Privacy Policy & Notice and Money Laundering Policy

We are ASPIRE SALES, LETTINGS & PROPERTY MANAGEMENT LIMITED with registered number 10374795 and address Bulley Davey 6 North Street, Oundle, Peterborough, PE8 4AL. Our Data Protection Lead can be contacted at emily@aspiresalesandlettings.com. We have produced this privacy notice in order to keep you informed of how we handle your personal data. All handling of your personal data is done in compliance with the UK Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 ("Data Protection Legislation"). The terms "Personal Data", "Special Categories of Personal Data", "Personal Data Breach", "Data Protection Officer", "Data Controller", "Data Processor", "Data Subject" and "process" (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation. "Data Protection Lead" is the title given to the member of staff leading our data protection compliance programme in lieu of a requirement for a Data Protection Officer.

What are your rights?

When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:

  • The right to be informed of how your Personal Data is used (through this notice);
  • The right to access any personal data held about you;
  • The right to withdraw consent at any time, by emailing emily@aspiresalesandlettings.com;
  • The right to rectify any inaccurate or incomplete personal data held about you;
  • The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy, or where you have withdrawn consent;
  • The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
  • The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.

You can exercise your right to access personal data held about you by contacting emily@aspiresalesandlettings.com with the subject line: "Subject Access Request". When you submit a 'subject access request', you will need to provide confirmation of your identity by including a photocopy of your driver's license or passport. This service is provided free of charge and our response will be made within thirty (30) days, unless our Data Protection Lead deems your request as being excessive or unfounded. If this is the case, we will inform you of our reasonable administration costs in advance and/or any associated delays, giving you the opportunity to choose whether you would like to pursue your request. If you believe we have made a mistake in evaluating your request, please see the section 'Who can you complain to?'.

If you have questions about any of the rights mentioned in this section, please contact our Data Protection Lead at emily@aspiresalesandlettings.com.

Who is the Data Controller?

  • If we have collected your personal data directly from you for our own purposes, we are the Data Controller.
  • If we have purchased your personal data from a third-party for our own purposes, we are the Data Controller. Where we have purchased your personal data, we will contact you to let you know before we first start to use it, or, at the latest, within one month of acquiring it.
  • If we have been passed your personal data from a third-party for our own purposes, we are the Data Controller. We will contact you to let you know before we first start to use it, or, at the latest, within one month of acquiring it.
  • If we have been passed your personal data from a third-party for a joint purpose that we both influence, we are the joint Data Controller. We will contact you to let you know before we first start to use your data, or, at the latest, within one month of acquiring it.
  • If your data has been passed to us by a third party for processing under their instruction, that third party is the Data Controller. They should have notified you that they would be passing your personal data to us, ASPIRE SALES, LETTINGS & PROPERTY MANAGEMENT LIMITED, at the time they collected your data and within their own privacy notices/standards. For a list of Data Controllers that we process personal data for, the section below 'Third Party Interests'.
  • If we have received your personal data as part of a business to business relationship, the Data Controller is your employer.

What are the lawful bases for processing personal data?

Under Data Protection Legislation, there must be a 'lawful basis' for the use of personal data. The lawful bases are :

  • a) 'your consent';
  • b) 'performance of a contract';
  • c) 'compliance with a legal obligation';
  • d) 'protection of your, or anothers' vital interests';
  • e) 'public interest/official authority'; and
  • f) 'our legitimate interests'.

What are our 'legitimate interests'?

Legitimate interests are a flexible basis upon which the law permits the processing of an individual's personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Lead. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest.

About our processing of your data

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

Contact Data includes billing address, delivery address, email address and telephone numbers.

Financial Data includes bank account and payment card details.

Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

Usage Data includes information about how you use our website, products and services.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Reference What categories of information about you do we process? Why are we processing your data? Where did we get your personal data from?
B2B Marketing
  • Identity Data
  • Contact Data
Direct marketing to former, current and prospective clients. This processing is conducted lawfully on the basis of 'our legitimate interests'. Directly obtained or by referral from existing clients/partners/suppliers.
Analytics
  • Technical Data
  • Usage Data
To understand how you use our website, how you reached us and how long you spend on our website, in order to analyse our performance and improve our service. This processing is conducted lawfully on the basis of 'our legitimate interests'. Directly obtained or indirectly obtained through a client's website (notice given at the point of collection).
Fraud Prevention
  • Identity Data
  • Transaction Data
To combat fraud, we share information of clients who instruct the payment issuer to cancel payments to us without first informing us of why and/or allowing us the opportunity to issue a refund with credit reference agencies. This processing is conducted lawfully on the basis of 'protection of your, or another's vital interests'. Directly obtained or indirectly obtained through a client's website (notice given at the point of collection).
Contact Submission
  • Identity Data
  • Contact Data
When you send us information about you by posting on a forum or blog, we will store this information in order to make it available for viewing on the website. You consent is obtained at the time of posting and via reference to this notice. This processing is conducted lawfully on the basis of 'your consent'. Directly obtained or indirectly obtained through a client's website (notice given at the point of collection).
Online Payment Processing
  • Identity Data
  • Contact Data
  • Transaction Data
We require certain information about you in order to instruct our payments processor to take payment from you and transfer it to us. To ensure security, we do not ever process your payment information and will transfer you to the payment processors website at the time of payment. None of our staff or contractors ever have access to this information. This processing is conducted lawfully on the basis of 'performance of a contract'. Directly obtained.
Direct Debits
  • Identity Data
  • Contact Data
  • Financial Data
  • Transaction Data
To setup a direct debit between your bank and ours, we pass your details to our bank and keep a copy for our records. This activity is conducted under the Direct Debit Guarantee Scheme. This processing is conducted lawfully on the basis of 'performance of a contract'. Directly obtained.
Phone Calls
  • Identity Data
  • Contact Data
We might record calls for training and/or auditing purposes. We also collect Calling Line Identification information. This is used to help improve the efficiency and accountability of our customer services. This processing is conducted lawfully on the basis of 'our legitimate interests'. Directly obtained.
Email and Web Contact
  • Identity Data
  • Contact Data
If you contact us through our website or by email, we will use the information you send in order to respond to your enquiry or complaint. This information will be kept in order to improve our service to you overall. This processing is conducted lawfully on the basis of 'our legitimate interests'. Directly obtained or indirectly obtained through our website (notice given at the point of collection).
Consumer Marketing
  • Identity Data
  • Contact Data
  • Transaction Data
  • Marketing and Communications Data
If you make a purchase with us, we will add your contact information to our marketing list and send you information we think you might be interested in. This processing is conducted lawfully on the basis of 'our legitimate interests'. Directly obtained.

What happens if I refuse to give ASPIRE SALES, LETTINGS & PROPERTY MANAGEMENT LIMITED my personal data?

The information about you that we have collected for the performance of our contracts is required in order for us to successfully fulfil our obligations to you. If you choose not to provide the personal data requested, we will not be able to enter into a contract with you to provide the benefits we offer. If we are already processing your personal information under a contract, you must end our contractual relationship (as/where permitted) in order to exercise some of your rights.

We process some personal information as part of a contractual relationship with a Data Controller. Any requests to restrict this type of processing should be forwarded to the Data Controller; they will be responsible for discussing your concerns and making any decisions.

What are ASPIRE SALES, LETTINGS & PROPERTY MANAGEMENT LIMITED's 'legitimate interests'?

Legitimate interests are a flexible basis upon which the law permits the processing of an individual's personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Lead. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact emily@aspiresalesandlettings.com.

What profiling or automated decision making do we perform?

ASPIRE SALES, LETTINGS & PROPERTY MANAGEMENT LIMITED does not perform any profiling or automated decision making based on your personal data.

How long will your personal data be kept?

ASPIRE SALES, LETTINGS & PROPERTY MANAGEMENT LIMITED holds different categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount of personal data that we hold and the length of time for which it is held.

  • If 'consent' is the basis for our lawful processing of your data, we will retain your data so long as both the purpose for which it was collected, and your consent, are still valid. We review the status of your consent every twelve (12) months and treat non-response to our requests for renewal of consent as if they were your request to withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your personal data that has been obtained by consent. If we do, we will inform you that we intend to retain it under these conditions and identify the interest specifically.
  • Identity, Contact and Transaction Data are held indefinitely (subject to object by the individual, or individuals having left our clients' business) in order to provide a superior service to returning customers.
  • If we process your data on the basis of 'legitimate interests', we will retain your data for so long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.
  • All categories of personal data that are held by us because they are essential for the performance of a contract, will be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising or defending legal claims.

