Privacy Policy
1. Introduction
United Kingdom Sotheby’s International Realty Limited (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This privacy notice explains how we collect, use, and protect your personal information when you interact with us, including when you use our services, website, or otherwise engage with us.
It explains:
- What information we collect about you
- How we use your information
- Who we share your information with
- How we protect your information
- How long we keep your information
- Where your information may be transferred outside the UK
- What rights you have in relation to your information
- How you can raise concerns or make a complaint
- How we keep you updated if we change this notice
We are committed to being transparent, lawful, and fair in how we collect and use your personal data.
2. Who We Are
United Kingdom Sotheby’s International Realty Limited is an independent real estate agency specialising in the sale and rental of luxury residential and commercial properties.
3. Contact Details
- Registered name: United Kingdom Sotheby’s International Realty Limited
- Registered address: 48 Conduit Street, London, W1S 2YR, United Kingdom
- Telephone: +44 20 4613 0888
- Email: [email protected]
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) (see Section 12).
4. What is Personal Information?
“Personal information” (also known as “personal data”) means any information that relates to an identified or identifiable individual. This can include obvious details such as your name, address, and contact information, but also includes things like identification numbers, location data, online identifiers (such as IP addresses), and factors specific to your physical, genetic, mental, economic, cultural, or social identity.
5. What Information We Collect
We collect personal information directly from you whenever you engage with us, whether you are buying, selling, letting, renting, or enquiring about a property, or when you visit our website or correspond with us.
This may include:
- Full name and title
- Postal address, email address, and phone numbers
- Date of birth
- Proof of identity and proof of address (such as passport, driving licence, or utility bill)
- Details of any close connections you may have with our company (to manage potential conflicts of interest)
- Employment and occupation details
- Payment information, including bank account details
- Transaction history and property details
- Marketing preferences and communication choices
- IP address, website usage information, and device identifiers
Special category data (e.g., criminal conviction data) may also be collected where legally necessary, such as for anti-money laundering (AML) checks. In addition, depending on the service we provide to you or on your behalf, we may also collect: Buying, Selling, Letting, or Renting Property
If you are buying, selling, letting, or renting a property through us:
- We will collect your contact details to organise viewings, updates on offers, and tenancy applications.
- If you are buying a property, we may use your preferences to suggest suitable alternative properties.
- If you are selling or letting and are not the legal owner, we will collect documentation confirming your legal authority (such as Power of Attorney, Grant of Probate, or company authorisations).
- We will collect and verify identity documents to meet anti-money laundering (AML) and counter-terrorist financing obligations. This may include obtaining details for beneficial owners or persons with significant control where entities (companies, trusts, charities) are involved.
- If you are a landlord, we will collect your bank details to process rental income payments.
- We may collect and share relevant documentation with third parties involved in a transaction, such as solicitors, agents, or developers, where necessary and appropriate.
- If you inform us of specific access needs, we will collect this information to help find properties suitable for your requirements.
For tenants:
- We will collect details required for ‘Right to Rent’ checks (e.g., biometric residence permits, immigration status documents).
- We will collect your bank or similar account details for deposit handling and rent collection.
- We may collect identity documents to support fraud prevention, AML checks, or criminal record assessments where appropriate.
Property Management and Portfolio Services
If we manage property on your behalf:
- We may request emergency contact details to ensure we can reach you in urgent situations.
- Where we provide portfolio management services, we may share personal information with relevant third-party lenders, advisors, or contractors when necessary to manage your investments effectively.
- If you are a tenant in a property we manage, your personal information may be shared with the property owner where necessary, but only after balancing your rights and interests.
Where CCTV systems are installed at a managed property, your image may be captured and processed in accordance with applicable data protection laws.
Compliance with Legal Obligations
Where CCTV systems are installed at a managed property, your image may be captured and processed in accordance with applicable data protection laws.
6. How We Use Your Information and Our Legal Basis
We only use your personal information where we have a lawful basis under UK data protection law. The lawful basis we rely on depends on the nature of our relationship with you and the services we provide.
