Woodgate is part of the Thakeham Group.
This privacy notice therefore aims to be completely transparent about how we handle and use your personal data. We’ve tried to keep this policy as jargon free as possible, but if you are unsure of any terminology or have any questions or suggestions, please contact our Data Protection Team using the contact details below.
1. Who we are and how you can contact us:
“Woodgate” (referred to in this policy as “we”, “us” or “our) is a trading name of:
Thakeham Homes Limited
Thakeham House, Summers Place, Stane Street, Billingshurst, West Sussex, RH14 9GN
Company number: 07278594
ICO Registration Number: ZA051516
2. Our Data Protection Team:
We have appointed a Data Protection Team, who can be contacted in the following ways should you have any questions, complaints or feedback about your privacy:
Mail: Data Protection Team
Thakeham House, Summers Place, Stane Street, Billingshurst, West Sussex, RH14 9GN
3. Where we collect your personal data:
We collect your personal data in the following ways:
Data you give to us:
When you make an enquiry on our website;
When you talk to us on the phone or at any of our sites and events;
When you use our website;
When you send emails or letters to us;
When you sign up to our newsletter or marketing; and
When you provide feedback to us.
Data we collect when you buy our products or use our services:
Payment and transaction data.
Data from third parties we work with:
From organisations such as Rightmove and Zoopla; and
Agents working on our behalf.
4. Data we collect about you:
We will collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity data – title, name, date of birth, gender
Contact data – current address, email address, telephone number(s).
Transaction data – details of the products and services you have purchased from us, including date and time of purchasing and spend in relation to that transaction. We also process the name on your payment card, your card, expiry date and CVV number.
Technical data – internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Cookie data – Information collected using cookies stored on your device(s) about the use of our online services.
Usage data – information about how you use our website and services.
Marketing and communications data – your preferences in receiving marketing from us and your communication preferences.
Employment information – Previous employment history, experience, relevant qualifications, work eligibility and references.
Criminal conviction and offence information – In order to work for us, you will be required to undertake an enhanced Disclosure check.
CCTV Data – visual footage collected via CCTV.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any special categories of personal data about you, outside of those stated above. This includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
We also collect and use information about the specific property type you are interested in, how you found us and your budget.
We will use the data that you provide to us to market properties in developments which you have told us you are interested in, for internal record keeping and to improve our products and services.
5. How we use your personal data:
We are only allowed to use personal data about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. We have set out in the list below: the personal data which we collect from you, how we use it, and the legal ground on which we rely when we use the personal data.
In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
1. When we register you as a new customer, we collect your identity and contact information. We collect this information to perform our contract with you.
2. When we register your interest in one of our developments, we collect your identity and contact information. We collect this information to perform our contract with you.
3. To manage our relationship with you, including notifying you about changes to our terms or privacy notices, we collect your identity, contact and transaction information. We collect this information to perform the contract we have with you, to comply with a legal obligation or legitimate interests to keep our records up to date.
4. When you partake in a prize draw, competition or complete a survey, we collect identity, contact and transaction information. We collect this information to perform our contract with you, where we have gathered your consent or where we have a legitimate interest to do so where we study how our customers use our services and to grow our business.
5. To administer and protect our business and our website, we collect transaction information, technical and usage data. We collect this information because we have a legitimate interest for running our business, the provision of administration, IT services and network security.
6. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you, we collect identity and contact information, marketing and communications information, usage and profile data. We have a legitimate interest to collect this information to study how customers use our services and how to develop them, to grow our business and to inform our marketing strategy.
7. To send you the latest news about new developments, we collect your identity and contact information and your marketing and communication preferences. We have a legitimate interest to do this to send you the updates if you have not opted-out of receiving and to ensure that marketing is only sent to those people.
8. To use data analytics to improve our website, products/ services, marketing, customer relationships and experiences we collect technical, usage and profile data from you. We have a legitimate interest to do this to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
9. CCTV footage is collected as we have a legitimate interest to ensure the safety and security of assets and employees/ customers.
10. To make suggestions and recommendations to you about the services that may be of interest to you, we collect your identity and contact information, marketing and communications preferences, technical, profile and usage data. We have a legitimate interest to collect this information to develop our services and grow our business.
6. Processing your data using our Legitimate Interests.
We have a number of lawful reasons that we can use (or ‘process’) your personal data. One of these lawful reasons is called ‘legitimate interests’.
Broadly speaking legitimate interests means that we can process your personal information if:
We have a genuine and legitimate reason to and we are not harming any of your rights and interests.
The following are some examples of when and why we would use this approach during our normal course of business:
To improve and enhance our services: When we do process your data, we will use it to benefit you and to make your experience better and to improve our products and services.
Your best interest: Processing your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers.
Analytics: To process your personal data for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us with our services and to provide you with the most relevant information as long as this does not harm any of your rights and interests.
Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you.
Due Diligence: We may need to conduct investigations on existing customers, potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.
Direct Marketing: We may send postal marketing. We will also make sure our postal marketing is relevant for you and tailored to your interests. You also have the right to opt-out of receiving this information at any time.
