Churchfield Sales & Lettings Website Data Policy

1.0 Policy Statement

Thank you for visiting our website, please be aware that by providing your information to us by email, telephone or via an external portal such as Rightmove you are accepting and agreeing for Churchfield to use your data for any day to day relevant processes relating to the Estate Agency business and for the purpose of marketing and you are accepting and consenting to the practices described in this Privacy Policy.

Your privacy and security is important to us and Churchfield have a duty of care to all the people that we collect data from, we recognise that everyone has rights to how their data is handled and as such treat all data collected in an appropriate and lawful manner.

Data is a liability, Churchfield will only collect necessary and relevant data to be used solely for its intended purpose. Any data obtained will be stored securely and we will not disclose any of your personal information, including your email address, to any third party without your consent, unless you give us specific consent to act otherwise. Our Privacy Policy describes the ways we capture your personal information and governs how we will deal with it. We aim to ensure that any personal information we obtain and use about you will always be held, used and transmitted in compliance with all applicable data protection rules.

Our website may contain links to third parties websites. Churchfield assumes no responsibility for the privacy practices or the content of those websites. Therefore, please read carefully any privacy policies on those websites before agreeing to their terms or using those websites.

Personal information is processed and stored in our databases and we have taken reasonable steps to secure and protect this information. However, whilst we make every effort to ensure the security of your information, we are unable to guarantee the protection of the information from misuse, accidental disclosure or unauthorised acts by others. Information provided by you may be stored or processed outside the United Kingdom.

You have the right of access to any personal information processed by us. Churchfield is committed to providing you with reasonable and practical access to your information to give you the opportunity to identify any inaccuracies. Where possible, if Churchfield is informed of the inaccuracy of any personal information, we will make appropriate corrections. You can request the updating or amending of any information you have provided to Churchfield by contacting us.


  • User privacy and data protection are human rights
  • We have a duty of care to the people within our database
  • Data is a liability, it should only be collected and processed when absolutely necessary
  • We loathe spam as much as you do!
  • We will never sell, rent or otherwise distribute or make public your personal information


2.0 Relevant Legislation

Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:


This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer for clarification.

3.0 Personal information that this website collects and why we collect it

Churchfield will need to collect personal information to enable us to carry out various processes relevant to our industry. This information may be for past, present or future employees of the company, clients and associated trades and professional services.  Any information collected will be accurate, necessary and relevant for its purpose. This website collects the following information:

3.1 Site visitation tracking

Cookies

When visiting Churchfield’s website, we may use cookies on or in connection with our website to maintain information about you. A cookie is a very small text document, which often includes an anonymous unique identifier and additional information necessary to support the sites intended functionality. When you visit our website it will send a session cookie to your browsers if your browser's preference allow this, to protect your privacy) your browser only permits our website to access the cookies it has already sent to you and not the cookies sent to you by other websites.

You always have the choice as to whether or not you want to accept these useful cookies. Cookies are, by default, accepted by 99% of web browsers but you can change this within your browser settings if you so wish. A word of warning though if you do, you’re likely to experience a dramatically reduced user experience and you won’t get full functionality for a lot of websites. For more information about cookies and for details on how to remove them see www.aboutcookies.org.

Google Analytics

Like most websites, this site uses Google Analytics, a web analysis service provided by Google Inc. (Google Analytics uses ‘cookies’).  The information generated by the cookie regarding your use of our Website is normally transferred to a Google server in the USA, and is stored there. As the IP anonymize function is activated on our Website, your IP address will, within Member States of the European Union or other contracting states of the Agreement on the European Economic Area, first be shortened by Google. Only in exceptional cases will Google transfer the full IP address to a Google server in the USA, and will shorten it there. On behalf of the operator of this Website, Google will use this information in order to analyse your usage of our Website, to compile reports on website activities, and to provide further services to the website provider relating to the usage of the Website and the internet. The IP address transferred by your browser within the framework of Google Analytics will not be combined by Google with other data.

Google AdWords

Using the code provided by Google AdWords we are able to better track the successes (or failures) of our advertising through the AdWords platforms. It lets us, for example, see which advert from which campaign you clicked on before you submitted one of our contact forms.

Facebook Pixel

The Facebook Pixel cookie allows us to track social media campaigns and identify the success or failure of each of them. All of the information is depersonalised and we don’t know who you actually are.

3.2 Contact forms and email links

By submitting your data to us via contact forms or email links you are giving us your permission to process your personal data for its intended purpose. Once its purpose is fulfilled we will dispose of your data unless otherwise agreed.