We use your personal information in the following ways:
Purpose | Examples of Use | Lawful Basis |
---|---|---|
To provide and manage property services (buying, selling, letting, renting) | Managing your sale, purchase, letting, or rental transactions; arranging viewings; liaising with solicitors and agents | Contract, Legal Obligation, Legitimate Interests, Consent (for marketing) |
To verify your identity and prevent financial crime | Anti-money laundering (AML) checks; ‘Right to Rent’ checks; fraud prevention | Legal Obligation |
To communicate with you | Sending service updates, responding to enquiries, arranging appointments | Contract, Legitimate Interests |
To manage client accounts and property portfolios | Managing financial transactions, collecting and paying rent, handling client instructions | Contract, Legal Obligation, Legitimate Interests |
To send you marketing communications | Providing information about similar properties, market updates, or events you may be interested in | Contract, Legitimate Interests, Consent (where required) |
To personalise and improve our services | Understanding your preferences to offer tailored property suggestions and communications | Legitimate Interests |
To comply with legal and regulatory requirements | Meeting obligations under laws and regulations such as the Proceeds of Crime Act and Money Laundering Regulations | Legal Obligation, Legitimate Interests |
To recruit and manage employees or contractors | Processing applications, contracts, payroll, compliance with employment law | Contract, Legal Obligation, Legitimate Interests |
To handle queries, complaints, and claims | Investigating complaints, resolving disputes, defending legal claims | Contract, Legal Obligation |
About Our Legal Bases
- Contract: We process your data to enter into or perform a contract with you.
- Legal Obligation: We process your data to meet our legal duties, such as compliance with AML legislation or ‘Right to Rent’ checks.
- Legitimate Interests: We process your data where it is necessary for our legitimate business purposes, provided these interests are not overridden by your rights. Our legitimate interests include improving services, maintaining accurate records, preventing fraud, and promoting our services.
- Consent: Where required by law (for example, to send you direct marketing by email), we rely on your freely given, specific, informed, and unambiguous consent, which you can withdraw at any time.
Legitimate Interests Explanation
Our legitimate interests include delivering tailored services, improving operational processes, marketing relevant properties or services, conducting internal research, preventing fraud, and maintaining IT and data security. We always carefully consider your rights and interests before relying on legitimate interests as a lawful basis and provide you with the option to object.
7. Who We Share Your Information With
We may share your personal information with trusted third parties where necessary to provide our services, to comply with our legal obligations, or to pursue our legitimate interests. We ensure that all third parties respect the security of your personal information and only process it in accordance with data protection law.
We may share your information with:
- Professional advisers: including solicitors, surveyors, accountants, tax advisors, and other property professionals involved in your transaction or instructed by you.
- Financial institutions and payment service providers: to process payments, collect rent, or hold tenancy deposits.
- Regulatory authorities and law enforcement agencies: including HM Revenue & Customs (HMRC), the National Crime Agency (NCA), and other regulators or authorities where required by law or in connection with the prevention and detection of crime.
- Anti-money laundering service providers: to verify your identity and fulfil our legal obligations under AML regulations.
- Property portals and marketing platforms: where necessary to advertise and promote properties for sale or rent (for example, property listing sites).
- Technology service providers: including IT systems, data storage, and customer relationship management platforms who help us deliver our services securely and efficiently.
- Other parties to a property transaction: including other estate agents, developers, landlords, sellers, purchasers, tenants, and their respective representatives.
- Auditors and compliance consultants: who help us ensure that our operations and practices meet regulatory standards.
- Third party contractors and suppliers: where required for property maintenance, management, or portfolio services.
Where we share information with third-party service providers, we require them to:
- Only use your personal data for specified purposes and in accordance with our instructions
- Protect the confidentiality and security of your information
- Comply with applicable data protection laws.
We do not sell, rent, or otherwise disclose your personal information to third parties for their own marketing purposes. If you would like further information about who we share your data with, please contact us using the details provided in Section 3.
8. Sharing Information Outside the UK
In the course of providing our services, we may transfer, store, or process your personal information outside of the United Kingdom (UK) and the European Economic Area (EEA).
This can happen, for example, where we use international technology service providers or marketing platforms whose data centres are based in other countries.
Where your personal information is transferred to a country that does not provide the same standard of data protection as the UK or EEA, we ensure that appropriate safeguards are in place to protect your rights and your personal data.
This can happen, for example, where we use international technology service providers or marketing platforms whose data centres are based in other countries.
Where your personal information is transferred to a country that does not provide the same standard of data protection as the UK or EEA, we ensure that appropriate safeguards are in place to protect your rights and your personal data.
We use one or more of the following safeguards:
- Adequacy Decisions: Where the UK government or European Commission has recognised a country as providing adequate protection for personal data, we may transfer data on this basis.
- Standard Contractual Clauses (SCCs): Where no adequacy decision exists, we put in place approved Standard Contractual Clauses with the recipient, ensuring that they protect personal data to the standards expected under UK data protection law.
- Binding Corporate Rules (BCRs): Where we transfer personal data within a corporate group, we may rely on Binding Corporate Rules approved by a data protection authority.
In particular:
- Some of our core systems and cloud platforms store your information within the European Union (e.g., Ireland, Germany, Netherlands, France).
- Some third-party service providers (such as cloud hosting, marketing, analytics, or communication providers) may store or process data in the United States. In such cases, transfers are safeguarded through Standard Contractual Clauses or participation in the EU–US Data Privacy Framework where applicable.
