Privacy Notice – Drew Smith
This is the Privacy Notice for Drew Smith issued in accordance with the General Data Protection Regulation (GDPR)– please read it carefully.
This Privacy Notice is to let you know how we handle your personal data. This includes what you tell us about yourself, what we learn by having you as a customer, and the choices you give us about what marketing you want us to send you. This Privacy Notice explains how we do this and tells you about your privacy rights and how the law protects you.
Your personal data is any information relating to you from which you can be identified.
This notice sets out:
You can choose not to give personal data. We may need to collect personal data by law, or under the terms of a contract and/or relationship that we have with you. If you choose not to give us this personal data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services so we cancel a product or service you have with us.
Wherever we refer to “processing” of personal data in this Privacy Notice this includes any combination of the following activities: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This Privacy Notice only applies to personal data collected by or on behalf of Drew Smith via the company’s website or by any other means. The company’s website may from time to time contain links to and from other websites (partner networks, advertisers and affiliates). If you follow a link to any external website or alternatively reach our website from a third party website, please be aware that these websites will have their own privacy policies, separate from ours, and we therefore do not accept any responsibility or liability for these policies. Please check their policies before you submit any personal data to these websites.
Drew Smith is the trading name for Drew Smith Limited, which is part of the Galliford Try Group of companies owned by Galliford Try Plc.
Drew Smith Limited as the company responsible for your personal data is the Data Controller. If different to Drew Smith Limited, we will let you know which company in the Galliford Try Group you have a relationship with, when you take out a product or service with us.
You can contact our Data Protection Officer (DPO) at:
The Data Protection Officer,
c/o The Company Secretary,
Galliford Try Plc,
Cowley Business Park,
or by email to firstname.lastname@example.org
We need to have a proper reason under the GDPR whenever we process your personal data ourselves or share it with others. These reasons are:
A legitimate interest is when we have a business or commercial reason to process your personal data, but this must not unfairly go against your rights. If we rely on our legitimate interest, we will tell you what that is.
In the section below this one is a list of all the ways that we may process your personal data, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
Unless we have your explicit consent to do so, we will not process special categories of personal data revealing any of the following: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life or sexual orientation.
We may collect personal data from you in the following ways:
We may collect your personal data from third parties we work with including:
Companies that introduce you to us
The type of information we may ask you to provide about yourself and therefore collect includes, but is not limited to:
At the point of reserving a property to purchase from us we may require further information including, but not limited to:
If you apply for a shared equity loan we may keep the personal data provided in your Reservation Agreement, loan agreement and personal data obtained from third parties, such as credit reference and fraud prevention agencies to underwrite and manage your loan.
Please note that we may require this information to be able to respond to your enquiry or to provide our services or marketing information to you. You can however at any time tell us to change or remove any personal data or to stop or restrict the processing of your personal data.
We may use the personal data collected/provided by you as follows:
Our legal basis under the GDPR for each of these uses are as follows:
USE STATED ABOVE
To fulfil a contract that we have with you or steps preparatory to entering into a contract with you:
To comply with our legal duty:
It is in our legitimate interest:
We have your consent to
Where we have stated above that our grounds are that we have your consent, we will understand your consent to have been given when you expressly accept these terms. You can withhold or withdraw your consent at any time using the contact details for the DPO or the Company Secretary in this notice.
Where we don’t have your express consent, we may base our processing of your personal data on any other basis that applies.
If we intend to use your personal data for any purpose not stated above, we will first notify you of the intended use and the legal grounds.
You can choose which channel you’d like us to contact you on for marketing purposes and with information regarding our products and services at the point this information is collected – this can be done by checking or unchecking the relevant boxes as directed. If you no longer wish for us to communicate with you, you can follow the instructions on how to unsubscribe from emails, letters or texts by following the details within those communications to you. Alternatively, you can:
We may disclose your personal data to third parties in certain circumstances but we will not sell, rent or trade your personal data.
