Last updated: 20/10/2025
Who we are: GAULD ESTATE AGENTS LTD (company number 15732124)
Address: 2–6 Abington Square, Northampton, NN1 4AA
Phone: 01604 620 620 · Email: info@gauld.uk · Web: https://gauld.uk/
1) Purpose of this notice
This Privacy Policy explains how we collect, use, share and protect your personal data when you deal with us as a seller, buyer, enquirer, website visitor, supplier or professional contact. It also explains your rights and how to use them under the UK GDPR and Data Protection Act 2018.
2) Who is the data controller and how to contact us
-
Data controller: GAULD ESTATE AGENTS LTD
-
Data protection lead (DPL): Gamze Gauld
-
Contact: info@gauld.uk · 01604 620 620 · 2–6 Abington Square, Northampton, NN1 4AA
If you have questions about this notice or your data, contact our DPL first. You can also complain to the Information Commissioner’s Office (ICO): 0303 123 1113; ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
3) The data we collect
We collect the minimum personal data needed to provide our services:
-
Identity & contact: name, address, email, phone; proof of ID/address for anti-money laundering (AML) checks.
-
Property & transaction: property address, ownership details, tenure/lease info, photos, floor plans, EPC number, offers and negotiations.
-
Financial & status (limited): proof of funds/mortgage in principle for buyers (verification only), sale price, chain position.
-
Communications: enquiries, emails, call notes, viewing feedback.
-
Website & devices: IP address, device/browser data, cookie preferences (see §10).
-
Lettings (if applicable): employment and affordability info, previous landlord references, right-to-rent, guarantor details. (Only if you ask us to provide lettings or tenant-find services.)
Where we get data: directly from you (forms, calls, emails, viewings), from public sources (e.g., HM Land Registry, EPC Register), from property portals when you submit an enquiry, and from third parties you authorise (ID/AML providers, conveyancers, mortgage advisers).
We do not intentionally collect special-category data. If you volunteer health or accessibility information (e.g., for safe viewings), we use it only with your consent or where necessary to protect vital interests.
4) Why we use your data and our lawful bases
We use your data only when the law allows:
| Purpose | Examples | Lawful basis |
|---|---|---|
| Provide estate agency services | Valuations, marketing, viewings, offers, sale progression | Contract (to perform our contract or take steps at your request) |
| Verify identity / prevent financial crime | AML and sanctions checks; required record keeping | Legal obligation |
| Manage our relationship | Service updates, appointment scheduling, day-to-day communications | Contract / Legitimate interests |
| Improve and secure our website/services | Security logs, fraud prevention; optional analytics | Legitimate interests (security); Consent (non-essential cookies) |
| Direct marketing | News and services by email/SMS | Consent for individuals / soft opt-in for our own similar services; legitimate interests for corporate subscribers (always with opt-out) |
You can opt out of marketing at any time (see every email footer or contact us).
5) Who we share data with
We share data only when necessary and under contracts that protect it:
-
Professional partners you choose: your conveyancer/solicitor, buyer’s/seller’s solicitor, surveyors, mortgage brokers (with consent).
-
Regulatory checks/authorities: AML/KYC providers and, where required by law, HMRC or other competent authorities.
-
Property marketing suppliers: photographers/videographers, EPC assessors, board erecting, print/design, digital advertising, property portals.
-
IT & operations: estate-agency CRM, email and cloud hosting, e-signature, appointment and messaging tools, website hosting, analytics/cookie-management platform.
We do not sell personal data.
6) International transfers
Some providers may process data outside the UK. Where that happens, we rely on a UK adequacy decision (e.g., the UK-US Data Bridge) or appropriate safeguards (e.g., the ICO International Data Transfer Agreement/Addendum), plus transfer risk assessments.
7) How long we keep data
We keep data only as long as needed for the purpose collected and to meet legal/tax/AML requirements. Typical periods:
-
Sales file (seller/buyer): 7 years after completion.
-
AML records: at least 5 years after the end of the business relationship or transaction.
-
General enquiries (no instruction): up to 12 months after last contact.
-
Marketing preferences/suppression: kept indefinitely to honour opt-outs.
When retention ends, we securely delete or anonymise data.
8) Your rights
You have rights to access, rectify, erase, restrict, object (especially to marketing or processing based on legitimate interests), and portability (where applicable). We respond within one calendar month and may extend by up to two months for complex requests (we’ll tell you if so). Normally there is no fee.
To exercise your rights, email info@gauld.uk or write to our address (see §2). You also have the right to complain to the ICO.
9) Security
We use appropriate technical and organisational measures—access controls, encryption in transit, role-based permissions, staff training, vendor due diligence, and secure disposal—proportionate to the risks.
10) Cookies & similar technologies (gauld.uk)
-
We use essential cookies to make the site work (e.g., security, load balancing, cookie preferences).
-
We only set non-essential cookies (e.g., analytics/advertising) with your consent via our cookie banner. You can change your choices anytime via Cookie Preferences in the footer.
For details of cookie names, purposes and durations, see our separate Cookie Policy (linked from the banner and footer).
11) Children
We do not directly provide services to children and do not knowingly collect children’s data. If children’s information is provided (e.g., to manage safe viewings), we limit processing and seek appropriate consent.
12) CCTV and in-person visits (if applicable)
If you visit our office, there may be building-owner CCTV for security. Where that CCTV is not operated by us, the building owner is the separate controller and their privacy notices apply.
13) Changes to this policy
We review this notice regularly and will post updates here with a new “Last updated” date. Significant changes may be highlighted on our website.