We take steps to ensure that your information remains protected wherever it is transferred, including carrying out risk assessments and entering into appropriate data sharing agreements.
9. How We Protect Your Personal Information (Data Security)
The security of your personal information is very important to us.
We have implemented measures designed to prevent unauthorised access, loss, misuse, or alteration of your data. These measures include, but are not limited to:
We have implemented measures designed to prevent unauthorised access, loss, misuse, or alteration of your data. These measures include, but are not limited to:
We use one or more of the following safeguards:
- Secure Client Management Systems: All client files and records are stored within secure client management systems. Access to these systems is restricted to individuals within UK Sotheby’s International Realty who require access for legitimate business purposes.
- Physical Security: Hard copy documents containing personal information are securely stored in locked cabinets within controlled office environments.
- Data Hosting Security: All digital data is hosted in data centres that have robust systems and protections in place to prevent unauthorised access and external threats. These data centres apply strict access controls, and access is limited to authorised personnel only.
- Access Controls and Staff Training: Access to personal information is restricted to employees, contractors, and approved third parties who need it to perform their job duties. All staff with access to personal information are given regular data protection and information security training.
We continually review and update our security policies and procedures to maintain high standards of information security and to respond to new threats as they arise.
While we take all reasonable precautions to protect your personal data, no security system is completely impenetrable. If you have any questions about the security of your data, please contact us using the details provided in Section 3.
While we take all reasonable precautions to protect your personal data, no security system is completely impenetrable. If you have any questions about the security of your data, please contact us using the details provided in Section 3.
10. How Long We Keep Your Information
We will only retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including to meet any legal, accounting, or regulatory requirements.
How long we retain your information will depend on:
- The type of personal information
- The purpose for which we use it, and
- Any applicable legal or regulatory requirements.
In determining appropriate retention periods, we consider factors such as:
- Our legal obligations (for example, under anti-money laundering laws or tax regulations)
- The potential risk of harm from unauthorised use or disclosure
- The nature, sensitivity, and volume of the personal information
- Whether we need to keep the information to exercise or defend legal claims
When it is no longer necessary to retain your personal information, we will either securely delete it or anonymise it so that it can no longer be associated with you.
If you would like more information about specific retention periods for different types of personal information, please contact us using the details provided in Section 3 of this Privacy Notice.
If you would like more information about specific retention periods for different types of personal information, please contact us using the details provided in Section 3 of this Privacy Notice.
11. Your Data Protection Rights
Under data protection law, you have a number of rights regarding your personal information. These include:
- Right to Access: You have the right to request copies of the personal information we hold about you, along with information about how it is used.
- Right to Rectification: You have the right to ask us to correct or update inaccurate or incomplete personal information.
- Right to Erasure (“Right to be Forgotten”): In certain circumstances, you have the right to ask us to delete your personal information.
- Right to Restrict Processing: You have the right to request that we restrict the way we use your personal information in certain circumstances.
- Right to Object to Processing: You have the right to object to our processing of your personal information where we rely on legitimate interests or for direct marketing purposes.
- Right to Data Portability: In some cases, you have the right to request that we transfer personal information you have provided to you or to another organisation.
- Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.
Please note that these rights are not absolute and may be subject to certain legal exemptions. We may need to verify your identity before responding to a rights request.
To exercise any of these rights, please contact us using the details set out in Section 3 of this Privacy Notice.
We aim to respond to all legitimate requests within one month. In some cases, particularly for complex requests, we may need additional time, and we will keep you informed.
If you are not satisfied with our response, you also have the right to lodge a complaint with the Information Commissioner’s Office (see Section 3).
We aim to respond to all legitimate requests within one month. In some cases, particularly for complex requests, we may need additional time, and we will keep you informed.
If you are not satisfied with our response, you also have the right to lodge a complaint with the Information Commissioner’s Office (see Section 3).
12. How to Complain
We take data protection and privacy concerns seriously and aim to resolve any issues promptly and fairly.
If you have any concerns about how we use your personal information or wish to make a complaint, you can contact us using the details provided in Section 3 of this Privacy Notice.
We ask that you give us the opportunity to address your concerns before you approach the Information Commissioner’s Office (ICO), but you are not required to do so.
If you are not satisfied with our response, or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the UK supervisory authority for data protection:
Information Commissioner’s Office (ICO)
Website: www.ico.org.uk/make-a-complaint
Helpline: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We encourage you to contact us in the first instance so that we can address your concerns directly.
13. Updates to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or how we handle your personal information.
Any significant changes will be communicated to you directly where appropriate, or by updating the version posted on our website.
We encourage you to review this Privacy Notice periodically to stay informed about how we are protecting your information.
This Privacy Notice was last updated on 28 April 2025.