Commercial Privacy Policy

Commercial Privacy Policy

This Privacy Policy details how we, John Whiteman & Co LLP trading as John Whiteman & Co, collect and handle personal data in compliance with the Data Protection laws in the United Kingdom and the EU General Data Protection Regulation (GDPR).

We will ensure personal data is processed lawfully and fairly in a transparent way, which ensures its security, and no further than the legitimate purposes for which that data was collected. We will ensure that data collected is limited to what is necessary in relation to the processing purpose, is accurate and kept up to date and that it is kept in a form which permits identification of the data subject for no longer than is necessary. We will ensure that the information is held for no longer than is necessary and that it is not transferred outside the EU, to other countries or international organisations without an adequate level of protection.

If you do not want us to process your personal information as described in this Privacy Policy, please do not provide information to John Whiteman & Co LLP or submit your details on our section of the website

For questions relating to this Privacy Policy, please contact us at: or at 80 High Street, Bushey, Herts, WD23 3HD

About John Whiteman & Co LLP
John Whiteman & Co LLP registered as Limited Liability Partnership in England and Wales registration number is OC352595

Registered Office: c/o Hiller Hopkins LLP, Radius House, 51 Clarendon Road, Watford, Herts, WD17 1HP

How do we collect your personal data?
Personal data is collected by us using the following methods:

• Direct interactions with a member of staff in person, by post, telephone, email or otherwise when selling, letting or managing property, or sourcing property to sell, let or manage, or when you apply for any related services to our business.
• Automated technologies or interactions with our website and property portals, including using a web enquiry form.
• Publicly available sources processing Identity, Contact and Financial categories of personal data

The personal data we collect about you
Personal data collected, used, stored and transferred by us may include (but is not limited to) some or all of the following:

Contact Data – Your name, address, email and telephone numbers, and where you engage with us in a business context, your job title and company contact details.

Identity Data – Date of birth, proof of identity and address documents, and signature.

Financial Data– Employment information, bank statements, source of funds / income, financial history to confirm rental ability /suitability, Bank account details & insurance details.

Transaction Data – Price offered or paid for property sold, let, managed or rented through us.

Technical Data – including internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform and other technology on the devices used to access the John Whiteman & Co website.

Profile and Usage Data – including feedback and survey responses, and how you use our website, products and services.

Marketing and Communications Data – your communication preferences in relation to any marketing and sales, letting or management information.

How do we use your personal data?
We use your personal data in the following circumstances and relying on the following lawful basis for processing:
Purpose / Activity Data type collected Lawful basis of processing
Property Search, Landlord or general enquiry Contact Consent and Legitimate Interest
Tenants / Vendors and Potential Tenants / Vendors, Guarantors Identity, Contact, Financial, Transactional, Technical Legitimate Interest and Performance of a Contract. To comply with regulatory and legislative requirements
Landlords Identity, Contact, Financial, Transactional, Technical Legitimate Interest and Performance of a Contract. To comply with regulatory and legislative requirements
Freeholders, Lessees Identity, Contact, Financial, Transactional, Technical Legitimate Interest and Performance of a Contract. To comply with regulatory and legislative requirements
Contractors / Suppliers Contact, Financial Legitimate Interest and Performance of a Contract. To comply with regulatory and legislative requirements

We may analyse the personal information we collect directly from you and obtain using automated technical means to create a profile of your interests and preferences so that we can contact you with information relevant to you (if you have chosen to receive marketing communications from us). We may make use of additional information about you when it is available from external sources to help us do this effectively. These sources include the publicly accessible Land Registry.

We may also use any of your personal information that we collect from you directly and additional information about you from external sources where necessary to detect and reduce fraud and credit risk.

Our legal basis for this use of your personal information is our legitimate interests in preventing our business being subject to fraud or credit risk and/or performance of a contract, request or service to which you are party.

Change of purpose
We will only use your personal data for the purposes stated above, unless we reasonably consider that we need to use it for another reason and it is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Marketing Communications
You will always have the option not to receive marketing communications from us. We will never send you unsolicited ‘junk’ email or communications or share your personal data with anyone else who might do so.

