GDPR Compliance Report and Impact Assessment – Residential and Professional

We hold the following databases in conjunction with our surveying and estate agency practice:-

  1. Loop – Database for residential sales and commercial sales and lettings.
  2. Alto – Database for residential lettings.
  3. Land sales database for sales of land.
  4. Agricultural machinery database – to notify those interested in agricultural machinery of forthcoming sales.
  5. Landmark – Database for Estates Department
  6. Mailchimp

We have considered appropriate compliance with GDPR in relation to each database, as follows:-

Loop for Residential Sales and Commercial Sales and Lettings

We have spoken to Loop, who are our software provider, and they have confirmed that both the software and they as a firm are GDPR compliant.  We contact most of the database by email which is issued by Mailchimp to provide information of new properties to the market and changes in status with regard to properties being offered to the market. In all cases people have asked to be on the database and to be emailed.  Every email that is sent out has an opt out box and people are deleted as soon as they reply.

Alto for Residential Lettings

We use this software to retain details of both landlords and tenants and those looking for residential properties to rent.  We confirm in each case as follows: –

  1. Those looking for residential properties – we only send out details by email. All emails sent out have an unsubscribe option and if people unsubscribe then it is acted upon as soon as possible.
  2. Landlord’s details – these are retained when there is a reasonable assumption that they may be needed again in the future. We can hold these for long periods of time where we have acted for many years.  We have particular procedures and safeguards in place relating to bank account details.
  3. Tenants and former tenants – tenant’s details are held for the duration of their tenancy and a reasonable period thereafter. This is important for a period after the end of the tenancy as it is necessary to contact tenants for various reasons, including utilities and other queries. These are deleted when we are notified that a tenancy has ended unless required for ongoing matters.

Land Database

This is a Microsoft Access Database retained by us.  In recent times, we have deleted all people from the database and asked them to re-apply if they wish to continue to receive details from us.  This is as part of our GDPR compliance procedure.  Moving forward, our aim is to notify as many people as possible who have re-applied or who have explicitly consented to receive details via email with an opt out option, however, where people specifically request items in the post, this will be facilitated with opt out procedure notified within the covering note.

Machinery Database

This is a Microsoft Access Database retained by us.  It includes large numbers of people and is almost entirely email notification.  This information is used for mailing of catalogues and notifications regarding machinery auctions, generating invoices (in some cases) when people purchase from us and providing details to clients with regard to lots for sale.  Most clients are now contacted by email. There are a few people who are written to as part of what we refer to as the “VIP list”.  These are all people who are pleased to be receiving information by post and are aware of the opt out procedure.

Landmark

We use this accounting software on behalf of our clients to retain details of suppliers, customers and tenants. These details are held on the system as the individuals have entered into a contractual relationship with the client – this information must be retained for bookkeeping and accountancy purposes by the client.

Mailchimp

We export data required for information and promotional emails from Loop and Alto for running our business.  All of those on these databases are people who have expressed interest and asked to be on our database and emailed.  Mailchimp itself has GDPR compliant level security. Every email that is sent has an opt out box so people can be deleted as soon as they reply.

Using data in this way is in accordance with our terms of business and we consider this necessary and a reasonable expectation of our customers, with a low risk of data breach, particularly given the client’s right to unsubscribe.

We also ensure that we comply with the Privacy and Electronics Communications Regulations when sending unsolicited e-mails to those who have not given opt-in consent to receive such e-mails.  In that case we ensure that we only contact people who are or have been clients or have expressed an interest in our services, and only in respect of similar products or services we offer, with a “soft opt-in” allowing them to unsubscribe.

We believe that the actions we have taken in conjunction with our privacy policy provides appropriate protection regarding data.

Clarke and Simpson
January 2024