Privacy Policy

1. Introduction & Scope

Nelston Property Consultants (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal data when you use our websites, book consultations, sign up for services, or otherwise interact with us.

This policy applies to personal data collected both offline (e.g. during meetings) and online (via forms, email, portals). We act as a data controller for the purposes of UK GDPR and the UK Data Protection Act 2018.

2. Lawful Bases & Purposes of Processing

We rely on the following lawful bases under UK GDPR for processing your data:

⦁ Consent — e.g. when you opt in to receive marketing communications (email, SMS, calls).

⦁ Contractual necessity — processing necessary to fulfil our service agreements (consultations, training, membership).

⦁ Legitimate interests — e.g. internal administration, fraud detection, improving our services — provided we balance those interests against your rights and interests.

⦁ Legal obligation — where required by law (e.g. tax, accounting, regulatory obligations).

We process your data for purposes including (but not limited to):

⦁ responding to enquiries and fulfilling booked services

⦁ scheduling and managing consultations

⦁ sending updates, newsletters, offers (if consent given)

⦁ managing membership and payments

⦁ preparing internal and client reports

⦁ enhancing our website, analytics, security, and fraud prevention

3. Types of Personal Data Collected

⦁ Contact & identity data: name, email, phone, postal address

⦁ Financial & property data: property addresses, income, investment goals, valuation data, financial status

⦁ Technical / usage data: IP address, browser type, device, pages visited, time stamps

⦁ Communications data: correspondence via email, SMS, phone calls, or support channels

⦁ Payment & billing data: credit card or payment processor details (handled via secure third-party payment provider)

We do not store full payment card data ourselves; such processing is handled via PCI-compliant providers.

4. Data Sharing & Third Parties

We may share data with:

⦁ Service providers (e.g. email/SMS platforms, payment processors, analytics) — as data processors

⦁ Legal, accounting, auditing or regulatory bodies when required by law

⦁ Affiliate or partner services only with your consent

⦁ In case of business sale, merger, or reorganisation, with appropriate confidentiality controls

We require all processors to adhere to data protection obligations and sign data processing agreements.

5. Data Retention & Deletion

We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law (e.g. tax records).

When your data is no longer needed, we will securely delete or anonymize it.

6. Your Rights & How to Exercise Them

Under UK GDPR you have the following rights:

⦁ Right of access — to request a copy of your data

⦁ Right to rectification — correct inaccurate or incomplete data

⦁ Right to erasure (“right to be forgotten”) — in certain circumstances

⦁ Right to restrict processing

⦁ Right to data portability — receive your data in a portable format

⦁ Right to object — to processing based on legitimate interests or direct marketing

⦁ Right to withdraw consent — for processing based on consent

⦁ Right to lodge a complaint — with the ICO (Information Commissioner’s Office) if you believe we have breached data protection laws

To exercise any right, contact us at [[email protected]] (or your designated email). We will respond within statutory timeframes (typically one month).

7. International Transfers

If personal data is transferred outside the UK, we ensure appropriate safeguards (e.g. Standard Contractual Clauses) and comply with UK data export rules.

8. Cookies & Tracking

We use cookies and tracking technologies to improve website functionality, analytics, and marketing. You will see a cookie banner explaining types of cookies (strictly necessary, performance, marketing) and you may accept or decline non-essential cookies.

We also comply with PECR (Privacy and Electronic Communications Regulations), which governs electronic marketing and cookies.

9. Data Breach & Security

We maintain appropriate technical and organisational measures (access controls, encryption, regular audits) to protect your data.

If a data breach occurs that risks your rights, we will notify the ICO and affected individuals as required under law.

10. Changes & Updates

We may update this policy periodically. The date of the latest revision will be shown. Users will be informed of significant changes via email or site notice.