Who else will receive your personal data?

ASPIRE SALES, LETTINGS & PROPERTY MANAGEMENT LIMITED passes your data to the third parties listed in the section 'Third Party Interests' below, for the purposes of providing our services to you, and for no other purpose.

Does your data leave the EU?

ASPIRE SALES, LETTINGS & PROPERTY MANAGEMENT LIMITED uses overseas web and IT providers. Details of what data is sent where, and the safeguards in place, are included in the section 'Third Party Processors' below.

Third Party Interests

Data Controllers

Name of Third Party Controller What processing are we performing for them? If applicable - who is their representative within the EU?
HMRC, regulatory authorities or other authorities We are joint Controller with these authorities who require reporting of processing in some situations N/A
Payment Processors We are joint Controller with these service providers who simply pass payments you make through their services directly to us based on a transaction. These transactions are subject to the provider's privacy notices/policies. N/A for European based services please contact emily@aspiresalesandlettings.com if you would like to find out about a specific representative.
Postal/Courier Providers Where these providers act as Data Controller, we are joint Controller with them for the purposes of sending you physical documents. N/A

Our Data Processors

Name of Third Party Processor Purposes for Carrying out Processing
Bulley Davey Accountant -provides client account audit
D Curtis Board supplier
Vebra CFP / Alto Property Management Software
Moore Thompson Accountant - provides client account audit
HMRC HMRC - we deal with HMRC for our landlords overseas and UK landlords we also deal with HMRC for PAYEE, Tax and VAT
DPS Deposit Protection Scheme - a deposit where we hold or tenants deposits
Alto Software cloud back-up
BT Cloud Cloud provider for phones
NEST Pension Provider
Carbonite External software backup
123 Reg Domain provider
Solicitors Customer details to progress sales
Property Jungle Customer leads
Landlords Provide details on prospective tenants. Tenant details are shared for landlord information.
Maintenance Contractors Carrying out day to day repairs on behalf of landlords & tenants
Rightmove Provide Customer Leads
Zoopla Provide Customer Leads
Ittria Utilities Provider
LetsXL Referencing Company

Who can you complain to?

In addition to sending us your complaints directly to emily@aspiresalesandlettings.com, you can send complaints to our supervisory authority. As ASPIRE SALES, LETTINGS & PROPERTY MANAGEMENT LIMITED predominantly handles the personal data of UK nationals, our supervisory authority is the Information Commissioner's Office. If you believe that we have failed in our compliance with data protection legislation, complaints to this authority can be made by visiting ico.org.uk.


Money Laundering Policy for Aspire Sales Lettings and Property Management

The purpose of our relationship with our customers is to act as an Agent for the sale of property. As an Estate Agent we are obliged to register with HMRC and we have done so. Lettings agents who only carry out lettings work are not required to register.

RISK ASSESSMENT

We are required to assess the risks that criminals may exploit our business for money laundering and terrorist financing.

  • We act as Agents only and the transaction proper is handled by the vendors legal representative, and their financial institution or bank. The National Crime Agency recognises their risk assessment as high, compared to Estate Agents at medium
  • Our fees in themselves are not considered 'high value' though the property transaction is
  • We do not handle client money, except for services supplied
  • We are a full service Estate Agent dealing with domestic property, and the occasional investment property. We are not dealing with high volume investment transactions or very high value property
  • We meet the vast majority of our customers face to face. A large proportion of our work is by personal recommendation. We mostly work for families rooted in this locality rather than transient individuals, international individuals or businesses.
  • In 2016 there were nearly 1,000,000 property transactions and only 176 SAR’s Suspicious Activity Reports were made by Estate Agents

We therefore assess the risks to this particular business as very low.

PROCESS

The law requires us to check the identities of our customers, or the ‘beneficial owner’ of a property, for whom we are acting as Agent. Our Nominated Officer for managing this process is our Managing Director. All of our employees are required to be familiar with this policy.

We are required to confirm our customers name, their photograph on an official document which confirms their identity, their residential address and date of birth. We are obliged to record that we have seen these documents, but we are not obliged to make copies, so we do not. We take the view that holding unnecessary copies of our customers personal information puts both parties at risk, if the copies of these documents were mislaid or stolen, so we do not do it.

