Please read this privacy notice carefully to understand the types of personal data we collect, how we use your personal data, the circumstances under which we will share it, and your rights in relation to the personal data we control and process.
The scope of this privacy notice includes all relevant websites, applications, platforms and other personal data processing we provide through our brand(s) and other means related to the product or service you have chosen to use. This privacy notice covers the processing undertaken on PropertyFile.
We may provide further disclosures for some products or services, and these should be read in addition to this privacy notice, together with our main websites privacy notices.
Our websites, applications and platforms may contain links to external sites. We do not control these sites and encourage you to read their privacy policies and notices.
For the purposes of UK data protection law and regulation, when you choose to use our product or service, Property File (co-branded with our partner estate agents) is the data controller (we participate in determining the purposes and manner in which your personal data is processed.) In some instances we may act as a joint controller with a third party involved in providing you with the product or service, such as an agent or a developer (agent) you are purchasing, selling, letting or renting a property from.
Property File is provided by Vebra Solutions Limited (ALTO) a company incorporated and registered in England and Wales. Registered offices: The Cooperage, 5 Copper Row, London, England, SE1 2LH (04529917). Our Information Commissioner's Office (ICO) registration number is Z7426718.
ALTO is part of the Property Software Group which is a division of ZPG Limited. Any reference to the ZPG or Group within this privacy notice includes all or any of the direct or indirect parent or subsidiary undertakings.
This privacy notice details our responsibilities for when we are a controller of your personal data. Questions, comments and requests regarding this privacy notice are welcome and should be addressed to email@example.com or via our postal address above. Please mark your letter: ‘Houseful Ltd: Data Protection Officer’.
How We Use Your Personal Data
Depending on your use of our product or service and the choices you make, we will use your personal data for the following high level purposes.
Providing our Product or Service
We process personal data in order to provide you with the product or service you have chosen to use. This may include needing to share your personal data with third parties.
Where relevant any payment details (such as credit card information) are not processed by us and are instead processed and stored by our payment providers such as Stripe.
Using our Websites and Mobile Applications
We use your personal data to make our products and services accessible to you from your mobile devices, to understand and improve our services, and to allow for personalisation and targeting where you have provided your consent for us to do so.
Where lawful we may use your personal data to send you electronic marketing communications. We will provide you with an option to unsubscribe or opt-out of further communications, or you may opt-out at any time by contacting us at firstname.lastname@example.org.
How Is Your Personal Data Collected?
When you use our products or services, we collect data. We only collect personal data necessary for specific purposes that the law allows. We may obtain personal data about you in two main ways:
- You provide us with your personal data [such as when you generate quotations or ask for contact].
- Personal data is collected automatically [such as the automatic recognition of your IP address or placement of cookies on your device].
- We may collect data from third parties about your property, this data is not considered to be personal data, however where any data is collected from a third party that may be considered personal data, this data will only ever be collected in compliance with data protection law.
The Reason We Process Your Personal Data
To use your personal data, we must have a valid reason (a “lawful basis”).
Sometimes we ask for your consent (e.g. to use some cookies,) and sometimes where you would expect us to use your personal data for example to provide the product or service you chose to use, then we do not need to ask for consent, and can rely on another lawful reason.
Data protection law also provides other reasons and exemptions for the processing of personal data, and requires us to have an additional reason to process higher risk personal data, such as special category and criminal conviction personal data where relevant. For example we will always ask for explicit consent when processing health data or biometrics. We will only ever process your personal data where we have a lawful reason to do so.
Our reason for using your personal data is usually one of the following:
You have given us or a party we act on behalf of, consent to use your personal data for a certain reason (you can normally revoke your consent at any time subject to the processing you consented to not already have taken place). We may rely on your consent to send you electronic mail marketing. See Right to Withdraw Consent.
We (or another ZPG company) must use your personal data to comply with laws or regulations to which we are subject.
We may have a legitimate interest in using your personal data. Usually this is to help us run, improve, promote, or protect our services and business. You may be able to reject the processing of your personal data when processed for legitimate interests. See Right to Object. In some instances we may have an overriding business interest not to stop the processing. We will always comply with a request to opt out of electronic mail marketing.
Examples of legitimate interests, where relevant, may include but are not limited to:
- Sharing data with our supplier/s, so we can give you quotes.
- Sharing data with our supplier/s, so you do not need to re-enter it.
- Providing emails concerning quote results or confirmation of your use of our product or services.
- Auditing and monitoring our processes, your engagement and feedback to help keep our high standards.
- Market research, statistical analysis, management information, data aggregation and product development for own purposes, third party purposes or to assist the wider property management industry.
