PRIVACY POLICY: SUMMARY
Thank you for using Gilson Gray. Gilson Gray is part of a group of businesses. It is a member (equity holder) or shareholder in Gilson Gray Property Services LLP (a limited liability partnership with registered number SO304732 and having its registered office at 29 Rutland Square, Edinburgh, EH1 2BW), Gilson Gray Financial Limited (a limited liability company incorporated in Scotland with registered number SC717112 and having its registered office at 29 Rutland Square, Edinburgh, EH1 2BW) and Home Property Lawyers Limited (a limited liability company incorporated in England with registered number 09356408 and having its registered office at Olympic House, Ground Floor, Doddington Road, Lincoln, LN6 3SE). Gilson Gray Financial Limited trades as “Gilson Gray Financial Management” and “GGFM.”
Your privacy is important to us. This Privacy Policy is where we explain to you what personal information is collected when you instruct us to provide you with legal services, property services or financial management services, how it is collected, how we may use that information, where we store it, how long we store it for, and how we protect it. We will also explain your rights in relation to your personal information.
This policy applies whether you are our client or not.
Please read the following carefully to understand our views and practices regarding your personal information and how we may collect it and treat it.
If you are using our website (www.gilsongray.co.uk), you will be referred to Our Cookie Policy: which explains more about how we may collect personal information about you via cookies (it also explains what cookies are) and Our Retention Policy, which confirms how long we may hold onto your personal information.
If you have any questions please do not hesitate to contact us at dataprotection@gilsongray.co.uk
or, if you prefer to call or write to us, then you can find our contact details at the bottom of this policy.
Policy Date: 6 July 2023
This is page a summary of our full policy, which follows.
WHO WE ARE
We are GILSON GRAY LLP, GILSON GRAY PROPERTY SERVICES LLP, GILSON GRAY FINANCIAL LIMITED, and HOME PROPERTY LAWYERS LIMITED. Gilson Gray LLP and Gilson
Gray Property Services LLP are registered in Scotland as limited liability partnerships with the registered numbers SO304731 and SO304732 respectively. Gilson Gray Financial Limited is registered in Scotland as a limited company with registered number SC717112. All three have their registered office at 29 Rutland Square, Edinburgh, EH1 2BW. Home Property Lawyers Limited is a limited liability company incorporated in England with registered number 09356408 and having its registered office at Olympic House, Ground Floor, Doddington Road, Lincoln, LN6 3SE. All of these businesses form the “Gilson Gray Group”, which we may also refer to as “our group”.
A list of all relevant members is open to inspection at our registered office. Gilson Gray LLP is regulated by the Law Society of Scotland.
For the purposes of this Privacy Policy, it’s just easier if we refer to ourselves as “we” or “us”.
WHAT THIS PRIVACY POLICY GOVERNS
This Privacy Policy applies to any services we are providing to you, any use of our websites, or any other services that we may provide to you (we’ll just call these “our services” for short). The services we provide (and which we contract to provide) are legal, estate agency or property, or financial management services.
In the context of this Privacy Policy “personal information” means information which, on its own or in combination with other information, can be used to identify you, in particular by reference to an identifier such as your name, your address, or location data. This Privacy Policy will govern how we may use that personal information.
We will collect, store and process your personal information the basis of one or more of four legal basis: your consent; legitimate interests; to perform a contract; or, as required by law.
The personal information that you give us or that we collect from you will be held under UK data protection legislation, which is the Data Protection Act 2018 and amendments and changes to it from time to time (but we’ll just refer to this as “the legislation”). The legislation requires that we tell you that we are a data controller for your personal information or, in other words, we determine the purposes for which and the manner in which any of your personal information are, or are to be, processed by us.
INFORMATION WE MAY COLLECT
You may give us personal information about you by filling in forms on our site (or sites operated for us by property listing companies such as the ESPL, Rightmove or Zoopla) or by corresponding with us by phone, e-mail or otherwise. This includes information you may provide to us when you register to use our sites, subscribe to our services, search our sites, participate in any discussion boards or other social media functions on our sites, enter a competition, promotion or survey, and when you report a problem with our site.
The information you give us may include your name, address, e-mail address, phone number, IP address, financial and credit card information, personal description, CV or resume, and photograph (as the case may be).
As part of our regulatory requirements, issued by the Law Society of Scotland and the Law Society of England and Wales, we have certain requirements in terms of knowing our clients and being satisfied that any transaction we are instructed in is not for money-laundering or other criminal purpose. We will require to be provided with appropriate documentation, which shall include both photographic identification and proof of address documentation. To simplify this process of verifying your identify, we have entered data sharing agreements with both Jotform Limited, a company registered in England and Wales, with company number 12668839 and having their registered office at 3 Albert Mews, Albert Road, London, United Kingdom N4 3RD (“Jotform”) and Amiqus Resolution Limited, a company registered in Scotland with company number SC511150 and having their registered office at Citypoint, 3rd Floor, 65 Haymarket Terrace, Edinburgh, Scotland EH12 5HD (“Amiqus”). Both allow online verification of this necessary documentation, with us being regarded as the data controller and both Jotform and Amiqus being regarded as the data processor. Both are subject to our instruction as to what data is to be collected and how that data is to be shared, stored and ultimately deleted As part of our data sharing agreement with both Jotform and Amiqus, your personal data will be gathered by them and then shared with us. You can find the Jotform privacy policy here (https://www.jotform.com/privacy/) and the Amiqus privacy policy here (https://amiqus.co/policies/privacy). Any personal data stored by either Jotform or Amiqus will be stored on servers based within the United Kingdom.
TelephoneCalls
We may record telephone calls. We have a legitimate business need to do so, to help provide services to you and that this protects both our interests by confirming advice and instructions. We are also obliged by law or regulation to record certain calls (for example, certain calls relating to financial transactions).
Calls are normally deleted three years after they were recorded. This period has been determined to allow a record to be kept of calls on long-running matters, particularly as some instructions or obligations may not be implemented in full until some time after a transaction is settled.
We operate a Microsoft Outlook system for our emails and any autocomplete details for your email will only be stored for the duration of the transaction for which we are instructed and a period of no more than 12 months after you last have contact with us. Autocompleted email addresses are reviewed annually and will be deleted if not used for at least 12 months. We have formed the view that we have a legitimate business need to hold such details, as it facilitates the provision of services to you.
Information we receive from other sources:
We may receive information about you if you use any of the other sites we operate or the other services we provide. Data collected from any of the other sites we operate may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, and sub-contractors in technical, payment and delivery services, analytics providers, search information providers, and credit reference agencies) and may receive information about you from them.
IF YOU MAKE AN ENQUIRY BUT DON’T BECOME A CLIENT
Should you contact us and pass us personal data, but then decide not to proceed with a transaction or instruction, then we will still retain your data for a time. We often find that prospective clients who initially do not proceed later come back to instruct us on another transaction. For that reason, if you haven’t become one of our clients, and we haven’t been in touch for 12 months, then we would look to delete your contact details from our system.