If we have doubts about a customers identity, we may decline to deal with them until we are sure. Any concerns should be reported to the Nominated Officer.

We ask to see a government issued document - a Passport, Drivers License along with utility bills, bank statements and other official documents. Other sources of customer information may include the electoral register and information held by credit reference agencies such as Experian and Equifax. We intrude on our customers privacy to the minimum necessary to comply with the law: An identity document with photograph and a linking document with address.

We are not document experts and although we are vigilant we cannot be expected to spot expert forgeries, especially those purportedly issued in other countries, but all staff are required to review, “Guidance on examining identity documents” published on the .gov website

We are obliged to check if our customers are Politically Exposed Persons. Domestic or foreign PEP’s are individuals who are or have been entrusted with prominent public functions, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials. A family member or close associate of any of the above. As we predominantly deal in domestic properties not of the highest value and there are very few such persons it is unlikely that we will ever interact. If we do the Nominated Officer will decide a course of action.

An estate agency business enters into a business relationship with both parties to the transaction - the property seller and the property buyer. The person who is not a customer, in the commercial sense, must be treated in the same way as a customer for the purposes of the Regulations, for example, the same obligations to apply an appropriate level of customer due diligence. So we will confirm the identity of purchasers when they make a formal offer which is accepted by our client.

SUSPICIOUS ACTIVITY

Here are some of the questions to consider in deciding whether or not to submit a suspicious activity report when dealing with new transactions:

  • Checking the seller or buyers identity is difficult
  • The seller or buyer is reluctant to provide details of their identity or provides documents which may be fake
  • The seller or buyer is trying to use intermediaries to protect their identity or hide their involvement
  • You must go through several legal entities in order to identify the beneficial owner or you are unable to identify whether there are any beneficial owners
  • No apparent reason for using your business's services - for example, another business is better placed to handle the transaction
  • Their lifestyle does not appear to be consistent with your knowledge of their income or income does not appear to be from a legitimate source
  • They are keen to buy or sell quickly at an unusually low or high price for no legitimate reasons
  • Part or full settlement in cash or foreign currency, with weak reasons
  • They, or associates, are subject to, for example, adverse media attention, have been disqualified as directors or have convictions for dishonesty.

Regular and existing customers

These are some of the questions to consider when deciding whether or not to submit a suspicious activity report in relation to regular and existing customers:

  • The transaction is different from the normal business of the customer
  • The size and frequency of the transaction is different from the customer’s normal pattern
  • The pattern has changed since the business relationship was established
  • •The nature of any payments made changes, for example, a buyer’s payment to an auctioneer is made in cash rather than through a bank account
  • There has been a significant or unexpected improvement in the customer’s financial position the customer cannot give a proper explanation of where money came from or their source of wealth or funds.

Transactions

These are some of the questions to consider when deciding whether or not to submit a suspicious activity report in relation to the transactions carried out:

  • A third party, apparently unconnected with the seller or buyer, bears the costs, or otherwise pays the transaction costs
  • An unusually big cash or foreign currency transaction
  • The buyer will not disclose the source of the funds or the seller source of wealth where required
  • Unusual involvement of third parties, or large payments from private funds, particularly where the buyer appears to have a low income
  • Unusual source of funds.

Report any suspicious activity to the Nominated Officer.

DATA PROTECTION

The personal data we are obliged to collect under these regulations 'is necessary in order to exercise a public function that is in the public interest', and keep it for a minimum of five years. This means that we cannot lawfully delete it, even if requested under GDPR legislation until that period has elapsed. During that time we may not use the data for any other purpose.

STAFF TRAINING

All staff are obliged to read this document and return a signed, dated copy acknowledging that they have read and understood it to the Nominated Officer who will keep it on file.

CONCLUSION

In the event of any suspicious activity the Nominated Officer is to be informed and they will decide whether to discontinue dealing with the client or make an SAR Suspicious Activity Report.

Identity details are recorded on our Sales Marketing Agreement and Formal Offer record and we keep a copy for a minimum of five years. We believe this policy and our record keeping makes us fully compliant with current legislation.

This policy is dated 1st January 2021, next review by 1st January 2022.