Privacy Policy

 

Introduction

Introduction Davidson & Robertson (“D&R”, “we”, “us” “our”) is committed to protecting the privacy and security of personal information gathered by us to fulfil our business obligations.

This Privacy Policy explains how we collect, use and store personal information. This is to comply with industry standards and data protection law as well as to ensure transparency with you.

We only process your personal information where we have a lawful basis to do so. We will treat your information with confidentiality and in accordance with applicable data protection laws. Information will only be shared where required, as defined in this Policy.

We regularly review this Policy and updates are made if there are any changes in the way we process your personal information.

A separate Privacy Policy is available for our employees.

What is personal data?

Personal data consists of all information that tells us something about you. This may include, for example, names, contact details, date of birth, bank account information or information about your needs or circumstances that enable us to identify you. Some information is classified as “special” under data protection legislation. For example, information relating to health, race, ethnicity, religion, political opinion, sexual orientation, and criminal convictions. There are additional restrictions on the collection, use and storage of this sensitive information.

What personal data do we collect?

When you instruct us to carry out work, we will collect the following information about you:

  •  Your full name – to set up your account with us
  • Contact details – phone number, email address, postal address – to contact you
  • Billing details (i.e. bank account/payment details) – to process payments
  • Proof of identity and address. To counter money laundering and terrorist financing, we are required by law to gather information to appropriately identify you and, if relevant, your source of funds. To do this, we will ask for your date of birth and/or at least one form of photo identification (such as passport, driving license or other ID document), and a form of documentation that shows where you live. We may also ask for proof of identity of your business partner(s) or other beneficial owner(s) of the transaction.
  • Other information may be requested to determine whether a conflict of interest exists. For example, information relating to any relatives or associates employed at D&R.

For tenants of properties managed by D&R, additional information may be required. For example, emergency contact details and credit checks.

When you contact us with an enquiry, we will collect the following information from you:

  • Your name – to effectively process your enquiry
  • Your preferred contact details – to respond to your enquiry
  • The details of your enquiry – to respond to your enquiry
  • Your job number (if applicable) – to retain a record of queries you have raised with us

When you sign up to receive marketing emails from us, we will collect the following information from you:

  • Your name – so we know what to call you
  • Your email – so we can send you appropriate information
  • Your preferences – so we know what you want us to contact you about

We collect your information in a variety of ways:

  • Email, post and other correspondence
  • Website contact form
  • Telephone
  • Face-to-face contact with our employees
  • At events and shows
  • From external third parties
  • Job applications

We collect personal information from individual clients as part of our instruction to act on their behalf.

We obtain consent to collect personal information from individuals for us to communicate with relevant business, industry and commercial news.

How and why do we process your personal information?

We will only process your personal information where we have a lawful reason to do so. We use the following purposes as our legal basis:

 

Legal basis (Purpose) Aim Examples
Contract To deliver and administer the services you have requested from us
  • Perform the job you hired us for
  • Manage payments
  • Collect and recover money owed to us
Consent To carry out certain marketing activities
  • Provide information about new or different services
Legal reasons To comply with our legal obligations
  • Carry out anti-money laundering requirements
  • Fulfil requirements of court cases or tribunals
Legitimate interest To process your information where we have a genuine business need and believe it won’t adversely impact your right to privacy
  • Send details of our services which we believe are relevant to your needs
  • Produce management information and reporting for internal use
  • Profiling to help us identity trends and better tailor our services
  • Analysis of comparables in the market
  • Provision of IT systems and controls

You can opt-out of marketing communications at any time by unsubscribing or emailing marketing@drrural.co.uk.

Should parts of our business be sold, or other organisations be acquired, your personal information may be disclosed to these new owners or employees of the company, who will only have permission to use your personal information in the same or similar manner as set forth in this Privacy Policy.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to fulfil our agreement with you. In this situation, we may cease providing services to you and we will notify you.

How do we keep your personal information safe?

We take the security of your data seriously. Appropriate security measures are in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your personal data to those employees or consultants who have a legitimate business need. They are subject to a duty of confidentiality.

A retention procedure is in place to ensure we store personal information only for the appropriate period to meet our regulatory, reporting and legal obligations. Storage periods are defined in our Retention Schedule.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Additionally, we will not share your personal data with any third parties, other than those involved in fulfilling a service you have requested, or if required by law. For example, we may share your details with:

  • consultants when they are required to carry out your instruction;
  • third party referencing, screening or verification agencies for the purposes of the prevention and detection of crime;
  • an email provider for the purposes of delivering our newsletter and gathering statistics around email opening and clicks to help us monitor and improve content;
  • IT systems providers to maintain and develop accurate back-office systems and records; • our insurance provider(s) and regulator (Royal Institution of Chartered Surveyors) in line with our professional obligations; and
  • property owners or maintenance workers, for managed properties.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law, processing your personal data for specified purposes and in accordance with our instructions.

Your rights

You have several rights in relation to your personal information, which include the right to:

  • be informed about how we use your data;
  • access your personal information that we hold;
  • request that your personal information be corrected;
  • request that we delete your personal information if:
    • we process personal data longer than required
    • we rely on consent as the legal basis for the processing and you revoke your consent
    • we rely on legitimate interest as a legal basis and you oppose treatment, and there are no legitimate reasons that allow us to continue treatment
    • personal data has been processed unlawfully (i.e. in breach of the data protection legislation)
    • it is necessary to delete personal data to comply with legal obligations
  • request that we limit our data processing when:
    • personal information is inaccurate
    • our treatment of your personal information is unlawful
    • we no longer need the personal information but you require us to keep it to enable you to establish, exercise or defend a legal claim
    • you have objected to our use of your personal information;
  • request a copy of certain personal data that you have provided to us on a commonly used electronic format. This right includes personal information that you have provided to us that we need in order to perform our agreement with you and personal information where we are relying on consent to process your personal information;
  • object to our processing of your personal information where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have a legitimate basis entitling us to continue to process your personal information; and
  • not be subject to wholly automated decisions which have legal consequences or which could have a similarly significant effect on you.

If you would like to exercise any of your rights, please contact office@drrural.co.uk

In some cases, we may not fully comply with your request. For example, if you request we erase personal data we will not be able to do so for 15 years after your instruction to us was concluded, as we are legally required to retain it for Professional Indemnity Insurance purposes. Where we cannot comply with your request, we will explain this clearly.

Cookies and profiling policy

A cookie is a piece of data which a website transfers to the cookie file of the browser on a computer. The browser saves the information and sends it back to the website whenever the browser returns to the website. Our website uses cookies to gather anonymous statistical data about how our website is used, which helps us to understand user behaviours, identify improvements, enhance user experience and target our marketing activities to be of more relevance to you.

Cookies are not dangerous and cannot be used to circulate viruses.

We cannot identify you personally in this way.

We use a cookies tool on our website which asks users to opt in for cookies that are not considered necessary (i.e. marketing and/or analytics cookies).

Complaints and contact details

If you have complaints about how we use your personal information, please email office@drrural.co.uk in the first instance. If you have contacted us and you are still unhappy about the way we are using your data, you are entitled to bring your complaint to the Information Commissioner’s Office. If you have any questions, comments or other requests regarding any part of this Privacy Policy, please do not hesitate to contact us by emailing office@drrural.co.uk or by writing to Risk and Compliance, Rural Centre, West Mains, Ingliston, Edinburgh, EH28 8LT.