AJM Property Partners - Customer Privacy Notice

​

This privacy notice tells you what to expect us to do with your personal information.

• Contact details

• What information we collect, use, and why

• Lawful bases and data protection rights

• Where we get personal information from

• How long we keep information

• Who we share information with

• How to complain

 

Contact details

Email

info@ajmpropertypartners.co.uk

​

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:

• Names and contact details

• Addresses

• Date of birth

• Payment details (including card or bank information for transfers and direct debits)

• Financial data (including income and expenditure)

• Transaction data (including details about payments to and from you and details of products and services you have purchased)

• Usage data (including information about how you interact with and use our website, products and services)

• Employment details (including salary, sick pay and length of service)

• Credit history and credit reference information

• Criminal records data (including driving or other convictions)

• Video recordings

• Audio recordings (eg calls)

• Records of meetings and decisions

• Website user information

We collect or use the following personal information for the operation of client or customer accounts:

• Names and contact details

• Addresses

• Purchase or service history

• Account information, including registration details

• Information used for security purposes

• Marketing preferences

We collect or use the following personal information for information updates or marketing purposes:

• Names and contact details

• Addresses

• Profile information

• Marketing preferences

• Purchase or account history

• Website and app user journey information

We collect or use the following personal information for research or archiving purposes:

• Names and contact details

• Addresses

• Purchase or client account history

• Website and app user journey information

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details

• Address

• Payment details

• Account information

• Purchase or service history

• Call recordings

• Customer or client accounts and records

• Financial transaction information

 

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.

• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.

• Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.

• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.

• Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.

• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

 

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • Data is collected in order to liaise and discuss potential business dealings of interest to the individual. Whether this is a service they wish to buy, a project they wish to partner on or agree a sale to the company. Data helps the company to ascertain what would be a benefit and of interest to the individual.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • Client Data is kept up to date in order to provide the best and most tailored service to clients and customers. Without such data they may receive irrelevant communication.

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • In order to keep clients and customers up to date with all of our offerings that may benefit them, that they otherwise may not be aware of.

Our lawful bases for collecting or using personal information for research or archiving purposes:

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

  • Research on an individual will ensure a more tailored approach to distributing relevant services and products.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

 

Where we get personal information from

• Directly from you

• Regulatory authorities

• Legal bodies or professionals (such as courts or solicitors)

• Publicly available sources

• Market research organisations

• Credit reference agencies

• Providers of marketing lists and other personal information

• Suppliers and service providers

 

How long we keep information

Privacy Notice Retention Schedule for AJM Property Partners

This schedule outlines how long personal data will be retained by AJM Property Partners, in line with our privacy policy. This retention schedule ensures that personal data is stored for no longer than necessary and in compliance with data protection laws such as the UK GDPR and the Data Protection Act 2018.

1. Personal Data Categories

1. Customer Information

   • Types of Data: Name, contact details (address, email, phone number), usage data, date of birth, payment details, financial data, credit history

   • Purpose of Retention: To process orders, manage customer relationships, provide customer support, and for marketing purposes.

   • Retention Period:

     • For Orders and Transactions: 6 years (to comply with accounting and tax requirements).

     • For Marketing and Communication Records: 3 years after the last interaction, unless consent is withdrawn earlier.

   • Action after Retention Period:

     • Transaction records: Anonymised or deleted.

     • Marketing data: Deleted or anonymised upon request or expiry of retention period.

2. Employee Data

   • Types of Data: Personal details (name, address, contact details), payroll information, employment history, performance reviews, health data (if applicable).

   • Purpose of Retention: HR management, payroll processing, performance management, legal obligations (e.g., tax, employment laws).

   • Retention Period:

     • For Employment Contracts: 6 years after employment ends (to comply with legal requirements).

     • For Payroll and Financial Records: 6 years (to comply with HMRC requirements).

     • For Performance and Disciplinary Records: 3 years after employment ends.

   • Action after Retention Period:

     • Employment-related records: Securely deleted or anonymised.

     • Payroll records: Securely deleted or anonymised.

3. Supplier Data

   • Types of Data: Supplier details (name, contact information, payment details), contractual data.

   • Purpose of Retention: To manage supplier relationships and fulfill contracts.

   • Retention Period:

     • For Contracts and Financial Records: 6 years after the end of the contract (to comply with tax and legal requirements).

     • For Communication Records: 3 years after the last interaction.

   • Action after Retention Period:

     • Secure deletion or anonymisation of records.

4. Website Users & Online Customers

   • Types of Data: Website usage data, registration details, purchase history.

   • Purpose of Retention: Website analytics, user experience improvement, marketing communications, customer service.

   • Retention Period:

     • For Analytics Data: 2 years (to monitor website performance and improve services).

     • For Customer Accounts: 6 years after account closure (to comply with financial record retention obligations).

   • Action after Retention Period:

     • Data anonymised or securely deleted.

5. Marketing Data

   • Types of Data: Name, email address, marketing preferences, communications history.

   • Purpose of Retention: To carry out marketing campaigns, communicate with customers, and build customer profiles.

   • Retention Period:

     • For Marketing Consent and Communication Records: 3 years after the last interaction or upon unsubscribing.

   • Action after Retention Period:

     • Data deleted or anonymised, in accordance with the individual's rights under the GDPR.

6. Legal and Compliance Data

   • Types of Data: Data necessary to meet legal obligations (e.g., anti-money laundering, financial audits, regulatory compliance).

   • Purpose of Retention: To comply with legal, regulatory, or contractual obligations.

   • Retention Period:

     • For Compliance Data: Typically 6 years, depending on specific legal requirements (e.g., tax law, regulatory frameworks).

   • Action after Retention Period:

     • Secure deletion or anonymisation.

2. General Retention and Deletion Principles

1. Data Minimisation:
   Personal data should only be retained for the duration necessary to fulfill the purposes for which it was collected. This principle helps ensure compliance with the UK GDPR.

2. Regular Data Reviews:
   Data retention schedules should be reviewed at least annually. A process should be in place to review personal data regularly to ensure it is kept only for as long as necessary.

3. Secure Data Deletion:
   When personal data is no longer needed, it must be securely deleted or anonymised to prevent unauthorized access or reconstruction.

4. Transparency and Accountability:
   The retention schedule should be communicated clearly in the privacy notice, ensuring that individuals are aware of how long their data will be retained and their rights regarding data deletion or modification.

3. Data Subject Rights

• Right to Access: Individuals can request a copy of their personal data during the retention period.

• Right to Rectification: If any personal data is inaccurate or incomplete, individuals can request corrections.

• Right to Erasure (Right to be Forgotten): If data is no longer needed or if an individual withdraws their consent, the data should be deleted upon request.

4. Updates and Amendments

• The privacy notice and retention schedule should be reviewed and updated as necessary to comply with changes in data protection laws or business practices. Any material changes to the retention policy must be communicated to individuals whose data is impacted.

5. Record of Retention and Deletion

• Maintain a log of all personal data retention periods and deletion actions. This log should include:

  • The data categories and the corresponding retention periods.

  • The date and method of data deletion.

  • The justification for retaining data beyond the usual retention period (if applicable).

  • A record of any data deletion requests made by individuals.

 

Who we share information with

Others we share personal information with

• Other financial or fraud investigation authorities

• Insurance companies, brokers or other intermediaries

• Professional or legal advisors

• Regulatory authorities

• Organisations we’re legally obliged to share personal information with

 

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

10 January 2025