Complete Estate Agents Limited (′Complete′, ′we′ or ′us′) are committed to protecting and
respecting your privacy.
This policy (and any other documents referred to on it) sets out the basis on which any
personal data we collect from you, or that you provide to us, will be processed by us. Terms
given to them in the Complete terms and conditions.
Please read the following carefully to understand our views and practices regarding your
personal data and how we will treat it.By visitingwww.completeestategants.com(′Our
Site′) you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 1998 (the′Act′), the data controller is Complete
Estate Agents Ltd
First Floor, Absol House, The Old Laundry, Ivy Road, Chippenham, Wiltshire SN15 1SB.
If you have any queries or comments about this policy, please get in touch by writing to
′Privacy Manager′ at the above address or firstname.lastname@example.org.
1. Information we may collect from you
We may collect and process the following data about you:
Information you give to Complete:
We will collect information that you provide about yourself by filling in forms on Our
Site or by corresponding with us by telephone, e-mail or otherwise.
This includes information you provide when you register to use Our Site or purchase
our services, and any information that you input, upload, store, transmit or
communicate when using Our Site or the Complete Portal, and when you report a
problem with Our Site.
The information you give to us may include the following:
Personal information: Your name, address, date of birth, e-mail address and
telephone number, and information about your property or your personal
circumstances as a purchaser or vendor.
Property information: If you are selling a property, we may also upload photos and
floorplans of your property. These will normally identity your address.
Payment information: When you make a payment for the services of Complete, we
do not hold this information anywhere except from our bank statements. Our bank
Due diligence information: We are required to carry out checks on all Vendors that
have instructed Complete to market their property and Buyers who have an offer
accepted for a Complete marketed property. You may be required to provide
Complete with a copy of a document (e.g. ID, driving licence, passport) or you will be
required to verify your identity through our agency with an automated verification
check. Copies of the identity documents and any other information that you provide
to us will be stored securely by Complete and/or its credit reference provider
(Landmark) for compliance purposes.
We will assume that, where you provide personal information over the telephone to
a Complete operator and in all areas of Our Site or the Complete Portal where you
enter personal information that you consent to our use of that information, as
information to reflect your current consent status.
Information we collect about you:
Each time you visit Our Site and/or the Complete Portal we will automatically collect
information which may uniquely identify your browser or account.
This includes the following information:
o Technical information, including the Internet protocol (IP) address used to
connect your computer to the Internet, browser type and version, time zone
setting, browser plug-in types and versions, operating system and platform;
o Information about your visit, including the full Uniform Resource Locators
(URL) clickstream to, through and from Our Site (including date and time);
products you viewed or searched for; page response times, download errors,
length of visits to certain pages, page interaction information (such as
scrolling, clicks, and mouse-overs), and methods used to browse away from
the page and any telephone number used to call our customer service
Information we receive from other sources:
We work closely with third parties (including, for example, business partners, sub-
contractors in technical, payment and delivery services, advertising networks,
analytics providers, search information providers, and credit reference agencies). As
part of our business processes, we may pass information to them about you, and we
may receive information about you from them.
We currently use the following facilities for the purposes of analysing information
collected from you:
o Google Analytics;
o Google Adwords;
provide you with a good experience when you browse Our Site and also allows us to
improve Our Site.
3. Uses made of the information
We use information held about you in the following ways:
Information you give us:
We will use this information:
o to carry out our obligations arising from any contracts which we may enter
into with you and us and to provide you with the information and Services
that you request from us;
o to process your payments for the Services;
o to undertake checks of your identify for compliance with the Money
Laundering Regulations of 2007 (as amended);
o to provide information to relevant third parties, including:
Sub marketing companies working under the umbrella of Complete
Estate Agents Ltd. These are separate companies and they should be
contacted directly regarding their Privacy Policies.
Independent contractors, commissioned by Complete to produce an
Energy Performance Certificate or take professional photographs of
your property for use on Our Site, in the event that you request such
services via Our Site;
Partners – Open Convey whom we use to generate our solicitor
referrals, in the event that you request a quote for conveyancing
services on Our Site and/or via a Complete contact. Open Convey will
o to provide you with information about any other products or services we
offer that are similar to those that you have already purchased or enquired
o to provide you, or permit selected third parties to provide you, with
information about goods or services we feel may interest you:
If you are an existing customer, we may contact you by electronic
means and/or by telephone with information about goods and
services similar to those which were the subject of a previous sale or
negotiations for a sale to you.
If you are a new customer, and where we permit selected third
parties to use your data, we (or they) may contact you by electronic
means and/or telephone.If you do not want us to use your data in
this way, please email@example.com;
o to improve Our Site and the Services;
o to notify you about changes to our Services, changes to the features of Our
Site and/or the Complete Portal, and any updates to our terms and
o to ensure that content from Our Site is presented in the most effective
manner for you and for your computer.