Your personal data may be transferred outside the UK and the European Economic Area. Some countries have adequate protection of personal data under their laws but where this is not the case we will be responsible for ensuring that appropriate security and privacy safeguards are in place, either by requiring the recipient to have signed up to a recognised international framework of data protection or by contractual obligations.
Where relevant, we may give third party providers who supply services to us, or who process personal data on our behalf, access to your personal data in order to help us to process it for the purposes set out above. When doing so, we will ask them to confirm that their security measures are adequate to protect your personal data.
Within the purposes set out above we may share your personal data with the following third parties:
We sometimes use systems to make automated decisions based on personal data we have – or are allowed to collect from others – about you. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the products, services or features we may offer you now or in the future, or the price that we charge you for them.
Here are the types of automated decision we make:
Pricing and approving credit
We may decide what to charge for some products and services or whether to offer credit-based products or services.
Credit scoring uses data from three sources:
Tailoring products and services
We may place you in groups with similar customers. We use these to better understand our customers’ needs, and to make decisions based on that understanding. This helps us to design products and services for different customer types, and to manage our relationships with them.
We may use personal data to identify recipients for direct marketing by us or by third parties on our behalf. However we will not sell or rent data.
We will seek to keep your personal data secure by taking appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Only authorised personnel and third parties will have access to your personal data.
If logging on to our website it is your responsibility to protect log in details. You must treat these as confidential and must not share or disclose your log in details to any other party.
We will retain your personal data for no longer than the period of time needed for the purposes that we collected the data and for as long as we have legal grounds to retain it. There is no fixed period after which all record of your personal data will be deleted as this will depend on the circumstances and the purposes of the processing but we will take steps and maintain policies to keep retention under proper review. We will not seek your consent before deleting any personal data.
If you purchase a Drew Smith home, we will need to retain your personal data relating to the purchase for 15 years after completion.
Any changes we may make to this Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Privacy Notice.
You have the right to access your personal data including us providing to you , without charge, a copy (which may be in electronic form) of any of your personal data that we are processing or that third parties are processing on our behalf.
We will also provide to you, if you request it, the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, including recipients in countries outside the UK or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
if the personal data was not collected from you, any information available to us as to the source of it;
whether the personal data has been subject to automated decision-making, including profiling, and if so information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Requests for this information or a copy of your personal data should be in writing, enclosing proof of identification such as a copy of your passport, driving licence or other documentation confirming your name and address (for example a utility bill) to be addressed to:
The Data Protection Officer
C/o The Company Secretary,
Galliford Try Plc,
Cowley Business Park,
or by email to email@example.com
You have the following rights under GDPR:
a right to request us to correct inaccurate or incomplete data (“Right to rectification”)
a right to request us to delete any of your personal data. In certain circumstances we may wish to retain data and if GDPR allows us to do so we will inform you of our grounds (“Right to erasure” or “Right to be forgotten”)
a right to request us to stop or to restrict any aspect of the processing of your personal data. In certain circumstances we may wish to continue and if GDPR allows us to do so we will inform you of our grounds (“Right to restriction of processing”).
In each case we will tell you what action we are taking and we will also notify any third party to whom the data has been disclosed. Your request should be made to the address above
You have the following rights under GDPR over automated decisions and profiling.
Your request should be made to the address above.
You have the right to receive from us the personal data that you have given us in a structured, commonly used and machine-readable format (“Right to data portability”) and/or to have the data sent by us directly to another party. Please note that this right only applies in certain circumstances, which is when we held the data on grounds of your consent or to perform a contract with you or for steps preparatory to such a contract and we were processing that data by automated means.
Your request should be made to the address above
Please let us know if you are unhappy with how we have processed your personal data. You can contact us by our secure online contact form at the “Contact Us” link on our website or by writing to the Company Secretary at the address given above.
You have the right to lodge a complaint with the Information Commissioners Office (ICO) which is the UK supervisory authority for the processing of personal data. Further details are available on the ICO’s website.
If you have any questions, or want more details about how we process your personal data or if you wish to exercise any of your rights, you can contact us using our secure online contact form at the “Contact Us” link on our website or by writing to the Data Protection Officer at the address given above.