Privacy Policy

Privacy and Security Policy

Our privacy policy explains how and why we collect, store, use and share personal information. It also explains your rights in relation to your personal information.

What is personal information?

Information relating to an identified or identifiable individual is personal information”.

Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation is special category personal information”.

Who we are

We, us, our refers to Derrick Wade Waters Ltd trading as Derrick Wade Waters and DWW Design. When we collect, store and use personal information we are subject to the General Data Protection Regulation as the controller of that personal information.

Personal information we collect

We may collect and use the following personal information:

  • Your name and contact information, including email address and telephone number and, if appropriate, company details;
  • Information to enable us to check and verify your identity;
  • Information to enable us to undertake credit or other financial checks on you;
  • Financial and other relevant information where you are a potential purchaser, lessee or assignee of property we are marketing on behalf of clients;
  • Information on your rent, service charge and other payments due under leases or otherwise where you have an interest in property managed by us on behalf of our clients.

Personal information is required to provide services to you. If you do not provide personal information we ask for, it may delay or prevent us from being able to do so.

How we collect personal information

We will collect personal information directly from you in person, by telephone, text or e-mail and via our web site.

We may also collect information from publicly accessible sources, or directly from a third party, or from a third party with your consent, or from our IT systems, including our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems. We do not use cookies on our website.

How we use personal information

Under data protection law, we can only use your personal information if we have a lawful reason for doing so. This can be:

  • To comply with our legal and regulatory obligations;
  • For the performance of our contract with you or to take steps at your request before entering into a contract;
  • For our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests; or
  • Where you have given consent.

Our lawful reasons for using personal information

  • To provide you with services;
  • To prevent and detect fraud against you or us;
  • Where necessary to conduct checks to identify our customers and verify their identity;
  • Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business;
  • Ensuring business policies are adhered to, for example, policies covering security and internet use;
  • Operational reasons, such as improving efficiency, training and quality control;
  • Ensuring the confidentiality of commercially sensitive information;
  • Statutory returns;
  • Ensuring safe working practices, staff administration and assessments;
  • Marketing our services;
  • Credit reference checks via external credit reference agencies.

Use of special category personal information

We do not collect or store special category personal information.

Marketing or promotional communications

We may use your personal information to send you updates (by e-mail, text message, telephone or post) about our services.

We have a legitimate interest in processing your personal information for marketing or promotional purposes, so we usually do not need your consent. However, where consent is needed, we will ask for consent separately and clearly.

You have the right to opt out of receiving marketing or promotional communications from us at any time.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

How we share personal information

We will share personal information with:

  • Third parties we use to help deliver our services to you and run our business;
  • Credit reference agencies;
  • Our insurers and brokers;
  • Our banks;
  • Our clients, their professional advisers and bankers where you provide us with information as a potential purchaser, lessee, assignee of property we are marketing on their behalf;
  • Our clients, their professional advisers, bankers and debt recovery agents where you are a tenant or otherwise have an interest in properties managed by us on their behalf.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you. We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

Where we store personal information

Information may be kept at our offices, and those of our service providers.

How long we retain personal information

We will retain your personal information while we are providing services to you.

After that, we will keep your personal information for as long as is necessary to respond to any questions, complaints or claims made by you or on your behalf; to show that we treated you fairly, and to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy.

Transfer of personal information out of the EEA

We will not share your personal information outside the European Economic Area (EEA).

Your rights under data protection law

You have the following rights under data protection law:

  • The right to be provided with a copy of your personal information (the right of access);
  • The right to require us to correct any mistakes in your personal information;
  • The right to require us to delete your personal information in certain circumstances;
  • The right to require us to restrict processing of your personal information in certain circumstances;
  • The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain circumstances;
  • The right to object at any time to your personal information being processed for direct marketing (including profiling); and in certain other situations to our continued processing of your personal information;
  • The right not to be subject to automated individual decision-making.

If you would like to exercise any of your rights, please contact us.

How we keep personal information secure

We have appropriate security measures to prevent personal information from being lost or used or accessed unlawfully. Only those who have a genuine business need to access personal information can see it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures to deal with a suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to contact us

If you have any questions or concerns about use of personal information, please contact our Data Protection Officer by email at, or by post to Derrick Wade Waters Field House Station Approach Harlow CM20 2FB.

How to make a complaint

We hope that our Data Protection Officer will be able to resolve any questions or concerns you may have about use of your information.

The supervisory authority for data protection complaints in the UK is the Information Commissioner who may be contacted at their website:, or by telephone on 0303 123 1113.