Privacy

ELLIOT & HILL SURVEYORS – PRIVACY NOTICE 

Elliot and Hill Privacy Policy

ELLIOT & HILL ESTATES LIMITED – PRIVACY NOTICE 

(Updated for UK GDPR & Data Protection Act 2018) 

Last updated: 22 February 2026 

Elliot & Hill Estates Limited (“we”, “us”, “our”) is an estate agency operating in South Wales. We are committed to protecting your privacy and handling your personal information in a lawful, fair, and transparent way. 

This Privacy Notice explains: 

  • the types of personal information we collect; 
  • how and why we use it; 
  • who we share it with; 
  • how long we keep it; 
  • your rights under UK data protection law; and 
  • how to contact us. 

We are the “data controller” responsible for your personal information. 

 

WHO THIS PRIVACY NOTICE APPLIES TO 

This notice applies to the following groups: 

  • Vendors 
  • Purchasers 
  • Clients requesting surveys (e.g., property valuations, pre-purchase or condition surveys) 
  • Individuals who contact us with enquiries 
  • Individuals who register for marketing or property alerts 
  • Individuals who use our website 
  • Suppliers / contractors (e.g., builders, electricians) 
  • Individuals who engage with us via social media 
  • Visitors to our premises (if applicable) 

Where we refer to “you”, we mean anyone in the list above. 

 

OUR APPROACH TO PRIVACY 

We comply with: 

  • the UK General Data Protection Regulation (UK GDPR), 
  • the Data Protection Act 2018, and 
  • the Privacy and Electronic Communications Regulations (PECR) (covering cookies, electronic marketing, etc.). 

We ensure that: 

  • personal information is used lawfully, fairly, and transparently; 
  • it is collected for specific, legitimate purposes; 
  • it is kept secure and only as long as necessary; and 
  • you are able to exercise your data protection rights at any time. 

 

THE PERSONAL INFORMATION WE COLLECT 

We collect different information depending on who you are and what services you engage with. This may include: 

  • Contact details: Name, address, email address, telephone number. 
  • Identity verification: Photographic ID, proof of address (utility bill, bank statement), date of birth, nationality. 
  • Financial information: Bank details, proof of funds, mortgage status, salary and employment information, income and benefit information (where relevant). 
  • Property-related information: Property ownership details, property preferences, search criteria. 
  • Survey-related information (clients requesting surveys): Property details, access arrangements, previous survey reports, health and safety information for inspections. 
  • References and checks: ID checks, Anti-money laundering (AML) checks for vendors and buyers. 
  • Website usage & cookies: Information collected via cookies and analytics tools including Google Analytics 4, Google Ads conversion tracking / remarketing, Meta Pixel (Facebook). This may include IP address (pseudonymised), device IDs, browsing activity, and interaction data. 
  • Social media: Publicly available information (username, comments, posts) when you engage with our social media accounts. 

 

WHY WE USE YOUR PERSONAL INFORMATION AND LEGAL BASES 

We use your information only where we have a lawful basis under UK GDPR. 

Vendors 

Purposes include: 

  • Marketing your property 
  • Facilitating viewings, offers, negotiations, and contracts 
  • Passing your details to buyers and relevant third parties 
  • AML checks 
  • Legal compliance including anti-money-laundering and property legislation 
  • Internal administration and record keeping 

Legal bases: 

  • Performance of a contract 
  • Legal obligation (AML, tax, landlord legislation) 
  • Legitimate interests (efficient business operation) 

Purchasers 

Purposes include: 

  • Registering interest in properties 
  • Communicating updates and arranging viewings 
  • Confirming proof of funds 
  • Preparing and issuing memorandum of sale 
  • AML checks 
  • Internal administrative records 

Legal bases: 

  • Legitimate interests 
  • Legal obligation (AML) 

Clients Requesting Surveys 

Purposes include: 

  • Arranging property surveys or valuations 
  • Communicating survey findings and recommendations 
  • Coordinating access with vendors, purchasers, and contractors 
  • Internal administrative records 

Legal bases: 

  • Performance of a contract (if you have commissioned a survey) 
  • Legitimate interests (ensuring accurate property advice and safe inspections) 

Individuals Contacting Us With Enquiries 

Legal bases: 

  • Consent (where you submit an enquiry) 
  • Legitimate interests (responding efficiently) 

Marketing Subscribers 

We use your information to send property alerts, news, and promotions. 