- Training, communications and awareness.
- Securing our services, ensuring data is up to date and accurate, and keeping our services online.
- Preventing or prosecuting fraud and other criminal behaviour or activity.
- Transfer personal data for the purposes of developing, migrating and maintaining IT infrastructure and services.
- For direct marketing, personalisation, targeting and data shares for the purposes of marketing or promotional activities.
- Non targeted marketing on our websites, applications and platforms of either our products or services or products and services of third parties.
- Recording where applicable of telephone calls.
- For relevant processing by another company, such as another ZPG brand, or the wider public good.
Here are the main types of personal data we collect from you, and some helpful info on the reason we may collect and process such personal data.
|Personal data collected from you
|Why is your personal data collected
|Your full name, address, email address, mobile phone number and where required other contact details.
|To provide you with quotation(s) and related services.
To enable us to contact you and send data, information or products that you have requested.
To enable us to engage in marketing and to data share (such as newsletters or marketing emails for products and services that we believe will be of interest to you). See “who we share your data with”.
|Any personal data related to you and associated with your property or a property transaction
|To provide you with the ability to rent, let, purchase or sell a property. To help speed up the property transaction and help the property industry improve.
To improve the communication between all parties, such as any developer, any agent, the buyer, the seller, the landlord, the tenant, the developer’s conveyancer, the buyer’s conveyancer, mortgage advisors, lenders and surveyors.
To advertise to you relevant products and services online.
|The IP address or other device or user identifier you use to access our websites, applications or platforms.
|To make the websites, applications and platforms work.
To improve the functionality and performance of our websites, applications and platforms, and where relevant to gain data insights and help with personalisation.
To allow us to understand your user journey and for us to know where you have taken an action such as making a payment or moving to a different website.
|A record of any communication / correspondence you have with us (e.g. when you contact us by email, telephone or post).
|To enable us to maintain records with our potential and actual clients.
To respond to your queries and complaints and retain evidence of what has been communicated.
|Your account data such as login name and password (encrypted) and other online identifiers and behaviours.
|To allow you to securely access your account and to ensure your personal data is secure.
To allow us to monitor and understand the use of our websites, applications, and platforms.
|Any personal data that you provide to us as part of a survey or feedback.
|To improve our website, applications, products and services. We will only ever further use or make public personal data you have provided in your feedback with your consent.
|Payment card or account details.
|We do not directly collect or store account or payment card details, we use approved specialist payment card providers who hold and process the personal data on our behalf. We may retain some information to allow us to link the transaction to you, this information will never be your full account or card details.
|Artificial Intelligence (AI).
|Where we or a third party acting on our behalf may use artificial intelligence in any processing of personal data we will always robustly assess the risk to your personal data and will ask for your consent where possible. We will inform you where applicable of any use of AI or similar technology.
We may collect, process or share property information, such as a property’s address and attributes about the property or a property transaction. Where data relates to a property or property transaction, and not an individual it is property information, and the requirements of or rights provided by data protection law and regulation do not apply. Property information is not personal data.
How Long Do We Hold Your Personal Data?
We store your personal data for as long as it is needed. Some personal data may need to be retained to ensure we can comply with applicable laws and internal procedures, such as to protect ourselves against legal claims or evidence compliance, including for example retaining your email address for marketing communication suppression if you have opted not to receive any further electronic mail marketing. You can enquire further about how long we hold your personal data and for what purposes by contacting email@example.com.
Sharing Or Disclosing Your Personal Information
We use third parties to help provide our products and services. These companies may collect, store or otherwise process your personal data on our behalf. Where relevant we share your personal data with third parties such as buyers, sellers, developers, agents, conveyancers, surveyors, lenders, mortgage brokers and other third parties related to the property industry and or a home move journey.
Here are some examples of the reasons, we share your personal data and where relevant who we share it with:
- We may use cloud or physical servers to store and back-up personal data.
We use the following third party processor to host personal data:
- We share your personal data with third parties to service the terms you have agreed and or our contract with you, these third parties may act as a data processor, a sub-processor and or a data controller throughout the lifecycle of the services or delivery of the product. The names of the companies we use for these purposes may change frequently and where possible will be communicated to you where required.
To provide you with some chosen products or services we will be required to share your personal data with the following third parties who may also be controllers of your personal data, and therefore you may need to contact them directly to exercise your data subject rights for personal data in their control:
- Our partner estate agent.
- Partners of the estate agent.
- We may also disclose or share your personal data to third parties in the following circumstances:
- If you request we do so.
- To a member of the ZPG Group, which means subsidiaries, our ultimate holding company and its subsidiaries as defined in section 1159 of the UK Companies Act 2006.
