Privacy Policy

Privacy Policy

This privacy notice was last updated in January 2021. It supersedes any earlier versions.

In this Privacy Policy, the term ‘Hilton Smythe’ refers to Hilton Smythe Finance Limited (10887939), Hilton Smythe Commercial (UK) Limited (07514489).

Hilton Smythe is committed to ensuring that your privacy is protected. This privacy notice, together with our Terms and Conditions and any other notice referred to in it, explains how we will collect your personal data and how we use your personal data when you visit our website.

Hilton Smythe is a data controller in respect of the personal data processed when you visit our website. If you have any questions or concerns in relation to this Privacy Notice you can contact our Data Protection Officer dataprotection@hiltonsmythe.com or by writing to the Data Protection Officer, Hilton Smythe, 20 Wood Street, Bolton, BL1 1DY.

This website is not intended for minors or children.

This website may include links to third party websites, plug-ins or applications which may allow third parties to collect or share your personal data. We are not responsible for their use of your personal data and cannot control it.

  1. WHAT INFORMATION WE MAY COLLECT AND HOW WE USE IT

As a business we collect, use, store and transfer different types of personal data depending on who you are.

If you are purchasing or selling a property or business through Hilton Smythe, we collect and use your personal data in order for us to provide you with our services. The personal data we collect and use may include:

  • Identity Data (name, marital status, title, date of birth, gender, purchases made by you, your interests and preferences, feedback and survey responses)
  • Contact Data (billing address, delivery address, email address and telephone numbers)
  • Financial Data (bank account and payment details)
  • Transaction Data (details about payments to and from you and other services you have purchased through us)
  • Technical Data (internet protocol address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, identification number, online identified, location data and other similar identifying information required for the customer’s device(s) to communicate with websites and applications on the internet)
  • Usage Data (how you use our website products and services, the full uniform resource locators clickstream to, through and from our site (including date and time), download errors, lengths of visit to certain pages, page interaction information, methods to browse away from the page and any phone numbers you use to call us)
  • Marketing and Communications Data (your marketing preferences from us and our third parties and your communication preferences)

We also may collect and use Aggregated Data. For example, when you visit our website we may aggregate data about your usage to tell us about how certain features on our website are used. This is not usually classified as personal data as whilst it derives from personal data (in the example, it is derived from your Usage Data) it does not reveal your identity to us. If we do link this Aggregated Data to your personal information, it will be treated as personal data in line with this policy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You can ask us to rectify or update your personal information at any time by email to dataprotection@hiltonsmythe.com or by writing to The Data Protection Officer, Hilton Smythe, 20 Wood Street, Bolton BL1 1DY.

  1. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

Direct interactions

You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for our services;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • contact us through social media;
  • enter a competition, promotion or survey; or
  • give us some feedback.

Third parties or publicly available source

We may receive personal data about you from various third parties and public sources as set out below:

Contact, Financial and Transaction Data from providers of payment services such as Mastercard based inside the EU.

Identity and Contact Data from data brokers or aggregators such as:

  • Daltons Business based inside the EU
  • Businesses For Sale based in the EU
  • Right Biz based in the EU
  • Rightmove based inside the EU
  • Zoopla Property Group based inside the EU
  • Facebook based outside the EU

Identity and Contact Data from publicly availably sources such as Companies House, Internet Search Engines and the Electoral Register based inside the EU.

  1. HOW WE USE YOUR PERSONAL DATA

In the table below we summarise the ways that we plan to use your personal data and the purposes for which we will use your personal data. We will only use your personal data for the purposes for which we have collected it. If we need to process your personal data for a different purpose that is not compatible with the original purpose that we collected your personal data, we will let you know.

We may process your personal data for a different purpose and without your consent where it is necessary for us to comply with our legal obligations.

Purpose/Activity

To contact you.

Identity. 

Type of data

  • Contact
  • Financial 
  • Transaction 
  • Marketing and Communications.

Lawful basis for processing including basis of legitimate interest

Performance of a contract with you. 

Necessary for our legitimate interests (for running our business, to recover debts due to us, to keep our records updated and to study how customers use our products/services).


Purpose/Activity

To carry out our obligations arising from any contracts entered into between you and us and to provide with you the information, products and services you request from us.

Identity.

 

Type of data

  • Contact
  • Financial 
  • Transaction 
  • Marketing and Communications.

Lawful basis for processing including basis of legitimate interest

Performance of a contract with you. 

Necessary for our legitimate interests (for running our business, to recover debts due to us).


Purpose/Activity

To provide you with information about other goods and services that we offer which we feel may interest you.

Identity.

 

Type of data

  • Contact
  • Technical
  • Usage.

Lawful basis for processing including basis of legitimate interest

Necessary for our legitimate interests (for running our business, to recover debts due to us).


Purpose/Activity

To permit selected third parties:

  • to provide you with information about goods or services which we feel may interest you.
  • to assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website.

