Trust and integrity are at the heart of our ethos at Cheffins and accordingly we are committed to handling people’s personal information (often also referred to as personal data) in a lawful, responsible and secure manner. We consider all data which is specific to an individual, or by which an individual can be identified, to fall into the category of personal information. This privacy notice provides a transparent and comprehensive description of the personal information that we collect, as well as explaining why we collect and retain it, how we use it, who we share it with and what we do to keep it secure.
The information that we collect
The diverse nature of the businesses that we operate at Cheffins mean that it is necessary to collect a broad range of information about people. We do this so that we are able to contact them, communicate with them, provide services to them, collect payment from them, make payments to them and operate our business activity in a lawful and efficient manner.
The information that we collect from people will depend upon, and be proportionate to, the reason that it is being collected and will therefore vary based on the business activity being conducted. However, the types of information that we collect fall into six categories, these are:
- Contact information such as names, addresses, telephone numbers, email addresses and any other contact details that they provide to us.
- Financial and credit information as deemed appropriate given the context of the business activity. This may include financial information pertinent to the purchase of property, such as details of mortgage applications or information regarding a related property sale, or information related to source of funds for purchases of property or chattels. This may also include proportionate and appropriate credit information which may be provided to us by third party organisations.
- Identification details including, but is not limited to, information in support of proof of identification and proof of address. This may include the processing of documents such as passports, driving licences or utilities bills. We may also verify the details that you give us using anti-money laundering software where we consider that doing so is a requirement of prevailing legislation or is in the public interest.
- Customer records which are likely to include instructions to us, correspondence with us, notes on our internal systems, internal communications, details of queries or complaints, records of valuations, appraisals, viewing, inspection or other undertakings.
- Records of financial transactions which will include names, unique reference numbers, details of items transacted, amounts transacted and any other payment details.
How we collect this information
The information detailed above is usually collected directly from the person(s) to whom it relates or from their appointed representative (for example an agent or solicitor). We collect information directly via a variety of means depending on the activity and the individual’s communication preferences. The means by which we collect information include:
- correspondence received by email, fax or post
- records of conversations which take place in person or over the phone
- forms which are submitted to us, for example registration forms, letters of instruction, property information forms, property questionnaires or property application forms (either online, via email, in the post or in person)
- posts to us on social media
- details of visits to and activity on our website
- enquires and requests to receive marketing information
- our own written records of work that we have undertaken, such as valuations, viewings or inspections.
Why we collect personal information and the legal basis for doing so
At Cheffins we will only collect, process and retain personal information where there is a lawful and legitimate reason for doing so. The legal basis that we rely upon to do this are set out below.
On occasion we will collect and process a limited amount of contact and technical information for the purpose of keeping our clients and members of the public informed about our events and services via our mailing lists. We will only do this if the individual has consented to us doing so; this consent can be withdrawn at any time.
Performance of a contract
Whenever we establish a contractual relationship with our clients or facilitate an agreement between a client and a third party, we will collect any personal information which is necessary to its lawful and efficient execution. Before entering into or facilitating a contract, Cheffins may collect all categories of personal information present in the above section.
Compliance with a legal obligation
As a multi-disciplinary firm, Cheffins are subject to a broad range of legislation and guidance much of which requires that we collect personal information. The list below contains examples of personal information collected to comply with our legal obligations.
- Documents necessary to carry out right to rent checks in line with guidance from the Home Office and the Immigration, Asylum and Nationality Act 2006.
- Documents deemed necessary for compliance with anti-money laundering and counterterrorism legislation such as the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and The Money Laundering and Terrorist Financing (Amendment) Regulations 2019.
- Document considered necessary to comply with other financial legislation such as the Proceed of Crime Act 2002 or the Criminal Finances Act 2017.
- Accounting and financial records necessary to comply with business and tax legislation such as the Companies Act 2006 and the Value Added Tax Act 1994.
*The above list is intended to be illustrative and is not an exhaustive list of personal information collected and processed on the basis of legal obligation.
Cheffins may collect personal information relating to identification, customer records and financial transactions on the grounds of compliance with a legal obligation.
Essential to Cheffins Legitimate Interests
There are times when Cheffins will collect or retain information because it is essential to the efficient running of our business or to adequately protect ourselves from risk. Accordingly, Cheffins will retain information that we need to provide services to our customers, such as records of services we have carried out for them in the past. We may also keep customer information until the expiry of the term set out in the Limitations Act 1980 so that we are able to adequately protect our legal interests. Some financial or credit information may also be collected on this basis to ensure that Cheffins can avoid or manage financial risk.
We will only collect or retain information for this reason where there is a discernible legitimate interest to our business which we consider sufficient to justify the information being held. Financial and credit information, identification, customer records and financial transactions may be collected on this basis.
Where information is collected for any of the above reasons, Cheffins will never compel an individual to provide us with their personal information, but failure to provide it is likely to mean that we are unable to enter into or continue with the business relation.
When we share personal information
Cheffins will never share personal information without ensuring that it will be handled lawfully, responsibly and securely. Where our business activities mean that it is unavoidable to share information, we will ensure that the third parties with whom we share it are able to adhere to these principles.
