For the purpose of the Data Protection Laws the data controller is Humberts UK Limited of Second Floor, A2Z House, 24-26 Milford Street, Salisbury, Wiltshire SP1 2AP
Our nominated representative for the purpose of the Act is Sam Trott.
Humberts is committed to ensuring that your privacy is protected and will treat all information held about you in accordance with this policy which is in line with current UK legislation. For these purposes Humberts is a Data Controller meaning that we decide how and why the personal data that we collect is used.
The information we collect
We gather personal information for business purposes in order to provide you with the services you have requested or to comply with our regulatory obligations. The personal information we typically collect includes:
Contact telephone numbers and email
Information to enable us to check and verify your identity i.e. your date of birth
Property information or preferences related to the purchase, sale or let of a property
Financial and other personal information required for the purposes of effecting a sale, purchase or tenancy
When you visit our site we will automatically collect the following information:
Technical information, including the internet protocol address (IP address) used to connect your computer to the internet
Your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform;
Information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our site (including data and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page.
We may combine the information you provide to us with the information we collect from you.
How we use it
We may process the information we gather for the following purposes:
We have a legitimate interest to process your personal information to perform the duties requested by you, these include but are not limited to: purchasing, selling, tenancy, or professional services.
We have a contractual obligation to process personal information to initiate a contract in relation to purchasing, selling, tenancy or professional services.
To meet legal or regulatory obligations such as obtaining proof of identity.
To provide you with marketing information on related services. It is your right to request to be opted out of this at any time. Where we require consent for marketing communications we will ask for this consent clearly and separately.
Sharing your data
We may share your data with third parties, either directly or in passing, for the following purposes:
To ensure the fulfilment of our contractual duties to you such as but not limited to arranging an EPC, sign board erection, solicitors.
We may also share your personal information with our subcontractors who are involved in the provision of our services such as contractors, payment providers and credit reference agencies. We will confirm this with you before sharing your information.
To provide you with a financial or conveyancing services from our selected company’s Springtide Capital and Agent Butler. We will only do this upon your authorisation.
We do not sell your personal information to third parties.
How we protect your information
We take the security and privacy of our customers’ personal information extremely seriously and we have strict internal procedures which cover the storage, access and disclosure of your information.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You must not share your password with anyone.
If our business is sold, if we sell or buy any business or assets we will provide your personal information to the seller or buyer (but only to the extent we need to, and always in accordance with data protection legislation.
If Humberts or the majority of its assets are acquired by somebody else, in which case the personal information held by Humberts will be transferred to the buyer.
You and your information
You are entitled to receive confirmation as to whether your personal information is being processed by us, as well as various other information relating to our use of your personal information.
You also have the right to access your personal information which we are handling.
You have the right to require us to rectify any inaccurate personal information we hold about you.
You have the right to have incomplete personal information we hold about you completed, by providing a supplementary statement to us.
You have the right to require us to erase your personal information which we are handling in the following circumstances:-
We no longer need to use your personal information for the reasons we told you we collected it for
Where we needed your consent to use your personal information and you have withdrawn your consent.
You object to our use of your personal information and we have no compelling reason to carry on handling this personal information
Our handling of your personal information has broken the law
We must erase your personal information to comply with a law we are subject to
How long we retain your data for
We may hold your data for a length of term deemed necessary to meet any of the below requirements:
Where we are obligated by law to retain information.
Where we deem we have a legitimate interest to retain your information, such as following up on a market appraisal we conducted.
Most browsers allow you to refuse to accept cookies. See your browser Help or Tools for how to do this. Please be aware that disabling cookies may negatively affect the functionality and use of this and many other websites that you visit.
How to make a complaint
Under UK law we are subject to the regulatory body that oversees data protection law. Any concerns regarding the use of your personal data should be directed to the Data Protection Officer in the first instance.
Alternative if you wish to make an external complaint about the way we have processed your personal information you can contact the Information Commissioners Office at https://ico.org.uk/concerns.
The terms “Controller”, “Data Subject”, “Processor”, “Processing” and “Personal Data” have the meaning set out in the Data Protection Act 1998, or, from the date it comes into force in the UK, the General Data Protection Regulation (EU) 2016/679 (as applicable) and any other laws relating to the protection of personal data and the privacy of individuals (“Data Protection Legislation”) in relation to data that is processed under this agreement.
To the extent that either party acts in its capacity as a Controller, the parties shall:
Ensure that they have a legal basis (r a “processing condition” as referred to in Data Protection Legislation) to process any relevant shared Personal Data;
In respect of the relevant shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to the Data Subjects for them to understand what of their Personal Data the disclosing party is sharing with the receiving party, the circumstances in which it will be shared, the purposes for the data sharing and either the identity of the receiving party or a clear description of the type of organisation that will receive the Personal Data;
Undertake to inform the Data Subjects, in accordance with Data Protection Legislation, of the purposes for which the party will Process Personal Data and provide all of the information necessary to ensure that the Data Subjects understand how their Personal Data will be processed by the receiving party;
Not retain or process the shared Personal Data for longer than is necessary to carry out the relevant purpose (“Purpose”) and delete the relevant Personal Data when the Purpose is complete.
Notify the other party as soon as reasonably practicable after becoming aware of a Security Breach (even if such breach has not yet been fully investigated); and (where applicable) handle any Security Breach, in an expeditious and compliant manner.
To the extent that Humberts acts as a Processor, Humberts shall in particular:-
Process the Personal Data only to the extent necessary for the purpose of providing the Services and in accordance with any written instructions from the Client and this paragraph
Implement and maintain appropriate technical and organisational measures in accordance with the relevant data protection legislation to ensure a level of security appropriate to the risks that are presented by such Processing, in particular from accidental or unlawful destruction, loss alteration, unauthorised disclosure of, or access to Personal Data, taking into account the state of the art, the costs of implement and nature, scope, context and purposes of Processing and the likelihood and severity of risk in relation to the rights and freedoms of the Data Subjects.
Not transfer the Personal Data outside of the EEA
Ensure that any employees or other persons authorised to Process the Personal Data are subject to appropriate obligations of confidentiality.
Not engage any third party to carry out its Processing obligations under this Agreement without letting the Client know and ensuring that such third parties will be subject to Processing obligations equivalent to those set out in this paragraph.
As soon as reasonably possible and without undue delay, notify the Client about any request (including subject access request) or complain received from Data Subjects without responding to that request (unless authorised to do so by the Client) and assist the Client by technical an organisational measures, insofar as possible, for the fulfilment of the Client’s obligations in respect of such request and complaints.
Notify the client without undue delay as soon as it becomes aware of any breach in data security
Maintain appropriate records and information in compliance with Data Protection Legislation and on request by the Client make available such records and information necessary to demonstrate Humberts compliance with these provisions; and
On termination or expiry of this Agreement, destroy or return (as the Client directs) all Personal Data in its power, possession or control and delete all existing copies of such data except to the extent Humberts is required to retain a copy of the Personal Data by law.
How to contact Humberts