1.1 At Coalters, we take your privacy and the safeguarding of your data very seriously.
1.2 This policy is here to explain how we will handle and use your personal data.
2.1 This website is owned and operated by Coalters Ltd
2.2 We are registered in England and Wales under registration number 6027829, and our registered office is at 2 Low Ousegate, York, YO1 9QU.
2.3 Our principal place of business is at 2 Low Ousegate, York, YO1 9QU.
2.4 You can contact us:
(a) by post, using the postal address 2 Low Ousegate, York, YO1 9QU;
(b) using our website contact form https://www.coalters.com/contact/;
(c) by telephone, on 01904 655 222; or
(d) by email firstname.lastname@example.org
How we use your personal data
3.1 We may process and store any personal data you provide to us either directly or via a third party in order to:
follow up with you as a customer or as a potential new customer;
follow up with you as a potential buyer or tenant in order to fulfil our obligations with vendors and landlords by selling or letting their properties;
marketing our services to you;
Below is a list of the general categories of data that we may process and the legal bases for processing the data:
3.2 Your use of our website and services – this may include the date of your visit, the time and length of your visit, the path taken through the website, the browser being used and the version, operating system, a list of files downloaded or viewed, any errors encountered, the IP address of the device being used to access our website, geographical location, referral source, number of pages viewed as well as information about the timing, frequency and pattern of your website use. The source of the usage data is Google Analytics. We may use the Google Analytics data to understand how you use our website and our services. The legal basis for this processing is our legitimate business interests, specifically monitoring and improving our website and services.
3.3 Your contact details & enquiry data – this may include your name, postal address, email, phone number and enquiry type. You are the source of this data, unless you have contacted us via Rightmove, Zoopla or Smartval who have then supplied your enquiry to us. This data may be processed for providing services, communicating with you and maintaining back-ups of our databases. The legal basis for this processing is the contract between you and us and/or taking steps, at your request, to enter into such a contract.
3.4 Service & correspondence data – this may include your identity documents, name, postal address, email, information about your property, photographs, your personal circumstances and any other information that you disclose in communication with us. The source of this data is you. This data may be processed for providing our service, communicating with you and maintaining back-ups of our databases. The legal basis for this processing is the contract between you and us and/or taking steps, at your request, to enter into such a contract.
3.5 Transaction data – this may include details of goods and services purchased from us either in person, via phone or through our website. The transaction data may include your contact details, your card details, bank information and the transaction details. The source of this data is you. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the contract between you and us and/or taking steps, at your request, to enter into such a contract.
3.6 Marketing data – We may process information that you provide to us for the purpose of subscribing to our email notifications, and/or newsletters, and/or regular calls, and/or text messages, and/or direct mail. You are the source of this data. The legal basis for this processing is consent.
3.7 Publicly Available Information
We may process publicly available information about your property. This data may include full postal address, previous sold prices, for sale and to let history, planning applications and estimated market value. The sources of this data are Land Registry, Ordnance Survey, Rightmove, City of York Council, SmartVal, Data8 and PCA Predict. This data may be processed for marketing purposes. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
3.8 Legal Obligations
In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
If we are acting on your behalf in a property transaction, we will request personal data from you to comply with our legal obligations as an estate agent. This data will be stored and processed to ensure that we comply with the Anti Money Laundering Regulations 2017 and Estate Agents Act 1979. Failure to supply this information could result in us being unable to represent you in your property transaction and reporting this information to the relevant authorities.
Please do not supply any other person’s personal data to us, unless we prompt you to do so.
We will collect and store your CV and contact details. The legal basis for this is legitimate interest. We process your data for recruitment purposes only. We are storing this data in our Applicant Tracking System, and we will not share it with anyone else. You are the source of this data, which may be processed through third parties such as Indeed or LinkedIn.
Providing your personal data to others
4.1 All of our customer data is stored by a third party in our Customer Relationship Management (CRM) software cloud. This data is held on a UK based server. This company complies with the international information security standard ISO/IEC 27001 including ISO/IEC 27018.
4.2 We may from time to time use other third parties when processing your data. The list below outlines the categories of data recipients, how we use them and how they comply with security standards.
4.3 Telephone calls – we use a third party to provide the technology and software for all our telephone calls, whether inbound or outbound. They shall at all times provide an adequate level of protection for the Customer Data processed. This company complies with the international information security standard ISO/IEC 27001
4.4 Website forms – when you complete a form on our website, the data is transferred to us via third party software This third party company may transfer and process Customer Data anywhere in the world where the Company, its Affiliates or its Sub-processors maintain data processing operations. They shall at all times provide an adequate level of protection for the Customer Data processed, in accordance with the requirements of Data Protection Laws. The provider is EU-U.S. Privacy Shield certified.
