Data Protection: KENSINGTON

PRIVACY POLICY FOR KENSINGTON FINEST PROPERTIES INTERNATIONAL – LONDON

Effective date: 2^nd April 2025

1. Introduction

Welcome to the Privacy Policy of KENSINGTON Finest Properties International – London ("we," "our," "us"). We are committed to protecting your privacy and ensuring that your personal data is processed lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and all applicable UK data protection laws.

This Privacy Policy explains:

What personal data we collect and how we collect it
The legal basis for processing your data
How we use, store, and protect your personal data
Who we share your data with and why
Your rights regarding your personal data
How you can contact us regarding data protection matters

By using our services or providing your personal data, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions and Key Terms

In this Privacy Policy, the following terms have the meanings outlined below:

Personal Data – Any information that identifies or could identify an individual, including name, address, phone number, email, identification documents, and financial details.
Special Category Data – Sensitive personal data, such as racial or ethnic origin, religious beliefs, biometric data, and health information.
Processing – Any operation performed on personal data, including collection, storage, sharing, and deletion.
Data Controller – The entity that determines the purposes and means of processing personal data (vellando ltd trading as KENSINGTON Finest Properties International – London).
Data Processor – A third party that processes personal data on our behalf (e.g., CRM providers, marketing platforms).
Consent – A freely given, specific, informed, and unambiguous indication of an individual’s agreement to data processing.
UK GDPR – The UK General Data Protection Regulation, which governs how businesses process personal data in the UK.

3. Scope and Applicability

This Privacy Policy applies to:

Visitors to our website (https://www.kensington-international.com/en/uk/london).
Clients who use our property consulting and estate agency services (including residential and commercial transactions).
Individuals who submit inquiries or express interest in becoming a franchise partner.
Anyone whose data we process as part of marketing, customer relationship management (CRM), or compliance activities.

This policy applies regardless of location, but if you are accessing our services from outside the UK, different laws may apply depending on your jurisdiction.

4. Data Controller and Company Details

The data controller responsible for processing your personal data is:

Vellando ltd trading as KENSINGTON Finest Properties International – London
Company Number: 16040875
Email: [email protected]
Phone: 07599125776

If you have any concerns about how we handle your personal data, you can contact us using the details above.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website:https://ico.org.uk
Phone: 0303 123 1113

5. Types of Personal Data Collected

We collect and process different categories of personal data depending on how you interact with us. This may include:

A. General Personal Data

Identity Data: Full name, date of birth, gender, nationality.
Contact Data: Phone number, email address, home address.
Financial Data: Bank details, payment records for property transactions.
Transaction Data: Details of properties bought, sold, or leased through our services.
Marketing Preferences: Opt-in status for receiving promotional communications.

B. Compliance and Legal Requirements

Identity Verification: Passport, driver’s license, or utility bills for Anti-Money Laundering (AML) and Know Your Customer (KYC) checks.
Regulatory Data: Any information required by HMRC or UK regulators.

C. Business and Franchise Data

Franchise Applicants: Information on business background, investment interests.
Business Relationship Data: Contracts, negotiations, and communications.

We do not actively collect special category data unless required by law or provided with explicit consent.

6. Methods and Sources of Data Collection

We collect personal data in the following ways:

A. Direct Collection

When you fill out forms on our website (e.g., franchise inquiries, contact forms).
When you communicate with us via email, phone, or in-person meetings.
When you enter into contracts for our services.

B. Indirect Collection

From property listing portals (Rightmove, Zoopla, OnTheMarket).
From publicly available sources (Land Registry, Companies House).
From third-party professionals (solicitors, mortgage brokers, surveyors).

All data collected is used in accordance with UK data protection laws.