The entities with whom Cheffins may share personal information are:
- Providers of IT support services and/or software applications (including software licenced for the provision of checks required to comply with anti-money laundering and sanctions regulations)
- Online auction platforms
- Relevant law enforcement officials where any crime is discovered or suspected
- HMRC or any other body with whom we are required to share for reasons of compliance with financial laws and regulations
- HMRC as our Anti Money Laundering supervisor, RICS as our regulatory body or The Property Ombudsman where a complaint has been made.
- Entities with whom we form business partnerships such as property marketing agents, property developers or housing associations,
- Third parties who carry out tasks on our behalf, for example contractors or consigners of goods.
- Specialist third-party agents used to provide references or credit checks.
- Other parties involved in the sale of a property, such as the counterparty in a sale (of either property or chattels) or their agents (e.g. estate agents or solicitors). The information shared on this basis is normally limited to relevant information necessary to executing the exchange of contacts but may occasionally include Anti-Money Laundering Reliance where this is considered reasonable.
- Companies with whom we host or arrange events.
How we keep personal information safe
At Cheffins, we apply a range of measures to ensure that personal information is held securely and is not lost, breached, misused or disclosed. There measures include:
- Policies and controls ensuring that all paperwork is securely locked away in cupboards, using key safes for the storage of keys and restricting access to our offices.
- The operation of policies requiring that no paperwork is left on desks and that all paper waste is disposed of in secure shredding bins.
- Stringent measures to ensure that all electronic data is held securely in a restricted manner, so that only those who have a legitimate reason may access it.
- All of the technologies that we use to collect, retain or store personal information are encrypted and we have implemented a detailed Information Security Policy.
- All of our staff receive regular data protection training and are familiar with the Cheffins Data Protection and Information Security Policies, both of which are frequently reviewed.
How long we keep personal information for
The length of time that we keep personal information depends on why we hold it, whether we are legally obliged to have it and whether there is an essential, legitimate basis for us to retain it.
Where we have collected data to keep customers and members of the public informed of our services and events, we will only ever keep contact details for the period that we have the individual’s consent. Consent can be withdrawn at any time by emailing firstname.lastname@example.org.
If Cheffins collect data for the purposes of performing a contract, we will keep it on this basis until the contract terminates, after which we will retain any data required to comply with our legal obligations or where we consider there to be a legitimate business interest.
Information which has been collected or retained to comply with our legal obligations will be kept for at least the length of time set out in the relevant legislation or regulation, but may be retained for longer if it is considered that there is an essential legitimate reason to do so.
- Information on a tenant’s right to rent will be retained for at least the duration of the tenancy agreement plus 1 year to comply with Home Office requirements,
- Documents collected to comply with anti-money laundering legislation will be retained for the duration of the agreement plus a minimum of 5 years as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and The Money Laundering and Terrorist Financing (Amendment) Regulations 2019.
- Accounting and financial records, as well as documents considered necessary to comply with other financial legislation such as the Proceed of Crime Act 2002 or the Criminal Finances Act 2017, will be retain for the duration of the contract plus 7 years to comply with business and tax legislation such as the Companies Act 2006 and the Value Added Tax Act 1994.
Information that has been collected on the basis of legitimate interest will be retained for the duration of the contract plus an additional 7 years if we consider that there is a business need for us to do so.
Individual data rights
Data protection law provides individuals with rights regarding how their data is used for the purposes of automated decision making. At Cheffins we will never make a decision about you, either for profiling or for any further purpose, without human involvement.
The Data Protection Act 2018 also provides individuals with a number of rights in respect of their own data. These are the right to request access to their data, to correct their data or to delete their own data. If you wish to exercise any of these rights at any time or, if you have any questions, comments or concerns about this privacy notice, please contact the Compliance Office at email@example.com.
If you continue to have concerns about the way that your personal information is being handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or ico.org.uk.
Changes to this policy
Postal Address Email
1-2 Clifton Road
Covid 19 addendum
During the Coronavirus pandemic, it has become necessary for us, in order to comply with legislation, track and trace requirements and our visitor viewing policies (available on request) to record information regarding a client/contractor’s health. The information we collect is as follows:
- Reason for appointment/visit
- Names of other people attending with you.
- Are you or anyone in your household currently self-isolating due to Covid 19
- Do you or anyone in your household currently have any symptoms of Covid 19
We collect this information to ensure that we protect all customers and staff and the general public so that should any outbreaks occur, we can notify all parties exposed in a timely manner and also to avoid contact where government guidance would advise against.
This information would not be shared unless we had a requirement to do so as per the NHS track and trace guidelines. In the event of a potential exposure to the virus, no personal details would be shared, only that there has been a risk of exposure during a viewing or visit. No individual would be identified by name.
This information would be retained for no more than our ongoing relationship with you plus 21 days or 21 days after the viewing/visit if no further relationship was to continue. All information recorded on our Health Assessment Form or noted from a verbal conversation, will be held on our electronic storage system in a restricted manner, so that only those who have a legitimate reason may access it.