Currently, data protection is regulated by the Data Protection Act 1998. The new General Data Protection Regulation (GDPR) will come in force on the 25th of May 2018, but this Privacy Notice highlights your privacy rights. This Privacy Notice will be updated from time to time and will be available for review on the Pinnacle Estate website.
Pinnacle Estate (S&L) Ltd, hereinafter referred to “we” or “us” or “Ourselves”.
The Data Protection Officer, 100 Pinner Road, Harrow HA1 4GZ. Email: email@example.com. Telephone: (+44) 020 8863 0098
Use of your personal information
How, when, what and whose personal information we collect
How and why, we use your personal data; and Your privacy rights in general, including how to control your personal data and how you are protected under the new law.
We commit to protect your data and keep it safe and secure, and to provide you with a simple way to have control over, manage and review your marketing preferences at any time you wish.
We will amend this Privacy Notice from time to time in order to comply with the applicable laws and regulations and to meet our changing business requirements. You are advised to periodically review this Privacy Notice for the latest amendments. By continuing to use our website you are bound by all updates and changes made to it.
Your protection under the law
In addition to our commitment to protect your personal data, your privacy is also protected under the law. An explanation on how it works is provided below.
Under GDPR, we are authorised to use your personal data only if we have an appropriate reason for doing so and this may involve sharing it with third parties, if it is based on one or more of the following:
Your unambiguous consent
Our legal duty
Fulfilling our contractual obligations; and/or based on our legitimate interest to do so
Why we collect information from you?
During your interaction with us, we collect different kinds of personal information on you. Below is a list of all the different types of information we collect:
The personal information we collect from you will typically include the following:
Full name and contact details (including your contact number, email and postal address)
Information relating to your identity where we are required by law to collect this in order to comply with the Money Laundering
Regulations - 2017 and the Immigration Act
Information on your close connections where we are required to conduct conflicts of interests under regulatory obligations
Your banking details where required such as where you are letting a property or, where renting, to set up an approved tenancy deposit account for you and arrange for rental payments
Information on any access requirements you have necessary to enable us to find suitable properties for you, which may consist of special category personal data comprising details of any disability or other health information about you
Details about your areas of interest where we wish to send you marketing information about similar products and services
Your communications with us, including a record of the email or telephone correspondence created when you contact us as part of a product or service query
Where we need to collect personal data by law (for example to meet our obligations to prevent fraud and money laundering) or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
How we use your information?
The legal grounds under data protection legislation for processing your personal data are as follows:
It is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you, for us to provide you with our products and services.
You have given us explicit consent to the processing of your personal data for one or more specific purposes, namely 1) where you have given us consent to receive electronic marketing by us and/or 2) to process your Special Category Personal Data described above. You do not need to provide us with marketing consent in order to receive our services.
It is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine this, we shall consider a number of factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you. Our legitimate interests include processing necessary to improve and to promote our services and product and to better understand our customers’ interests and knowledge of the property market and to administer the technical aspects of our service and products.
Where we need to comply with a legal obligation, or in rare circumstances:
Where we need to protect your interests (or someone else's interests); and/or
Where it is needed in the public interest or for official purposes
What we do with your information?
We will hold and use personal information about you in the following ways:
In order to fulfil our obligations to you when providing you with our property services
To share your information with others where necessary to fulfil our property services for you or were acting as agent for a third party on your behalf
To comply with our statutory and regulatory obligations, including [verifying your identity, prevention of fraud and money laundering and to assess your credit worthiness]
Communicate with you during the course of providing our services, for example with your enquiries and requests.
Statistical purposes so we can analyse figures to help us manage our business and plan strategically for the future.
To provide you, or to enable [third parties] to provide you, with information about goods or services we feel may interest you, where you have provided permission for us to do so or, if you are an existing customer only, where we choose to contact you by electronic means (including e-mail or SMS) with information about our own goods and services similar to those which you have already obtained from us or negotiated to obtain from us . For those marketing messages you can unsubscribe at any time.
Track your use of our service including your use of our App in order to improve these
To notify you about changes to our service.
To ensure that content from our site is presented in the most effective manner for you and for your computer.
How long we keep your data
We will retain your personal data for 6 years or different periods depending on the service you have chosen to use us for, which may be a longer period than that for which we need to hold your data to provide those services, i.e where we are under regulatory or statutory duties to hold your data for a longer period or need to retain it in the event of a legal claim or complaint. For incomplete applications, personal information will be deleted after 6 months.
Who your information will be shared with
We will pass your details to the following organisations (our “data processors”) who carry out certain activities on our behalf as part of our providing our services: e.g., Property Management Agents, Credit Reference Check Agencies, Fraud Prevention Agencies.
How to access your personal information
You have the right to access the personal information we hold about you and request details of the third parties with whom we have shared your information by emailing us on firstname.lastname@example.org or writing to us at this address: Pinnacle estate, 100 pinner road, Harrow, HA1 4GZ. This is sometimes called “Subject Access Request”. If we agree that we are obliged to provide personal information to you, we will provide it to you free of charge and respond to your request data within 30 days. If we cannot, we will inform you and respond within a further 60 days. Before providing the personal information to you, we may request for proof of your identity and verification of address.
