The purpose of this statement is to set out how we use personal information that we may obtain about you. By registering as a user of the services provided by Mass & Co Ltd and by using the Mass & Co website generally you agree to this use. By visiting our website massandco.com and/or by providing personal data to us, you are accepting and giving your consent to the practices described in this policy in accordance with the General Data Protection Regulation (GDPR).
1. When you register and use this site you will be asked to provide certain information such as your name, address, email address and telephone number. We will store this data and hold it on computers or otherwise. We will use this data to fulfil our contract or agreement with you. Any personal data we collect, or that is provided to us, will be processed only by us, our employees, consultants or our web hosting company but may also be stored electronically in the Cloud or in paper form with a secure off-site storage company.
2. When we refer to personal data in this policy we mean information that can or has the potential to identify you as an individual. It does not include data where the identity has been removed (anonymous data).
3. Any reference to ‘service’ also includes the provision of information relating to properties we wish to bring to your attention.
4. We will comply with data protection law. This says that the personal information we hold about you must be:
i. Used lawfully, fairly and in a transparent way;
ii. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those;
iii. Relevant to the purposes we have told you about and limited only to those;
iv. Accurate and kept up to date;
v. Kept only for as long as necessary for the purposes we have told you about;
vi. Kept securely.
5. We will only use your personal information when the law allows us to. Most commonly, we will hold or process your personal information in the following circumstances
i. Where we need to perform any service or contract we agreed with you;
ii. Where we need to comply with a legal or regulatory duty;
iii. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those;
iv. To notify about changes to our services;
v. In-house research and statistical analysis
6. We may use information that you provide or that is obtained by us:
i. To register you with our web site and to administer our web site services;
ii. For assessment and analysis (e.g. market, customer and product analysis) to enable us to review, develop and improve the services which we offer and to enable us to provide you and other customers with information relevant to your enquiry or contracted service. We may use your information to make such decisions using computerised technology.
iii. For the prevention and detection of fraud.
7. We will not share information with any third parties except where required to by statute, legal duty, by the RICS or any other regulatory bodies, by our insurers or where we have a legitimate interest in so doing and are legally entitled to do so. We will ensure all of those third parties as listed in these clauses are GDPR compliant. We may give information about you to the following, who may use it for the same purposes as set out above:
i. To employees and agents of the company to administer any accounts or services provided to you by the company now or in the future;
ii. To agents who profile your data so that we may tailor properties or services we offer to your specific needs.
8. We may also disclose your information:
i. To anyone to whom we transfer or may transfer our rights and duties under our contract or agreement with you;
ii. If we have a duty to do so or if the law allows us to do so.
9. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, subject to satisfying any legal, accounting, regulatory, insurance or reporting requirements.
i. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal or regulatory requirements;
ii. In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
10. With each visit to our website we automatically collect any or all of the following information:
i. Technical information, including the Internet protocol (IP) address used to connect a computer to the Internet, login information, browser type and version, timezone setting, browser plug-in types and versions, operating system and platform, full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), pages or information viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and telephone numbers used to call direct.
ii. We use cookies so that we can give you a better experience when you return to our web site. Most web browsers automatically accept cookies. You do not have to accept cookies, and you should read the information that came with your browser software to see how you can set up your browser to notify you when you receive a cookie, which will give you the opportunity to decide whether or not to accept it.
11. We may supplement the information that you provide to us with information that we receive from third parties, provided that has been gathered lawfully.
12. We endeavour to take all reasonable steps to protect your personal information. We cannot, however, guarantee the security of any data you disclose on-line. You accept the inherent security risks of providing information and dealing on-line over the Internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.
13. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
14. You need to be aware that our site may link to other web sites which may be accessed through our site. We are not responsible for the data policies or procedures or the content of these linked web sites.
15. In the course of undertaking the activities specified in this privacy policy we may transfer data outside the EU, but only where you are afforded the same level of data protection as in the UK.
16. Please note that any services are supplied subject to our standard terms and conditions.
17. Under certain circumstances, by law, you have the right to:
i. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
ii. Request correction of the personal information that we hold about. This enables you to have any incomplete or inaccurate information we hold about you corrected;
iii. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
iv. Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this. You also have the right to object where we are processing your personal information for direct marketing purposes;
v. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, e.g. if you want us to establish its accuracy or the reason for processing it;
vi. Request the transfer of your personal information to another party.
18. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Mass & Co Ltd, 25 High Street, Brentwood CM14 4RG in writing.
19. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). We may, however, charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
20. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
21. If you have any comments or queries in connection with our privacy policy, please e-mail us.
May 2018