Privacy Policy

CPR Privacy Policy

At Complete Property Repairs (Leeds) Limited – hereby referred to as CPR, are committed to ensuring that your privacy is protected.  This privacy notice, together with our Terms and Conditions and any other notice referred to in it, explains how we will collect your personal data and how we use your personal data when you visit our website.

CPR is data controller in respect of the personal data processed when you visit our website.  If you have any questions or concerns in relations to this privacy notice you can contact our Data Protection Officer at info@cpr-leeds.com or by writing to the Data Protection Officer, CPR Ltd, Suite 1, First Floor, Arena Park, Tarn Lane, Leeds, LS17 9BF.

This website is not intended for children.

This privacy notice was last amended in May 2018.  It supersedes any earlier version.

This website may include links to third party websites, plug-ins or applications which may allow third parties to collect or share your personal data.  We are not responsible for their use of your personal data and cannot control it.

What Information are we allowed to collect and how do we use it?

As a business we collect, use, store and transfer different types of personal data depending on who you are.

If you are purchasing services from CPR we collect and use your personal data in order for us to provide you with our services.  The personal data we collet and use may include:

  • Identity Data (name, title)
  • Contact Data (billing address, delivery address, email address and telephone numbers)
  • Financial Data (bank account and payment details)
  • Transaction Data (details about payments to and from you and other services you have purchased through us)
  • Technical Data (internet protocol address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, identification number, online identified, location data and other similar identifying information required for the customer’s device(s) to communicate with websites and applications on the internet)
  • Usage Data (how you use our website products and services, the full uniform resource locators clickstream to, through and from our site (including date and time), download errors, lengths of visit to certain pages, page interaction information, methods to browse away from the page and any phone numbers you use to call us)
  • Marketing and Communications Data (your marketing preferences from us and our third parties and your communication preferences)

We also may collect and use Aggregated Data. For example, when you visit our website we may aggregate data about your usage to tell us about how certain features on our website are used. This is not usually classified as personal data as whilst it derives from personal data (in the example, it is derived from your Usage Data) it does not reveal your identity to us. If we do link this Aggregated Data to your personal information, it will be treated as personal data in line with this policy.

How do we collect your personal data?

We use different methods to collect data from and about you including through:

Direct interactions – you may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for our services;
  • create an account on our website;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • contact us through social media;
  • walk-in to our branch offices or telephone our call centre;
  • enter a competition, promotion or survey; or
  • give us some feedback.

Third parties or publically available source – we may receive personal data about you from various third parties and public sources as set our below:

  • Contact, Financial and Transaction Data from providers of payment services such as Mastercard based inside the EU.

Identity and Contact Data from data brokers or aggregators such as:

  • Facebook based outside the EU

Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.

How do we use your personal data?

We’ve summarised the ways that we plan to use your personal data and how we might use it in the table below.  If we need to process your personal data for a different purpose we will let you know.  We reserve the right to process your data for a different purpose without your consent if it necessary for us to comply with our legal obligations.

Purpose / Activity Type of data Lawful basis for processing including basis of legitimate interest
To contact you Identity

Contact

Financial

Transaction

Marketing and communications

Performance of a contract with you 

Necessary for our legitimate interests (for running our business, to recover debts due to us, to keep our records updated and to study how customers use our products/services)

To carry out our obligations arising from any contracts entered into between you and us and to provide with you the information, products and services you request from us Identity Identity

Contact

Financial

Transaction

Marketing and communications

Performance of a contract with you 

Necessary for our legitimate interests (for running our business and to recover debts due to us)

To provide you with information about other goods and services that we offer which we feel may interest you Identity Contact 
Technical 
Usage
Necessary for our legitimate interests (to develop our products/services and grow our business)
To permit selected third parties:
• to provide you with information about goods or services which we feel may interest you
• to assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website
Identity 
Contact 
Technical 
Usage
Consent (in relation to SMS and email marketing communications)

Necessary for our legitimate interests (to develop our service offering)

To assist us in the improvement and optimisation of advertising, marketing material and content, our services and the website Identity 
Contact 
Financial 
Transaction 
Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business and provision of administration and IT services)
To notify you about changes to our service Identity 
Contact 
Performance of a contract with you 
Necessary to comply with our legal obligations Necessary for our legitimate interests (to keep our records updated)
To ensure that content from our website is presented in the most effective manner for you and your computer Identity 
Contact 
Financial 
Transaction
Necessary for our legitimate interests (to develop our products/services and grow our business and provision of administration and IT services)
To verify your identity Identity

Contact

Financial

Transaction

Necessary to comply with our legal obligations

Necessary for our legitimate interests (for running our business and to prevent fraud and money laundering)

As part of our efforts to keep our site safe and secure and to prevent or detect fraud Identity

Contact

Financial

Transaction

Necessary to comply with our legal obligations

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or restructuring exercise)

To provide customer support Identity

Contact

Performance of a contract with you
To facilitate and to enable you to partake in a property viewing, open house event or visits to property marketing suites Identity

Contact

Performance of a contract with you 

Necessary for our legitimate interests (for running our business and to develop and grow our business)

To comply with the requirements imposed by law or any court order Identity

Contact

Technical

Usage

Necessary to comply with our legal obligations

Marketing

You have the right to withdraw your consent for us to use your personal data for marketing purposes at any time. You also have the right to withdraw consent for us to pass your information to third parties for marketing purposes. If you do withdraw your consent, this will result in us ceasing to market goods and services to you.