 

Type of data

  • Identity
  • Contact
  • Technical
  • Usage.

Lawful basis for processing including basis of legitimate interest

Consent (in relation to SMS and email marketing communications).

Necessary for our legitimate interests (to develop our service offering).


Purpose/Activity

To assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website.

 

Type of data

  • Identity
  • Contact
  • Financial
  • Transaction
  • Marketing and Communications.

Lawful basis for processing including basis of legitimate interest

Necessary for our legitimate interests (to develop our products/services and grow our business and provision of administration and IT services).


Purpose/Activity

To notify you about changes to our service.

 

Type of data

  • Identity
  • Contact.

Lawful basis for processing including basis of legitimate interest

Performance of a contract with you. 

Necessary to comply with our legal obligations.

Necessary for our legitimate interests (to keep our records updated).


Purpose/Activity

To ensure that content from our website is presented in the most effective manner for you and your computer.

 

Type of data

  • Identity 
  • Contact 
  • Financial 
  • Transaction.

Lawful basis for processing including basis of legitimate interest

Necessary for our legitimate interests (to develop our products/services and grow our business and provision of administration and IT services).


Purpose/Activity

To verify your identity.

 

Type of data

  • Identity
  • Contact
  • Financial
  • Transaction.

Lawful basis for processing including basis of legitimate interest

Necessary to comply with our legal obligations.

Necessary for our legitimate interests (for running our business and to prevent fraud and money laundering).


Purpose/Activity

As part of our efforts to keep our site safe and secure and to prevent or detect fraud.

 

Type of data

  • Identity
  • Contact
  • Financial
  • Transaction.

Lawful basis for processing including basis of legitimate interest

Necessary to comply with our legal obligations.

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).


Purpose/Activity

To provide customer support.

 

Type of data

  • Identity
  • Contact.

Lawful basis for processing including basis of legitimate interest

Performance of a contract with you.


Purpose/Activity

To comply with the requirements imposed by law or any court order.

 

Type of data

  • Identity
  • Contact
  • Technical
  • Usage.

Lawful basis for processing including basis of legitimate interest

Necessary to comply with our legal obligations.


Marketing 

You have the right to withdraw your consent for us to use your personal data for marketing purposes at any time. You also have the right to withdraw consent for us to pass your information to third parties for marketing purposes. If you do withdraw your consent, this will result in us ceasing to market goods and services to you.

You can ask us to stop sending you marketing messages at any time by:

If you do withdraw your consent to receiving marketing messages, we will still process your personal data in order to fulfil our contract with you and in accordance with our legal, accountancy and regulatory obligations.

If you no longer wish to be contacted by third parties for marketing purposes, please follow the instructions in their marketing communications, or consult their privacy policies about how to unsubscribe.

Third-party marketing 

We will get your express opt-in consent before we share your personal data with any company outside the Hilton Smythe Group of companies for marketing purposes.

Cookies

The Hilton Smythe website and applications may automatically collect data about how you use our services in order to help us improve future functionality. We use Google Analytics, which is a web analysis service provided by Google.

The cookies on the Hilton Smythe website do not track, collect or upload data such as your name, email address or billing information, but it may collect data about your equipment and browsing activities. We may collect and report on the adoption and usage of specific features, crashes and exceptions and other useful, anonymous metrics.

Certain devices can detect your approximate location, via latitude and longitude. The accuracy of this data is not in the control of Hilton Smythe. If this feature is requested, Hilton Smythe will prompt you to provide your permission to access your location data for the purposes of providing you with results or directions based on your current location. You can disable location settings within your browser or app.

To read more about our use of cookies on the Hilton Smythe website, please consult our cookie policy.

  1. DISCLOSURES OF YOUR PERSONAL DATA

We may have to share your personal data with the parties set out below for the purposes set out in the “Purposes for which we will use your personal data” table above. We have agreements in place with our third parties that restrict their use of your personal data. We only allow third parties to use your personal data for specified purposes and in accordance with our instructions.

CategoryExplanation
External
Third Parties
Service providers acting as processors based in the United Kingdom who provide IT and system administration services, anti-money laundering service providers, and services to enable us to perform our contract with you.Advertisers and advertising networks (including social media) that require the data to select and serve relevant adverts to you.Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accountancy services.HMRC, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
Other Third PartiesSometimes there may be third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice. 

Anti-Money Laundering

Hilton Smythe is committed to operating its business in a transparent and open manner consistent with our legal and regulatory obligations. We are aware that the property and business transfer industry is a target for organised criminals seeking to launder the proceeds of criminal activity. We always seek to prevent this activity by cooperating fully with the authorities and reporting suspicious activity to the National Crime Agency.

