Lostock Hall Farm, Poynton
1.0 Introduction
Bidwells respects your privacy and is committed to protecting your personal data. This privacy notice will let you know how we look after your personal data generally as well as when you visit our website and tells you about your privacy rights and how the law protects you.
You can download a PDF of this policy here.
This privacy notice aims to give you information on how Bidwells LLP collects and processes your personal data. It is intended to cover all of your rights and information required under data laws including the UK General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We may need to update the information from time to time.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2.0 Who are we?
Bidwells LLP is the Data Controller and responsible for your personal data (collectively referred to as “Bidwells” “we”, “us” or “our” in this privacy notice).
3.0 What data do we collect about you?
The table below explains what we use (process) your personal data for and our reasons for doing so:
| Personal data we collect | What we use personal information for | Our reasons | UK GDPR Clause |
| Full name and contact details (such as phone number, email address and postal address and company details if applicable), payment details / bank account details | To provide services to you and managing activities related to your services Credit reference checks via external credit reference agencies | For the performance of our contract with you or to take steps at your request before entering into a contract For our legitimate interests or those of a third party, to ensure our customers are likely to be able to pay for our products and services | Contract (Article 6(1)(b)) Legitimate Interest (Article 6(1)(f)) |
| Photographic identification (such as a passport, a driving licence or an identification card confirming your date of birth) and one form of documentation with proof of your place of residence (such as a recent utility bill) | To prevent and detect fraud against you or Bidwells such as to carry out Anti Money Laundering and Terrorist Financing electronic checks Conducting checks to identify our clients and verify their identity. Screening for financial and other sanctions or embargoes. Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulators and supervisory bodies | For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for us and for you To comply with our legal and regulatory obligations | Legal Obligation (Article 6(1)(c)) Legitimate Interests (Article 6(1)(f)) |
| Your nationality and immigration status and information from related documents, and immigration information | If you are a potential tenant applying for a tenancy | To comply with our legal and regulatory obligations | Legal Obligation (Article 6(1)(c)) |
| Any personal data that you provide to us which we are required to disclose as part of an audit or investigation | Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies | To comply with our legal and regulatory obligations | Legal Obligation (Article 6(1)(c)) |
| Information about how you use our website, IT, communication and other systems, including: • your internet service provider, browser type and operating system; • pages accessed on our website and third-party websites; • the date and time of access; which site you came to our site from. | Various uses, including: • Ensuring content from our web site is presented to you in the most effective manner for you and for your computer and tailoring, developing, improving our services • Ensuring business policies are adhered to, e.g. policies covering security and internet use • Preventing unauthorised access and modifications to systems • Operational reasons, such as improving efficiency, training and quality control | Essential cookies: for our legitimate interests to operate our website Non-essential cookies: with your prior consent For further information about how we use cookies, please see our Cookies Policy | Legitimate Interests (Article 6(1)(f)) Consent (Article 6(1)(a)) |
| We may anonymise any personal data you provide to us and will process it in order to anonymise it. | Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, range of services or other efficiency measures | For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you | Legitimate Interests (Article 6(1)(f)) |
| Invoicing data including your name and payment information | Statutory returns | To comply with our legal and regulatory obligations | Legal Obligation (Article 6(1)(c)) |
| Your name, contact information and professional or personal online presence, e.g. LinkedIn profile, if you share it with us | Marketing our services to: • existing and former clients; • third parties who have previously registered with us or expressed an interest in our services; • third parties with whom we have had no previous dealings including: marketing and promotional messages; surveys providing information relating to matters that may be of interest to clients and contacts; notifications of events and new services; newsletters | Where you are a business professional acting in your capacity as a representative of a company: for our legitimate interests to promote our services that we believe will be of interest to you Where you are an individual acting in your personal capacity: with your prior consent You can opt-out of marketing at any time by e-mailing us at gdprinfo@bidwells.co.uk or visiting the marketing preferences section of our website here. | Legitimate Interests (Article 6(1)(f)) B2B Consent (Article 6(1)(a)) B2C |
| Personal data you provide to us which is requested by our auditors for legitimate purposes. | External audits and quality checks, e.g. for ISO Standards etc and the statutory audit of our accounts | For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards. To comply with our legal and regulatory obligations | Legitimate Interests (Article 6(1)(f)) Legal Obligation (Article 6(1)(c)) |
| Call log and your telephone number | When you call us and we notify you that the call may be recorded | For our legitimate interests in protecting our employees and improving our services. You may request that your call isn’t recorded. In this situation, you’ll normally be advised to contact us either in writing or by email. | Legitimate Interests (Article 6(1)(f)) |
