purple Hat communications because of pre-planned or ongoing activity.
19. Data Protection Registration
We are registered as a data controller with the UK Information Commissioner’s Office and our data protection registration number is ZA177120.
20. Our Details
Company Name: Purple Hat Consulting LLP
Data Protection Officer: Ruth Phillips
Company Registration: OC 378970
Address: 5 Mayfield Gardens, Brentwood, CM14 4UJ
Telephone Number: 0333 123 4766
Email address: firstname.lastname@example.org
Date: 25th May 2018
For your property or a prospective investment. The report includes:
- Preparation for letting
- Maximising your investment
- Current market intelligence on your area.
- Tenant profile for your property.