Privacy Policy

JEFFREY ROSS LIMITED – PRIVACY NOTICE

(Updated for UK GDPR & Data Protection Act 2018)

Last updated: 01 November 2025

Jeffrey Ross Limited (“we”, “us”, “our”) is an estate and letting agency operating in South Wales and Bristol. We are committed to protecting your privacy and handling your personal information in a lawful, fair and transparent way.

Note on Terminology (Wales):

In Wales, the term “Tenant” also includes “Contract-Holders” under the Renting Homes (Wales) Act 2016. References to “tenants” in this Privacy Notice should be interpreted to include contract-holders where applicable.

This Privacy Notice explains:

• the types of personal information we collect;
• how and why we use it;
• who we share it with;
• how long we keep it;
• your rights under UK data protection law; and
• how to contact us.

We are the “data controller” responsible for your personal information.

1. WHO THIS PRIVACY NOTICE APPLIES TO

This notice applies to the following groups:

• Vendors
• Purchasers
• Landlords
• Tenants
• Guarantors
• Individuals who contact us with enquiries
• Individuals who register for marketing or property alerts
• Individuals who use our website
• Suppliers / contractors (e.g., builders, electricians)
• Visitors to our premises (including CCTV)
• Individuals who engage with us via social media

Where we refer to “you”, we mean anyone in the list above.

2. OUR APPROACH TO PRIVACY

We comply with:

• the UK General Data Protection Regulation (UK GDPR),
• the Data Protection Act 2018, and
• the Privacy and Electronic Communications Regulations (PECR) (covering cookies, electronic marketing etc.).

 

We ensure that:

• personal information is used lawfully, fairly and transparently;
• it is collected for specific, legitimate purposes;
• it is kept secure and only as long as necessary; and
• you are able to exercise your data protection rights at any time.

 

3. THE PERSONAL INFORMATION WE COLLECT

We collect different information depending on who you are and what services you engage with.
This may include:

Contact details

Name, address, email address, telephone number.

 

Identity verification

Photographic ID, proof of address (utility bill, bank statement), date of birth, nationality, right-to-rent documentation.

 

Financial information

Bank details, proof of funds, mortgage status, salary and employment information (for tenants/guarantors), income and benefit information (where relevant).

Property-related information

Property ownership details, tenancy details, property preferences, search criteria.

References and checks

• Tenant referencing & ID checks via Vouch
• Anti-money laundering (AML) checks for vendors and buyers via CreditSafe

Website usage & cookies

Information collected via cookies and analytics tools including:

• Google Analytics 4
• Google Ads conversion tracking / remarketing
• Meta Pixel (Facebook)
  This may include IP address (pseudonymised), device IDs, browsing activity, and interaction data.

 

CCTV

Your image if you visit our branches.

Social media

Publicly available information (username, comments, posts) when you engage with our social media accounts.

4. WHY WE USE YOUR PERSONAL INFORMATION AND LEGAL BASES

We use your information only where we have a lawful basis under UK GDPR.

Vendors & Landlords

Purposes include:

• Marketing your property
• Facilitating viewings, offers, negotiations and contracts
• Passing your details to buyers/tenants and relevant third parties
• AML checks (via CreditSafe)
• Legal compliance including anti-money-laundering and property legislation
• Managing rental properties (if applicable)
• Internal administration and record keeping

Legal bases:

• Performance of a contract
• Legal obligation (AML, tax, landlord legislation)
• Legitimate interests (efficient business operation)

 

Purchasers

Purposes include:

• Registering interest in properties
• Communicating updates and arranging viewings
• Confirming proof of funds
• Preparing and issuing memorandum of sale
• AML checks via CreditSafe
• Internal administrative records

Legal bases:

• Legitimate interests
• Legal obligation (AML)

 

Tenants

Purposes include:

• Assessing suitability and affordability
• Tenant referencing (via Vouch)
• Right-to-rent checks (statutory obligation)
• Preparing tenancy agreements
• Passing details to landlords, contractors, utility providers, local authorities
• Managing your tenancy and maintenance
• Returning deposits or overpayments

Legal bases:

• Performance of a contract
• Legal obligation (Right-to-Rent & other legislation)
• Legitimate interests (selecting suitable tenants)

Special category data (if any disclosed):
Processed under substantial public interest, e.g., statutory obligations relating to immigration checks.