As part of this commitment, we adopt a strict compliance of all Anti-Money Laundering rules, with specific emphasis on the Proceeds of Crime Act 2002, the Money Laundering Regulations 2017, the Bribery Act 2010 and the Terrorism Act 2000.

Hilton Smythe’s policy commitment is applicable to all of our customers, including vendors, buyers, and landlord. As a result we obtain and hold for a period of at least seven years evidence pertaining to our customers’ identity and, where appropriate, we obtain proof of ownership of property and source/destination of funds. We will be unable to proceed with any work on behalf of our customers if we are unable to obtain this information. Customers’ identity will be subject to an electronic identity check, which may also include a credit check, leaving a soft search result on personal credit files.

Hilton Smythe Commercial (UK) Ltd is registered and supervised by HM Revenue & Customs for compliance with the Money Laundering Regulations 2017.

  1. DATA SECURITY

Once we have received your personal data we will use reasonable and necessary procedures and security features to try and prevent unauthorised access. For example, we limit who can access your personal data to those individuals and third parties who need to know it and who are subject to a duty of confidentiality. If we become aware of a data breach we will notify the Information Commissioner’s Office. If we believe that the data breach is serious, we may notify you in accordance with our legal requirements.

  1. INTERNATIONAL TRANSFERS

We will not transfer your personal data outside of the European Economic Area, except to a country offering the same level of protection for your personal data. For example, with certain service providers we may use specific contracts approved by the European Commission which ensures that your personal data has the same protection as it would have in Europe.

  1. DATA RETENTION

We hold on to your personal data whilst you use our services (or whilst we provide services connected to you) and for at least seven years thereafter, for legal, regulatory and accounting purposes. If we need to hold on to your personal data for longer, we take into consideration the potential risks in continuing to store your data against why we might need to keep it. In some circumstances we might anonymise your personal data so it is not associated with you, and we may then use this information indefinitely.

  1. YOUR LEGAL RIGHTS

Under data protection laws you have the right to protect and look after your personal data. You have the right to:

  • ask us for the personal data that we hold and process about you (this is commonly known as a data subject access request). You have rights to the following information:
    • the purpose(s) for which we are processing your information;
    • the categories of personal information we hold about you
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
    • the period for which we will store your information, or the criteria used to determine that period;
  • prevent the use of your personal data for marketing purposes by

Please note that even if you refuse marketing, we will still contact you to discuss the services you have asked us to provide to you or to tell you about changes to our terms and conditions.;

  • ask that any inaccurate information we hold about you is corrected;
  • ask that we delete the personal data we hold about you in certain situations;
  • ask that we stop using your personal data for certain purposes;
  • ask that we do not make decisions about you using completely automated means; and/or
  • ask that personal data we hold about you is given to you, or where technically feasible a third party chosen by you, in a commonly used, machine-readable format.

The rights listed above may apply in certain circumstances, and so we may not always be able to comply with your request to exercise these rights. We will usually respond to a request from you to exercise your rights within 1 month of receipt, but it might take longer if your request is particularly complex or if you have made a number of requests. Please be aware that we may need to process your personal data and/or request specific information from you to help us comply with your request. You will not usually have to pay a fee to exercise these rights, but we reserve the right to if your request is clearly unfounded, repetitive or excessive, alternatively we may refuse to comply with your request.

  1. CCTV/CALL RECORDINGS AND RETENTION

Our offices are fitted with Closed-circuit Television Cameras for the purpose of crime prevention and fact verification.

Some calls made to or by us are recorded for training, quality and fact verification.

Unless downloaded and saved securely, the retention period’s for CCTV and call recordings are detailed below.

  • CCTV, one calendar month.
  • Call recordings, three calendar months.

Complaints and Feedback

If you would like to speak to us about how we handle your personal data, please contact our Data Protection Officer in the first instance at dataprotection@hiltonsmythe.com. You can also complain to the Information Commissioner’s Office who is the UK supervisory authority for data protection issues.

Indemnity

You acknowledge that you are solely responsible for the use to which you put this website and all the results and information you obtain from it and that all warranties, conditions, undertakings, representations and terms whether expressed or implied, statutory or otherwise are hereby excluded to the fullest extent permitted by law.

Save in respect of liability for death or personal injury arising out of negligence or for fraudulent misrepresentation, we and all contributors to this website hereby disclaim to the fullest extent permitted by law all liability for any loss or damage including any consequential or indirect loss or damage incurred by you, whether arising in tort, contract or otherwise, and arising out of or in relation to or in connection with your access to or use of or inability to use this website.

Whilst we take every care to ensure that the standard of this website remains high and to maintain the continuity of it, we do not accept any ongoing obligation or responsibility to operate this website (or any particular part of it).

If any part of our terms and conditions is deemed to be unenforceable (including any provision in which we exclude our liability to you) the enforceability of any other part of these conditions will not be affected.

These terms and conditions and your use of this website are governed exclusively by English law.

This does not affect your statutory rights.