Privacy Policy

This privacy policy sets out how Craven Wildsmith Property Management LLP and Craven Wildsmith (Retford) Ltd (Craven Wildsmith) collects, uses and protects your personal information.

We are committed to ensuring that your privacy is protected and that all personal data obtained and processed by us is done in accordance with the General Data Protection Regulations (GDPR) and UK data protection laws.

‘Personal Information’ means data that relates to a natural individual who can be identified from that information or together with other information which is held by or is likely to be held by the company. Whilst GDPR does not cover information that identifies an organisation, it does cover personal and sensitive information relating to individuals within it (e.g. directors, beneficial owners or other controlling officials).

Who we are
The companies responsible for the processing of your personal information are Craven Wildsmith Property Management LLP and Craven Wildsmith (Retford) Ltd both operating from 41 Nether Hall Rd, Doncaster, South Yorkshire, DN1 2PG and hereinafter referred to as Craven Wildsmith.

What information we might collect
Data is only obtained, processed or stored when we have met the lawfulness of the processing requirements of the GDPR. We may collect the following information to effectively and compliantly carry out everyday business transactions:
• Name and job title.
• Addresses.
• Contact details including email address, mobile and landline numbers.
• Financial information including bank details, credit/debit card details (although we do not retain any card payment information).
• Demographic information such as postcode, along with any preferences and interests.
• Passport and driving licence details and any other information required to identify an individual for money laundering purposes.
• Other information relevant to letting, property management, purchases, surveys and promotions.

How the information is collected
Most of the personal information we hold about you is that which we collect directly from you.
Personal data can be collected in one or more of the following ways:
• When you communicate through email, phone or website.
• When you book a viewing for a property
• When you apply to lease or purchase a property.
• When you register to receive information from us.
• Each time you contact us for any of our professional property services.
• If you interact with us, respond to communications or surveys, or enter competitions.
• From credit refence agencies

What we do with the information we gather and the legal basis for processing
We require this information to understand your needs and provide you with a better service, and in
particular for the following reasons:
• It is necessary for the performance of a contract between you and us, and essential for our
legitimate interests and legal obligations including payment details.
• To process payments and assess financial risks by carrying out credit reference checks, etc.
• Fulfil our obligations owed to a relevant regulator, tax authority or revenue service as is
necessary for compliance with our legal and regularity obligations.
• We may use the information to improve our products and services.
• To send communications about new products, services, company news and promotions or
other information which we think you may find interesting using the email which you may
have provided.

Information sharing
We will not pass personal data to third parties for marketing, sales or any other commercial purposes
without your prior explicit consent. We only share personal data where we are required to do so by
law, where it is necessary to fulfil our statutory obligations and in limited circumstances with certain
third parties acting on our behalf in order to provide a service you have requested from us.
We undertake to share only information which is relevant and necessary for the provision of the
relevant service. People we share your information with are obliged to keep your details securely
and use them only to fulfil your request.

In very limited and necessary circumstances, your information may have to be transferred outside of
the EEA or to an international organisation to comply with our legal or contractual requirements.
If it is necessary to transfer personal information outside of the EEA, we will make sure that it is
protected in the same way as if it was being used in the EEA and we will use one of these safeguards:
• Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
• Put in place a contract with the recipient that means they must protect it to the same
standards as the EEA.

We are committed to ensuring that your information is secure. In order to prevent unauthorised
access or disclosure, we have put in place suitable physical, electronic and managerial procedures
to safeguard and secure the information we collect.
If you suspect any misuse or loss of or unauthorised access to your personal information please let
us know immediately by emailing the Data Controller at or by calling 01302 36 86 86.

Data Breach
The GDPR defines a personal data breach as “a breach of security leading to the accidental or
unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.
This includes breaches that are the result of both accidental and deliberate causes. Personal data
breaches can include:
• Access by an unauthorised third party.
• Deliberate or accidental action (or inaction) by a controller or processor.
• Sending personal data to an incorrect recipient.
• Computing devices containing personal data being lost or stolen.
• Loss of availability of personal data
• Alteration of personal data without permission.
If there is a data breach which leads to the loss of highly sensitive data and poses a risk to that data,
we will notify the relevant Information Commissioner Office within 72 hours of first becoming aware
of that breach. The data subject will also be notified.

How long do we keep personal data?
We will retain your personal data for as long as is necessary to allow us to carry out our business or
where appropriate as required to be kept by law, regularity requirements or in in connection with
any anticipated litigation.
To determine the appropriate retention period for personal data, we consider the amount, nature,
and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure
of your personal data, the purposes for which we process your personal data and whether we can
achieve those purposes through other means, and the applicable legal requirements.

Your rights
Under the GDPR and the Data Protection Act (DPA) 2018 you have a number of rights with regard to
your personal data. You have the right to request from us access to and rectification or erasure of
your personal data, the right to restrict processing, object to processing as well as in certain
circumstances the right to data portability.
• You have the right to obtain access to and copies of personal information we hold about you
(data Subject access request) which you have provided to us, including for the purpose of
you transmitting that data to another data controller. We will provide this information at the
earliest opportunity, but at a maximum 28 days from the date the request was received.
Where the provision of information is complex or subject to a valid delay, the period may be
extended by two further months where necessary and you will be kept informed throughout
the retrieval process of the reasons for the delay.
There is not normally any charge for a Data Subject Access Request. If your request is
“manifestly unfounded or excessive” (e.g Repetitive requests) a fee may be charged to cover
administrative costs.
• You have the right to require us to update and amend personal information we hold about
you which you have provided to us.
• You have the right to request us not to send you marketing communications.
• You have the right to request us to erase all your personal information (the right to be

We have ensured that exercising your rights to the above is as clear and straightforward as possible,
and can be done so by stating your request in writing to:
Data Privacy
Craven Wildsmith
41 Nether Hall Road
Doncaster DN1 2PG
Or by email to:
If you no longer wish to receive marketing information from us, this can be done by contacting us in
writing or using the email address above.
Please note that these rights may be limited by data protection legislation, and we may be entitled
to refuse requests where exceptions apply. If, for any reason, we are unable to act in response to a
request for erasure, we always provide a written explanation to the reasons why.

Changes to this Privacy Policy
This privacy policy is regularly reviewed. This is to make sure that we continue to meet the highest
standards to protect your privacy. We reserve the right, at all times, to update, modify or amend this
policy. We suggest that you review this Privacy Policy from time to time to ensure you are aware of
any changes we may have made; however, we will not significantly change how we use the
information you have already given to us without your prior agreement. The latest version of this
policy can be found at

Questions & Queries
If you have any questions or queries which are not answered by this Privacy Policy or have any
potential concerns about how we may use the personal data we hold, please write to
Data Privacy
Craven Wildsmith
41 Nether Hall Road
Doncaster DN1 2PG
Or by email to:

If you are not satisfied with how we are processing your personal information, we hope you would
allow us the opportunity to resolve it first, if we are not able to rectify any issue to your satisfaction
you can make a complaint to the Information Commissioners Office, you can contact them on 01625
You can find out more about your rights under data protection legislation from the Information
Commissioner’s Office website: or Citizens Advice Bureau.