GDPR Data Protection Policy & Privacy Statement
General Data Protection Regulation dated 25 May 20018
These changes not only enhance the rights of data subjects but also increase accountability and obligations of Data Controllers and Data Processors.
This Policy has been approved and authorised by: Tom Francis – Director Sell New Ltd The Annexe, Elm Croft, Little Paxton, PE19 6QP Tel 03335772796 Option 5 Info@sellnew.co.uk TPO Registration No: D10283
Dated: 18 May 2018 Review Date: May 2019
1 Introduction 2 Definitions 3 Data Protection Principles 4 Lawful, Fair, and Transparent Data Processing 5 Processing for Specified, Explicit and Legitimate Purposes 6 Adequate, Relevant and Limited Data Processing 7 Accuracy of Data and Keeping Data UpToDate 8 Timely Processing 9 Secure Processing 10 Accountability 11 Privacy Impact Assessments 12 The Rights of Data Subjects 13 Keeping Data Subjects Informed 14 Data Subject Access 15 Rectification of Personal Data 16 Erasure of Personal Data 17 Restriction of Personal Data Processing 18 Data Portability 19 Objections to Personal Data Processing 20 Automated Decision-Making 21 Profiling 22 Personal Data 23 Data Protection Measures 24 Organisational Measures 25 Data Breach Notification 1.Introduction This document outlines the policy of Sell New Ltd trading as Sell like New Group with regards to handling our data protection obligations and the rights of customers to comply with the General Data Protection Regulations (“GDPR”).
We are committed to compliance with the GDPR. We will as a minimum meet the letter of the law, but wherever possible we will also look to exceed it.
This policy sets out the procedures that are to be followed when dealing with personal data. The procedures and principles set out herein must be followed at all times by us, our employees, sub-agents, contractors, or other parties working on our behalf to ensure the correct, lawful, and fair handling of all personal data.
2. Definitions Customers/Data Subjects: any person we obtain personal information from, including property sellers and buyers.
Data Controller: a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which, any personal data are, or are to be, processed.
GDPR: the General Data Protection Regulations ICO: Information Commissioner’s Office Personal Data: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The Company: Sell New Ltd also trading as Sell Like New Group, The Annexe, Elm Croft, Little Paxton, PE19 6QP
3. Data Protection Principles We aim to ensure compliance with the principles of the Regulations and as such all personal data must be:
(a) Processed lawfully, fairly, and in a transparent manner in relation to the data subject;
(b) Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
(c) Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
(d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
(e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject; Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
4. Lawful, Fair, and Transparent Data Processing GDPR requires that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. To ensure we are compliant we will only process data where:
(a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) It is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) It is necessary for compliance with a legal obligation to which the controller is subject;
(d) It is necessary to protect the vital interests of the data subject or of another natural person;
(e) It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) It is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data.
5. Processing for Specified, Explicit and Legitimate Purposes
(i) We collect and process the personal data set out in Section 22 below. This may include personal data received directly from data subjects when we directly interact with them – when they contact us.
(ii) It may also include data received from third parties. Third parties include, but are not restricted to – NB: We do not currently use any 3 rd parties – all information comes from Buyers and Sellers applying to our company.
(a) We only process personal data for specific purposes – as set out in Section 22 of this Policy; &
(b) For other purposes expressly permitted by GDPR; & (c) For the purposes meeting any statutory obligation we have; &
(d) Complying with any other legal obligation.
The purposes for which we process personal data will be informed to data subjects :
(i) Within our written Terms of Business;
(ii) On our Website;
(iii) Verbally at the time information is taken;
(iv) As soon as possible after collection where it is obtained from a third party.
6. Adequate, Relevant and Limited Data Processing We only collect and process personal data that is adequate, relevant and limited to the extent necessary to provide the service we agreed or for the specific purpose(s) informed to the data subject.
7. Accuracy of Data and Keeping Data Up-To-Date We will ensure that all personal data collected and processed is accurate when collected. Then reviewed at intervals thereafter to ensure it remains up-to-date. Appropriate steps will be taken, in a timely manner, to amend or erase inaccurate or out-of-date data.