You can ask us to stop sending you marketing messages at any time by:

  • following the opt-out links / unsubscribe on any marketing message sent to you; or
  • contacting us at any time by emailing info@cpr-leeds.com or phoning us on 0113 267 6966

If you do withdraw your consent to receiving marketing messages, we will still process your personal data in order to fulfil our contract with you and in accordance with our legal, accountancy and regulatory obligations.

If you no longer wish to be contacted by third parties for marketing purposes, please follow the instructions in their marketing communications, or consult their privacy policies about how to unsubscribe.

Third-party marketing                                                                                                             

We will get your express opt-in consent before we share your personal data with any company outside the CPR group of companies for marketing purposes.

Cookies

The CPR website and applications may automatically collect data about how you use our services in order to help us improve future functionality. We use Google Analytics, which is a web analysis service provided by Google.

The cookies on the CPR website do not track, collect or upload data such as your name, email address or billing information, but it may collect data about your equipment and browsing activities. We may collect and report on the adoption and usage of specific features, crashes and exceptions and other useful, anonymous metrics.

Certain devices can detect your approximate location, via latitude and longitude. The accuracy of this data is not in the control of CPR. If this feature is requested, CPR will prompt you to provide your permission to access your location data for the purposes of providing you with results or directions based on your current location. You can disable location settings within your browser or app.

When might we disclose your personal data?

We may have to share your personal data with the parties set out below for the purposes set out in the table above. We have agreements in place with our third parties that restrict their use of your personal data. We only allow third parties to use your personal data for specified purposes and in accordance with our instructions

Category Explanation
Related third parties In the event we use a sub-contractor (but only when you have given us consent to do so)
External Third Parties Service providers acting processors based in the United Kingdom who provide IT and system administration services, and services to enable us to perform our contract with you.

Advertisers and advertising networks (including social media) that require the data to select and serve relevant adverts to you.

Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accountancy services.

HMRC, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.

 

 

Data Security

Once we have received your personal data we will use reasonable and necessary procedures and security features to try and prevent unauthorised access. For example, we limit who can access your personal data to those individuals and third parties who need to know it and who are subject to a duty of confidentiality. If we become aware of a data breach we will notify the Information Commissioner’s Office. If we believe that the data breach is serious, we may notify you in accordance with our legal requirements.

International Transfers

We will not transfer your personal data outside of the European Economic Area, except to a country offering the same level of protection for your personal data. For example, with certain service providers we may use specific contracts approved by the European Commission which ensures that your personal data has the same protection as it would have in Europe.

Data Retention

We hold on to your personal data whilst you use our services (or whilst we provide services connected to you) and for at least seven years thereafter, for legal, regulatory and accounting purposes. If we need to hold on to your personal data for longer, we take into consideration the potential risks in continuing to store your data against why we might need to keep it. In some circumstances we might anonymise your personal data so it is not associated with you, and we may then use this information indefinitely.

Your Legal Rights

Under data protection laws you have the right to protect and look after your personal data. You have the right to:

  • ask us for the personal data that we hold and process about you (this is commonly known as a data subject access request). You have rights to the following information:
  • the purpose(s) for which we are processing your information;
  • the categories of personal information we hold about you
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • the period for which we will store your information, or the criteria used to determine that period;

 

  • prevent the use of your personal data for marketing purposes by
  • informing a CPR telephone operator; or
  • by ticking the relevant boxes on the data collection forms; or
  • by emailing info@cpr-leeds.com

Please note that even if you refuse marketing, we will still contact you to discuss the services you have asked us to provide to you or to tell you about changes to our terms and conditions.;

  • ask that any inaccurate information we hold about you is corrected;
  • ask that we delete the personal data we hold about you in certain situations;
  • ask that we stop using your personal data for certain purposes;
  • ask that we do not make decisions about you using completely automated means; and/or
  • ask that personal data we hold about you is given to you, or where technically feasible a third party chosen by you, in a commonly used, machine-readable format.

The rights listed above may apply in certain circumstances, and so we may not always be able to comply with your request to exercise these rights. We will usually respond to a request from you to exercise your rights within 1 month of receipt, but it might take longer if your request is particularly complex or if you have made a number of requests. Please be aware that we may need to process your personal data and/or request specific information from you to help us comply with your request. You will not usually have to pay a fee to exercise these rights, but we reserve the right to if your request is clearly unfounded, repetitive or excessive, alternatively we may refuse to comply with your request.