J BRADBURNE PRICE & CO
GDPR (General Data Protection Regulation)
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals within the European Union (EU). GDPR came into effect across the EU in May 2018.
WHY DO WE HAVE A PRIVACY NOTICE?
WHO ARE J BRADBURNE PRICE & CO?
J Bradburne Price & Co is a family run business which operates two Livestock Markets – one in Mold and one in Llanrwst. We also run an Estate Agency and Rural Surveying business from an office based in Mold and additionally carry out some Rural Surveying and Land Sales from our Llanrwst Market. We operate as a Partnership.
We may acquire personal information about you if you trade with us, instruct us to perform a service, or request information from us in relation to our sales, properties, products or services. We may also collect personal information about you if you contact us via email, phone, our website or other electronic means.
J Bradburne Price and Co deals with a wide-ranging clientele including auction sellers, suppliers, auction buyers, vendors of property, purchasers of property, and clients and those who have expressed an interest in property and surveying and rural work. We use a variety of personal information depending on the goods and services we deliver to you and in most cases, it includes, but is not limited to, your name and address and electronic contact details. For delivery of some goods and services we may require additional information such as financial details such as bank and payment details, information to allow us to check your identity and complete anti–money laundering checks to meet legal obligations, information about your credit history and other personal details required to deliver our product and services.
For financial management and debt recovery purposes, we will give and receive information from third parties where it is necessary to recover debts due from you, for example, solicitors or if we are required to defend any legal claims or disputes.
If you are not a customer or prospective customer but contact us, then the personal information we collect will depend on the relationship and the enquiry but will usually include name and contact details.
Data held depends on the products and services provided and can include the following:
a) Auction Sellers and Buyers
Trading name, address, contact names, telephone numbers (mobile & home), VAT number, email address, holding numbers, flock/herd number, Farm Assurance numbers plus any information necessary for the completion of the sale/purchase.
In order to administer payments to and from you we will hold your contact details and the payment details you have provided to us.
b) Vendors and Purchasers of Property as well as those who expressed an interest in purchasing or selling
For vendors and purchasers, we may hold proof of address, proof of identity as well as other information such as email addresses and telephone numbers. This may include Passports, Utility Bills, Tax Reference and Driving Licence. This information is held to check identity for money laundering and counter terrorism purposes and is a legal requirement
For those who expressed an interest, we will hold information such as telephone numbers, addresses, email addresses plus any other information that is necessary for completion of our contract.
c) Surveying and Rural Work clients
In addition to the terms of engagement, we will hold information such as telephone numbers, address, email addresses plus any other information that is necessary for completion of our contract or for legitimate interest.
In some instances, in order to administer payments to and from you we will hold your contact details and the payment details you have provided to us.
J Bradburne Price & Co is a Data Controller.
HOW WILL THE DATA BE COLLECTED?
In nearly all cases, any data will be collected during the normal course of business.
For auction customers, this will either be provided by yourselves, collected from an entry form or BCMS barcode or provided by a trusted third party.
For the remainder of the above groups, this will usually be provided by yourself or with your permission from other sources such as family members, a solicitor or accountant. The data will be collected in numerous ways such as face to face, over the telephone, via email, via letter or via forms.
WHAT WILL J BRADBURNE PRICE & CO DO WITH PERSONAL DATA?
We hold customer data to allow us to process necessary business transactions so we can operate and administer the products and services which we provide. These include:
· To enable us to receive and produce cheques, BACS payments and invoices.
· To enable us to complete sales and purchases of land and property. This can include arranging appointments with prospective buyers or arranging for third parties to carry out work on your property. It can come in the form of emails, letters, telephone calls, face to face.
· To represent clients in the course of surveying work such as providing valuations, agreeing claims against Utility Companies, settling disputes.
· To comply with legislation including money laundering and fraud regulations and for debt recovery purposes.
If we have obtained your personal information during the normal course of business, using a “soft opt in approach,” we may contact you relating to products and services such as forthcoming sales, business updates, professional updates and marketing. This may be done by way of a letter, an email, a text, telephone call or other electronic communication. We may include your name, product and price achieved in market reports or statistics.
You can always choose to opt out of receiving these by contacting us on firstname.lastname@example.org
LAWFUL BASIS FOR HOLDING DATA
Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR. The sub-sections are:
a) 'your consent';
b) 'performance of a contract';
c) 'compliance with a legal obligation';
d) 'protection of your, or another's vital interests';
e) 'public interest/official authority'; and
f) 'our legitimate interests'.
