POLICY STATEMENT

Adkin is committed to protecting and respecting the privacy of all of our clients.

This Policy adopted by Adkin explains when and why personal information is collected, how it is used, the conditions under which it may be disclosed to others and the choices clients have with regards to data collection and storage.

This Policy relates to all data collected throughout all business activities and has been adopted in compliance of the EU General Data Protection Regulations (GDPR).

Adkin is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you and explaining it clearly to you.

By using the services of Adkin, clients and potential clients are bound by this Policy.  Adkin reserve the right to update this notice at any time.  Should any substantial updates be made, we will notify you. We may also notify you in other ways from time to time about the processing of your personal information.

Any questions regarding this Policy and our privacy practices should be sent by email to the office for the attention of the company’s Data Protection Officer (DPO).

1. Who are Adkin?

Adkin is the trading name for Orpwood Limited, a private limited company providing estate agency and estate management services.
The company registration number: 03416336
VAT registration number: GB 685 6016 15

The registered address: Orpwood House, School Road, Ardington, Wantage, Oxfordshire, OX12 8PQ
Further details can be found via the company website: https://www.adkin.co.uk/

Adkin is regulated by RICS, Firm number: 025217

2. How do we collect information?

Adkin collects client information upon enquiry about services.
One method of obtaining information is via the company website.  Information is collected on potential clients when they:

  • Visit the Adkin website pages
  • Contact Adkin to enquire about services or a property
  • Sign up to property alerts via the website

3. What information is collected and how is it used?

Personal data, or personal information, means any information about an individual from which that person can be identified.

Adkin collects information to enable the fulfilment of the obligations to clients, and to respond to business enquiries. The table in section 3.3 below outlines exactly what information is collected, and for what purpose.

3.0. Sensitive Data

Adkin does not gather sensitive personal data (e.g. health, genetic, biometric data; racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, and criminal convictions). It is expressly requested that such sensitive information is not provided to the company.

3.1. Children’s Information

Adkin’s services are not directed to children under the age of 13. If it is suspected that a child under the age of 13 has provided Adkin with personal information, please notify Adkin.

3.2. Third Parties

Adkin will not sell or rent client information to third parties.
Adkin also will not share client information with third parties for marketing purposes.

However, Adkin may pass client information to third party service providers who have been engaged for the purpose of completing tasks and providing services on Adkin’s behalf.  We disclose only the personal information that is necessary to deliver the service.

Adkin uses a number of third party companies to assist with fulfilling contractual obligations, dependant on the type of work.  For the data collected via Adkin’s website, each of the third parties have been listed in the table below.

The third-parties have been verified as GDPR compliant (or working towards GDPR compliance) and are certified under the EU-US Privacy Shield Framework (or are working towards certification), where these organisation are based outside of the EU.

The following table outlines the personal data Adkin has collected and for what purpose. The table also outlines the third parties that the data is processed by or shared with, and how long the data is stored for.

Data Type Description of Data Legal Ground Purpose for collecting Third Parties involved Data Retention
Contact details including name and email address, plus the property type preference for notifications Prospective clients provide their contact information via the registration forms on our website to receive property notifications Contract To enable property notifications to be issued to subscribers The property subscribers database is held in MailChimp.
MailChimp has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes.
Subscribers can change their preferences or unsubscribe at any time
Email address & other contact information Prospective clients, client & supplier contact information Contract To allow initial and ongoing contact with prospects, clients, suppliers, etc. Giacom Message stream hosts the emails Until request for deletion.
Contact details of other professional contacts Legitimate Interest To enable communication with professionals including joint working
Backup of emails History of email conversations Contract Cloud backup to ensure business continuity Giacom Message stream hosts the email backup Until request for deletion
Analytics Website visitor behaviour (anonymised – full IP address is NOT stored) Legitimate interests To analyse popular content, website performance, etc – so we can further improve. Google Analytics
We have signed DPA & anonymise IP addresses
14 months
Server Logs IP address Legal obligation To help prevent DoS (Denial of Service) attacks; for website security and diagnostics. WP Engine Server logs are stored unencrypted for 7 days, and then moved to an encrypted backup which is stored indefinitely and only accessible by WP Engine.

4. Controlling information

Clients have rights concerning the information held about themselves under the GDPR. Should clients wish to exercise these rights, they should contact the company’s DPO via the Adkin office.

4.0. Requests for copies of information held

Upon request, Adkin will provide a statement regarding the personal data held in relation to an individual or company.  Any requests should be made in writing addressed to the DPO via the Adkin office.

4.1. Updating or correcting information held

The accuracy of personal information held is important to Adkin.  Should a client update their contact details, or if a client becomes aware that any information already held by Adkin is inaccurate or out of date, the client should contact Adkin to enable records to be updated.

4.2. Deleting personal data

Clients have the right to request erasure of personal information.  Unless there is a compelling reason for the data not to be erased (for example, Adkin maybe required to keep personal data to fulfil contractual or legal obligations.  Such example could data kept for compliance of Anti-money laundering regulations), client’s personal data will be deleted upon request.

4.3. Automatic decision making

Adkin do not use any personal information for automated decision making or profiling.

5. Website

5.0. Cookies

Like many other websites Adkin’s website uses cookies. Cookies are small pieces of information that are stored on your computer or mobile device when you visit a website.  The cookies used are ‘1st party’ cookies – these do not track behaviour across a range of websites that could result in targeted advertising.

We use Google Analytics which sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible.

By using and browsing Adkin’s website, you consent to cookies being used in accordance with this Policy.

If you do not consent, you must turn off cookies or refrain from using the site. Most browsers allow you to turn off cookies. To do this, look at the ‘help’ menu on your browser. Switching off cookies should not noticeably restrict your use of the website.

5.1. Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

6. Security

Adkin takes data security seriously. In order to protect client personal data from loss, misuse or unauthorised access or disclosure we have put in place methods to safeguard and secure information collected. These steps include:

  • Data minimisation
  • Password best practice
  • Security best practice concerning devices (PCs, laptops, mobile devices), online accounts, website hosting, physical access and storage
  • Staff training and accountability on data protection

A copy of Adkin’s internal ICT and Data Protection Policy is available on request.

7. Data Breaches

Adkin’s internal ICT and Data Protection Policy includes a clear process for handing a personal data breach, should one occur.

Any data breaches that are discovered externally should be reported to the Data Protection Officer immediately. Where appropriate, Adkin will promptly notify any clients should any unauthorised access to their personal information have occurred.

8. Complaints

Should a client wish to make a complaint regarding personal information held, matters should be raised with the DPO in the first instance.

Should the response not be satisfactory, or if there are suspicions that Adkin are not processing a client’s information in accordance with the law, complaints are to be made to the Information Commissioners’ Office (ICO).

Last edited May 2018