Information we collect about you:
We will use this information:
o to administer Our Site and the Complete Portal, your access to Our Site and
the Complete Portal, and for internal operations, including troubleshooting,
data analysis, testing, research, statistical and survey purposes;
o to improve Our Site to ensure that content is presented in the most effective
manner for you and for your computer;
o to allow you to participate in interactive features of Our Site and the Services,
when you choose to do so;
o as part of our efforts to keep Our Site safe and secure;
o to measure or understand the effectiveness of advertising we serve to you
and others, and to deliver relevant advertising to you; and
o to make suggestions and recommendations to you and other users of Our
Site about goods or services that may interest you or them.
Information we receive from other sources:
We may use the information we receive from other sources for the purposes set out
above (depending on the types of information we receive).
We may also combine the information we receive from other sources with the
information you give to us and information we collect about you, and use this for the
purposes set out above.
4. Disclosure of your information
We may share your personal information with any member of our group, which means our
subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of
the UK Companies Act 2006.
We may share your information with selected third parties including:
business partners, suppliers and sub-contractors for the performance of any contract
we enter into with you;
advertisers and advertising networks that require the data to select and serve
relevant adverts to you and others, and we may disclose personal information about
you to Property Price Advice and our advertisers to help them reach the kind of
audience they want to target;
analytics and search engine providers that assist us in the improvement and
optimisation of Our Site; and
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose
your personal data to the prospective seller or buyer of such business or assets.
If Complete or substantially all of its assets are acquired by a third party, in which
case personal data held by us about our customers will be one of the transferred
If we are under a duty to disclose or share your personal data in order to comply
with any legal obligation, or in order to enforce or apply our terms and conditions
and other agreements; or to protect the rights, property, or safety of Complete, our
customers, or others. This includes exchanging information with other companies
and organisations for the purposes of fraud protection and credit risk reduction.
5. Storage of your personal data
Save as set out in this section, all information you provide to us is stored on our secure
servers. We will take all steps reasonably necessary to ensure that your data is treated
Our Site is secured by Clarks Computers, but unfortunately, the transmission of information
via the Internet is never completely secure. Although we will do our best to protect your
personal data, we cannot guarantee the security of your data transmitted to Our Site, and
consequently any transmission is at your own risk. Once we have received your information,
we will use strict procedures and security features to try to prevent unauthorised access.
We will retain your information for a reasonable period or for as long as is required by law.
6. Your rights
You have the right to ask us not to process your personal data for marketing purposes. We
will usually inform you (before collecting your data) if we intend to use your data for such
purposes or if we intend to disclose your information to any third party for such purposes.
You can also exercise the right at any time by contacting us at
Our Site may contain links to and from the websites of our Partner Sites, partner networks,
advertisers and affiliates. If you follow a link to any of these websites, please note that these
websites have their own privacy policies and that we do not accept any responsibility or
liability for these policies. Please check these policies before you submit any personal data
to these websites.
7. Access to information
The Act gives you the right to access personally identifiable information held about you.
Your right of access can be exercised in accordance with the Act. Any access request may be
subject to a small fee to cover our costs in providing you with details of the information we
hold about you. To request this information please contact
Our Site and, where appropriate, notified to you by e-mail. Please check back frequently to
addressed to firstname.lastname@example.org.
GDPR and consumer rights
WEDNESDAY 16 MAY 2018
With General Data Protection Regulation (GDPR) just around the corner, it is important to
understand the effect consumer rights could have on the way you process and hold
The GDPR provides eight fundamental rights for individuals, and we have set out how and
when you must comply with them, in preparation for when the regulation comes into force
1. Right to be informed
What's new? Well, the GDPR is now more specific about the information you need to
provide to individuals about the collection and use of their data, including your purposes for
processing their data, your retention periods for that data, and who it will be shared with.
These can typically be provided through a privacy notice.
This must actively be provided to individuals in a way that is easy to access, read and
understand. If you obtain personal data from other sources, you must provide individuals
with privacy information within a reasonable period of obtaining the data and no later than
2. Right of access
The right of access gives individual's the right to obtain a copy of their personal data as well
as other supplementary information. In addition to their personal data, you must also be
prepared to provide:
the purpose of your processing;
who you disclose the data to;
your data storage retention period;
acknowledgement of an individuals right to request rectification, erasure or
restriction or to object to such processing;
the right to lodge a complaint with a supervisory authority;
information about the source of the data, where it was not obtained directly from
the existence of automated decision-making (including profiling);
and the safeguards you provide if you transfer personal data to a third country or
If an individual requests a copy of the data you hold for them, you should provide concise
and transparent information in an accessible, electronic format, unless requested
You must act on the subject access request within one month of receipt. You can extend the
response time by a further two months where the application for access is complex or you
have received a number of requests from the individual, however you must notify the
individual within one month of receiving their request and explain why the extension is
In most cases you cannot charge for this, however, where the request is manifestly
unfounded or excessive you may charge a “reasonable fee” for the administrative costs of
complying with the request. You can also charge a reasonable fee if an individual requests
additional copies of their data, which must be based on the administrative costs of
providing further copies.