Generally we will rely on 4 of the above:
This applies when it is necessary to hold your data in the normal course of business unless there is a good reason to protect your personal data which override those legitimate interests. There are 3 tests which should be satisfied when using this approach:
1. Purpose test: are we pursuing a legitimate interest?
2. Necessity test: is the processing necessary for that purpose?
3. Balancing test: do your interests override the legitimate interest?
Examples: Auction Customers, prospective and sellers and purchasers of property, surveying and rural work
This applies where the processing is necessary for a contract we enter into with you, or because you have asked us to take specific steps before entering into a contract.
Examples: Clients of surveying and rural work, auction customers, sellers and purchasers of property, surveying and rural work customers and prospective customers
This applies when the processing is necessary for us to comply with the law (not including contractual obligations).
Examples: Vendors and Purchasers of products where money laundering and fraud compliance checks are required or information on livestock required to be given to a government organisation
In specific situations, we can collect and process your data with your consent
Example: to be including in our mailing list of properties, forthcoming sales, business and professional updates and marketing. This also applies when you have not previously carried out any business with us but have consented to be included on our mailing lists and be contacted by post or other electronic means.
YOUR RIGHTS UNDER DATA PROTECTION LAW
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:
· To be informed – We must make available this privacy notice with the emphasis on transparency over the personal information we hold about you and how we process your personal information.
· Access – You are entitled to request a copy of the personal information that we hold on you.
· Rectification – We want to make sure the personal information is accurate, complete and up to date. You may ask us to correct any personal information.
· Deletion– You have the right to ask us to delete personal information.
· Restrict processing – You may ask us to restrict how we use your personal information.
· Data portability – You have the right to obtain and reuse your personal information that you have provided to us.
· Object – You have the right to tell us to stop using your personal information
· Withdraw consent – where you have provided consent to use your personal information and we use your personal information with consent, you may withdraw consent at any time or update your marketing requirements.
· Rights in relation to automated decision making and profiling – We do not use automatic decision making or processing.
Please contact us if you wish to exercise any of these rights by visiting our offices or calling us directly. Contact details are on our website www.jbradburneprice.com. You can make a complaint by contacting one of our managers or partners – details are on our website. You also have a right to lodge a complaint with the Information Commissioner’s Office.
STORAGE OF DATA
We will store your data in the following ways
• As a hard copy
We will hold the data for as long as we feel is necessary having regard to various criteria, including but not limited to legal requirements, contractual interests or as a legitimate interest. One of your rights is the right to erasure and as long as we would not be in breach of one of the basis for holding data, we will delete the data as soon as reasonably possible upon receiving your request. We will treat your data with care and take appropriate steps to protect it.
From an electronic perspective, we take cyber security very seriously and have firewalls and anti-virus in place and any back ups are encrypted. The auction processing system used in house is supplied by Newline ASP who are a software and I.T support business. This information is backed up onto a hard drive and the cloud. All information on this system is encrypted by Newline ASP. We use this system to provide text alerts.
THIRD PARTY DATA PROCESSING
We will keep your information within the “organisation” except where disclosure is required or permitted by law or when we use third party services to supply and support our services to you. In this case they have confirmed they will hold it securely following the GDPR Regulations. Examples of the need to legally disclose data include HMRC, to keep customer details for accounting and VAT records or for order by the Court’s then this will be carried out. Also, in the case of emergency or accident on the premises, any details we know that may save someone’s life will be passed on to emergency services.
We may also be required to disclose your personal data to the police, NCA, other regulatory or Government bodies, upon a request to do so. Examples of this would be Trading Standards, BCMS, NRW.
Your privacy will be taken in to consideration if such a request is received.
STAFF – ACCESS TO DATA
Office staff have their own passwords and log in details. These details allow them to access information that is only relevant for them to use to fulfil their job requirements.
Auction sale day staff need access to people’s accounts to enable them to pre enter and sell items belonging to the vendors and providing information to buyers and respective hauliers.
Staff working in the office have greater access to people’s/businesses’ data. These staff are fully aware of customer confidentiality and GDPR and are fully briefed on how to deal with the knowledge of this information.
If anyone finds that any personal data has been used without authority or gained in an unlawful manner these need reporting to the Manager or Data Protection Officer within J Bradburne Price & Co and the ICO. If any breach of Personal Data is found the ICO (Information Commissioner’s Office) should be notified in 24 hours.
72 hours is the absolute maximum time allowed to report these breaches. Contact details www.ico.org.uk
We use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.