 

Guarantors

Used to assess suitability and financial capacity.
Legal basis: Legitimate interests to ensure rent can be paid.

 

Individuals contacting us with enquiries

Legal bases:

• Consent (where you submit an enquiry)
• Legitimate interests (responding efficiently)

 

Marketing subscribers

We use your information to send property alerts, news and promotions.

Legal basis:

• Consent for email/SMS marketing (PECR)
• Legitimate interests for postal marketing to potential sellers where appropriate.

You may unsubscribe at any time.

 

 

 

Website users / cookies

We use cookies to:

• analyse website usage (Google Analytics 4)
• run marketing and retargeting campaigns (Google Ads, Meta Pixel)
• improve website functionality

Legal basis:

• Consent (non-essential cookies) under PECR
• Legitimate interests (essential cookies required for website functionality)

 

CCTV

To prevent crime, ensure safety, support investigations and manage our premises.

Legal basis:

• Legitimate interests
• Substantial public interest (prevention/detection of crime)

Retention: 90 days, unless longer is required for an investigation.

 

Suppliers / contractors

We process contact and payment information to engage you and manage contracts.
Legal basis: Contract performance & legitimate interests.

 

5. WHO WE SHARE YOUR PERSONAL INFORMATION WITH

We may share your information with:

Core property-related third parties

• Buyers / sellers / landlords / tenants (as appropriate)
• Solicitors
• Mortgage advisors (where instructed by you)
• Contractors (repairs, inspections, safety certificates)
• Utility providers & local authorities
• Deposit schemes (if applicable)

 

Referencing & AML partners

• Vouch (tenant referencing / ID checks)
• CreditSafe (AML checks for sales)

IT and cloud service providers

• Alto CRM
• Microsoft 365, OneDrive, SharePoint
  These providers may store data in the UK or internationally.

Marketing partners

• Email marketing platforms
• Analytics and advertising platforms (Google, Meta)

Professional advisers

Our accountants, legal advisors, auditors.

Regulators & law enforcement

Courts, police, HMRC, ICO, National Trading Standards.

We never sell your personal information.

 

6. INTERNATIONAL TRANSFERS

Some of our technology providers (such as Microsoft, Google, Meta and Alto) may store or process information outside the UK.

Where this happens, we ensure that safeguards required under UK GDPR are in place, such as:

• UK adequacy regulations, or
• International Data Transfer Agreement (IDTA), or
• Addendum to EU Standard Contractual Clauses

We also carry out transfer risk assessments where required.

 

7. HOW LONG WE KEEP YOUR PERSONAL INFORMATION

We retain information only for as long as necessary:

Category	Typical Retention Period
Sales files (vendors/purchasers)	7 years after completion
Lettings files (landlords/tenants/guarantors)	7 years after tenancy end
Enquiries	Up to 12 months after last meaningful contact
Marketing subscribers	Until you unsubscribe
CCTV footage	90 days (unless required longer)
Supplier/contractor records	Duration of contract + 7 years

 

8. SECURITY MEASURES

We use a range of technical and organisational measures including:

• role-based access controls
• multi-factor authentication
• encryption of devices and data in transit
• secure cloud storage
• staff training in data protection
• secure destruction of records
• regular monitoring of third-party processor security

You can help by keeping passwords secure and never emailing bank details.

 

9. YOUR RIGHTS

You have rights under UK GDPR, including:

• Access to your data
• Correction of inaccurate data
• Erasure (“right to be forgotten”)
• Restriction of processing
• Portability
• Object to processing (including marketing)
• Withdraw consent at any time
• Not to be subject to automated decision-making
• Complain to the ICO

To exercise your rights, contact us using the details below.

 

 

 

10. WITHDRAWING CONSENT

Where we rely on your consent (e.g., email marketing, cookies), you may withdraw it at any time by:

• clicking unsubscribe in any marketing email, or
• contacting us directly.

 

11. HOW TO CONTACT US

Data Controller:
Jeffrey Ross Limited
11-13 Penhill Road, Cardiff, CF11 9PP

Email: [email protected]
Telephone: 029 2049 9680

Data Privacy Manager:
Laura Geach, Director
Email: [email protected]

 

12. COMPLAINTS

You can raise concerns with us at any time.
You also have the right to complain to the ICO:

Information Commissioner’s Office (ICO)
www.ico.org.uk
0303 123 1113

 

13. CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice periodically.
Any significant changes will be posted on our website and, where appropriate, notified directly.