Search

Cardiff 02920 456 444  |  Pontypridd  01443 485000 | info@james-douglas.co.uk

Mobile Logo

Privacy Statement

Privacy Policy

At James Douglas, we’re committed to respecting and protecting your privacy.

This Privacy Policy explains when and why we collect personal information about customers and people who contact or interact with us, including our website visitors, how we use it, the conditions under which we may disclose it to others and how we keep it secure.https://www.seraph.pm/spmconfig

If you do not want us to process your personal information as described in this Privacy Policy, please do not provide information to James Douglas or use our website https://james-douglas.co.uk/

For questions relating to this Privacy Policy, please contact us at info@james-douglas.co.uk or James Douglas, 1, St. Martin’s Row, Albany Road, Cardiff CF24 3RP.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in April 2024.

About James Douglas 

James Douglas is a trading name of Seraph Estates (Cardiff) Ltd registered in England and Wales, company registration number 7791713. The registered office is James Douglas, 1, St. Martin’s Row, Albany Road, Cardiff CF24 3RP and we are based in the UK.

The person responsible for all matters concerning the privacy and processing of any personal data, also known as the Data Controller, is:

Mrs Sarah Evans

Seraph Estates (Cardiff) Ltd T/A James Douglas 

1 St.Martin’s Row

Albany Road

CARDIFF

CF24 3RP

The Data Controller can be contacted at info@james-douglas.co.uk or you can write to the above address.

How do we collect personal information about you?

We obtain personal information about you that you provide to us through our website, emails, telephone conversations, documents you provide to us or when you visit one of our branches, for example when you:

  •  Enquire about specific properties for sale or for rent
  •  Ask us to value your property
  •  Register for our email newsletters
  •  Participate in one of our surveys
  •  Interact with us on our social media sites
  •  Ask us about our property management service or fire risk assessment service

We also obtain personal information relating to you using automated technical means when you visit our website.

What type of personal information is collected?

The information we collect from you might include (but is not limited to) your name, address, email address, phone number, date of birth and financial details, and any other information you choose to provide to us. During the Covid-19 pandemic, we are also obligated to collect health data, such as whether you have symptoms of Covid-19 if you have tested positive for Covid-19 or had any contact with anyone who has tested positive. This information is required in order to keep staff and customers safe. Please see further information relating to this at the end of this notice. 

The information we collect through our website using automated technical means including; the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, identification number, online identifier, and location data. We also collect information about your website visit including which website pages are accessed, page response times, and length of visits to pages.

How long do we retain your personal information?

We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information for certain prescribed periods to fulfil our statutory obligations. Outside of specific statutory obligations, we will hold your personal data on our systems for as long as is necessary for the relevant purposes for which we use it, or in accordance with any retention periods set out in any relevant contract you hold with us.

We will retain personal information (for landlord and tenant) relating to a tenancy organised by us for:

  •       A maximum of 6 years from the tenancy end date for landlords and tenants using a managed service with James Douglas to allow us to comply with our legal obligations. For Landlords with several tenancies in succession, we will retain personal information for 6 years from the last tenancy end date.
  •       A maximum of 6 years from the tenancy start date for landlords and tenants using a let-only service with James Douglas to allow us to comply with our legal obligations. For Landlords with several tenancies in succession, we will retain personal information for 6 years from the last tenancy start date.
  •       If you apply or enquire about renting or buying a property with James Douglas but this does not proceed to a tenancy agreement or purchase, we will retain your data for a maximum of 6 months.
  •       If you enquire about services with James Douglas Sales & Lettings to let out or sell your property but this does not proceed to us letting or selling your property, we will retain your data for a maximum of 1 year. 

All records are hosted in the UK, EU or in countries with EU equivalency. 

In some cases, it is not possible for us to specify in advance the periods for which we will retain your personal information. In such cases, we will determine the period of retention based on the following criteria:

(a)      the legal basis or legitimate interest to retain the data

(b)      your personal preferences

How do we use your personal information?

