Introduction Davidson & Robertson (“D&R”, “we”, “us” “our”) is committed to protecting the privacy and security of personal information gathered by us to fulfil our business obligations.
We only process your personal information where we have a lawful basis to do so. We will treat your information with confidentiality and in accordance with applicable data protection laws. Information will only be shared where required, as defined in this Policy.
We regularly review this Policy and updates are made if there are any changes in the way we process your personal information.
What is personal data?
Personal data consists of all information that tells us something about you. This may include, for example, names, contact details, date of birth, bank account information or information about your needs or circumstances that enable us to identify you. Some information is classified as “special” under data protection legislation. For example, information relating to health, race, ethnicity, religion, political opinion, sexual orientation, and criminal convictions. There are additional restrictions on the collection, use and storage of this sensitive information.
What personal data do we collect?
When you instruct us to carry out work, we will collect the following information about you:
- Your full name – to set up your account with us
- Contact details – phone number, email address, postal address – to contact you
- Billing details (i.e. bank account/payment details) – to process payments
- Proof of identity and address. To counter money laundering and terrorist financing, we are required by law to gather information to appropriately identify you and, if relevant, your source of funds. To do this, we will ask for your date of birth and/or at least one form of photo identification (such as passport, driving license or other ID document), and a form of documentation that shows where you live. We may also ask for proof of identity of your business partner(s) or other beneficial owner(s) of the transaction.
- Other information may be requested to determine whether a conflict of interest exists. For example, information relating to any relatives or associates employed at D&R.
For tenants of properties managed by D&R, additional information may be required. For example, emergency contact details and credit checks.
When you contact us with an enquiry, we will collect the following information from you:
- Your name – to effectively process your enquiry
- Your preferred contact details – to respond to your enquiry
- The details of your enquiry – to respond to your enquiry
- Your job number (if applicable) – to retain a record of queries you have raised with us
When you sign up to receive marketing emails from us, we will collect the following information from you:
- Your name – so we know what to call you
- Your email – so we can send you appropriate information
- Your preferences – so we know what you want us to contact you about
We collect your information in a variety of ways:
- Email, post and other correspondence
- Website contact form
- Face-to-face contact with our employees
- At events and shows
- From external third parties
- Job applications
We collect personal information from individual clients as part of our instruction to act on their behalf.
We obtain consent to collect personal information from individuals for us to communicate with relevant business, industry and commercial news.
How and why do we process your personal information?
We will only process your personal information where we have a lawful reason to do so. We use the following purposes as our legal basis:
|Legal basis (Purpose)
|To deliver and administer the services you have requested from us
|To carry out certain marketing activities
|To comply with our legal obligations
|To process your information where we have a genuine business need and believe it won’t adversely impact your right to privacy
You can opt-out of marketing communications at any time by unsubscribing or emailing firstname.lastname@example.org.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to fulfil our agreement with you. In this situation, we may cease providing services to you and we will notify you.
How do we keep your personal information safe?
We take the security of your data seriously. Appropriate security measures are in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those employees or consultants who have a legitimate business need. They are subject to a duty of confidentiality.
A retention procedure is in place to ensure we store personal information only for the appropriate period to meet our regulatory, reporting and legal obligations. Storage periods are defined in our Retention Schedule.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Additionally, we will not share your personal data with any third parties, other than those involved in fulfilling a service you have requested, or if required by law. For example, we may share your details with:
- consultants when they are required to carry out your instruction;
- third party referencing, screening or verification agencies for the purposes of the prevention and detection of crime;
- an email provider for the purposes of delivering our newsletter and gathering statistics around email opening and clicks to help us monitor and improve content;
- IT systems providers to maintain and develop accurate back-office systems and records; • our insurance provider(s) and regulator (Royal Institution of Chartered Surveyors) in line with our professional obligations; and
- property owners or maintenance workers, for managed properties.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law, processing your personal data for specified purposes and in accordance with our instructions.
You have several rights in relation to your personal information, which include the right to:
- be informed about how we use your data;
- access your personal information that we hold;
- request that your personal information be corrected;
- request that we delete your personal information if:
- we process personal data longer than required
- we rely on consent as the legal basis for the processing and you revoke your consent
- we rely on legitimate interest as a legal basis and you oppose treatment, and there are no legitimate reasons that allow us to continue treatment
- personal data has been processed unlawfully (i.e. in breach of the data protection legislation)
- it is necessary to delete personal data to comply with legal obligations
- • request that we limit our data processing when:
- personal information is inaccurate
- our treatment of your personal information is unlawful
- we no longer need the personal information but you require us to keep it to enable you to establish, exercise or defend a legal claim
- you have objected to our use of your personal information;
- request a copy of certain personal data that you have provided to us on a commonly used electronic format. This right includes personal information that you have provided to us that we need in order to perform our agreement with you and personal information where we are relying on consent to process your personal information;
- object to our processing of your personal information where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have a legitimate basis entitling us to continue to process your personal information; and
- not be subject to wholly automated decisions which have legal consequences or which could have a similarly significant effect on you.
If you would like to exercise any of your rights, please contact email@example.com
In some cases, we may not fully comply with your request. For example, if you request we erase personal data we will not be able to do so for 15 years after your instruction to us was concluded, as we are legally required to retain it for Professional Indemnity Insurance purposes. Where we cannot comply with your request, we will explain this clearly.
Cookies and profiling policy
Cookies are not dangerous and cannot be used to circulate viruses.
We cannot identify you personally in this way.
We use a cookies tool on our website which asks users to opt in for cookies that are not considered necessary (i.e. marketing and/or analytics cookies).
Complaints and contact details