Right of Erasure of your data
You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where you have withdrawn consent for us to process it (as explained below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
How you can withdraw your consent
You have the right at any time to withdraw any consent you have given us to process your personal data. Please note if you withdraw your consent, it will not affect the lawfulness of any processing of your personal data we have carried out before you withdrew your consent. Should you wish to do so you can change your consent preferences by emailing us at email@example.com, via phone on 020 8863 0098 or write to Pinnacle, 100 pinner road, Harrow, HA1 4GZ to our offices.
We may make automated decisions based on personal information we hold about yourself. Automated decisions assist us in making decisions which can affect the products, services and pricing.
(i) Approving Credit
We use an automated system to run your application through our initial criteria to determine if we are able to do business with you. Your application will either be accepted or rejected based on the credit search with credit referencing agency.
(ii) Prevention of Money Laundering
We may use personal information to (i) verify your identity to undertake checks for the prevention and detection of crime, fraud and/or money laundering, we will report our suspicion to the National Crime Agency as required by law.
(v) Your rights over automated decision
Under GDPR, you have rights to request that our initial decision to accept or reject your application is not based on the automated decision only or you can object to the latter or request for the decision to be reviewed.
Please contact us on firstname.lastname@example.org if you wish to have more information about these rights.
We will also pass your details where necessary to your property solicitors and those of the other party to your transaction. We will also disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
If our company or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We will not share your information with third parties for marketing purposes without first obtaining your prior consent.
Security of your data
Your data will be held on secure servers within the European Economic Area ("EEA") with all reasonable technological and operation measures put in place to safeguard it from unauthorised access. Where possible any identifiable information will be encrypted or minimised.
As part of our application process, we will need to confirm your identity linked financial associates and therefore exchange your personal information with CRAs in order for them to assist.
Both ourselves and the CRAs can only use your personal information if we have a proper reason to do so, such as to obey the law or where we rely on legitimate interest, and it should not unfairly go against what is best for you. The following information will be shared with the CRAs:
Date of birth;
Contact details, such as email addresses and phone numbers;
Financial data such as the bank account details;
Data that identifies computers or other devices you use to connect the internet such as the Internet Protocol (IP) address.
Information from the CRAs will help us conduct the following:
Confirm identities and residential address;
Help prevent crime, fraud and money-laundering;
Fulfil any contracts you or your business has with us;
Checking details on prospective candidates and employees as part of their employment; and
Trace your whereabouts.
Where we suspect fraud or money laundering, the CRA and us may share your personal information with law enforcement agencies.
As far as fraud and money laundering prevention is concerned, we shall keep your data as for as long as we exist. However, the CRAs may keep them for a different length of time.
We may submit the information you provide to us through our automated system that will identify fraud patterns and indicate unusual activities for you. Either of these could indicate a possible risk of fraud or money-laundering and where that is the case, we will reject your application and report it to the National Crime Agency accordingly. We and the CRAs may keep a record of the risk you or your business pose to our business.
Telling us your personal information is incorrect
You have the right to request us to amend or remove incorrect or incomplete information we hold about you. You can email us on email@example.com or write to us at this address: Pinnacle estate, 100 Pinner Road, Harrow, HA1 4GZ.
If you do, we will comply promptly with your request within 30 days and let you know we have done so. However, where we are not obliged to comply with your request, we will inform you of the reasons behind our decision.
How to stop or object to us using your date?
You can ask us to suspend the way in which we are using your information in certain scenarios, or object to our processing your data where we are relying on a legitimate interest ground (or those of a third party) and you feel it impacts on your fundamental rights and freedoms, or where we are processing your personal data for direct marketing purposes. In some cases where you object, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Please note that if you want us to restrict or stop processing your data this may impact on our ability to provide our services. Depending on the extent of your request we may be unable to continue providing you with our service.
Any queries or concerns about the way in which your data is being used can be sent by emailing us at firstname.lastname@example.org, via phone on 020 8863 0098 or at our offices
Moving your information to another organisation
In the event that we process your data by automated means where you have either provided us with consent for us to use your information or where we used the information to perform a contract with you, you have the right to request that we send to you or to another organisation, a copy of the personal data we hold about you, for example when you are dealing with a different service provider. If you would like us to move, copy, or transfer your information please let us know by email to email@example.com. We will respond to you within one month after assessing whether or not this is possible, taking into account the technical compatibility with the other organisation in question.
Please let us know if you are unhappy with how we have used your personal information. You can email us on firstname.lastname@example.org You also have the right to complain to the Information Commissioner’s Office. Further details can be found at www.ico.org.uk or 0303 123 1113.
For your convenience, hyperlinks may be posted on the Websites that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Notice does not apply to, the privacy practices of any Linked Sites or of any complaints that we do not own or control. Linked Sites may collect information in addition to those we collect on our websites and therefore we do not endorse any of these Linked Sites nor the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the Privacy Notice of each Linked Site that you visit to understand how the information that is collected about you is used and protected.