Heliodoor Property Consultants

Menu
Menu

Privacy Policy

Data Protection and GDPR Policy

Last updated November 2025

1. Purpose

This policy sets out how Helidoor Property Consultants hereafter referred to as “Heliodoor Ltd” complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting the rights and freedoms of individuals whose personal data we collect and process in the course of providing estate agency services.

2. Scope

This policy applies to all personal data processed by Helidoor Ltd whether in electronic or paper format, including data relating to:

  • Clients (sellers, landlords, buyers, tenants)
  • Contractors, suppliers, and partners
  • Prospective clients
  • Employees and associates (if applicable)

 

3. Definitions

Personal Data – any information that identifies or can identify an individual.

Special Category Data – sensitive data requiring extra protection (e.g. health data, ethnicity).

Processing – any operation carried out on personal data (collection, storage, use, sharing, deletion).

Data Subject – the individual whose data is being processed.

Controller – Heliodoor Ltd is responsible for determining the purposes

and means of processing.

4. Data Protection Principles

We comply with the six principles of UK GDPR. Personal data will be:

  1. Processed lawfully, fairly, and transparently.
  2. Collected for specified, explicit, and legitimate purposes.
  3. Adequate, relevant, and limited to what is necessary.
  4. Accurate and kept up to date.
  5. Retained only as long as necessary.
  6. Processed securely.
  7. Lawful Basis for Processing

 

We process personal data on one or more of the following legal bases:

Contract: to perform our obligations under contracts with clients.

Legal Obligation: compliance with Anti-Money Laundering (AML) and financial regulations.

Legitimate Interests: to operate and promote our services.

Consent: for specific marketing communications (where required).

6. Categories of Personal Data Collected

We may collect and process:

  • Contact details: name, address, telephone, email.
  • Identification documents (for AML compliance).
  • Financial details (bank statements, proof of funds).
  • – Property details.
  • Communication records.

We do not routinely collect Special Category Data. Where such data is provided (e.g. accessibility needs for property viewings), we will obtain explicit consent and

process only where necessary.

7. Data Subject Rights

Data subjects have the following rights under UK GDPR:

  • Right to be informed.
  • Right of access to their data.
  • Right to rectification of inaccurate data.
  • Right to erasure (where applicable).
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing.
  • Rights in relation to automated decision-making (not applicable to our services).

 

Requests should be made in writing to hello@heliodoor.co.uk. We will respond within one calendar month.

8. Data Sharing and Disclosure

We may share data with:

  • Professional bodies (e.g. Property Redress Scheme, The Property Ombudsman, HMRC,).
  • Third-party service providers (e.g. conveyancers, surveyors, referencing agencies).
  • Regulators and law enforcement, where legally required.

We will not sell or transfer personal data for marketing purposes without consent.

9. Data Retention

AML records: minimum of 5 years.
Transaction files: 6 years.
General enquiries: up to 2 years.
Marketing data: until consent is withdrawn.

At the end of the retention period, data will be securely deleted or destroyed.

10. Security Measures

We apply appropriate technical and organisational measures to keep data secure,

including:

  • Strong password protection and access controls.
  • Secure cloud storage and encryption of sensitive files.
  • Locked storage for paper files.
  • Regular reviews of data access.

11. Data Breaches

A personal data breach is any unauthorised access, loss, or disclosure of personal data.

All breaches will be recorded in a Data Breach Register.

Serious breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours.

Where required, affected individuals will be notified promptly.

12. Responsibilities

The Data Controller is Leah Musana of Heliodoor Ltd  who is responsible for overall compliance.

All contractors, associates, or staff must follow this policy.

13. Policy Review

This policy will be reviewed annually or earlier if there are significant changes to

legislation or business practices.