Data Protection

Incorporating General Data Protection and
Money Laundering Regulations

What regulations do Marsh and Marsh Properties apply to data?

  • Marsh and Marsh Properties comply with the Data Protection principles currently in force.  The last update at the time of updating this document was General Data Protection Regulations 2018 (GDPR) 25th May 2018.
  • We may update this document periodically and the latest version will be posted on to our website, at which point any changes will be immediately effective.
  • We collect information for legitimate business reasons with an aim of providing a good and fulsome service and always aim to store the information in line with legal requirements.
  • As a result of this all new contracts with “Selling” customers will include a “tick-box” to opt-into the retention of information. In relation to buyers, there is a need to accept that without information we would not be able to provide the service to which you have contacted us – the details of which for both seller and buyer is explained below.
  • This document is meant as a jargon free explanation of how we try to do our best to provide a good service whilst also being secure with the information and data we hold about you.

Where do we hold collected data?


  • Our main system, which enables and manages the processing of Sales & Purchases and also monitors income and expenditure – for the purposes of accounting.
  • Historical & backup of the main system – these are deleted on a rolling FIFO basis and no more than 40 historical copies are held.
  • Individual House Sale files for example, copies of identity checks (e.g. driving licence/utility bill) – these are retain for 5 years
  • Email correspondence between individuals connected with the house sales – these are deleted from our email server on a regular basis to avoid exceeding capacity – generally holding no more than 2 years of information
  • Phone calls are automatically recorded and at intervals stored on our internal systems and backup systems. These are deleted after a period of two years.


  • Individual House Sale files for example, copies of utility bills used in identity checks – this includes Names, Addresses, Phone number, Email Address and Offer amounts.

What data do we not hold?

  • We do not collect IP addresses, we do not hold customer account information (unless provided as a by-product of performing the Money Laundering information checks).  We hold information only for the benefit of Customers who are involved in buying and selling properties so that the viewings and the conveyance process is effective.
  • Nor do we as a Company hold nor use Cookies.

Where is data stored?


  • Data is held internally within the office on a private server (external hard drive).  This drive can be accessed via internal computer systems which is restricted by password protection. The drive itself is also password protected for additional security should attempt be made to access the data via a non-authorised computer.  The office is locked overnight and alarmed for security.
  • Data is backed up to an off-site location (for security should the office ever have for example a fire).  This location is locked overnight and is also alarmed when unoccupied for additional security.


  • Information is stored in paper format in the relevant house file.  This is held to facilitate house sales/purchases.  The paper files are stored in a lockable cabinet – except when they are being processed – when they will be on the desk in the office which is locked and alarmed overnight.

Where is data accessed?

  • Data/information is accessed and managed within the office except where emails are picked up via mobile phones and actioned quickly for the benefit of the Customer.

How is data held securely?

  • We take appropriate and reasonable steps to keep your data secure by means of physical protection, passwords, anti-virus protection and staff training and the locking and alarming of facilities (over night).

Who accesses data?

  • Staff with the relevant permissions have access to data in order to effectively run the business.  All our computers are password protected.

Where is data/information collected?


  • Enquiries about houses for sale are received via face to face, phone calls and emails the information generally collected at this point will need to be Name, Phone number & or Email address, preferred viewing time details and the viewers position on the house market.


  • When a Customer requests that we attempt to sell their house we will need to hold general contact details (Address, Phone Number(s) and Email Address) and specific details about the house.  Where we perform viewings ourselves then we will also need to hold the property access key/code – these are stored within a lockable cabinet within the office which is locked and alarmed overnight.  There is a need also to collect identification details of all sellers of the property to satisfy Money Laundering regulations.