8. Timely Processing We will not keep personal data for any longer than is necessary, considering the purposes for which that data was originally collected and processed. When the data is no longer required appropriate steps will be taken, in a timely manner, to erase the data.
9.Secure Processing We will ensure that all personal data collected and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage. Further details of the data protection and organisational measures which will be taken are provided in Parts 23 and 24 of this Policy.
(a) Our Data Protection Officer is Tom Francis
(b) We will retain written internal records of all personal data collected, held and processed, which will include the following information:
(i) The details of any third-party data controllers any third parties that will receive personal data from us;
(ii) The purposes for which we process personal data;
(iii) Details of the categories of personal data collected, held, and processed;
(iv) Details of how long we will retain personal data;
(v) Details of the measures we take to ensure security of personal data
GDPR & Privacy Statement General Data Protection Regulation dated 25 May 20018
Data Controller: Tom Francis, (Proprietor & Director of Sell New Ltd., also trading as Sell Like New Group)
How we handle your Information:
We may collect, hold and use some of your personal data – here we will provide more information about how this works.
Please read it carefully and ensure that you understand it. If you do not accept and agree with any part of it please stop using the website immediately, because your continuing use of our website will be seen as your acceptance of it.
1. Definitions and Interpretation Meanings of phrases within this document:
Data – Any information that a user of the website provides to us, through our “Contact” page, or through emailing us relating to any person who can be directly or indirectly identified from that information.
Us / Company – Sell New Ltd The Annexe Elm Croft, Little Paxton, PE19 6QP You/Your – The user of the website The Websites – Sellnew.co.uk and Selllikenew.co.uk
2. Company Information Sell New Ltd We are a VAT Registered, Limited Company We are a member of TPO: Registration number D10283 If you have any questions about the website or the use of your data, please contact us at email@example.com or 03335772796 Option 5 or 07725782796
3. Users Rights As a user you have the following rights –
● A right to be informed about our collection and use of personal information
● A right of access to the personal information we hold about you
● A right to rectification if any personal information we hold about you is inaccurate or incomplete
● A right to ask us to delete any personal information held about you unless we are obliged to retain the information for other legal reasons ● A right to restrict or prevent the processing of your personal information
● A right to data portability (obtaining a copy of your data to re-use with another service or organisation)
● A right to object to the use of your data for particular purposes
4. Data Collection Except where you contact us directly through any of our contact options available on the website or via email from you we do not collect any personal data from you.
If you contact us or send us an email, we will retain the details you provide to us including your name, your email address, and any other information which you choose to give us.
However, we do place cookies on your computer or device
5. Using Your Information Where we hold any personal information, it will be processed and stored securely, for no longer than is necessary, considering the reason it was provided to us.
We will potentially –
1. Reply to your email
2. Provide details on the properties requested, plus any others we think may interest you
3. Offer or provide you with the services requested, plus any others we think may interest you We will delete your personal information once your request has been met or the service has been provided, except where –
1. You were interested in details of properties we are offering, when we will continue to hold your information in order to send you information on other properties that may interest you
2. You become a client or a buyer of a property
3. You require us to retain it for longer
4. We are required to retain it for longer for other legal reasons – HMRC 7 years You have the right to withdraw your consent to us using your data and to request that we delete it.
We will not share any of your data with any third parties for any purposes
6. Storage of your Data Your data will only be stored in the UK
7. Accessing Your Data You have a right to ask for a copy of any personal information we hold on you free of charge. Please contact us to make a request at at firstname.lastname@example.org Changes to our Policies:
We recommend that you check this page regularly to keep up-to-date, as we reserve the right to change this Policy from time to time if our policies change or the law changes. Any changes will be posted on this page of the website and you will be deemed to have accepted changes to the Policy on your first use of the website following the changes.
8. Applicability This Policy applies only to your use of this website. The website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the policies of any such websites before providing any data to them.
9. Complaints If you have any cause for complaint about our use of your personal data, please contact us at email@example.com We will address your concerns and attempt to solve the problem to your satisfaction.
You also have the right to lodge a complaint with the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office, or your local Citizens Advice Bureau.