GDPR Compliance Report and Impact Assessment – Residential and Professional
We hold the following databases in conjunction with our surveying and estate agency practice:-
- Jupix – Database for residential sales.
- Proman – Database for residential lettings.
- Land sales database for sales of land.
- Agricultural machinery database – to notify those interested in agricultural machinery of forthcoming sales.
- Landmark – Database for Estates Department
We have considered appropriate compliance with GDPR in relation to each database, as follows:-
- Jupix for Residential Sales.
We have spoken to Jupix, who are our software provider, and they have confirmed that both the software and they as a firm are GDPR compliant. We contact most of the database by email to provide information of new properties to the market and changes in status with regard to properties being offered to the market. In all cases people have asked to be on the database and to be emailed. Every email that is sent out has an opt out box and people are deleted as soon as they reply.
We still send postal documentation to some clients who have specifically requested this service. In preparation for GDPR we have written to all on the postal database asking them to opt back in if they wish to continue receiving notifications by post. Only those that respond will be added. In the future, all documentation sent will have instructions as to how to opt out of receiving documentation in the future.
- Proman Residential Management Software
We use this software to retain details of both landlords and tenants and those looking for residential properties to rent. We confirm in each case as follows: –
- Those looking for residential properties – we only send out details by email. All emails sent out have an unsubscribe option and if people unsubscribe then it is acted upon as soon as possible.
- Landlord’s details – these are retained when there is a reasonable assumption that they may be needed again in the future. We can hold these for long periods of time where we have acted for many years. We have particular procedures and safeguards in place relating to bank account details.
- Tenants and former tenants – tenant’s details are held for the duration of their tenancy and a reasonable period thereafter. This is important for a period after the end of the tenancy as it is necessary to contact tenants for various reasons, including utilities and other queries. These are deleted when we are notified that a tenancy has ended.
- Land Database
This is a Microsoft Access Database retained by us. In recent times, we have deleted all people from the database and asked them to re-apply if they wish to continue to receive details from us. This is as part of our GDPR compliance procedure. Moving forward, our aim is to notify as many people as possible who have re-applied or who have explicitly consented to receive details via email with an opt out option, however, where people specifically request items in the post, this will be facilitated with opt out procedure notified within the covering note.
- Machinery Database
This is a Microsoft Access Database retained by us. It includes large numbers of people and is almost entirely email notification. This information is used for mailing of catalogues and notifications regarding machinery auctions, generating invoices (in some cases) when people purchase from us and providing details to clients with regard to lots for sale. Most clients are now contacted by email. There are a few people who are written to as part of what we refer to as the “VIP list”. These are all people who are pleased to be receiving information by post and are aware of the opt out procedure.
- Landmark
We use this accounting software on behalf of our clients to retain details of suppliers, customers and tenants. These details are held on the system as the individuals have entered into a contractual relationship with the client – this information must be retained for book keeping and accountancy purposes by the client.
We also ensure that we comply with the Privacy and Electronics Communications Regulations when sending unsolicited e-mails to those who have not given opt-in consent to receive such e-mails. In that case we ensure that we only contact people who are or have been clients or have expressed an interest in our services, and only in respect of similar products or services we offer, with a “soft opt-in” allowing them to unsubscribe.
We believe that the actions we have taken in conjunction with our privacy policy provides appropriate protection regarding data.