- If we refinance, or sell any business or assets, we may disclose your personal data to the prospective seller, buyer or investor of such business or assets.
- If Houseful Ltd, a subsidiary or asset providing you with a product or service is merged, sold or otherwise acquired by a third party, personal data about you may be accessed and or transferred to the third party.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property and safety of Houseful Ltd, ZPG Group, our customers, or others. This includes exchanging data with third parties for the purposes of fraud and other criminal protection, and where needed to protect the vital interests of an individual.
- We may disclose your personal data to the court services, regulators, law enforcement agencies or other such authorities in connection for example with proceedings or investigations anywhere in the world where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
International Data Transfers
Personal data we hold is hosted in the United Kingdom (UK) and or the European Economic Area (EEA). We may in limited instances need to transfer personal data outside the UK or EEA for example if you have provided your consent for us to do so, or we need to comply with a law or regulation or the transfer is needed to operate our business. For any transfer of personal data outside the UK or EEA, known as a “restricted transfer”, we protect your personal data by complying with the requirements of UK data protection law and regulation to ensure the safe and secure transfer of personal data to third party territories.
Your Data Subject Rights
You have data subject rights which are granted to you under data protection legislation, which you can exercise at any time. We manage all rights requests raised to us as the law requires. This means there may be legal reasons why we cannot complete all requests. All data subject rights can be exercised by contacting us at firstname.lastname@example.org.
You have the following rights (subject to certain limitations):
|Right of Access
|You have the right to obtain from us confirmation as to whether your personal data is being processed, and you may have the right to access such personal data. Personal data is only disclosable if it is your personal data. Where an exemption to the disclosure of data applies or the data does not relate to you, we will be unable to provide you with access to such data. We will provide you with information on any withheld or redacted data in writing.
|Right to Rectification
|We will use reasonable endeavours to ensure your personal data is accurate. In order to assist us with this, you should notify us of any changes to the personal data you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.
|Right to Erasure
|Asking us to delete your personal data will result in us erasing your personal data in line with data protection legislation time scales, unless there is a legitimate and legal reason why we are unable to delete certain or all of your personal data, in which case we will inform you of this in writing. Erasure may include anonymising data so you are no longer identifiable. If we are not able to meet your right to erasure we will inform you in writing. We will retain a copy of your erasure request to evidence receipt and response.
|Right to Object
|You may be able to object to our use of your personal data, when we use it based on our legitimate interests or those of a third party. If this happens, we will not use your personal data, unless we can show legitimate reasons and an overriding interest for its use. If we are not able to meet your right to object we will inform you in writing.
|Right to Withdraw Consent
|Where you have given us consent to use your personal data, you may withdraw this at any time subject to the consented processing not already having taken place. No further processing will take place as soon as reasonably possible and always within legally required time scales, once consent has been withdrawn.
|Right to Restriction
|You may have the right to ask us to stop processing your personal data. We may be able to restrict the processing of your personal data where there is a valid reason to do so and the restriction is possible. Personal data is often restricted whilst an investigation or action is undertaken in response to your request on another data subject right, such as when your personal data is waiting to be deleted in line with a request for erasure. If we are not able to restrict the processing we will inform you in writing.
|Right to Data Portability
|Where it is technically feasible for us to do so, and within lawfully required collection of personal data parameters, you may have the right to request that we transmit your personal data to another data controller in a structured, commonly used and machine-readable format. The right to portability only applies in certain circumstances. We will always provide you with a reason in writing should we be unable to meet a portability request.
|Right to be Informed
|You have the right to know what personal data we hold on you, how we use that personal data, how long we hold it and who we share it with. This information is included in this privacy notice, together with any more specific notices given to you during your user journey, and as can be found in our further privacy notices on our other websites, applications and platforms.
|Automated Decision Making and Profiling
|Where we or a third party acting on our behalf processes personal data for the purposes of automated decision making or profiling, we will always where possible provide a means to obtain human intervention to question the outcome.
|Right to Complain
|You have the right to lodge a complaint to a supervisory authority such as the Information Commissioner’s Office (ICO) in the UK (see www.ico.org.uk). Although we encourage our customers to engage with us and allow us the opportunity to first respond to any complaint, in the event you have any concerns or complaints about our privacy practices you can escalate your complaint directly to the ICO. We would however ask you first give us an opportunity to help you by emailing email@example.com or firstname.lastname@example.org.
We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above. However, if you make excessive, vexatious, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests in line with what is acceptable under data protection legislation. Where we are required to provide a copy of personal data this will usually be free of charge. However, any further copies requested may be subject to reasonable fees based on administrative costs.
