GDPR Policy

1. Introduction

Nelston Property Consultants is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we handle personal data and protect the rights of individuals.

2. Data Controller

Nelston Property Consultants acts as a data controller when collecting and processing personal data.

Registered address: 71-75 Shelton St WC2H 9JQ London UK

Contact: test-email.hyphenconnect.ai

3. Principles of Data Processing

We adhere to the following UK GDPR principles:

⦁ Lawfulness, fairness & transparency

⦁ Purpose limitation (data used only for stated purposes)

⦁ Data minimisation (only what is necessary)

⦁ Accuracy

⦁ Storage limitation

⦁ Integrity & confidentiality (secure processing)

⦁ Accountability

4. Lawful Basis for Processing

We process personal data under these lawful bases:

⦁ Consent – when you opt-in to receive marketing communications.

⦁ Contract – to provide consultancy services you request.

⦁ Legal obligation – for record-keeping, accounting, and regulatory purposes.

⦁ Legitimate interests – for business operations such as fraud prevention and service improvements.

5. Data Collected

⦁ Name, email, phone, postal address

⦁ Property details, investment goals

⦁ Payment information (processed securely by third-party providers)

⦁ Technical data such as IP address and device/browser information

6. Data Subject Rights

You have the right to:

⦁ Access your personal data

⦁ Request correction or deletion

⦁ Restrict or object to processing

⦁ Request data portability

⦁ Withdraw consent at any time

⦁ Lodge a complaint with the ICO (Information Commissioner’s Office)

7. Data Retention

We retain personal data only as long as necessary for service delivery and legal compliance. Retention periods are documented in our internal retention schedule.

8. Security Measures

We use technical and organisational safeguards including encryption, secure servers, restricted access, and staff training.

9. Data Sharing & Transfers

⦁ We do not sell personal data.

⦁ Data may be shared with service providers (e.g. email platforms, payment processors) under strict contracts.

⦁ Data transferred outside the UK will be protected by appropriate safeguards (e.g. Standard Contractual Clauses).

10. Marketing & PECR Compliance

We only send marketing communications where we have your explicit consent, or under “soft opt-in” rules for existing clients. You may opt out at any time via unsubscribe links or SMS STOP replies.

11. Data Breach Procedure

We have a documented breach response plan. If a breach poses a risk to your rights, we will notify you and the ICO within legal timeframes.

12. Updates

This policy may be updated. The latest version will always be available on our website.

13. Contact

For questions about this GDPR Policy or to exercise your rights, contact us at: test-email.hyphenconnect.ai.