This privacy policy sets out what personally identifiable data we hold, how we manage it, how you can correct any discrepancies, and how to contact us to address any problems. If you have any concerns not already covered here, please get in touch with us on 0800 002 5171 or info@psrlegal.co.uk

What data we hold

PSR Legal store the following personally identifiable information:-

1. Customer names, email and postal addresses, and phone numbers.
   • These are used to allow us to provide our services to you. We return searches and invoices by email or by post, and may contact you by phone for any difficulties encountered in the process of completing your searches.
2. Website visitor IP addresses, identification "cookies", and logs of which pages are accessed.
   • These are used for tracking which user you're logged into the website as.
   • These are also used for diagnostic purposes, so that we can identify which customers are having problems when errors are encountered on the website.
   • We also use these to distinguish individual visitors to the site so that we can monitor visitor interest in different products and services.
3. Names and addresses of properties against which customers order searches (and any other information specific to the type of search ordered)
   • We keep the names and addresses associated with any searches ordered. We require these to provide our products and services to you, since our products relate directly to properties associated with the address, or insurances provided to the named people.
   • Some searches may require additional information - for example, insurances may require the value of the property. We'll hold that in the same way as the names and addresses associated with the order.
4. Names, email addresses, and phone numbers of people who have registered to receive marketing information from us
   • You may have provided your contact details to us for marketing purposes - for example, to receive information about new products and services from us.

How we manage your data

In general, we only retain the information required to provide our services to you. This means we keep data differently for different purposes; for example, we keep records of any searches provided - and the names and addresses associated with them - indefinitely, as we offer a lifetime warranty on many of our searches and need to retain details of exactly what was originally ordered to provide this.

We retain the following information indefinitely, for the reasons given below:-

1. Customer contact details
   • Used to keep records of who originally ordered a search, as well as to contact customers to provide our services. This is required so that we can provide warranties, and also so that we can meet our audit requirements for the Council of Property Search Organisations (who require that we provide samples of searches sold).
2. Names and addresses associated with searches
   • We retain these so that we can provide you with copies of previous searches, and so that we can investigate customer concerns with our products (e.g. warranty claims).
3. Contact details of customers who have chosen to receive marketing information.
   • We retain this information so that we can contact you with the information you've chosen to receive. You can ask us to remove these at any time if you no longer wish to receive marketing information from us.

We retain the following information for a period of three months:-

1. Website visitor IP addresses and session details
   • These are used for diagnostic purposes, and to track visitor interest in products and services on our website. We hold them for this period of time as it's often necessary to look back through our records to determine when a problem was first encountered, or what circumstances caused a change for a customer.
2. Customer details for anti-money laundering searches
   • These searches need your customer's passport or driving license information, as well as previous addresses. We retain this information just long enough to allow you to query the results, but as it's sensitive information we delete it after a reasonable period has expired.

As part of how we provide our services, we need to share some of your data with third parties who supply information to us, or who provide services we use internally.

The following companies provide search or insurance products to us:-

• Albion Water
• Anglian Water
• Argyll Environmental
• BT
• CAA
• CLS
• Cable and Wireless
• Canal & River Trust
• Coal Authority
• Forestry Commission
• FormEvo
• Future Climate Info
• GBG
• Geodesys (Anglian Water)
• Groundsure
• Highways Agency
• Land Registry
• Landmark
• Lawyer Checker
• Local Authority
• Network Rail
• Northcott Beaton
• Northumbrian Water
• Ordnance Survey
• Port of London Authority
• Royal Mail
• SDLT.co.uk
• Scottish and Southern Energy
• Severn Trent Water
• South West Water
• Southern Water
• Stewart Title
• Terrafirma
• Thames Water
• TM Group
• Transport for London (TfL)
• United Utilities
• Veolia Water
• Virgin Media
• Water Authority
• Welsh Water
• Wessex Water
• Yorkshire Water

We provide third parties with the smallest possible set of your information required to perform the work required. For the case of search providers, this generally means your contact details and the address associated with the search products you've ordered. For insurance products, the names of the insured parties are generally also required. For identity check and anti-money laundering products, further details about your customer are required.

Dealing with Subject Access Requests

This Data Protection Policy document explains our internal policy for dealing with Subject Access Requests.

• Individuals have the right to request a copy of the personal data we hold on them and this is called a Subject Access Request.
• Subject Access Requests can be received in any format (by email, over the phone, in person or via social media) and the individual doesn’t need to use the words ‘subject access request’.
• If an individual requests a copy of their data, then it is a subject access request and we must deal with it appropriately.
• Staff are trained to recognise a Subject Access Request and to refer them to the Data Protection Manager.
• All Subject Access Requests must be referred to the Data Protection Manager and will be dealt with on an individual basis, as we do not envisage a high volume of requests.
• This policy will be revised if we begin to receive a high volume of requests (more than 3 per week).
• It is our policy to respond to a subject access request within 30 days.
• It is our policy not to make a charge for Subject Access Requests, but in limited circumstances (if the request is repeated, excessive or would require a disproportionate effort) we reserve the right to make a nominal charge to cover administrative costs, where appropriate.
• If we anticipate it will take longer than 30 days to respond to the request, we will write to the individual data subject to advise them of this and to let them know when we expect to be able to respond.
• When responding to a Subject Access Request, We will also provide a copy of the personal data undergoing processing and where the data has been requested electronically, we will respond, where possible, by providing the information in a commonly used electronic format.
• We will provide information regarding:
  • The purpose of the processing
  • The categories of personal data concerned
  • The recipients or categories of recipients to who the personal data have been or will be disclosed, including any recipients in third countries or international organisations and details of the appropriate safeguards in place
  • The envisaged period for which the data will be stored, or if not possible, the criteria used to determine that period
  • The existence of the right to request rectification or erasure of the personal data or to restrict or object to the processing of that data
  • The right to lodge a complaint with ICO
  • Where the personal data were not collected from the individual data subject, any available information as to their source
  • The existence of automated decision-making including profiling, including information about the logic involved as well as the significance and the envisaged consequences of the processing for the individual data subject

How to contact us to address any concerns

If you wish to change or remove any information we store about you, please get in touch with us the first instance. We can be reached on 0800 002 5171 or info@psrlegal.co.uk

If you have further concerns, our data protection officer can be reached at info@psrlegal.co.uk Any requests for information under the data protection regulations should also be submitted to this email address.

The website www.psrlegal.co.uk is operated by PSR Legal Ltd, registered number 12399891. Our registered office is 10 Melville Road, Sidcup, DA14 4LX VAT number is 340176330.