This privacy Policy will explain how our organisation uses the personal data we collect from you when you use our website.

At R&Co. Property Group we are committed to ensuring that your privacy is protected. This privacy notice, together with our Terms and Conditions and any other notice referred to in it, explains how we collect and use your personal data when you visit our website or use our services.

  1. What data we collect

Our Company collects the following data:

  • Identity Data (name, marital status, title, date of birth, gender, national insurance number, username and password, purchases made by you, your interests and preferences, property ownership details or other evidence of your ability to sell or let the property, references, credit checks, details of your immigration status, employment history (current and former employer) feedback and survey responses
  • Special Category Data, for example, ethnicity and race, details of criminal offence / convictions, details about vulnerable people in your household, such as children or elderly people (and we may ask for their ages and dates of birth and information about any special requirements they may have) or other information we may require to comply with guidelines on matters of public health or concern (e.g. Covid-19).
  • Contact Data (billing address, address (including past address), email address and telephone numbers)
  • Financial Data (bank account and payment details, salary, bank details, mortgage statements, credit card details)
  • Details of your dependents
  • Transaction Data (details about payments to and from you and other services you have purchased through us)
  • Technical Data (internet protocol address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, identification number, online identified, location data and other similar identifying information required for the customer’s device(s) to communicate with websites and applications on the internet)
  • Usage Data (how you use our website products and services, the full uniform resource locator’s clickstream to, through and from our site (including date and time), download errors, lengths of visit to certain pages, page interaction information, methods to browse away from the page and any phone numbers you use to call us)
  • Marketing and Communications Data (your marketing preferences from us and our third parties and your communication preferences)
  • Where you apply for a role with us we may collect, use and store Information in your application form and CV (including your name, date of birth, gender, NI number, contact details and employment and education history);Identity Data (name, marital status, title, date of birth, gender, national insurance number, and driving licence), relevant documents evidencing your right to work, information provided by your referees about your employment history, any information you provide to us during the interview process
  1. How do we collect your data            

You directly provide Our Company with most of the data we collect. We collect data and process data when you:

  • apply for or enquire about our services.
  • subscribe to our service or publications.
  • contact us through social media.
  • walk-in to our office or telephone our call centre.
  • give us some feedback
  • speak with us on the telephone
  • make a complaint

We may receive personal data about you from various third parties and public sources. For example

  • payment service providers
  • data brokers or aggregators, e.g. Rightmove, Trust a Trader, Zoopla, (based inside the EU, or Facebook (based outside the EU)
  • publicly available sources or registers, e.g. Companies House, HM Land Registry and/or the Electoral Register.
  • Credit referencing agencies
  • Government or Police Databases or registers
  1. How will we use your data

Our Company collects your data for some or all the purposes listed below

With your consent (Article 6(1)(a) GDPR)

We may process your personal data where you have given us your permission to do so or have actively engaged in a means of contact with us

Examples of ways in which we use your data on this basis include referring you to third party companies who provide other services you may require or be interested in, for marketing purposes, using video or photographic images, messaging or other communications and applications through which you have chosen to engage with us

Where we are performing our obligations under a contract with you (Article 6(1)(b) GDPR)

This processing is necessary so that we can perform our obligations to you where you are a customer (or a potential customer).

Examples of the ways in which we use your personal data on this basis include carrying out your instructions according to your signed terms and conditions, or where you use our services before you sign terms and conditions

Where we are under a legal obligation (Article 6(1)(c) GDPR)

We may be required to process your personal data so that we comply with laws or court orders to which we are subject.

Examples would include data protection, anti-money laundering, estate and letting agency; other laws, regulations and/or codes of practice by which we are regulated, and/or orders of court to which we are subject or with which we are required to comply.

Where the processing is in our legitimate business interests (Article 6(1)(f) GDPR)

We may process your personal data to help us operate, grow and protect our business, develop our products and services, help improve our efficiencies, manage our client base, provide training, monitor our customer service standards and/or help resolve disputes.

Examples include network security and monitoring, auditing, training and awareness including compliance, referencing, verification of identity, fraud prevention, risk assessment, utility switches, due diligence, marketing, analytics, debt recovery and other claims, the improvement and optimisation of advertising, marketing material and content, ensuring that content from our website is presented in the most effective manner for you and your computer, customer support, notifying you about changes to our services and other important notices, managing suppression lists, profiling, cloud storage, when we purchase another business

In some circumstances we may, to protect our entitlement to a commission and to avoid a dispute, disclose your name to another agent, landlord or vendor.

How we use Special Category Personal Data

Special Category personal data by its nature requires extra protection.

Type of special category personal data we may collect include ethnicity and race, religion, sexual orientation, details of criminal offence / convictions, details about children in households (ages and dates of birth, etc). We process this data where we have one of the following additional bases of processing:

Your explicit Consent (Article 9 (2) (a))

For example: you have provided your consent (including by interacting with us)

For the purposes of employment and social security (Article 9 (2) (b) GDPR)

For example, we need to comply with employment law

You had already made the personal data publicly available (Article 9 (2) (e) GDPR)

For example, the Electoral Roll or bankruptcy register

To establish, exercise or defend a legal claim (Article 9 (2) (f) GDPR)

For example, where we need to take or defend legal action

Where we have reasonable suspicion of money laundering Schedule 1, Part 2, Paragraph 15 DPA 2018 Suspicion of money laundering:

For example, during our compliance with Anti-Money Laundering laws

We may also process Criminal conviction data under • Schedule 1, Part 3, Paragraph 33 DPA 2018 Legal claims and/or under the list of exemptions under Schedule 2 DPA 2018


You have the right to withdraw your consent for us to use your personal data for marketing purposes at any time. You also have the right to withdraw consent for us to pass your information to third parties for marketing purposes. If you do withdraw your consent, this will result in us ceasing to market goods and services to you.