4.0 Who do we share your personal data with?
Your personal data may be accessed by and shared with all members of the Bidwells group of companies who are all committed to complying with the terms of this privacy notice.
We may need to share your details with others in order to perform our services to you. For example, we may need to deal with professional advisers, agents, brokers, lenders, credit reference agencies, tenats’ vetting companies, electronic search providers, maintenance contractors and other parties on your behalf and in connection with our services, depending on the nature of the services you would like us to deliver.
A number of third party service providers are engaged by Bidwells to assist in the operation of our business and the running and maintenance of our systems e.g. website suppliers, case management system providers etc. When we use third party service providers, we disclose only the personal data that is necessary to deliver the service. We ensure we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
We may share your personal data with prospective buyers of our business under our legitimate interest to ensure our business can be continued by the buyer.
We may release your personal data to third parties beyond the above only if we are required to do so by law (e.g. by a court order), in connection with the prevention of fraud or other crime or to comply with our legal and regulatory obligations.
5.0 How do we protect the personal data you provide to us?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction and they are subject to a duty of confidentiality.
We have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org Get Safe Online is supported by HM Government and leading businesses.
6.0 Where your personal data is held
Personal data may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (se above: ‘Who do we share your personal information with?’).
We store your personal data on our servers and third party servers which are based both in the UK and outside of the UK.
When working with third parties we may need to transfer your personal data outside of the UK and / or EU.
Whenever we transfer your personal data outside of the UK and the EU, we ensure it receives additional protection as required by law. To keep policy as short and easy to understand as possible, we haven’t set out the specific circumstances when each of these protection measures are used. You can contact us at gdprinfo@bidwells.co.uk for more detail on this.
7.0 How long will you keep my personal data?
We will not keep your personal data in a form that allows you to be identified for any longer than is reasonably necessary for achieving the permitted purposes. This means that personal data will be destroyed or erased from our systems or anonymised when it has reached the applicable retention period.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep certain basic information about our clients for at least fifteen years after they cease being clients.
8.0 What happens to your personal data on a change of control of our business?
In the event of a business change in control resulting from, for example, a sale to, or merger with, another entity, we may transfer your personal data to the new party in control. The recipient of the personal data will be bound by confidentiality obligations.
9.0 Your rights
You have various rights under data protections laws, which you can exercise free of charge. Please keep in mind that privacy law is complicated, and these rights will not always be available to you all of the time
| Access | The right to be provided with a copy of your personal data (the right of access) |
| Rectification | The right to require us to correct any mistakes in your personal data |
| To be forgotten | The right to require us to delete your personal data |
| Restriction of processing | The right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data |
| Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party |
| To object | The right to object: |
| Not to be subject to automated individual decision-making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the guidance from the UK Information Commissioner’s office (ICO) on individuals’ rights under the GDPR.
If you would like to exercise any of those rights, please:
Email, call or write to us using the contact details below; and
- let us have enough information to identify you (we may need to have proof of your identity); and
- let us know what right you want to exercise and the information to which your request relates
10.0 How to complain
We hope that we can resolve any query or concern you may raise about our use of your personal data.
The GDPR also gives you the right to lodge a complaint with a supervisory authority, where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the ICO who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
We may change this privacy policy from time to time when we do we will inform you via email and/or by updating the version of the privacy policy on our website at www.bidwells.co.uk
11.0 How to contact us
Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.
Our contact details are shown below:
Bidwells House, Trumpington Road, Cambridge, Cambridgeshire. CB2 9LD gdprinfo@bidwells.co.uk
01223 841841
This Statement was reviewed and approved by Nick Hills
Chief Financial Officer, Bidwells LLP