4.5 Text messages – when we send you a text message or you reply to us via text, the content of that text and associated personal data is transmitted via a third party. This third party company may transfer and process Customer Data anywhere in the world where the Company, its Affiliates or its Sub-processors maintain data processing operations. This third party uses AWS (Amazon Web Services) for client hosting. AWS complies with the international security standard ISO/IEC 27001 and is EU-US Privacy Shield certified.
4.6 Emails – when we send you marketing emails and occasionally some service based emails we use third party software. This third party company may transfer and process Customer Data anywhere in the world where the Company, its Affiliates or its Sub-processors maintain data processing operations. They shall at all times provide an adequate level of protection for the Customer Data processed, in accordance with the requirements of Data Protection Laws. The provider’s email software adheres to the Privacy Shield Principles. They are EU-U.S. and Swiss-U.S. Privacy Shield certified through 2017.
4.7 Online contracts – for any contracts which are signed online we may provide personal data to a third party. This third party company may transfer and process Customer Data anywhere in the world where the Company, its Affiliates or its Sub-processors maintain data processing operations. DocuSign has submitted Binding Corporate Rules for approval by data protection regulators in Europe. They shall at all times provide an adequate level of protection for the Customer Data processed. This company complies with the international information security standard ISO/IEC 27001.
4.9 Website hosting – our website is hosted by a 3rd party provider. Any activity on our website or data entered on one of our forms will be processed by our hosting service server based in the UK.
4.10 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.
4.11 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
4.12 We may disclose your personal data to vendors and landlords and their legal representatives insofar as reasonably necessary for the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
4.13 Financial transactions relating to our website and services may be handled by our payment services providers, Global Payments. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
4.15 In addition to the specific disclosures of personal data set out in this Section 4, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Retaining and deleting personal data
5.1 This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3 We will delete personal data provided by you either directly to us or via a third party company after 3 years of capture if we have not in that time performed a contract on your behalf AND you have not consented to marketing.
5.4 When we have performed a contract on your behalf, we will delete your data 3 years after your last interaction with us if you have not consented to marketing, unless we have a legal obligation to store it for longer.
5.5 Notwithstanding the other provisions of this Section 4, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5.6 Candidates – We will delete personal data provided by you either directly to us or via a third party company 3 years after your last interaction with us.
6.1 We may update this policy from time to time by publishing a new version on our website.
6.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
6.3 We may notify you of changes to this policy by email or telephone
7.1 You have specific rights under data protection law. Due to the complex nature of this legislation, not all of the details have been included here. A full explanation of your rights can be found by visiting the Information Commissioner’s Office website.
7.2 Individuals have the right to obtain confirmation that their data is being processed and access to their personal data, together with some additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data upon request. We will require you to supply evidence of your identity such as a passport or certified copy of a passport plus a utility bill showing your current address before we will release a copy of your personal data.
7.3 Individuals have the right to have personal data rectified if it is inaccurate or incomplete.
7.4 In certain circumstances, individuals have the right to be forgotten and can request the erasure of personal data. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing and there is no overriding legitimate interest for continuing the processing; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for public health purposes in the public interest; for archiving purposes in the public interest, scientific research / historical research or statistical purposes; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
7.5 In certain circumstances, you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted based on these circumstances, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
7.7 Individuals have the right to object to processing:
based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); and
for the purposes of scientific / historical research and statistics. Individuals must have an objection on “grounds relating to his or her particular situation”.
7.8 When we receive any objections to processing listed in 7.7 we will stop processing the personal data unless:
we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
the processing is for the establishment, exercise or defence of legal claims.
7.9 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
7.10 You have the right to data portability. To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
7.11 You have the right to lodge a complaint with a supervisory authority responsible for data protection if you consider that our processing of your personal information infringes data protection laws. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
7.12 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
7.13 You may exercise any of your rights in relation to your personal data by writing to us at Coalters Ltd, 2 Low Ousegate, York, YO1 9QU OR by emailing us at email@example.com
8.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
8.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
8.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
Cookies used by our service providers
11.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information from your software provider about blocking and deleting cookies.
11.2 Blocking all cookies will have a negative impact upon the usability of many websites.
11.3 If you block cookies, you may not be able to use all the features on our website.