This policy is intended to inform you how and why Calmez Ltd uses personal information and applies to all individuals or users (“data subjects”) whose Personal Data is processed by Calmez Ltd (“us”, “we”, “our”) either directly or through the use of our website www.calmez.co.uk.

Information we collect and hold about you

Clients

We will collect personal information about you when you contact us about providing property development funding services to you (for example, your name, address, email contact details, telephone number). We may require further information before we provide our funding to you (for example, your passport or other ID) in order to comply with our regulatory requirements. We may also collect personal data about you from publicly accessible sources, for example, Companies House or HM Land Registry for client due diligence purposes.

During the course of providing our services to you, we may collect information about you and/or any other individuals you tell us about. Depending on the nature of the work we carry out for you, we may collect and use special categories of personal data about you or a third party you tell us about, for example, credit history, employment history etc.

When you become a client of Calmez Ltd, or when you enter into discussions to become a client, we may add your personal data to our marketing database in order to send you information about our services, news, and other similar services. We will always give you the opportunity to opt-out of this marketing.

Marketing

If you are not a client of Calmez Ltd and you are a consumer (i.e. you are not representing a business or organisation), we will only send you marketing communications by email or other electronic means with your consent. If you consent to receive email marketing from us, we will add your personal information (your name and email address only) to our marketing database.

We use a third-party email processor, Campaign Manager to deliver our e-communications. This is a data processor for us and only processes personal information in line with our instructions in order to help us manage our email communications.

You can opt out of marketing communications by clicking the ‘unsubscribe’ link in any of our emails or you can contact us at info@calmez.co.uk at any time to opt out, change your contact details or to update your communication preferences.

We may also send marketing information by post if we are satisfied that we have a legitimate interest to do so, for example, to send our clients any updates to our range of funding products.

Visitors to our website

We will collect personal information that you voluntarily provide to us if you fill in a form on our website or apply for a funding through the website. This information may include your contact details including name, address, email, telephone number and development project details.

We may also collect information about how you use our website and our Cookies Policy has information about how we use cookies on our website.

We use a third-party data processor, United Hosting Limited, to host our website and help maintain its security and performance. To deliver this service it processes the IP addresses of visitors to the Calmez Ltd website.

People who contact us via social media

If you send us a private or direct message via social media, we may share this information with Calmez Ltd personnel (for example, in order to respond to a specific query or to pass on information). We will not share messages with any other organisations without your prior consent.

Queries and complaints

If you send a query or complaint to us, we will use the personal information you provide to us (for example, your name and the name(s) of any other individuals involved) in order to process your query or complaint and respond to you.

  1. How we use your information

We only ever use your personal data if we are satisfied that it is lawful and fair to do so because:

  • you have given your consent to us using your information for the specific purposes described in this privacy notice
  • it is necessary to enter into, or perform, a contract with you
  • in order to comply with a legal obligation
  • for our own (or a third party’s) legitimate interests provided your rights don’t override these interests. For example, we may use your personal data to comply for fraud and crime protection and for our network and information security measures, for any purpose required by law or our regulatory authority, for identifying usage trends and for data analytics as this information will help us review and improve our products, services and offers and under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship.

We will only use special categories of personal data relating to you or to third parties you tell us about when we have your explicit consent and/or where it is necessary to use the information to provide our services.

We will never sell your personal data or share it with third parties who might use it for their own purposes.

  1. Sharing your information

We will not disclose any information you provide to any third parties other than:

  • where you have given us consent to share the information
  • where we instruct professional advisors on your behalf e.g. solicitors, valuers, estate agents, quantity surveyors or other experts
  • where our funding comes from an investor platform they may list details of your project online to interested property investors.
  • if we are under a legal or regulatory duty to disclose or share your personal information (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime or in relation to audits, enquiries or investigations by regulatory bodies)
  • in order to enforce any terms and conditions or agreements between us
  • as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation (we will always notify you in advance and we will aim to ensure that your privacy rights will continue to be protected)
  • to protect our rights, property and safety, or the rights, property and safety of others (this includes exchanging information with our insurers, other companies, organisations and regulators for the purposes of fraud protection and credit risk reduction)

In each case, your Personal Data will only be shared for the purposes set out in this customer privacy notice, i.e. to provide you with funding or our professional services.

Please note that this sharing of your Personal Data does not entitle such third parties to send you marketing or promotional messages: it is shared to ensure we can adequately fulfil our responsibilities to you, and as otherwise set out in this Privacy Notice.

We may undertake research on the use of our services and then share this with third parties, but this information will always be anonymised and will not contain your personal information.

  1. Data security

We have appropriate security measures in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Your privacy is important to us and we will keep your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard your Personal Data against it being accessed unlawfully or maliciously by a third party.

We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.

We hold data electronically with password protected computers using a two-step verification process to access our secure cloud-based filing system. Network infrastructure is protected using firewalls and business grade anti-virus / anti-malware software. Laptop with company data held locally on them are secured via whole disk encryption.

We store data sensitive papers in lockable cabinets in our offices when not being actively used. Our offices are secure and only authorised personnel can access locked cabinets where personal data is stored.

When necessary, we dispose of or delete your data securely.

We ensure that our employees, agents and contractors are aware of their privacy and data security obligations.

We may give third parties access to the personal information we hold about you in order to comply with our regulatory obligations (for example, HMRC auditors or our insurers).

The transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your electronic information transmitted to us and any transmission is at your own risk.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

  1. Transferring your information outside the European Economic Area (EEA)

We do not transfer the information you give us to countries outside the EEA, except where the international transfer is necessary in connection with the services we are providing to you.

If we transfer your information outside of the EEA in this way, and the country in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.

If you are outside the EEA, your information may be transferred outside the EEA in order to provide you with our services. By submitting your personal information to us in this way you agree to the transfer and processing of your information outside the EEA.

  1. Data retention

Your personal information will be retained for as long as required:

  • For the purposes for which the personal information was collected;
  • In order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
  • As required by data protection laws and any other applicable laws or regulatory requirements.

We will ensure that the personal information that we hold is subject to appropriate security measures.

  1. Your rights

Under certain circumstances, by law you have the right to:

  • request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
  • ask us to correct any information that we hold about you which is incorrect, incomplete or inaccurate
  • ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it
  • object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes
  • ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it
  • ask us to transfer your personal information to another person or organisation

If you have given your consent to us processing your personal information (for example, consent to receive marketing information), you have the right to withdraw your consent at any time. To withdraw your consent, please contact info@calmez.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely.

  1. Queries and complaints

If you have any questions about this privacy notice or how we handle your personal information, please contact dataprotection@calmez.co.uk

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.