General Data Protection Regulation Policy

Harlows of Frome is committed to protecting and processing your personal data in accordance with the General Data Protection Regulations and the Data Protection Act 2018 (the legislation). For the purpose of the legislation and your personal data,  Harlows of Frome is the Data Controller, and  Lisa Cooke is the person responsible for data protection. She can be contacted at  Lisa@harlowsoffrome.co.uk

The General Data Protection Regulations are to safeguard your personally identifiable information or personal data. This privacy notice will be regularly reviewed and updated.

How your information is collected

We retain some information that you have provided to us via phone conversations, emails, mobile sites, the website or documents that you have provided.

Whose information is collected?

We collect information from:

1  Visitors to our website

2  People who register or who arrange to view a property though us

3  Applicants who apply to rent a property through us

4  Tenants who live in a property managed by Harlows of Frome

5  Tenants who live in a property managed by the landlord

6  Landlords who employ us to find tenants and or manage their property for them

7 Job applicants, current and former employees.

  1. Visitors to our website: Online identifiers, IP addresses and cookie identifiers

When you visit our website we may collect information about your computer, including (where available) your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns. The data we store is always stored within the European Union or outside of the European Union but with an organisation operating under the General Data Protection Regulations.

We may obtain information by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. Our lawful basis of processing is a legitimate interest as processing the data enables us ti:

  • Estimate our audience size and usage pattern
  • Store information about your preferences, and so allow us to customise our site according to your individual interests
  • Speed up your searches
  • Recognise you when you return to our site.

Your personal data will be processed during and after your website visit and any subsequent visits to our website.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site. You can find more information about cookies at www.allaboutcookies.org

This policy only applies to our site. If you leave our site via a link or otherwise, you will be subject to the privacy policy of that website provider. We have no control over that privacy policy or the terms of the website and you should check their privacy policy before continuing to access the site.

Recipients of personal data

It will be necessary for us to process or share all or some of your personal data with our website host and advertisers.

Retention period and criteria used to determine the retention period

We will retain some elements of your personal data for up to three months. The information that can be anonymized will be that which is no longer required for either contractual fulfilment or a legitimate interest. If the lawful basis for processing your data was consent then you may withdraw such consent at any time.

Your rights

You have a right of access to check your personal data to verify the lawful basis of processing. We are obliged to respond to an access request within 30 days and may not charge a fee unless the request is unfounded, excessive or repetitive. If a fee is charged it is to be a reasonable fee based upon the administrative cost of providing the information.

You have a right to rectification if the data we hold is either inaccurate or incomplete. If your data has been disclosed to third parties then we must inform them of the rectification, where possible.

You have a right to require erasure of your data when consent is our basis of processing (the right to be forgotten). You may request that your personal data be erased, for example, where there is no compelling reason for its continued processing or where you withdraw consent. We will comply with your request unless we have another basis of processing justifying our retaining the data (for example a legal requirement or the defence of a legal claim).

You have some rights to ask us to restrict processing i.e. to block or supress processing where, for example, the data may be incorrect and whilst the accuracy is verified. We are permitted to store the data.

Your right to object

You do have a right to object to further processing of your personal data. We may be required to stop processing unless there is some other legitimate basis of processing such as a legitimate interest or a requirement for the exercise or defence of a legal claim.

How to lodge a complaint with the supervisory authority

The supervisory authority responsible for data protection is the Information Commissioners Office (ICO) to whom concerns may be reported by phone on 0303 123 1113 or +44 1625 545 745 if calling from outside the UK, by email using the form on the website ico.org.uk or the livechat function.

These are terms and conditions between Harlows of Frome and any client, be that landlord, tenant, applicant or contractor (“client”) and we agree to provide the same level of data protection under the terms and conditions in compliance with GDPR as follows:-


(1) For the purposes of the contract between Harlows of Frome and the client, the client is the “data controller” and Harlows of Frome are the “data processor” for personal data processed in connection with the contract (“client data”) as per the meanings given to them under the General Data Protection Regulation (GDPR).

(2) When Harlows of Frome processes personal data we do so for the following reasons only:

(a) For the purpose of meeting our obligations under any contract or where the law permits.

(b) Comply with relevant instructions or requests given about processing personal data e.g. asking a tenant if they are happy for us to give their contact details to a contractor in order for the contractor to carry out necessary works.

(c) Take appropriate security measures to protect personal data against unauthorised or unlawful processing and accidental loss, destruction or damage taking into account:

  • The nature of the information and the harm which could arise from such processing, loss, destruction or damage
  • The technology available
  • The cost of taking the measures
  • Ensuring that all data is password protected and not available in paper form.

(d) Ensure that personal data is not transferred out of or processed outside Harlows of Frome control unless advised by data controller or compliant and applicable to data protection law.

(e) Not pass this personal data to any third party (other than our own sub-contractors and key service providers within Harlows of Frome control including Homlet who we use to perform credit checks) unless there is a legal or statutory obligation to do so unless we have written permission to do so and/or we have entered into a written contract with that third party and they agree to meet obligations that are equivalent to those set out under government legislation.

(f) Provide reasonable and timely assistance to assist the client in dealing with data protection related requests to the data we hold to include responding to:
Any request from a data subject to exercise any of its rights under Applicable Protection Law.
Any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the data we hold.

(g) Inform you of any high-risk activities relating to client data, and cooperate with any assessments required.

(h) Inform you of any data breaches relating to client data without undue delay.

(i) Delete any personal data provided when requested by client.

(j) Ensure that all employees of Harlows of Frome who need access to this personal data for the purposes of any contract keeps to these clauses.

(k) Allow the client after reasonable notice has been given to enter Harlows of Frome premises or any other location where personal data is processed to ensure the clauses are being met. For this purpose, the client can have access to facilities, staff, systems, records and relevant information.

For more information please contact Lisa Cooke at lisa@harlowsoffrome.co.uk