7. Purpose and Legal Basis for Processing

We will only process personal data when we have a legal basis for doing so. The table below outlines the lawful grounds for processing:

Purpose	Legal Basis
To provide estate agency and consulting services	Contractual necessity (UK GDPR Art. 6(1)(b))
To process payments and deposits	Contractual necessity (UK GDPR Art. 6(1)(b))
To comply with AML and other legal requirements	Legal obligation (UK GDPR Art. 6(1)(c))
To send property alerts and marketing materials (if opted in)	Consent (UK GDPR Art. 6(1)(a))
To manage and improve customer relationships	Legitimate interest (UK GDPR Art. 6(1)(f))

A. Marketing and Communications

We will only send marketing emails or SMS messages if you have opted in.
You can withdraw consent at any time using the opt-out link in our communications.

B. Automated Decision-Making

We do not use automated decision-making that significantly affects individuals without human oversight.

8. Consent and Lawful Processing

We will only process your personal data where we have a lawful basis to do so under the UK GDPR.

A. When Consent is Required

We require your consent to process personal data in the following cases:

Sending you marketing communications (emails, newsletters, promotional materials).
Collecting and using special category data (e.g., biometric or health data).
Placing non-essential cookies on your device (see Section 14 for details).

B. How We Obtain Consent

Consent must be:
✔ Freely given – You are not required to provide consent as a condition of using our services.
✔ Informed – We clearly explain what you are consenting to.
✔ Specific – Consent applies only to the specific purpose stated.
✔ Revocable – You can withdraw consent at any time.

To withdraw consent, you can:

Click the "unsubscribe" link in marketing emails.
Contact us at [email protected].

C. When We Rely on Other Legal Grounds

We do not always need consent to process your data. In some cases, we rely on:

Contractual necessity – When processing is necessary to fulfill a contract.
Legal obligation – To comply with UK laws (e.g., AML regulations).
Legitimate interests – To improve our services and client relationships.

9. Use of Personal Data

We use your personal data for various purposes, including:

A. Providing and Managing Services

Processing property sales, lettings, and consultancy services.
Managing your client or franchise partner relationship with us.
Processing payments and deposits securely.

B. Compliance and Legal Obligations

Conducting AML (Anti-Money Laundering) and KYC (Know Your Customer) checks.
Responding to regulatory and legal inquiries from authorities.

C. Marketing and Customer Engagement

Sending property alerts and promotional materials (if opted in).
Conducting customer satisfaction surveys to improve our services.

D. Business Operations and Improvement

Managing our CRM system (Propstack) to keep client data organised.
Preventing fraud and ensuring IT security.

We do not use personal data for profiling or automated decision-making that would have legal effects on you.

10. Data Sharing and Third Parties

We do not sell or rent your personal data. However, we may share it with:

A. Service Providers and Business Partners

CRM Provider (Propstack) – To manage client and transaction data.
Marketing Platforms – If you opt into promotional communications.
Property Portals (e.g., Rightmove, Zoopla, OnTheMarket) – If you request property listings.

B. Legal and Regulatory Bodies

HM Revenue & Customs (HMRC) – To comply with tax and AML obligations.
Law Enforcement Agencies – If required by law (e.g., fraud investigations).

C. Third Parties in Transactions

Solicitors, mortgage brokers, surveyors, and developers – Involved in property transactions.

We require all third-party data processors to sign Data Processing Agreements (DPAs) to ensure compliance with UK GDPR.

11. International Data Transfers

As part of an international real estate network, we may transfer data outside the UK when:

Sharing data with affiliated international franchises.
Using cloud-based services that store data outside the UK or EEA.

A. Safeguards for International Transfers

If we transfer data outside the UK or European Economic Area (EEA), we ensure appropriate data protection safeguards, such as:
✔ Standard Contractual Clauses (SCCs) approved by the ICO or European Commission.
✔ Adequacy decisions (where the receiving country is deemed to have adequate data protection laws).
✔ Binding Corporate Rules (BCRs) – for international data sharing within our company group.

If you would like more details on international transfers, you can contact us at [email protected].

12. Data Retention and Archiving

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

A. Retention Periods

Data Type	Retention Period
AML-related documents	5 years after the end of a transaction
Client transaction records	7 years (for legal and accounting purposes)
Marketing data (if opted in)	Until you opt out or after 2 years of inactivity
Franchise application data	2 years if not accepted

B. Criteria for Deletion

We securely delete or anonymise your personal data when:

It is no longer needed for business or legal purposes.
You request deletion (subject to legal and regulatory requirements).

We regularly review our data retention policies to ensure compliance with UK GDPR.

13. Data Security Measures

We take data security very seriously and have implemented technical and organisational measures to protect your personal data.

A. Security Controls

✔ Encryption – Sensitive data is encrypted both in transit and at rest.
✔ Access Controls – Only authorised personnel have access to personal data.
✔ Regular Security Audits – We perform penetration testing and security reviews.
✔ Secure Servers – All data is stored on secured data centers.

B. Data Breach Protocol

In the unlikely event of a data breach, we will:

Assess the breach and mitigate risks.
Notify affected individuals if the breach poses a risk to their rights and freedoms.
Report serious breaches to the ICO within 72 hours, as required by UK GDPR.

If you suspect unauthorised access to your personal data, contact [email protected] immediately.

14. Use of Cookies and Other Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website. For more details, see our Cookie Policy.

15. Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal effects or significantly affects individuals.

However, we may use profiling techniques to improve our marketing efforts. This may include:

Sending targeted property listings based on your previous interactions with our website or services.
Using analytics tools to assess market trends and enhance the customer experience.

If we implement fully automated decision-making processes in the future, we will provide notice and offer an opportunity to challenge the decision or request human intervention.

16. Your Rights Under Data Protection Law

Under the UK General Data Protection Regulation (UK GDPR), you have several rights regarding your personal data.

A. Right to Access

You have the right to request a copy of the personal data we hold about you by submitting a Data Subject Access Request (DSAR).

B. Right to Rectification

You have the right to request corrections to any inaccurate or incomplete personal data.

C. Right to Erasure ("Right to be Forgotten")

You may request the deletion of your personal data in certain circumstances, including when:

The data is no longer necessary for the purposes for which it was collected.
You withdraw your consent, and no other legal basis applies.
The data has been unlawfully processed.

However, certain legal obligations, such as anti-money laundering (AML) requirements, may prevent us from deleting specific data.

D. Right to Object

You have the right to object to processing based on our legitimate interests, including direct marketing activities.

E. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request that we transfer it to another service provider, where technically feasible.

F. Right to Restrict Processing

You may request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing based on legitimate interests.

G. Right to Withdraw Consent

If we rely on your consent for processing, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Phone: 07599125776
Address: 85 Great Portland Street, First Floor, W1W 7LT, London

We will respond to all requests within one month, although complex cases may require additional time.

17. Complaints and Contacting the ICO

If you are dissatisfied with how we process your data, we encourage you to contact us so we can address your concerns.

A. Internal Complaints Process

Contact our Data Protection Officer (DPO) at:
- Email: [email protected]
- Phone: 07599125776
We will acknowledge your complaint within five working days.
We aim to resolve all complaints within 30 days.

B. Escalating to the Information Commissioner’s Office (ICO)

If you are not satisfied with our response, you have the right to lodge a complaint with the UK’s data protection regulator:

Information Commissioner's Office (ICO)
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website:www.ico.org.uk

18. Third-Party Links and External Services

Our website may contain links to third-party websites, including property portals such as Rightmove, Zoopla, and OnTheMarket.

We are not responsible for the privacy practices of these external websites. Before providing your personal data to any third party, we recommend reviewing their privacy policies.

19. Updates to This Privacy Policy

We may update this Privacy Policy from time to time in response to:

Changes in data protection laws or regulatory requirements.
Updates to our business practices or technology.
Feedback from regulatory authorities, such as the Information Commissioner's Office (ICO).

A. How We Notify You of Changes

For minor updates, we will post the revised policy on our website with the updated “Last Updated” date.
For significant changes, we will notify you through email or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we process your personal data.

20. How to Contact Us

For any privacy-related inquiries, you can contact us using the following details:

Email: [email protected]
Phone: 07599125776

Privacy Policy

Contact

Buy real estate

License partner