PLEASE READ THIS POLICY CAREFULLY BEFORE USING THIS WEBSITE
- INFORMATION ABOUT AMAD LIMITED
1.1 For the purposes of the Data Protection Act 1998 (“Act”), the domain name: www.amad.co.uk (“Site”) is a website operated by AMAD Limited, registered in England and Wales under company number 07166502 with its registered office at (“we” or “our”).
2.1 This Policy sets out how we will process any personal data we collect from you, or that you provide to us, how it will be processed and what it will be used for. Please read this Policy carefully.
2.2 By using the Site and any services we offer, you agree to be bound by this Policy in respect of the information collected about you.
- INFORMATION COLLECTED
3.1 We may process the following data about you:
3.1.1 Information Provided by You (or a joint buyer)
(a) by filling in forms (whether on the Site or face to face) or by corresponding with us by phone, e-mail or otherwise;
(b) by registering to use the Site, subscribing to our services, competitions, promotions and/or updates and when you report a problem with the Site; and
(c) as a result of agreeing to purchase a property from us and/or part exchange a property with us.
3.1.2 Information We Collect including but not limited to:
(a) technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
(b) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), items you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
3.1.3 Information Received from other Sources including but not limited to:
(a) information about you if you use any of the other websites we operate or the other services we provide; and
(b) information from third parties we work closely with (including, for example, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers, estate agents, mortgage providers, the NHBC, utility suppliers, local authorities and financial and legal advisors).
3.2 The information provided by you, the information we collect and the information we receive from third parties will be combined and used for the purposes set out in paragraph 4.1.
3.3 We will process information relating to you, any individuals purchasing a property jointly with you and sometimes people living with you.
3.4 If you provide to us any personal data relating to a third party individual, usually a joint buyer or person living with you, you confirm and agree that you have the consent and agreement of that third party individual to provide to us their personal data and for us to process it in accordance with this Policy.
3.5 Information will be processed by us in both electronic and manual form.
- USE OF INFORMATION
4.1 We will use the information in order to:
4.1.1 administer your account(s) with us and manage our relationship with you;
4.1.2 process applications submitted by you;
4.1.3 send you information about our products and services;
4.1.4 notify you about changes to our service;
4.1.5 verify your identity;
4.1.6 process and manage the sale and/or purchase of properties;
4.1.7 notify utility suppliers and local authorities about purchases and sales of a property;
4.1.8 market properties and associated property options;
4.1.9 run and manage competitions and promotions;
4.1.10 carry out marketing analysis and make general improvements to the Site and/or our services;
4.1.11 measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
4.1.12 obtain your views or comments on the services we provide;
4.1.13 send you information we think you might find useful or which you have requested from us, including information about our products and services or those of carefully selected third parties provided you have indicated that you are happy to be contacted for these purposes.
4.2 We will aim to keep your personal information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
4.3 You can ask us not to contact you with information regarding our products and services or share your information with third parties either at the point such information is collected (by checking or unchecking the relevant box as directed) or, if you do not wish us to continue to use your information in this way, by following the unsubscribe instructions on any communications sent to you. You can also exercise this right at any time by contacting us using the contact details in paragraph 13 of this Policy. Please note that some uses of information may be essential to provide certain services or products to you, for example the sale of a property to you.
- DISCLOSURE OF YOUR INFORMATION
5.1 We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
5.2 We may share your information with selected third parties including:
5.2.1 Analytics and search engine providers that assist us in the improvement and optimisation of our site.
5.2.2 In connection with the sale of a property to you, business partners, suppliers and contractors, mortgage providers, estate agents, the NHBC, utilities suppliers, local authorities and financial and legal advisors.
5.2.3 With your consent, to carefully selected third parties who supply products/services that may be of interest to you e.g. financial and legal advisors, estate agents and recommended suppliers.
5.2.4 In appropriate cases, personal data may also be shared with third parties for the prevention or prosecution of criminal activity.
5.3 We may disclose your personal information to third parties:
5.3.1 in the event that we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets;
5.3.2 if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
- DATA STORAGE
6.1 The data that we collect from you may be transferred to, stored at, and/or processed at a destination outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are located in a country outside of the EEA or if one of our service providers is located in a country outside of the EEA. Data may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.
6.2 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
6.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; and any transmission is at your own risk. Once we have received your information, we will use security procedures and security features to try to prevent unauthorised access.
- YOUR RIGHTS
7.1 You have the right to ask us and any member of our group not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com or following the “unsubscribe” option in the latest marketing communication.
- If you believe that any personal information we hold about you is incorrect or incomplete please contact us immediately using the contact details set out in paragraph 13 below.
8.1 We will keep your personal information until such time you contact us to request that it be removed or it is no longer required for archive purposes. We will aim to keep your personal information up to date, but rely on you telling us promptly if your name, address, telephone number or any other details change.
- LINKING WITH THIRD PARTIES
9.1 The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
9.2 In addition, if you linked to this Site from a third-party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
- ACCESS TO INFORMATION
10.1 Users may request a copy of any personal data held by us about them upon written application. Please note we reserve the right to charge the current statutory fee for providing such information. Requests should be made in writing, including your full name, address, a contact telephone number and enclosing the statutory fee, and sent to the contact details set out in paragraph 13 below.
10.2 Upon request, we may require you to provide proof of identification (e.g. a copy of your passport or driving licence) and other documentation confirming your name and address (e.g. recent utility bill) before we comply with any request for personal information about you.
- CHANGES TO THIS POLICY
12.1 Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Policy.
13.1 Questions, comments and requests regarding this Policy are welcomed and should be addressed to:
AMAD 11 Swan Street, Alcester, Warwickshire, UK. B49 5DP
Tel: 01789 765367
General Data Protection Regulation (GDPR); our statement
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades.
Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
2.0 Our Commitment
AMAD Limited are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and the UK’s Data Protection Bill. AMAD Limited are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation.
Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
3.0 Our Preparation
AMAD Limited already have a consistent level of data protection and security across our organisation, however, it is our aim to be fully compliant with the GDPR prior to 25th May 2018.
Our preparations include:
- Information Audit: carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- Policies & Procedures: revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
- Data Protection: our 1st January 2018 2 General Data Protection Regulation that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
- Data Breaches: our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
- International Data Transfers & Third-Party Disclosures: where AMAD Limited stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for those countries without. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
- Subject Access Request (SAR): we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
- Legal Basis for Processing: we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
- Privacy Notice/Policy: we are revising our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
- Obtaining Consent: we are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time. 1st January 2018