Imeson Property Investments customer privacy notice

This privacy notice tells you what to expect us to do with your personal information.

What information we collect, use, and why.

We collect or use the following information to provide services and goods, including delivery:

  • Names and contact details

  • Addresses

  • Date of birth

  • Payment details (including card or bank information for transfers and direct debits)

  • Website user information (including user journeys and cookie tracking)

  • Photographs or video recordings

  • Call recordings

  • Records of meetings and decisions

  • Identification documents

  • Information relating to compliments or complaints

We collect or use the following information to prevent crime, prosecute offenders, or defend against legal action:

  • Names and contact information

  • Customer or client accounts and records

We collect or use the following information for service updates or marketing purposes:

  • Names and contact details

  • Addresses

  • Marketing preferences

  • Location data

  • Recorded images, such as photos or videos

  • Call recordings

  • Purchase or viewing history

  • IP addresses

  • Website and app user journey information

  • Records of consent, where appropriate

We collect or use the following information for research or archiving purposes:

  • Names and contact details

  • Addresses

  • Location data

  • Recorded images, such as photos or videos

  • Call recordings

  • Purchase or viewing history

  • IP addresses

  • Website and app user journey information

  • Personal information used for administration of research

  • Personal information used for the purpose of research

  • Records of consent, where appropriate

We collect or use the following information to comply with legal requirements:

  • Name

  • Contact information

  • Identification documents

  • Financial transaction information

Our lawful bases for collecting or using personal information to provide services and goods are:

  • Consent

  • Contract

  • Legal obligation

  • Legitimate interest:

    • The benefits of collecting or using people's information is for clients to receive appropriate updates and information in relation to their purchases. Such information will always be stored securely and encrypted as recommended by the Information Commissioner’s Office.

Our lawful bases for collecting or using personal information to prevent crime, prosecute offenders or defend against legal action are:

  • Consent

  • Contract

  • Legal obligation

  • Legitimate interest:

    • Collection of personal information is required by HMRC Anti-Money Laundering in order to prevent fraud.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

  • Consent

  • Contract

  • Legitimate interest:

    • The benefits of collecting or using people's information is for engaged people to receive information on relevant service offers or information that they may want to take advantage of. Such information will always be stored securely and encrypted as recommended by the Information Commissioners' Office.

Our lawful bases for collecting or using personal information for research or archiving purposes are:

  • Consent

  • Legitimate interest:

    • Collecting personal information for research purposes will enable the organisation to make improvements in the client experience over time.

Our lawful bases for collecting or using personal information for legal requirements are:

  • Consent

  • Legal obligation

  • Legitimate interest:

    • Collection of this information is to help prevent individuals and organisations from becoming victims of fraud.

Where we get personal information from

  • People directly

  • Councils and other public sector organisations

  • Publicly available sources

How long we keep information

Lawful bases

The retention durations provided for each category are based on a combination of UK legal requirements, industry best practices, and guidance from relevant regulatory bodies. Here's an updated list of the retention periods, along with references to the policy or guidance that informed the decision for each category (N.B. retention periods may be subject to change based on business needs, regulatory requirements, or legal obligations.):

1. Account Information

  • Retention Duration: 7 years after account closure.

    Reference:

    • UK Anti-Money Laundering (AML) Regulations: Requires businesses to retain identity verification records for 5 years after the end of the business relationship.

    • Financial Conduct Authority (FCA): Businesses may retain customer information for up to 7 years for potential legal and regulatory claims.

2. Transaction Data

  • Retention Duration: 7 years after the transaction.

    Reference:

    • HMRC Requirements: Financial records, including payment information, must be kept for 6 years after the end of the tax year.

    • Companies Act 2006: States that companies must keep records for a minimum of 6 years for audit purposes. A 7-year period is recommended for additional compliance buffer.

3. Usage Data

  • Retention Duration: 6 months for active data, 2 years for anonymized data.

    Reference:

    • GDPR Recital 39: Personal data should be kept for no longer than necessary for the purposes for which it is processed.

    • ICO Guidance: Analytics data can be retained for business purposes, but personal data should be anonymized when it's no longer necessary for processing.

4. Business Strategy & Analytics Data:

We retain data used for assessing future service strategies, such as usage trends, purchase history, and feedback data, for up to 2 years in its identifiable form. After this period, the data may be anonymized and retained in aggregate form for up to 5 years to support long-term business planning and analytics, without retaining personal identifiers.

5. Communication Data

  • Retention Duration: 3 to 5 years after communication.

    Reference:

    • FCA and GDPR: Call recordings may need to be kept for 3 to 5 years for regulatory compliance, training, and quality assurance.

    • GDPR Recital 49: Stresses the importance of keeping communications for network and information security, while balancing privacy.

6. Visual/Audio Media

  • Retention Duration: Up to 2 years after the last relevant interaction.

    Reference:

    • ICO Photography and Video Guidelines: Visual data can be retained for as long as necessary, but businesses must regularly review its necessity.

    • GDPR Principles: Retain only as long as needed for the original purpose, with 2 years being a common business practice for marketing materials.

7. Legal Obligations

  • Retention Duration: 7 years for key legal records (e.g., consent, identification documents).

    Reference:

    • UK AML Regulations: Consent and identification documents must be retained for 5 years after the end of the relationship.

    • FCA and ICO: Businesses often retain consent records for up to 7 years to protect against legal disputes.

8. Marketing Data

  • Retention Duration: Until user opts out or 2 years after the last marketing interaction.

    Reference:

    • ICO Direct Marketing Guidance: Marketing data should only be retained as long as necessary. Regular reviews are recommended, and 2 years is a typical duration if the user remains active.

9. Feedback Data

  • Retention Duration: 3 to 5 years after receiving the feedback.

    Reference:

    • GDPR Recital 39: Feedback data, such as complaints or compliments, should be retained as long as necessary for handling disputes or improving services.

    • ICO Guidance: Complaints data typically can be retained for 3 to 5 years, depending on the nature of the feedback and legal claims.

10. User Preferences:

We retain data related to your preferences, such as marketing choices, consent settings, and communication preferences, for as long as your account is active or until you update or withdraw your preferences. After account closure, or if you withdraw consent, this data will be retained for up to 2 years for legal and compliance purposes, after which it will be securely deleted.

Users' Rights Regarding Data Retention

Users have the following rights regarding the retention of their personal data:

  • Request Data Deletion: In compliance with certain privacy laws, such as the General Data Protection Regulation (GDPR), users have the right to request that their personal data be deleted. We will honour such requests in accordance with applicable legal requirements.

  • Access Retention Information: Users may inquire about the duration for which their personal data is stored. Upon request, we will provide details on the retention period or the criteria used to determine how long we retain personal data.

Personal Data deletion and Anonymisation Process:

After the retention period, personal data will be either securely deleted or anonymized so that it can no longer be linked to an individual.

You have the right to request that your personal data be deleted before the end of the retention period under certain circumstances, such as withdrawing consent or when the data is no longer necessary for the purposes for which it was collected.

Who we share information with

Others we share personal information with:

  • Financial or fraud investigation authorities

  • Organisations we’re legally obliged to share personal information with

  • Publicly on our website, social media or other marketing and information media (where appropriate)

Sharing information outside the UK

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. Please contact us for more information.

Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal data.

Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated : 15 September 2024

Contact details: contact@imesonproperty.com

Privacy Policy

Terms and Conditions

© 2024 Imeson Property Investments. All rights reserved.