We may use the information that you directly provide to us in the following ways:

  •   We may use your name, address, and contact details for the purpose of carrying out our obligations arising from any contracts entered into by you and James Douglas, such as; providing you with products and services that you have requested and visiting, arranging viewings and performing maintenance at your property.  Our legal basis for this use is that it is necessary for the performance of a contract to which you are party.
  •   We may use your name, email address, and postal address to provide you with information you have requested from us or relevant information such as new legislation that could affect you, respond to enquiries or requests from you, communicate with you in relation to those enquiries or requests and arrange visits to the property by our staff.  Our legal basis for this use is our legitimate interests, namely carrying out activities in the course of James Douglas business in response to customer enquiries or requests.
  •   We may use your name, email address, and postal address to provide you with information regarding similar goods and services to those you have already enquired about or purchased.  Our legal basis for this use is our legitimate interests, namely the ongoing marketing of our goods and services to individuals with whom we have an existing relationship in connection with our goods and services and/or who have expressed an interest in those goods and services;
  •   Where you have entered into a contract with us or we have provided you with services, we may use your name, email address, postal address or phone number to ask for your feedback about the services we have provided to you.  Our legal basis for this use is our legitimate interests, namely evaluating and where necessary improving the quality of our service provision with a view to promoting the success of our business and positive customer relationships.
  •   Where you are a party to an existing contract with us or regularly enter into contracts with us for our goods and services, we may use your name, email address, postal address or phone number to notify you of changes to the terms and conditions of our services.  Our legal basis for this use is our legitimate interests, namely the administration and management of our business contracts and relationships.
  •   We may use your name, email address and postal address to send you marketing communications. These may include information about properties for rent or for sale, the current property market, promotions or offers. Our legal basis for this use is consent.
  •   We may request and use your ID or a utility bill to verify your identity where required.  We may also use an electronic verification service to verify identity and residency status. Our legal basis for this is compliance with legal obligations to which we are subject, our legitimate interests to confirm identity, namely ensuring the security of our systems, network and information and those of third parties.

We may use the information that we automatically collect using technical means through our website to:

  •   Administer our site and for troubleshooting, testing, research, and statistical purposes. We use Google Analytics, a third-party website monitoring tool. Our legal basis for this is our legitimate interests, namely monitoring the use of our software and IT systems, and improving our website.
  •   Measure or understand the effectiveness of our own advertising activity. Our legal basis for this use is our legitimate interests, namely improving the relevancy of our advertising.
  •   Measure or understand the effectiveness of our marketing emails via email marketing service MailChimp.

We use MailChimp for marketing or information messages to customers. Personal data is stored within our MailChimp account in order to allow us to create distribution lists and send email campaigns. Our legal basis for this use is consent to contact you where you have opted in to marketing messages or, where you have entered into a contract with us or we have provided you with services, we may use your email address to inform you about any changes to legislation that may affect you. Our legal basis for this use is our legitimate interests, namely ensuring the legal compliance of James Douglas and its customers.

This automated collection of information may involve the use of cookies on our website.  Please see our Cookies Policy which is available on our website https://james-douglas.co.uk/

We may analyse the personal information we collect directly from you and obtain using automated technical means to create a profile of your interests and preferences so that we can contact you with information relevant to you (if you have chosen to receive marketing communications from us). We may make use of additional information about you when it is available from external sources to help us do this effectively.  These sources include the Land Registry Public Register.

We may also use any of your personal information that we collect from you directly and additional information about you from external sources where necessary to detect and reduce fraud and credit risk.  These sources include Credit Risk Agencies, the Land Registry Public Register, and the Companies House Public Register. Our legal basis for this use of your personal information is our legitimate interest in preventing our business from being subject to fraud or credit risk. Where a credit check is completed (this would not be carried out without your express permission to do so) this is a “soft” search and does not leave a footprint on your credit file, only you will be able to see that a search has been undertaken.  A credit check is only usually undertaken for applicant tenants of rental properties and would not apply to Landlords, Vendors, or Purchasers.

Compliance with Money Laundering Regulations

We are duty-bound to carry out due diligence on vendors and purchasers of properties to confirm your identity as prescribed by the Money Laundering Regulations 2017. This information will be processed by us with online electronic verification service, Landmark Property Services and their staff only to ensure compliance with the Money Laundering Regulations and will be shared with your appointed Conveyancing Solicitor. For a vendor, these consist of checking identity and residency status upon signing an Agency Agreement prior to us being able to market a property for sale. For a purchaser, the checking of identity and residency status on acceptance of an offer, prior to the production of a Memorandum of Sale. This system allows us to verify you from basic details using electronic data, however, it is not a credit check of any kind so will have no effect on you or your credit history.  A record of the search will be retained for 5 years to comply with the regulations

Who has access to the information?

We will not sell or rent your information to third parties. We may pass your information to third-party service providers, including but not limited to:

Business partners, suppliers, and sub-contractors working on our behalf for the purposes of completing tasks and providing services to you.

Your personal data, including name, address, contact details, and preferences will be shared with:

  •   AgentOS, based in the UK, who provide James Douglas Sales & Lettings with property sales and rental software.
  •   Landmark Property Services Group, for the purpose of identity verification and residency status.
  •   G Suite and Google Gmail, who provide James Douglas Sales & Lettings with Email and calendar service.
  •   A2Z Computing Ltd, based in the UK who provides James Douglas Sales & Lettings with IT services
  • Homeshift and Homebox, both are homemoving services based in the UK who inform all utility suppliers and local councils of your details where you will commence or cease to be responsible for bills at the property, or in certain circumstances, we may contact the utility provider/ council directly.
  •   MailChimp, an email marketing service based in the USA (James Douglas Sales & Lettings control the data within their account, data is not used by MailChimp directly or passed to other third parties).
  •  Homelet referencing service, based in the UK, relating to applicant tenants wishing to rent properties.
  •  Barclays Bank, based in the UK, for Landlords or Tenants using a managed or let-only service, who provides James Douglas Sales & Lettings with banking facilities
  •  The Tenancy Deposit Scheme, based in the UK, for Landlords and tenants using a managed service, who provides James Douglas Sales & Lettings, landlords and tenants with a deposit protection service
  •  The Deposit Protection Service, based in the UK, for Landlords and tenants using a let only service, who provide James Douglas Sales & Lettings, landlords and tenants with a deposit protection service
  • My Deposits, based in the UK, for landlords and tenants using a let only service, who provided James Douglas Sales & Lettings, landlords and tenants with a deposit protection service.
  • Valpal, based in the UK is an online valuation tool, that stores potential landlord and vendor data who have requested an online value estimation of their property.
  • Sprift Technologies Limited , based in the UK is a property data tool that we use for valuations and marketing purposes.
  •  HMRC for Landlords using a managed or let-only service, to comply with our legal duties.
  •  Greene and Co Accountants, based in the UK, for Landlords using a managed or let-only service, to comply with our legal duties.
  •  Various Contractors for the purpose of arranging maintenance at the property or complying with legal obligations to complete certification of the building or appliances at the property. Our legal basis for this use is that it is necessary for the performance of a contract to which you are party.
  •   Saturday Cloud and Elevate, based in the UK, who provide James Douglas with cloud-based telephony and call recording facilities.
  •   The Solicitor and Surveyor relating to the sale or purchase of your property. Our legal basis for this use is that it is necessary for the performance of a contract to which you are party.
  •   The Vendor or Purchaser relating to the sale or purchase of your property. Our legal basis for this use is that it is necessary for the performance of a contract to which you are party.
  •   For applicant tenants or tenants of rental properties, the referencing information may be shared with the Landlord in order to assess your suitability as a tenant in their property.

When we use third-party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and otherwise use your information in accordance with applicable data protection law.

We may disclose your personal information to any member of our group of companies. This means our subsidiaries, our ultimate holding company and all its subsidiaries insofar as reasonably necessary for the purposes set out in this policy.

We may disclose your personal information to our insurers and /or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets, or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

In addition to the specific disclosures set out in this section, we may disclose your personal information where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative out-of-court procedure.

 

CCTV Policy

This Policy seeks to ensure that the Close Circuit Television (CCTV) system used by James Douglas is operated in compliance with the law relating to data protection (currently the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA 2018”))

We seek to ensure compliance with privacy law and take into account best practices as set out in codes of practice issued by the Information Commissioner. We, therefore, use CCTV only where it is necessary in pursuit of a legitimate aim.

We use CCTV in order to:

  • promote a safe community and monitor the safety and security of its premises;
  • assist in the prevention, investigation, and detection of crime in and around our premises;
  • assist in the investigation of breaches of its codes of conduct and policies by staff, customers and contractors and where relevant and appropriate investigating complaints.
  • CCTV images will not be retained for longer than necessary, taking into account the purposes for which they are being processed. Data storage is automatically managed by the CCTV digital records which overwrite historical data in chronological order to produce an approximate 28-day rotation in data retention. All retained CCTV images will be stored securely.
  • Third-party requests for access will usually only be considered in line with the GDPR and DPA 2018 in the following categories:
    • legal representative of the Data Subject;
    • law enforcement agencies including the Police;
    • disclosure required by law or made in connection with legal proceedings.

Your rights

In this section, we have summarised the rights that you have under data protection law.  Some of the rights are complex, applying only in certain circumstances and subject to certain exceptions, and in the interests of keeping this policy concise, not all of the details have been included in our summaries.  Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. 

You have the right:

  •   To object to us processing your personal information for marketing purposes. If you object, we will stop processing your personal information for this purpose.  When we collect your data, you can choose whether you wish to receive marketing communications from us. If you wish to stop receiving marketing communications, you can opt-out at any time by clicking an ‘unsubscribe’ link at the bottom of one of our emails.
  •   To access the information we hold about you and certain information about our processing of it and your rights in relation to it.
  •   In certain circumstances, to obtain the erasure of the personal information we hold about you, subject to certain exceptions.
  •   To rectification of the information, we hold about you.
  •   In certain circumstances, to restrict our processing of your personal information or object to us processing it. If you object, we will stop processing your personal information unless certain exceptions apply.
  •   Where our legal basis for processing your personal information is your consent or the performance of a contract and we process it by automated means, to be provided the personal information we hold about you in a structured, commonly used, and machine-readable format and to transmit the information to another controller.
  •   To not be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly affecting you, subject to certain exceptions.
  •   Where our processing of your personal information is based on your consent, to withdraw that consent at any time.  If you withdraw your consent, we will stop the relevant processing, but it will not affect the lawfulness of our processing before the withdrawal.

To exercise any of these rights, please contact us at info@james-douglas.co.uk or James Douglas, 1, St. Martin’s Row, Albany Road, Cardiff CF24 3RP

In addition, you can exercise your right to object to direct marketing at any time by clicking an ‘unsubscribe’ link at the bottom of one of our emails.

If you consider that our processing of your personal information infringes data protection laws, you have the right to lodge a complaint to a supervisory authority responsible for data protection.  You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.  More information about lodging a complaint with the Information Commissioner’s Office (the relevant UK supervisory authority) can be found at https://ico.org.uk/concerns/.

Security precautions in place to protect your information

We take appropriate technical and organisational precautions to secure your personal information and prevent its loss, misuse or alteration. All information you provide to us is stored on our secure servers. Where we have given (or where you have chosen) a password that enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

The transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and for this reason, we cannot guarantee the security of data sent between us over the internet.

Website and Security

 How we use cookies

  •     A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
  •       We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
  •       Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
  •       You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

  •       Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Social Media Policy

You may interact with employees or representatives of James Douglas speaking on behalf of James Douglas on Twitter, Facebook and other social media. When interacting on those platforms you are subject to the terms and conditions of those platforms as well as any privacy policies of those platforms.

Should you choose to interact with James Douglas on these platforms,

  • you agree that your contributions, including your comments, photos or other media you share are able to be used by James Douglas or other members of The Seraph Group for the purposes of continuing the social media dialogue or for other marketing purposes, for instance as a customer testimonial, or as a quote in a press release, or in another sympathetic manner.
  • you assert that you are the creator or copyright holder, (or that you have permission from the copyright holder) to share and distribute any material you share with us, and you give us permission (or that you have sought permission from the copyright holder for us) to share and distribute this material.

Should we use your material in this way, James Douglas will not misrepresent or change the meaning of your material, though we may edit for brevity or clarity.

If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.

Covid-19 Notice

This Covid Notice only applies between the period of 2020-2022.

Under government guidance and for the business to continue to operate, measures have been put in place to ensure the organisation is covid-secure. This notice describes how we may use your information to protect you and others during the COVID-19 outbreak.

We may seek to collect and process information from you, which is above and beyond what would ordinarily be collected. This is necessary to ensure your safety and well-being, however, we will ensure that this will be limited to what is proportionate and necessary for us, in accordance with Government guidance, to manage and contain the virus and enable us to effectively keep people safe, put contingency plans into place to safeguard those who are vulnerable and to aid business continuity.

We will collect health data in relation to covid-19. We will only keep your information for as long as it is necessary, as a minimum the information outlined in this privacy notice will be kept for the duration of the COVID-19 response. When the information is no longer needed for this purpose, it will be securely deleted.

 Further information

You can obtain further information about data protection laws by visiting the Information Commissioner’s Office website at www.ico.org.uk.