You can opt-out of receiving this type of communications by amending the preferences on the relevant email communication or by contacting us at

Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an un-authorised way, altered or disclosed. We also limit access to your personal data to only those members of staff, contractors, professional advisors and suppliers who have a business or legitimate need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

When using the John Whiteman & Co website, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

Website Third-party links
The John Whiteman & Co website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

Sharing of personal data outside of the European Economic Area
Due to the international nature of modern business technology, there may be some instances where your data is processed or stored outside of the European Economic Area. In those instances, we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law.

We will not sell or rent your information to third parties.

Who we disclose personal data to
Your personal data may be shared with third parties for the following purposes:
Purpose / Activity Who Data may be shared with
Property Search, Landlord or general enquiry Regulating authorities
Potential purchasers and/or Tenants Regulating authorities, Financial Services providers, Surveyors, Solicitors, Referencing agencies, Landlords
Sellers and Landlords Regulating authorities, Financial Services providers, Surveyors, Solicitors, Debt collection agencies, Professional service providers (ie: photographer/videographer, EPC and floor plan) Local Authorities, Referencing agencies, Contractors, Suppliers
Managed Tenants Regulating authorities, Financial Services providers, Debt collection agencies, Local Authorities, Referencing agencies, Contractors, Suppliers
Freeholders, Lessees Regulating authorities, Financial Services providers, Surveyors, Solicitors, Referencing agencies, Contractors, Suppliers
Contractors and suppliers, we deal with are required to ensure appropriate security measures are in place and maintain the confidentiality of your personal data, and to use your personal data only in the course of providing such services and in accordance with contractual, legitimate or regulatory purposes.

How long is your personal data retained?
We only retain your personal data for as long as necessary for us to provide a service or as legally required. The length of time we hold your information for will vary dependent on the lawful basis for collecting and processing the data.

We will hold data supplied where there is a legitimate interest in doing so (such as where a client or customer has registered with us, expressing an interest in any of our services such as, buying, selling, letting or managing a property through us) for a period of 7 years.

Where a transactional relationship has been entered into and there is a contractual necessity to do so, or where there is a requirement to comply with regulatory or legal obligations (for example in order to comply with the requirements of The Property Ombudsman and HM Revenue and Customs Anti Money Laundering Regulations 2017), we will keep all personal information for a period of 15 years. We hold your personal data for this period for regulatory and accounting purposes, and to establish, bring or defend legal claims.

The only exceptions to the periods mentioned above are where:

• The law requires us to hold your personal data for a longer period, or delete it sooner.
• If there are outstanding balances due to us at the end of our relationship, we will retain your data for the above mentioned period following the collection of all amounts owed to us.
• You have raised a complaint or concern regarding our services, in which case we will retain your data for a period of seven years following the conclusion date of that complaint.
• You exercise your right to have the data erased and we do not need to hold it in connection with any of the reasons permitted or required under the law.

How can you manage the data we hold about you.
You have a number of rights in relation to your personal data under data protection law. Except in rare cases, we will respond to you within one month after we have received any request.

You have the right to:

• Ask for a copy of the personal data that we hold about you.
• Ask for the personal data we hold about you to be corrected or updated.
• Withdraw your consent to us holding your personal data (where we rely on that consent).
• Object to our use of your personal data (where we rely on the public interest or our legitimate interests to use it) provided we do not have any continuing lawful reason to continue to use and process the data.
• Request that we erase your personal data (or restrict the use of it), when we do not have any continuing lawful reason to continue to use it.
• Receive copies of the data you have provided to us in a structured data file (in a commonly used and machine readable format) to transfer to another provider.

Questions relating to this policy
If you have any questions or complaints relating to how we use your personal data, or if you wish to exercise any of your rights regarding your personal data, please contact the Data Protection Manager by emailing by writing to us. We will respond to you as soon as is possible. The length of time will depend on the type and complexity of the request, but you will receive a response no later than one month from the initial request.

What if I am still not satisfied?
If you are not satisfied with how John Whiteman & Co LLP has responded to your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO), who is the regulator for data protection in the United Kingdom.

Changes to our Privacy Notice
We keep our Privacy Notice under review and we will place any updates on this web page.

This Privacy Notice was last updated on 7th August 2018.

Regulated by RICS