It is important to be aware that requests can come in any form (including via social media)
and to any employee in your company, so it is key that your staff know how to recognise
and respond to a request.
3. Right to rectification
The GDPR includes a right for individuals to have inaccurate personal data rectified, or
completed if it is incomplete. This means that if you receive a request for rectification, you
should take every reasonable step to ensure that the data is accurate and if necessary,
rectify it, within one month of receipt.
If you consider an application to be manifestly unfounded or excessive, you can charge a
"reasonable fee" to deal with the request; or you can refuse to deal with the request. In
either case you will need to justify your decision. Any reasonable fee should be based on the
administrative costs of complying with the request. You must notify the individual of the
cost within one month of receiving the request and you are not required to comply with the
request until you have received said fee.
4. Right to erasure
The right to erasure – also known as ‘the right to be forgotten’ – means individuals have the
right to have their data erased, and you must have procedures in place for deleting personal
data easily and securely where there is no compelling reason for possession and continued
processing. Instances of this include:
where the personal data is no longer necessary in relation to the purpose for which
it was originally collected;
when the individual withdraws consent;
when the individual objects to the processing and there is no overriding legitimate
interest for continuing the processing;
the data was unlawfully processed; or
if it is in compliance with a legal obligation.
If you refuse to comply with a request to remove an individual's personal details, you must
be able to justify your decision.
If you have doubts about the identity of the person making the request you can ask for
more information. However, it is important that you only request information that is
necessary to confirm who they are. The key to this is proportionality and you should take
into account what data you hold, the nature of the data, and what you are using it for.
5. Right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data, in
order to limit the way that an organisation uses their information. This may be because they
have issues with the content of the information you hold or how you have processed their
data. In most cases you will not be required to restrict an individual’s personal data
indefinitely, but will need to have the restriction in place for a certain period of time.
You will however need to have processes in place that enable you to restrict personal data if
required. As the definition of 'processing' includes a broad range of operations including
collection, structuring, dissemination and erasure of data, you should use methods of
restriction that are appropriate for the type of processing you are carrying out. This could be
by temporarily moving the data to another processing system; making the data unavailable
to users; or temporarily removing published data from a website.
6. Right to data portability
The GDPR includes the right to data portability, which allows individuals to obtain and reuse
their personal data across different services for their own purposes. This means that they
are entitled to have information they have provided to a controller moved, copied or
transferred from one controller to another, in a safe and secure way, without affecting
It is important to remember that data ‘provided to a controller’ isn't exclusive to identifiable
information (such as their contact details, username, age, etc), it also refers to personal data
resulting from observation of an individual’s activities. This may include history of website
usage or search activities, traffic and location data or ‘raw’ data processed by connected
objects such as smart meters and wearable devices.
And whilst you can again, charge for or refuse to comply with a request for data portability
if it is manifestly unfounded or excessive, taking into account whether the request is
repetitive in nature, you will need to justify your decision.
If you receive personal data that has been transmitted as part of a data portability request,
you need to process this data in line with data protection requirements.
7. Right to object
The right to object allows individuals the absolute right to stop their data from being used
for direct marketing purposes. They can also object to the processing of their data based on
your legitimate interest, for the purpose of a task carried out in the public interest, or for
the intention of scientific or historical research. If you receive an objection request, you
must cease processing of the individuals personal data immediately and free of charge.
If you refuse to comply with an objection you must inform the individual, within one month
of receipt of the request, the reasons you are not taking action; their right to make a
complaint to theInformation Commissioners Office (ICO) or another supervisory authority;
and their ability to seek to enforce this right through a judicial remedy.
8. Rights in relation to automated decision making and profiling
The regulation brings about rights for consumers which restricts automated individual
decision-making void of any human involvement, and profiling activity used by organisations
for direct marketing purposes. This means that if any of your automated processes
determine an outcome based on pre-programmed algorithms or a set criteria, or evaluated
data concerning certain personal aspects of an individual (such as their personal
preferences, location or economic situation) is used as part of a decision making
process, individuals have the right to human intervention, express their point of view, and
obtain an explanation of the decision and challenge it.
Companies must inform customers of their right to object at the point of first
communication and in their privacy notice, and must stop processing personal data as soon
as they receive an objection.
Because this type of processing is considered to be high-risk, the GDPR requires you to carry
out aData Protection Impact Assessment (DPIA) to show that you have identified and
assessed what those risks are and how you will address them.