Who Are We?
We are David Carver Associates Ltd., Chartered Surveyors. Our address is 16, Rodney Road, New Malden, Surrey, KT3 5AB. You may contact us at this address by post, by email at firstname.lastname@example.org or by telephone on 020 8605 0081.
This privacy statement provides data about the data we collect from you, when you contact us via our website or by telephone, email, etc. In collecting this data, according to the General Data Protection Regulations (GDPR), we are acting as a data controller and by law, we are required to provide you with information about us, about why and how we use your data and about the rights you have over your data.
This policy is intended to inform you how and why David Carver Associates uses personal data from clients and other members of the public, in accordance with the GDPR. When we refer to “we” or “us” in this policy we are referring to David Carver Associates Ltd.
What Personal Data do we Collect from Clients?
We will collect some personal data when you instruct us to undertake surveying services. This will include:
- Your name.
- Your address.
- Your telephone numbers.
- Your email address.
- The address of the property you are interested in buying.
- The reason for your property purchase (whether it is for use as a home or as a rental investment).
We have no need to collect (and will not collect or store) special categories of personal data about you (for example, data about health, ethnic origin, religious or philosophical beliefs, etc.).
Why Do We Collect Data?
We collect data so that we may:
- Communicate with you.
- Establish your requirements.
- Provide you with a quotation for professional services.
- Carry out your instructions.
- Occasionally, make contact with clients following the completion of professional services, to confirm that you were satisfied with the work undertaken.
Any data that you supply will be stored securely and will only be used to deliver information to you, based on your stated requirements.
What Data Do We Collect From People Who Contact Us Via Social Media?
We will not collect or share your personal data via social media.
What Personal Data Do We Collect from Visitors to Our Website?
If you would like a quotation for professional services, you may request one via the contact form on our website. By doing so, you will voluntarily supply your data, which will enable us to respond to your request. This data may include your name, email address, telephone number and details of the property that you wish to purchase. Once this data has been passed to ourselves by email, it will not be retained on the website servers. Thereafter, if you decide not to use our professional services, your data will not be used for any further purpose and will be securely deleted from our internal systems within 28 days.
Linking to Other Sites
Like many other websites, ours uses “cookie” technology. A “cookie” is an element of data that a website can send to your browser. It is not a computer program and has no ability to read data on your computer or instruct your computer to perform a function. On our website, cookies are not used to collect personal data but they may be used to aid the functionality of the website. Most browsers provide a simple procedure that will enable you to control whether you want to receive cookies or not. For further instructions on how to stop cookies being installed on your browser, please see: www.allaboutcookies.org/managecookies
We use a third party, UK-based data processor, Rackspace, to host our website and to help maintain its security and performance.
How We Use Your Data
We only ever use your personal data if we are satisfied that it is lawful and fair to do so because:
- You have given your consent to us using your data for the specific purposes described in this privacy notice.
- It is necessary, to enable us to undertake professional services on your behalf or to provide data about or a quotation for our professional services.
- We need to comply with a legal or regulatory obligation.
Sharing Your Data
Your personal data will not be used for marketing purposes and we will never sell or share it with third parties who might use it for their own purposes, including marketing.
We will not disclose any data you provide to any third parties except:
- Where you have given us consent to share the data.
- Where data is passed to our third party service providers (or ‘third party data processors’, according to GDPR), who provide operational and technical support in order to make the delivery of our services more efficient. A list of our third party service providers can be provided to you upon request.
- Ø If we are under a legal or regulatory duty to disclose or share your personal data (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime or in relation to audits, enquiries or investigations by our regulatory body, RICS).
- In order to enforce any terms and conditions or agreements between us
- As part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation (we will always notify you in advance and we will aim to ensure that your privacy rights will continue to be protected).
- Where this is required to protect our rights, property and safety, or the rights, property and safety of others (this includes exchanging information with our insurers, other companies, organisations and regulators).
Data Security & Retention
We have appropriate security measures in place, to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We hold data electronically in our on-site file servers. Our IT infrastructure is protected using firewalls, internet security and by anti-malware software. We also use off-site, third party back-up servers in secure locations. We encrypt data leaving the firm by email, using an industry standard encryption method that encrypts the data in transit. The transmission of data via the internet is never completely secure, however. Whilst we will do our best to protect your personal data, we cannot guarantee the security of your electronic data transmitted to us and any transmission is at your own risk.
We will hold the data for as long as required by law, by our professional indemnity insurers or our regulatory body, RICS. Our default retention period for personal data is fifteen years from the conclusion of your instructions to us. This retention period may be extended or reduced, if we deem it necessary (for example, to defend legal proceedings or if there is an on-going investigation relating to the data). When necessary, we will dispose of or delete your data securely.
We ensure that our employees, agents and contractors are aware of their privacy and data security obligations and we take reasonable steps to ensure that employees of third parties, working on our behalf are aware of their privacy and data security obligations.
We may give third parties access to the personal data we hold about you in order to comply with our regulatory obligations (for example, our Regulator, RICS, or our professional indemnity insurers).
If you send a complaint to us, we will use the personal data you provide (for example, your name and the name(s) of any other individuals involved) to process your complaint and to respond. Where we consider it necessary or appropriate, we will share this data with third parties such as RICS and/or our professional indemnity insurers.
Your Rights over Your Data
Under certain circumstances, by law, you have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Ask us to correct any data that we hold about you which is incorrect, incomplete or inaccurate.
- Ask us to erase your personal data from our files and systems, where there is no good reason for us continuing to hold it.
- Ask us to restrict or suspend the use of your personal data, for example, if you want us to establish its accuracy or our reasons for using it.
- Ask us to transfer your personal data to another person or organisation.
To submit a request by email or telephone, please use the contact information provided above.
CDPR Queries & Your Right To Complain
If you have any questions about this privacy notice or about the ways in which we handle your personal data, please contact us using the contact information provided above.
You have the right to make a complaint at any time to the Data Commissioner's Office (ICO), the UK supervisory authority for data protection issues. Your complaint may be lodged via the ICO website at www.ico.org.uk or by post, to:
The Data Commissioner's Office
You acknowledge that you are solely responsible for the use to which you put our website and all data you obtain from it. All warranties, conditions, representations and terms are hereby excluded to the fullest extent permitted by law. We and all contributors to the website hereby disclaim, to the fullest extent permitted by law, all liability for any loss or damage including any consequential or indirect loss or damage incurred by you, whether arising in tort, contract or otherwise, and arising out of or in relation to or in connection with your access to, or use of, or inability to use our website
The copyright of text and images on our website belongs to us. You may not make a permanent copy of or reproduce in any form our website or any of the documents or other data that you might access via the website. You may not reproduce or incorporate this web site into any other website. You may only print, display or download temporary copies of the content to your computer for your own personal and non-commercial use. You may not link to this site or frame it without our express consent.
Review of This Policy
We keep this Policy under regular review and it was last updated on 24th May 2018.