Information submitted to us through our website’s forms will be both stored in the website’s database (maintained by our third party processor Webflow) and collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by ESET File Security and an onsite Linux spam filter. For further information about our 3rd party processors please see section 6 of this document.

3.3 Offline data

Churchfield may collect data via telephone or by means of a client visiting the office in person. Any data collected will be necessary and relevant for its purpose, it will be stored securely until such time it is no longer needed and/or relevant at which point it will be disposed of securely.  


4.0 How we store your personal information

Once collected, your data will be stored securely on a computer or/as well as in secure paper based filing systems. Personal information that is submitted through our webforms is also stored within the website’s database, for more information about where our website is hosted please section 6 of this document.

4.1 Data retention

Data will be retained until it is no longer needed and/or it is no longer relevant, or until our legal obligations have been fulfilled, at which time the data will be disposed of securely.

4.2 Internal systems and security

Our onsite server systems are protected by ESET File Security and our local machines use ESET Endpoint Protection. In addition we make use of an onsite Linux spam filter and all of our outbound email is sent out using TLS encryption. Our network is protected by a Draytek Router which has a built in firewall, this is locked down to only allow remote access from pre-approved IP addresses. All data is backed up both on and offsite. The onsite backup is stored on a network attached drive that is locked down and password protected. Offsite backups are stored in a data centre which is only accessible via thumbprint, ID card and a pre-approved appointment.

The office is equipped with a comprehensive alarm system and 24 hour CCTV, with all exits securely locked at the end of each day and for any period of time where the office is not manned.

4.3 Methods of disposal

Data in paper form will be securely disposed of by shredding. Emails will be deleted when no longer needed and/or are no longer relevant, once an email is deleted it will remain on our server for 30 days until it is then permanently deleted. Any data stored on a computer will be permanently deleted when no longer needed and or no longer relevant.


5.0 Controlling your personal information (who to contact)

Contact Gemma Hayward, DPO. See section 10.0

5.1 removing/changing your personal information

If you require for your personal information held by Churchfield to be removed or amended you will need to contact our Data Controller to make this request.


Data will be processed in line with data subjects’ rights. Data subjects have a right to:

  1. Request access to any data held about them by a data controller.
  2. Prevent the processing of their data for direct-marketing purposes.
  3. Ask to have inaccurate data amended.
  4. Prevent processing that is likely to cause unwarranted substantial damage or distress to themselves or anyone else.
  5. Object to any decision that significantly affects them being taken solely by a computer or other automated process.

5.2 Making a complaint

If you need to make a complaint please ensure this is done in writing and sent to the Data Protection Officer at Churchfield, 122 Charminster Road, Bournemouth, BH8 8UT or by email to gemma.hayward@churchfield.uk.com  as soon as possible, detailing the nature of the complaint. Churchfield will respond to your letter of complaint within 10 working days and will do everything we can to ensure a speedy resolution.  

6.0 About this websites server

This website is hosted by Webflow, one of our third party data processors. They in turn use both Amazon Cloudfront and the Fastly Content Delivery Network to distribute copies of the website around the world. The reason for the distributed nature is to ensure speed and reliability of the website globally.   

Some of Webflow’s & Amazon’s Security benefits are:

  • SSL Certificate for encryption between the visitor and the website
  • Security guarded data centres
  • Security fencing and feeds
  • Intrusion detection technology
  • Backup power systems
  • Video surveillance systems
  • Enterprise-grade website security
  • ISO 27018 compliant


Full details of Webflow’s hosting can be found here. All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

7.0 Third party data processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them are compliant with the legislation set out in section 2.0. Third parties based in the USA are EU-US Privacy Shield compliant.

  • Google (Privacy Policy) EU-US Privacy Shield compliant
  • Webflow CMS (Privacy Policy) EU-US Privacy Shield compliant
  • Let MC (Privacy Policy)
  • Rightmove
  • On the Market
  • Sendgrid - email relay service
  • Supercontrol


8.0 Data breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.


9.0 Data Controller

The data controller is: Churchfield Sales & Lettings.

Company number: 675881285

Registered office: 122 Charminster Road, Bournemouth, BH8 8UT


10.0 Data protection officer

Name: Gemma Hayward

Position in Company: Associate Partner

Telephone: 01202 779911

Email: gemma.hayward@churchfield.uk.com


11.0 Changes to Privacy Policy

Churchfield Sales & Lettings may occasionally amend this Privacy Policy to reflect regulatory requirements and changes in our information collection and disclosure practices, please ensure you refer back to it to keep up to date with any changes.


11.1 Changelog

  • 24/05/2018 - Privacy Policy instigated