HOW WE MAY USE YOUR PERSONAL INFORMATION
When you give us your personal information then we may use it to:
- Carry out our obligations from any contracts entered into between you and us and to provide you with information about our products and services that you request from us
- Provide you with information about other goods and services we offer that are similar to and incidental to those that you have already purchased or enquired about or to notify you about changes to our products or services
The main purposes or activities for which we will process your data are as follows:
Purpose/Activity | Lawful basis for processing |
Establishing and administering a client database, including making notes of calls, time recording, correspondence and preparing documents | (a) Performance of a contract with you, by recording work done and connecting to internal documents |
Internal record keeping | (a) Performance of a contract with you (in connection, in particular, with billing) (b) Required by law. Necessary to comply with a legal obligation (our professional rules require us to track time worked for a client) (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
Undertaking checks with third parties (in particular, credit and ID checks) | (a) Performance of a contract with you (b) Required by law. Necessary to comply with a legal obligation (our professional rules require us to carry out certain checks on ID) |
Exchange of internal information between our three group businesses (Gilson Gray LLP, the law firm, Gilson Gray Property Services LLP, the estate agent, and Gilson Gray Financial Management LLP, the financial advisors) | (a) Performance of a contract with you (as we may need to involve sister businesses to provide all services you require) (b) Required by law. (c) Necessary for our legitimate interests (as the three businesses operate a joined approach to customer service) |
Contacting any third parties, including lenders and other professional and solicitors working on a matter, who may represent other parties with interests contrary to yours, and providing correspondence and documentation prepared on your behalf | (a) Performance of a contract with you (this is an intrinsic part of our work for you) |
Prevention and detection of crime (and the prosecution of criminal activities) | (a) Performance of a contract with you (b) Required by law. Necessary to comply with a legal obligation. Legislation and professional rules place obligations upon us in respect of these matters. (c) Necessary for our legitimate interests (for running our business) |
Progressing transactions | (a) Performance of a contract with you |
Sending promotional e-mails which we think you may find interesting (only with your express consent) | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
Contacting you for market research purposes | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
Compliance with applicable laws and regulations | (a) Required by law. Necessary to comply with a legal obligation |
Processing payment for the purchase of our products and/or services | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
Undertaking anti-money laundering, identity and credit checks | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation |
Monitoring negative media and business financial performance | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) |
Providing information to agents or subcontractors so that they can assist us with providing the Website and/or the services | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) To perform a contract with you (where the contract relates to conveyancing and the agent or subcontractor is involved in lending or property listing services) (c) Necessary to comply with a legal obligation |
Providing or receiving information from third parties providing ancillary services or support to legal transactions (such as lending panel managers, who pass instructions from banks, or on-line portals for the management of legal instructions or estate agency websites (such as but not limited to ESPC, Rightmove or Zoopla). Such transfer will be on the basis that we have either a processing agreement in place or have reviewed the policies of such third party, and so we consider that there is adequate protection for your personal data. | (a) Necessary for our legitimate interests (for running our business, provision of administration and transaction support services, to prevent fraud, to reduce both our costs or group restructuring exercise) (b) To perform a contract with you (where the contract relates to other arrangements or services you have made with third parties, such as the listing of your property with an estate agent or arranging a mortgage with a lender) (c) Necessary to comply with a legal obligation |
Each individual lawful basis outlined above is intended to be a single and sufficient justification for our processing of your relevant information.
We may carry out associated processing of your data where we believe we have a legitimate interest to do so, where required by law, to perform our services to you or fulfil a contract, and/or with your consent.
The policy goes into more detail about some of the processing we carry out.
Marketing
We will use your personal information for marketing purposes for products or services that we think may be of interest to you, albeit you may unsubscribe at any point.
If you are receiving marketing communication in error then please get in touch with us in order that we can remove your contact details from that particular marketing database.
DISCLOSURE OF YOUR INFORMATION
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. The reason for this is that different parts of our business or group are responsible for different functions within our business and we need to be able to freely pass your personal information within these various business units.
Although we may share your personal information within members of our group, this does not mean that we will use it for direct advertising or marketing purposes. We will not contact you unless it is necessary for us to get in touch with you. For example, we may need to get in touch with you if we need to follow-up with you or if you asked us to provide you with further information about our services. We may contact you about services ancillary to a matter upon which we are instructed (for example, mortgage advice if you are buying a property).
In some cases we may disclose your information with select third-parties, on the basis that such disclosure is needed to provide our services to you or to implement a contract between us or to fulfil our professional obligations or as required by law. The third parties include:
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you
- Debt collection agencies where you have breached a condition of any contract entered between us and you.
- A purchaser of our assets, if substantially or all of our assets are acquired by a third party, in which case personal information held by us about you may be one of the transferred assets
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce our agreements with you, or to protect our rights, property, or safety of our customers, our employees, or others
WHERE WE STORE YOUR PERSONAL INFORMATION
The personal information that we collect from you will be stored within the European Economic Area. We will not transfer your personal information outside of the European Economic Area. Whilst we use cloud based storage, we have elected to ensure that all data is stored on data centres based within the United Kingdom and Germany. If we are using any software applications which are not based within the European Economic Area, we will seek separate and explicit consent from you before sharing any personal data or any sensitive personal data with that particular software supplier.