Legal basis: 

  • Consent for email/SMS marketing (PECR) 
  • Legitimate interests for postal marketing to potential sellers where appropriate 

You may unsubscribe at any time. 

Website Users / Cookies 

We use cookies to: 

  • Analyse website usage (Google Analytics 4) 
  • Run marketing and retargeting campaigns (Google Ads, Meta Pixel) 
  • Improve website functionality 

Legal basis: 

  • Consent (non-essential cookies) under PECR 
  • Legitimate interests (essential cookies required for website functionality) 

Suppliers / Contractors 

We process contact and payment information to engage you and manage contracts. 

Legal basis: Contract performance & legitimate interests 

 

WHO WE SHARE YOUR PERSONAL INFORMATION WITH 

We may share your information with: 

  • Core property-related third parties: Buyers / sellers (as appropriate), surveyors, solicitors, mortgage advisors (where instructed by you), contractors (repairs, inspections, safety certificates), utility providers & local authorities, deposit schemes (if applicable). 
  • Referencing & AML partners: TBC (ID checks/AML checks for sales) 
  • IT and cloud service providers: Microsoft 365, OneDrive, SharePoint (may store data in the UK or internationally) 
  • Marketing partners: Email marketing platforms, analytics and advertising platforms (Google, Meta) 
  • Professional advisers: Our accountants, legal advisors, auditors 
  • Regulators & law enforcement: Courts, police, HMRC, ICO, National Trading Standards 

We never sell your personal information. 

 

INTERNATIONAL TRANSFERS 

Some of our technology providers (such as Microsoft, Google, Meta, and Alto) may store or process information outside the UK. 

Where this happens, we ensure that safeguards required under UK GDPR are in place, such as: 

  • UK adequacy regulations, or 
  • International Data Transfer Agreement (IDTA), or 
  • Addendum to EU Standard Contractual Clauses 

We also carry out transfer risk assessments where required. 

 

HOW LONG WE KEEP YOUR PERSONAL INFORMATION 

We retain information only for as long as necessary: 

Category 

Typical Retention Period 

Sales files (vendors/purchasers) 

7 years after completion 

Clients requesting surveys 

7 years after survey/report completion 

Enquiries 

Up to 12 months after last meaningful contact 

Marketing subscribers 

Until you unsubscribe 

Supplier/contractor records 

Duration of contract + 7 years 

 

SECURITY MEASURES 

We use a range of technical and organisational measures including: 

  • Role-based access controls 
  • Multi-factor authentication 
  • Encryption of devices and data in transit 
  • Secure cloud storage 
  • Staff training in data protection 
  • Secure destruction of records 
  • Regular monitoring of third-party processor security 

You can help by keeping passwords secure and never emailing bank details. 

 

YOUR RIGHTS 

You have rights under UK GDPR, including: 

  • Access to your data 
  • Correction of inaccurate data 
  • Erasure (“right to be forgotten”) 
  • Restriction of processing 
  • Portability 
  • Object to processing (including marketing) 
  • Withdraw consent at any time 
  • Not to be subject to automated decision-making 
  • Complain to the ICO 

To exercise your rights, contact us using the details below. 

 

WITHDRAWING CONSENT 

Where we rely on your consent (e.g., email marketing, cookies), you may withdraw it at any time by: 

  • Contacting us directly 

 

HOW TO CONTACT US 

Data Controller: 
Elliot & Hill Estates Limited 
4th Floor, 14 Museum Pl, Cardiff CF10 3BH, 

Email: info@elliotandhillestates.co.uk 
Telephone: 07972 022 631 

Data Privacy Manager: 
Abbie Anderson Evans, Director 
Email: abbie@elliotandhillestates.co.uk 

 

ACCESSIBILITY STATEMENT 

We make every effort to ensure that the website is accessible to as many people as possible, in compliance with W3C best practice accessibility guidelines. We aim to conform to the Web Content Accessibility Guidelines level 2. 

If you would like further information or are experiencing problems accessing the Elliot & Hill Estates website, please contact info@elliotandhillestates.co.uk 

 

CHANGES TO THIS PRIVACY NOTICE 

We may update this Privacy Notice periodically. Any significant changes will be posted on our website and, where appropriate, notified directly. 

 

BUSINESS SAFEGUARDS 

Elliot & Hill Estates LTD maintain the following business safeguards: 

  • A Professional Indemnity Insurance policy via Zurich Insurance Company Limited, 01/01/2026 to 30/05/2027 
  • Membership with The Property Ombudsman redress scheme, Elliot & Hill Limited membership number: T13669