- GOTO Group takes data protection seriously.
- We keep to a minimum the information we hold about you
- We use your data to provide our services to you, meet our legal obligations, and improve our website
- We delete your data when it is no longer needed for these things
- You have privacy rights as an individual
- We are happy to talk to you about how we process and protect your data
- If you did not provide us with your data directly, then it was passed to us by one of our introducers and you gave explicit, opt in consent for them to provide us with the information at that time, and for us to telephone or email you to provide a service to you.
What data we hold
As one of our customers, we will hold the following personal information about you for the length of time that we consider you to be an existing customer:
- The information that is needed to fulfil our contract with you. This will be your contact details (we need to know who you are) and any delivery detail you gave us. Also, because you need to pay for the service, we have your payment details purely for the length of time of the transaction.
- If you require quotes for the services we offer, we will also hold the address of your new home.
- If you are a mortgage customer then we hold additional financial and historical contact details that you will have provided to us.
- If you are an auction or reservation fee option customer who is buying a property, we also hold information provided by you to establish your source of funds.
- Because you are an existing customer, we will contact you from time to time to let you know about our goods and services that may be of interest to you. There will always be an option for you to unsubscribe from these mails.
- If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom.
- Technical personal data is also captured if you use the website
Details of the technical personal data that we process if you use our website is below:
- We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
- Some of our websites, like many others, use Google Analytics, a web analytics tool provided by Google to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.
Using Your Information
We use your contact and financial information to maintain our side of the contract with you (providing quotes and providing services to you.)
We also hold contact details to let you know about other services we offer that we think will be of interest to you. We do this because we think you would benefit from this, and we might too. We will always give you the option to opt out of receiving marketing emails from us and if you do that we promise we won’t send you marketing emails again.
If you visit our website then we use the logs from our servers to assist in our firm”s security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).
The basis for processing this is that have legal and regulatory obligations to protect our supplier and their information. When used for strategy planning, we do this under legitimate interest.
Transfers of your data
We do not transfer or process data outside the European Economic Area or other countries deemed to have inadequate protection of data by the EU.
As a customer, depending on the service you have requested from us, we will pass your contact details to the relevant third party. We will let you know at the time who this third party is, but we have confirmed that all our third parties meet the requirements of EU data protection laws.
For example, for auction and reservation Fee option customers, we may need to pass on your Anti Money Laundering (AML) Report and/or any supporting documents you have provided to us such as proof of ID, bank statements to Estate Agents involved and solicitors involved in the transaction so they can assist in progressing/completing the transaction in accordance with our agreement with you. We rely on performance of our contract with you as our lawful basis.
- The GOTO platform is hosted on a widely-used and recognised secure cloud platform.
- Access to the GOTO platform is controlled by an industry standard Authentication mechanism. With the exception of a handful of anonymous pages (such as the Login page), all areas of the system are protected by requiring Username and Password authentication.
- If a user attempts to access the system with a login/password combination that does not exist in our database, they will not be authenticated and thus refused access.
- The GOTO platform employs a role-based authorisation system. Logged in users are assigned permissions according to their role and are only permitted to view pages pertinent to that role.
- All user interaction with the GOTO System is logged to facilitate security auditing.
Email and Office Documents
- Emails and office documents are hosted and managed on a widely-used and recognised secure cloud platform.
- Access to items is limited to users who have been authenticated by a login/password mechanism.
- Access to emails and documents is further restricted according to role. Logged in users are only permitted to view emails and documents pertinent to their role.
- Geographic restrictions are used where appropriate, for example to prevent access to documents by users who are off-premises.
- Platform, email and document servers are maintained in a secure cloud environment as already stated. Administration access to the cloud environment is restricted to a small number of trusted users and limited by a recognised login/password mechanism.
- Administration access to cloud platforms is logged.
- Specialised servers (such as the server which maintains call recording for example) are hosted on premises.
- On-premises servers are only accessible by a small number of trusted users whose access is limited by a recognised login/password mechanism.
- Access to laptops is limited to company staff, each of which has their own unique set of login credentials.
- Laptops are centrally managed from the secure cloud platform (i.e local accounts are not used at all). This allows access to the device to be disabled from a central location in the event that the laptop is lost for example.
- Geographic restrictions are in place for laptops which are used in secure areas. Such laptops do not have access to the GOTO platform, emails or documents outside of company premises.
If you have particular security requirements, please call us to discuss how we can support you.
Phone calls to and from our offices are recorded to ensure we are dealing with our clients in the manner that they expect. These recordings are therefore processed under legitimate interest when used for training and quality purposes. It may also be necessary to share recordings with governing regulatory bodies where we have a legal obligation to do so. If you don’t want your call to be recorded, just let us know at the beginning of the phone call.
You have lots of rights in respect of our processing of your personal data. The relevant rights are:
- Request a copy of your personal data and information about our processing of it
- Request that we delete information on you if we do not need to hold it
- Request that we correct any personal data that we hold on you
- Request that we stop processing your data, for certain things, eg marketing although we can still hold it
- Request that we move your data to another organisation’s IT system electronically
- The right to withdraw consent
If you want to exercise any of these rights, please just contact us on email@example.com
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here:
If you want to talk to us about this, email us at firstname.lastname@example.org