Javascript is vital for the advanced features in this website such as Property Search. Please enable or upgrade your browser

Data Protection Policy

Natalie Clarke Residential

1. Policy Statement

1.1 Everyone has rights regarding how their personal information is handled. During the course of our activities we collect, store and process personal data relating to our employees, customers, suppliers and other third parties. We recognise the need to process personal data in a lawful, fair and transparent manner.

1.2 Natalie Clarke Residential is committed to complying with all applicable data protection legislation in force in Northern Ireland, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.3 Any breach of this policy may result in disciplinary action and, where appropriate, legal action.

2. About This Policy

2.1 This policy explains how Natalie Clarke Residential handles personal data and sets out the rules and legal conditions that must be followed when personal data is obtained, processed, stored, transferred and destroyed.

2.2 This policy applies to personal data relating to current, former and prospective employees, customers, landlords, tenants, suppliers and other individuals with whom we communicate. Personal data may be held in electronic form, paper records or other media.

2.3 Natalie Clarke Residential is the data controller for the personal data it processes. The Data Protection Officer (DPO) is responsible for overseeing compliance with data protection legislation and this policy. Questions or concerns should be directed to the DPO at vanessa@natalieclarke.com.

2.4 If you believe this policy has not been followed in relation to personal data, the matter should be raised promptly with the Data Protection Officer.

3. Definitions

  • Personal data: Any information relating to an identified or identifiable living individual.
  • Data subject: A living individual whose personal data is processed.
  • Special category data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, data concerning health, or data concerning a person’s sex life or sexual orientation.
  • Criminal offence data: Personal data relating to criminal convictions, offences or related security measures.
  • Processing: Any operation performed on personal data, including collection, recording, organisation, storage, use, disclosure, transfer, erasure or destruction.
  • Data controller: The organisation that determines the purposes and means of processing personal data. Natalie Clarke Residential acts as the data controller for data processed in its business.
  • Data processor: Any organisation or person processing personal data on behalf of the data controller.
  • Data user: Any employee or agent whose duties involve processing personal data.

4. Data Protection Principles

In accordance with UK GDPR, personal data must be:

  • Processed lawfully, fairly and transparently
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary
  • Accurate and kept up to date
  • Kept for no longer than necessary
  • Processed in a manner that ensures appropriate security
  • Processed in a way that demonstrates accountability

5. Lawful, Fair and Transparent Processing

5.1 Personal data will only be processed where a lawful basis exists. These may include:

  • Consent
  • Performance of a contract
  • Compliance with a legal obligation
  • Legitimate interests of the business (where these do not override individual rights)

5.2 Where special category data is processed, an additional lawful condition under UK GDPR will apply, such as explicit consent or legal obligation.

5.3 Data subjects will be informed about:

  • Who we are
  • What data we collect
  • Why we collect it
  • How it is used
  • Who it may be shared with
  • How long it will be retained
  • Their rights under data protection legislation

6. Processing for Specified Purposes

6.1 Personal data will only be processed for the purposes communicated at the time of collection or for compatible purposes permitted by law.

6.2 We collect personal data through various means including in branch, by telephone, email, online forms, application forms and our terms of business. The primary purpose of collection is to provide property-related services and identify additional services relevant to our clients.

6.3 Our Terms of Business and Guides to Sellers, Buyers and Landlords explain that data may be used for administration, compliance and marketing purposes and may be shared with service providers, professional advisers and agents where lawful. Where data is obtained from third parties, we ensure it has been collected lawfully and may be used for property-related communications.

7. Data Minimisation

Personal data collected will be adequate, relevant and limited to what is necessary for the stated purpose. Data that is not required will not be collected or retained.

8. Accuracy

8.1 Reasonable steps will be taken to ensure personal data is accurate and kept up to date.

8.2 Inaccurate or outdated data will be corrected or securely deleted without undue delay.

9. Data Retention

9.1 Personal data will only be retained for as long as necessary for the purposes for which it was collected or to meet legal, regulatory or contractual obligations.

9.2 When data is no longer required, it will be securely destroyed or anonymised.

10. Data Subject Rights

Under UK GDPR, data subjects have the right to:

  • Access their personal data
  • Rectify inaccurate data
  • Request erasure (where applicable)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

11. Data Security

11.1 Appropriate technical and organisational measures are in place to protect personal data against unauthorised access, loss, alteration or disclosure.

11.2 Personal data will only be shared with third-party processors where appropriate contractual safeguards are in place.

11.3 Security measures include:

  • Controlled access to premises
  • Locked storage for paper files
  • Password-protected systems
  • Secure disposal methods (e.g. shredding, secure deletion)
  • Staff training and awareness

12. Subject Access Requests

12.1 Data subjects may request access to their personal data free of charge.

12.2 Requests must be made in writing and will normally be responded to within one month, subject to verification of identity. This period may be extended where requests are complex, in accordance with UK GDPR.

13. Disclosure to Third Parties

13.1 Personal data will not be disclosed to third parties unless legally permitted.

13.2 All third-party requests must be referred to a Company Director or the Data Protection Officer, who will:

  • Verify identity and legal entitlement
  • Request written confirmation where necessary
  • Ensure disclosure complies with data protection principles

14. Monitoring and Review

14.1 This policy is reviewed annually by Natalie Clarke Residential to ensure compliance with applicable data protection laws and best practices.

14.2 Any recommended amendments will be approved by the Data Protection Officer.