[Farrar & Forbes] (“we,” “our,” or “us”) is committed to protecting your privacy. This policy explains how we collect, use, and store your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Information We Collect
We may collect and process the following personal information:
Financial details (bank details, proof of income, credit history)
Property details (ownership, tenancy, purchase and sale records)
Communication records (emails, calls, correspondence)
Website usage data (IP address, cookies, browsing behavior)
2. How We Use Your Information
We use your personal data for the following purposes:
To provide estate agency services (property sales, lettings, management)
To carry out checks (tenant referencing, anti-money laundering, credit checks)
To process payments, deposits and contracts
To comply with legal obligations (e.g., HMRC, property regulations)
To communicate with you about your property, tenancy or transaction
For marketing purposes, where you have consented
3. Lawful Bases for Processing
We process your data under the following legal bases:
Contract: to perform our obligations under agreements with you
Legal Obligation: to comply with applicable laws (e.g., AML, Right to Rent checks)
Legitimate Interests: to manage our business operations and provide our services
Consent: where you have opted in to receive marketing communications
4. Sharing Your Information
We may share your data with:
Landlords, tenants, buyers, and sellers as necessary.
Professional advisers (solicitors, surveyors, mortgage brokers).
Referencing and credit agencies.
Regulators and authorities where legally required.
Third-party service providers (IT, marketing, payment processors).
We do not sell your data to third parties.
5. Data Retention
We retain personal data only for as long as necessary:
For legal and regulatory requirements (e.g., tax, anti-money laundering)
For the duration of your tenancy, contract, or relationship with us
For up to [1 year] after your relationship ends, unless a longer period is required by law
6. Your Rights Under GDPR
You have the right to:
Request access to your personal data
Request correction of inaccurate data
Request erasure of your data (where legally permissible)
Restrict or object to certain types of processing
Request data portability
Withdraw consent where processing is based on consent
Lodge a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk)
To exercise your rights, please contact us at [Insert Email Address].
7. International Data Transfers
Where we transfer personal data outside the UK/EEA, we ensure it is protected by appropriate safeguards (such as adequacy regulations or standard contractual clauses).
8. Cookies
Our website uses cookies and similar technologies to improve your browsing experience, analyze site traffic, and provide personalized content. You can manage cookies in your browser settings.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be published on this page with the revised “Last Updated” date.
10. Contact Us
If you have any questions about this Privacy Policy or your data rights, please contact us:
Used by Google Analytics to determine which links on a page are being clicked
30 seconds
_ga_
ID used to identify users
2 years
_gid
ID used to identify users for 24 hours after last activity
24 hours
_gat
Used to monitor number of Google Analytics server requests when using Google Tag Manager
1 minute
_gac_
Contains information related to marketing campaigns of the user. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked together.
90 days
__utma
ID used to identify users and sessions
2 years after last activity
__utmt
Used to monitor number of Google Analytics server requests
10 minutes
__utmb
Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server.
30 minutes after last activity
__utmc
Used only with old Urchin versions of Google Analytics and not with GA.js. Was used to distinguish between new sessions and visits at the end of a session.
End of session (browser)
__utmz
Contains information about the traffic source or campaign that directed user to the website. The cookie is set when the GA.js javascript is loaded and updated when data is sent to the Google Anaytics server
6 months after last activity
__utmv
Contains custom information set by the web developer via the _setCustomVar method in Google Analytics. This cookie is updated every time new data is sent to the Google Analytics server.
2 years after last activity
__utmx
Used to determine whether a user is included in an A / B or Multivariate test.
Lettings - Offline
Greg Forbes
Sales - Online
Reece Farrar