All personal information you provide to us is stored on our secure servers. Where practical and reasonable we will encrypt communication between our site and you using Secure Socket Layer/Transport Layer Security technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted from our site and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access. In particular, note that we cannot encrypt your email address as it is required to allow messages to be sent to you.
YOUR RIGHTS 1: NOT TO PROCESS
You have the right to ask us not to process your personal information.
You can exercise your right at any time by contacting us. If you consented to us collecting and/or processing your personal information, but have changed your mind then you can get in touch with us about erasing the personal information we hold about you.
Please be aware that, even if we receive a request from you to delete your personal information, it may be that we cannot entirely remove all of your personal information. This is usually because we have a legitimate interest to hold onto some of that personal information, for example, if you have an ongoing contract with us or there are outstanding payments due by you to us or if we are obliged to maintain information by law or professional conduct rules – but we’ll let you know.
Deleting information may also mean we can no longer provide services to you.
YOUR RIGHTS 2: ACCESS TO INFORMATION AND OTHER RIGHTS
In order to request a copy you need to submit a request to our Data Privacy Manager – details on how to get in touch can be found at the end of this Privacy Policy.
However, we can’t just release your personal information to anyone. We can only release your personal information to you – it’s a legal requirement. Therefore, it is important for us to ensure that we confirm your identity before we can release any personal information.
If you send us a request to provide you with a copy of your personal information then we may ask you to provide some identification. We may ask you to provide a copy of your current and valid passport and/or driving licence plus a utility bill (that is no more than 3 months old) and has your current address. We may also ask you to visit one of our offices or obtain a solicitors or notary publics’ confirmation of your identification.
All of this might sound very onerous but please understand that we have an obligation to protect your personal information and we need to be certain that it is being released to the right person.
You also have the right to ask us to rectify errors in any information we hold, to ask us to erase information we hold or to object to our processing of your information. (The law gives you an additional right to object to automated decision making about you, but we do not do that).
If you want to exercise these other rights we may ask for your ID in the same way as we would if you wanted to access information – we need to know the right person is asking.
WHAT IF I DO NOT CONSENT OR WITHDRAW CONSENT?
If you do not consent to us collecting your personal information then we cannot guarantee the full provision of services and cannot be held responsible or liable to you for any reduction or restriction in access to our other services.
HOW LONG WILL YOU HOLD ONTO MY PERSONAL INFORMATION?
Depending on how you engage with us or the types of services that we provide you it may be necessary for us to store your personal information for shorter or longer periods of time. The Law Society of Scotland and the Law Society of England and Wales have indicated that all active files shall be retained for a period of 10 years from the conclusion of the transaction that we are dealing with on your behalf. In most circumstances, we will keep your information for this period.
You can find details on how long we may hold onto your personal information on our Retention Policy which can be found on our website (www.gilsongray.co.uk)
OTHER PERSONS’ INFORMATION
If you pass us information about another person, we may ask you to confirm that they have consented to us having that information. You should not give us information without the consent of its subject.
CHANGES TO OUR PRIVACY POLICY
We may need to change this Privacy Policy if it’s necessary for legal reasons or to reflect changes to our services. In any case, the provisions of this Privacy Policy may be changed without prejudice to your rights. When we change our Privacy Policy we will make the updated Privacy Policy available on our site and we will also update the “Last Updated” date.
Once we change our Privacy Policy, it will become legally binding on you 30 days after we post it on our site. During that period you’re welcome to contact us if you have questions about the changes.
CONTACT US
If you have any questions, comments or requests regarding our Privacy Policy then please do not hesitate to get in touch with us. To make things easier we would appreciate it if you your queries were addressed to our Data Privacy Manager:
Derek Hamill
Data Privacy Manager
Gilson Gray LLP
29 Rutland Square
Edinburgh
EH1 2BW
United Kingdom
dataprotection@gilsongray.co.uk
Telephone: +44 (0)131 516 5354