Privacy & Data Protection Policy
Business Name: Property Scout Ltd
Registered Company Number: 16164009
Date: 3rd March 2025
Next Review Date: 3rd June 2025
Prepared By: Mark Pack
1. Introduction
Data Controller Statement: Property Scout Ltd acts as a Data Controller in relation to the personal data it collects, processes, and stores. This means that Property Scout Ltd determines the purposes and means of processing personal data and is responsible for ensuring compliance with UK GDPR and the Data Protection Act 2018.
This policy outlines how Property Scout Ltd ensures compliance with data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a deal sourcer, we collect, process, and store personal and financial information from property buyers and sellers. It is our responsibility to safeguard this information and mitigate risks related to data security.
2. Scope
This policy applies to all personal data collected, stored, and processed by Property Scout Ltd in relation to property buyers and sellers, including:
- Name
- Company Name
- Phone Number
- Email Address
- Residential Address
- Photo ID (Passport, Driving Licence, or both)
- Proof of Funds (Bank Statements or equivalent financial documents)
- Additional information relevant to property transactions
3. Data Protection Risks
Below are key risks associated with handling personal data and the measures in place to mitigate them:
- Unauthorised Access: Implementing strong password protection, role-based access, and multi-factor authentication.
- Loss or Theft of Documents: Storing records securely and restricting access to authorised personnel.
- Data Breach from Cyber Attacks: Using encrypted storage, secure cloud platforms, and updated firewalls.
- Phishing or Fraudulent Attacks: Staff training on recognising phishing attempts and fraudulent communications.
- Non-Compliance: Regular compliance audits and data protection training.
4. Data Protection Measures
Lawful Basis for Processing:
- Contractual Necessity – Data required to facilitate property transactions.
- Legitimate Interest – To verify buyers and sellers.
- Legal Obligation – To comply with AML regulations.
- Consent – Where necessary, explicit consent is obtained.
Secure Storage & Access Control:
- Data stored securely in encrypted CRM systems.
- Email marketing data managed through GDPR-compliant platforms.
- Physical documents secured in locked cabinets.
5. Incident Response Plan
In the event of a data breach:
- Identify & Contain – Isolate affected systems or data sources.
- Assess Impact – Determine extent and type of compromised data.
- Report Incident – Notify ICO within 72 hours if required.
- Inform Affected Parties – Communicate with affected individuals.
- Review & Improve – Implement preventative measures.
6. Compliance & Monitoring
Regular audits ensure compliance with UK GDPR and data protection policies.
Designated Data Protection Officer: Mark Pack, responsible for compliance monitoring.
7. Resources & Further Information
8. Conclusion
This policy ensures Property Scout Ltd adheres to legal and ethical standards in handling personal data, protecting client information, and mitigating risks.
Approval & Review
Mark Pack
Property Scout Ltd
3rd March 2025