You can ask us to stop sending you marketing messages at any time by:

  • following the opt-out links on any marketing message sent to you; or
  • contacting us at any time by emailing or by calling 0203 582 0556.
  1. Disclosures of your personal data

We may disclose your personal data to external third parties. For example:

  • IT and system administration service providers
  • anti-money laundering verification service providers
  • tenancy deposit schemes (or deposit replacement service providers)
  • utility switch companies
  • trade contractors
  • survey companies,
  • solicitors, surveyors, EPC providers, inventory clerks, managing agents, property auctioneers, auction legal pack providers.
  • local authorities and government law enforcement agencies,
  • Government departments (e.g. HM Land Registry),
  • property developers
  • Third party data services who help us to segment and understand our audience so that we can send the most relevant and targeted communications possible.
  • Advertisers and advertising networks (including social media) that require the data to select and serve relevant adverts to you
  • professional advisers acting including lawyers, bankers, auditors who provide consultancy, banking, legal, insurance and accountancy services and insurers based in the United Kingdom (also including rent and legal protection insurers),
  • utility suppliers,
  • credit or reference providers (including for the purposes of debt recovery),
  • other agents with whom we have entered into a sub-agency agreement and where they have introduced a potential purchaser/vendor/landlord/tenant for your property
  • The counterparty to your transaction i.e. your landlord/tenant/purchaser or vendor
  1. Data security

We are through technical and organisational means, committed to ensuring the security of, and prevention of unauthorised access to your personal data.

For example, we limit who can access your personal data to those individuals and third parties who need to know it and who are subject to a duty of confidentiality. We also systematically monitor outbound emails for the purposes of protecting confidential and personal data and assisting in our ability to identify potential data breaches. If we become aware of a data breach we will, where we are required to, notify the Information Commissioner’s Office. If we believe that the data breach is serious, we may notify you as well.

  1. Data retention

We will retain your personal data whilst you use our services (or whilst we provide services connected to you) and/or are in communication with us and for at least seven years thereafter, for legal, regulatory and accounting purposes. If we need to retain your personal data for longer, we will take into consideration the potential risks in continuing to store your data against why we might need to keep it. In some circumstances we might anonymise your personal data so it is not associated with you, and we may then use this information indefinitely.

  1. Your legal rights

To the extent provided by law, you have the right to:

  • access a copy of the personal data that we hold and process about you. You have rights to the following information, subject to certain exemptions:
    • the purpose(s) for which we are processing your information.
    • the categories of personal information we hold about you
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed.
    • the period for which we will store your information, or the criteria used to determine that period.
  • object to the use of your personal data (including for marketing purposes) by

Please note that even if you refuse marketing, we will still contact you to discuss the services you have asked us to provide to you or to tell you about changes to our terms and conditions:

  • rectification of any inaccurate information we hold about you.
  • erasure of the personal data we hold about you.
  • ask that we do not make decisions about you using completely automated means; and/or
  • ask that personal data we hold about you is, where technically feasible, transmitted to a third-party chosen by you, in a commonly used, machine-readable format.

The rights listed above may not apply in certain circumstances. Therefore, we may not always be able to comply with your request. We will tell you if this is the case. We will usually respond to a request from you to exercise your rights within one month of receipt, but it might take longer if your request is particularly complex or if you have made a number of requests.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Generally, you do not have to pay a fee to exercise these rights, but you may have to pay a fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request.

  1. Appropriate Policy Document

About this policy

  • This is the “appropriate policy document” for R&CO setting out how we will protect Special Categories of Personal Data and Criminal Convictions Data.
  • This policy supports R&CO’s Data Protection Policy and adopts its definitions.
  • This document meets the requirement of the Data Protection Act 2018 that an appropriate policy document be in place where Processing Special Categories of Personal Data and Criminal Convictions Data in certain circumstances.


R&CO: Stands for R&CO Property Group Ltd

Data Controller: An organisation which processes personal data and controls the way it is used

Criminal Convictions Data: personal data relating to criminal convictions and offences, including Personal Data relating to criminal allegations and proceedings.

Data Retention Policy: explains how the organisation classifies and manages the retention and disposal of its information. Time periods for retention are set out in the retention schedule.

Data Subject: An individual who can be identified from their personal data.

Data Privacy Impact Assessment (DPIA): tools and assessments used to identify and reduce risks of a data processing activity. A DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programmes involving the Processing of Personal Data.

DPA 2018: the Data Protection Act 2018.

Data Protection Officer (DPO): the person required to be appointed in specific circumstances under the GDPR. Where a mandatory DPO has not been appointed, this term means a data protection manager or other voluntary appointment of a DPO or refers to the organisation’s data privacy team with responsibility for data protection compliance.

GDPR: the General Data Protection Regulation ((EU) 2016/679).

Personal Data: Information from which an individual can be directly or indirectly identified. Personal Data includes Special Categories of Personal Data.

Privacy Notice: A notice to individuals informing them of their rights and the way their personal data is used.

Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.

Special Categories of Personal Data: Categories of particularly sensitive personal information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

  1. How to contact us

To contact about how we handle your personal data, please contact us at

If you have a complaint regarding how we handle or process personal data, you can contact our Data Protection Officer (DPO) on or call us on 0203 582 0556

You can also complain to the ICO if you are unhappy with how we have used your data

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113

ICO website: