GREY WALL PROPERTY LIMITED 16 South Quay, Kings Road, Swansea, SA1 8AH The General Data Protection Regulation (or GDPR for short) is a positive step towards you having more control over how your data is used and how you are contacted by us.
If you are an individual, the rights you have under the GDPR include the following:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
The changes introduced by the Regulation in 2018 will also help to better protect your Personal Data. We have therefore updated our privacy notice to reflect these changes.
We use your personal data to help us provide an excellent client service, which includes tailoring the information we share with you to help ensure that it’s relevant, useful and timely.
We will respect your privacy and work hard to ensure we meet strict regulatory requirements.
We will not sell your personal data to third parties.
We will provide you with easy ways to manage and review your marketing choices if you receive direct marketing communications from us.
Due to the nature of our work we already have strict rules of confidentiality in place. It is therefore already part of the fabric and culture of our company to keep your information private and secure.
We would ask you to help us keep your data secure by carefully following any guidance and instructions we give e.g. communicating bank account details and transferring funds to us if relevant.
We are sometimes obliged to share your Personal Data with external authorities without notifying you e.g. as required by the Anti-Money Laundering & Counter Terrorist Financing Act 2017. In all other cases, we will be transparent, and we will explain to you why we are requesting your data and how we are using it.
Lawful Bases for Processing your Data
We are allowed to use personal information only if we have a proper and lawful reason to do so. This includes sharing it with others outside the firm e.g. an auditor of a relevant quality standard.
The GDPR says we must have one or more of these reasons:
- Contract: the processing is necessary for a contract we have with an individual, or because they have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
- Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
A legitimate interest is when we have a business or commercial reason to use your information.
Here is a list of all the ways that we may use your personal data, and which of the reasons we rely on to do so.
|Use of your Personal Data||Our reason/justification for processing||Legitimate Business Interest|
|Opening, progressing, closing, archiving and storing a file||Fulfilling your instructions (the retainer)|
Complying with regulations and the law
|Direct marketing to you||Keeping our records up-to-date, working out which of our products and services may interest you and telling you about them|
Providing information on changes in the law and inviting you to contact us for advice
|Keeping accounts systems up-to-date|
Complying with HMRC Rules & Regulations and other regulations
Effective and efficient management of a sustainable business
|To detect, investigate, report, and seek to prevent financial crime.||Developing and improving how we deal with financial crime including suspected money laundering as well as complying with our legal obligations in this respect|
Complying with regulations that apply to us.
Being efficient about how we fulfil our legal and contractual duties.
|To run our business in an efficient and proper way. This includes managing our financial stability, business capability, planning, communications, corporate governance, and audit.|
|Complying with the HMRC and other regulations that apply to us|
Being effective and efficient about how we run our business
To allow external consultants, advisers and auditors to inspect files
|To exercise our rights and comply with obligations set out in agreements or contracts|
|Complying with contractual requirements|
We have an appropriate written policy explaining our security procedures, and data retention periods and we are required to retain this policy document and produce it to the Information Commissioner on request. Our policy is set out in the company’s Information Management & Security Policy.
We are registered with the Information Commissioner’s Office (ICO) for Data Protection with ICO number ZA772463
Types of Personal Data we process
|Type of Personal Information||Description|
|Financial||Your Bank account details and your financial status and information|
|Contact Information||Where you live and how to contact you|
|Socio-Demographic||This includes details about your work or profession, nationality etc.|
|Transactional||Details about payments to and from your bank accounts|
|Contractual||Details about the products or services we provide to you|
|Behavioural||Details about how you use our services|
|Communications||What we learn about you from letters, emails, and conversations between us|
|Social Relationships||Your family, friends and other relationships|
|Open Data and Public Records||Details about you that are in public records such as the Land Registry, and information about you that is openly available on the internet|
|Documentary Data||Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence, or birth certificate|
|Consents||Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you.|
|National Identifier||A number or code given to you by a government to identify who you are, such as a National Insurance Number|
Sources of Data
We collect personal data from various sources:
|Data you give us when you instruct us to advise you or act for you||You||To enable us to decide whether to accept your instructions and to progress your transaction|
|Data you give us by letter/phone/email and other documents||You||To enable us to decide whether to accept your instructions and to progress your matter|
|Data you give us when you visit our website, via a messaging service or social media||You||To enable us to deal with your query or request and to contact you if appropriate|
|Data you give us during interviews||You||To enable us to advise and represent you and to communicate with third parties on your behalf|
|Data you give us in client surveys||You||To enable us to improve our services and respond to any expressions of dissatisfaction|
|Data provided to us by referrers and introducers||Referrers||To enable us to contact you and to enable us to decide whether to accept your instructions|
|Fraud Prevention agencies||Agency||To enable us to comply with the law and regulations and carry out client due diligence checks|
|Solicitors||Solicitor Firms||As part of an exchange of information to enable us to progress the matter and advise you|
|Public Bodies||Public Body such as HMRC, HM Treasury, Local Authority, Land Registry, Land Charges Registry, Probate Registry, Legal Aid Agency, Police, CPS, Courts Service and other government departments||To enable us to advise you and progress your matter.|
To prevent fraud and money laundering
Who we share your Data with
Subject our commitment to confidentiality, we may share your personal information with:
- Lawyers or other organisations
- Experts we instruct
- Your Personal Representatives or Attorneys
- Estate Agents, IFAs, Referrers, etc
- Organisations that we introduce you to.
- HM Revenue and Customs
- The government both Central and Devolved
- Fraud Prevention Agencies including the National Crime Agency
- ID checking organisations
We do not use automated decision-making systems. All decisions relating to you and your matter are made by a person.
Personal Data we use
We typically will use the following types of personal data:
- Your Name
- Date of Birth
- Home address
- Contact details such as phone numbers and email addresses
- Bank details and account information
- Employment details
- Data that identifies you by cookies when you use our website
Sending Data outside the European Economic Area (EEA)
Unless you instruct us in a matter or case that involves an international element, we do not normally send your personal data outside the EEA. If we do, then we will seek your consent to do so, explain the risks to you and talk to you about potential safeguards depending on the country involved.
Your refusal to provide Personal Data requested
If you refuse to provide the information requested, then it may cause delay and we may be unable to continue to act for you or complete your transaction or work.
We may from time to time send you letters or emails about changes in the law and suggestions about actions that you might consider taking in the light of that information e.g. reviewing your will. We will send you this marketing information either because you have consented to receive it or because we have a “legitimate interest”.
You have the right to object and to ask us to stop sending you marketing information by contacting us at any time. You can of course change your mind and ask us to send the information again.
How long we keep your personal information
We are legally obliged to keep certain information for at least 5 years and typically store your file for 6 years before destroying it.
We will keep your name and personal contact details on our database until you tell us that you would like them removed.
How to get a copy of your Personal Information
If you wish to access your personal data then write to:
Data Protection Supervisor
Grey Wall Property Limited,
16 South Quay, Kings Road, Swansea, SA1 8AH
Telling us if your Personal Information is incorrect (The right to rectification)
If you think any information we have about you is incomplete or wrong, then you have the right to ask us to correct it. Please contact us as above.
As mentioned above you also have other rights, namely
- The right to erasure
- The right to restrict processing
- The right to data portability
You have the right to ask us to delete (erase) or stop us using your data if there is no longer any need for us to keep it (e.g. under a legal obligation).
In terms of data portability if your file/information is in electronic format we will take reasonable steps to export the file to a “portable format” where possible. As many different IT systems are in use, we cannot guarantee that we can provide data in a compatible format.
How to Complain
If you are unhappy about how we are using your Personal Data then you can complain to us using the contact information above.
You also have the right to complain to the Information Commissioner’s Office (ICO). Further details on how to raise a concern with the ICO can be found on the ICO’s website: https://ico.org.uk/concerns
Updating this Notice
We will, from time to time, update this Privacy Notice to reflect emerging ICO and Working Party 29 guidance, requirements of the new Data Protection Act and any other relevant changes in the law or regulations. We will also seek to learn from any published cases of Data Protection breaches.