7. Who we share your personal data with:
In order to provide you with our services and meet our legal obligations, we only share your data with 3rd parties, in the following circumstances:
To fulfil your purchase;
For property management;
For due diligence checks;
To register your interest in a property;
To verify your identity;
To authorise debit/credit card payments and any other transactions authorised by the customer;
To manage and maintain the accuracy of your records;
To handle complaints, queries and improve customer service;
To fulfil our marketing requirements;
To carry out our Live Chat feature;
To meet legal obligations, for example, for the purposes of national security, taxation and criminal investigations; and
If the Thakeham Group is acquired by a third party, in which case personal data held by it, about its customers, will be one of the transferred assets.
We’ll never make your personal data available to anyone outside the Thakeham Group for them to use for their own marketing purposes without your prior consent.
8. Transferring your personal information outside the EEA
The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway. If we transfer your personal data outside the EEA we have to tell you.
Limited personal information that we collect from you may be transferred to and processed in a destination outside of the EEA. In these circumstances, your personal information will only be transferred on one of the following bases:
The country that we send the data is approved by the European Commission as providing an adequate level of protection for personal data; or
The recipient has agreed with us standard contractual clauses (SCC’s) approved by the European Commission, obliging the recipient to safeguard the personal data; or
The recipient has agreed Binding Corporate Rules (BCR’s) approved by the European Commission, obliging the recipient to safeguard personal data; or
There exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third-party recipient of personal data in the United States has registered for the EU-US Privacy Shield).
These organisations are:
Xpedeon (Algorithms Software Pvt. Ltd, 1st Floor, Ballard House, Adi Marzban Path, Ballard Estate, Mumbai – 400001, India) – Who provide our Customer Relationship Management System – Xpedeon transfer your data to India and we have implemented Standard Contractual Clauses (SCC’s).
Yomdel (Yomdel Ltd, Parbrook House, Natts Lane, Billingshurst, West Sussex, RH14 9EZ) – Who provide our Live Chat Feature – Yomdel may transfer your data to USA (EU-US Privacy Shield), New Zealand or Phillipines (Standard Contractual Clauses (SCC’s)).
Campaign Monitor (Campaign Monitor Pty Ltd, Level 38/201, Elizabeth Street, Sydney NSW 2000, Australia) – Who provide our Email Campaign Software – Campaign Monitor may transfer your data to USA (EU-US Privacy Shield).
To find out more about how your personal information is protected when it is transferred outside the EEA, please contact our Data Protection Team using the details above. Before sharing any information with a third party, we will ensure that there is a data processing agreement in place requiring that the third party protects personal data according to the GDPR.
We may use your personal information to tell you about relevant properties and any upcoming offers.
We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so.
You can ask us to stop sending you marketing messages at any time – you just need to contact us or use the opt-out links on any marketing message sent to you.
Where you opt-out of receiving marketing messages, this will not apply to personal data provided to us as a result of purchasing a property or any other transaction between you and us.
Understanding our customers better
We may make use of profiling your personal data to produce more relevant and tailored communications by having a deeper understanding of your interests, behaviours and personal preferences. This information helps us provide a better experience for our customers.
Profiling can help us target our resources more effectively through gaining an insight into the background of our customers and helping us to build relationships that are appropriate to their interests.
10. How long do we keep your personal data?
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
Any statutory or legal obligations;
The requirements of the business;
The purposes for which we originally collected the personal data;
The lawful grounds on which we based our processing;
The types of personal data we have collected;
The amount and categories of your personal data; and
Whether the purpose of the processing could reasonably be fulfilled by other means.
After such time, we will securely delete or destroy your personal data. In most instances the personal data processed by us this will be securely destroyed 6 years from when you cease to be a customer. We only hold CCTV data for a period of 30 days.
11. Your rights
Right to be Informed
We will always be transparent in the way we use your personal data. You will be fully informed about the processing through relevant privacy notices.
Right to Access
You have a right to request access to the personal data that we hold about you and this should be provided to you, under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, within 1 month. If you would like to request a copy of your personal data, please contact us using the details at the top of this policy.
Right to rectification
We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.
Right to erasure
You have the right to have your data ‘erased’ in the following situations:
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed.
When you withdraw consent.
When you object to the processing and there is no overriding legitimate interest for continuing the processing.
When the personal data was unlawfully processed.
When the personal data has to be erased in order to comply with a legal obligation.
If you would like to request erasure of your personal data, please contact us using the details at the top of this policy. Please note that each request will be reviewed on a case by case basis and where we have a lawful reason to retain the data, it may not be erased.
Right to restrict processing
You have the right to restrict processing in certain situations such as:
Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data.
Where you have objected to processing and we are considering whether our legitimate grounds override your legitimate grounds.
When processing is unlawful, and you oppose erasure and request restriction instead.
Where we no longer need the personal data, but you require the data to establish, exercise or defend a legal claim.
Right to data portability
You have the right to data portability in certain situations. You have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file. If you would like to request portability of your personal data, please contact us. This only applies:
To personal data that you have provided to us;
Where the processing is based on your consent or for the performance of a contract; and
When processing is carried out by automated means.
Right to object
You have the right to object to the Thakeham Group processing your data in these circumstances:
Where the processing is for direct marketing. Remember you can opt out of email communication at any time via the unsubscribe feature on our emails;
Where the processing is based on legitimate interests;
Where the processing is for purposes of scientific/historical research and statistics
12. Not Happy?
Please let us know if you are unhappy with how we have used your personal data by contacting the Data Protection Team (details can be found at the top of this policy).
You also have a right to complain to the Information Commissioner’s Office. You can find their contact details at www.ico.org.uk. We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.