Where you request us to rectify, erase or restrict the processing of your personal data, we may where possible notify third parties to whom such personal data has been shared of such request. However, such third parties may have the right to retain and continue to process such personal data in its own right.
We or third parties acting on our behalf may need to request proof of identity or ask you to prove your identity via automated means before we can process your personal data for the purposes of a data subject rights request. Where we utilise automated decision making for this or any other personal data process, we will where possible offer human intervention.
Where we are not the controller or the sole controller of your personal data, we will likely have an obligation to either direct your data subject rights request to the controller, or send them your request to handle.
You can disable cookies being stored on your computer by changing your browser settings. You can also control your privacy settings on your mobile device. Our websites, applications and platforms may not perform properly, or some features may not be available if you disable non-essential cookies. You are unable to disable essential cookies, which are required for the website to function and for other necessary processing such as data security.
We may use Google Analytics or similar to provide us with for example statistics on website usage. Analytics cookies are non intrusive cookies and we may consider them essential in some circumstances for providing and improving our products and services. The only non anonymised personal data divulged to Google is your IP address. You can opt out of Google Analytics following the advice here - https://tools.google.com/dlpage/gaoptout.
Children Under The Age Of 13
Neither our websites, applications, platforms, products or services are aimed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you are under 13, please do not use our products or services and do not provide any personal data to us via any means. If we learn we have collected or received personal data from a child under 13 without verification of parental consent, we will delete that personal data. If you believe we might have any personal data from or about a child under 13, please contact us at email@example.com.
How Do We Keep Your Personal Data Secure?
All personal data collected is transferred and stored securely using industry standard technical and organisational security measures. Examples of our security measures includes:
Our websites use encryption technology to protect the transfer of your information to and from our websites. Web page URLs will start with https and a padlock will be displayed in front of the URL bar to show we encrypt the personal data you share with us. We maintain and enforce physical, electronic, and procedural safeguards in connection with the collection, transfer and storage of your personal data. However, whilst we take these appropriate technical and organisational measures to ensure the security of your personal data, we cannot guarantee the security of all personal data that you transfer over the internet in every circumstance, for example if we suffer a sophisticated cyber-attack.
Payment Card Details
We are committed to ensuring the protection of your payment card details and comply where required with the Payment Card Industry's Data Security Standard (PCI-DSS). Payments made via our websites, applications and platforms are processed and managed by specialist payment card providers. The full payment card number is never stored by us and is only stored and processed by the specialist payment card provider approved by us. We may keep an encrypted authentication token to represent your card and this token is transmitted to the specialist payment card provider during the order processing.
It is important to keep any account password secure to prevent fraudulent use. Never disclose your password to anyone else, and especially to anyone who requests it from you by telephone or email; we will never do this. You should avoid using the same password for multiple websites and avoid using common terms for your password such as “password” or “123456”. Instead, try using three or four words linked together combined with numbers, capitals and special characters, something easy to remember but difficult to guess. Take care when using public WiFi networks and ensure all email accounts you use are secure. If you use a shared computer, make sure that you log out once you have finished using a website or application.
Threat actors may try to steal your personal data using a technique known as “phishing”. This is where threat actors send emails that appear to be from someone or a company you know, but are actually the threat actor attempting to make you provide them with your personal data or even transfer money to them (known as redirection fraud). If you receive an email that claims to be from us and contains a link to an external website, or a request for you to enter any personal data or transfer money, treat it as suspicious and do not enter any personal data, even if the email appears legitimate. If you suspect your account details are subject to any fraudulent activity, please contact us immediately. We are unable to take responsibility for any loss you may suffer either directly or indirectly as a result of any fraud, security incident or success of any threat actor outside of our secure environments, or where we have taken all reasonable measures to protect your personal data.
How To Contact Us
If you have questions about this privacy notice or the way in which we collect and use your personal data, you can contact us via:
Or post:Privacy: Houseful Limited
5 Copper Row
We hope we will be able to resolve any questions or concerns you have (see Right to Complain). However, you may at any time raise any concern you may have with our privacy practices with the Information Commissioner's Office at https://ico.org.uk/.
Changes To This Privacy Notice
This privacy notice was updated November 2023.
From time to time, we change this privacy notice. We will post any changes to this page, so please check it often. Where appropriate, we will notify you of the change, for example by email or by means of a notice on our websites, applications or platforms. Your continued use of our relevant products and services, including use after the posting of any changes, will be deemed acceptance and acknowledgement by you of the information found within privacy notice. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and that you regularly visit this privacy notice to check for any changes.