  • As with Sellers, there is a need to collect identification details of all buyers of the property to satisfy the governments Money Laundering regulations.
  • Additionally, to prove that the buyer has the ability to purchase at the agreed price, we need to validate funds available to the buyer.  This can take a variety of forms, for example:
  1. Mortgage Offer/Mortgage in Principal
  2. Investments
  3. The buyers own agreed house sale price (generally provided by their Estate Agent in the form of a Memorandum of Sale to the owner)
  4. The buyers current outstanding mortgage amount (when used in conjunction with the above Memorandum of Sale – this provides the remaining Equity in the property)

  Money Laundering regulation data

  • As a minimum requirement the government request that we:
  1. complete customer due diligence on all customers and beneficial owners before entering into a business relationship or occasional transaction
  2. complete due diligence on the other party to the property sale
  3. have procedures to identify those who cannot produce standard documents, for example, a person not able to manage their own affairs
  4. identify and verify a person acting on behalf of a customer and verify that they have authority to act for example, someone acting on behalf of a limited company or trust
  5. apply enhanced due diligence to take account of the greater potential for money laundering in higher risk cases, including when the customer is not physically present when being identified, and in respect of politically exposed persons
  6. apply customer due diligence, when you become aware that the circumstances of an existing customer relevant to their risk assessment has changed
  7. not deal with certain persons or entities if you cannot carry out customer due diligence, and consider making a suspicious activity report
  8. have a system for keeping copies of customer due diligence and supporting records for a period of 5 years from the end of a business relationship
  • In most instances the initial requirement is to prove identification of the individuals linked with the transaction.  To do this we require to see “photographic” identification (for example a Passport or Driving licence and when these are not held, an age driven Bus Pass is acceptable) and a recent (within the last 3 months) official document displaying your current correspondence address – for example a utility bill, mortgage statement or local council tax bill.

Where is data/information sent and why?

  • Information is used to create the Memorandum of Sale for each house sale.  This is sent to both the Sellers and the Buyers solicitors and contains information relating to both the seller and buyer (namely – their full names, correspondence address, email address and phone numbers and the amount offered for the house).  Without this information the solicitors would find it difficult to begin the process of the sale/purchase.
  • Information of individuals relating to the sale/purchase may be passed between estate agents linked with the chain associated with the sale of the house.  This is so that estate agents, solicitors and customers may know the complexity of the chain of houses involved within the sale/purchase cycle.  Restriction of the release of this information would delay the house sale/purchase process by hindering the understanding of how the chain associated with a sale/purchase was progressing.
  • Phone numbers and contact details may be passed onto; Domestic Energy Assessors, Surveyors and Mortgage Brokers – these only occur after a request directly from the Customer in relation to the property they are selling/buying.  Information passed on in these circumstances will be contact details Name, Address, Phone Number & Email Address.  Restriction of this information would mean that certain legal and necessary/beneficial roles could not be conducted.
  • Viewing information may relate to geographic areas covered by an Independent Consultant working under the banner of Marsh and Marsh Properties, it is necessary to forward these requests verbally or electronically to the relevant Consultant for their action and processing. Independent Consultants maintain their own data/information and must have their own Data Protection and Anti Money Laundering policy.  However, as the Independent Consultants are working in collaboration with Marsh and Marsh Properties staff, who fulfil the administration of house sales/purchases there is data similar to that already explained that is maintained for buyers and sellers in both paper and electronic media.  Restriction of passing information onto an Independent Consultant working with Marsh and Marsh will result in no viewing for the said property to be arranged.
  • If we are requested by law, we reserve the right to communicate such personal information as we hold to third parties which seek its disclosure.

Maintaining accuracy of data or Removing data

  • Should any Customers personal information alter and that Customer want their data updating, we would be pleased to amend records accordingly.
  • You have a right of access to your personal data that we hold and can have any inaccuracies corrected.  This can be obtained by completing a Subject Access Request (SARS) and providing proof of your identity.  This should be forwarded for the attention of Jonathan Marsh (or in his absence Samuel Marsh) at Marsh and Marsh Properties, Brooke House, Brooke Green, Hipperholme, Halifax HX3 8ES.
  • Customers also have a right to request that they are “forgotten” from our data and files (in effect delete and destroy Customer information).  The Company will comply with this 100% except where we are obliged by law to retain information for a minimum period.

General Improvements

We acknowledge that no process is perfect and can always be enhanced – we are willing to improve.  If any person, Buyer or Seller, identifies any flaws in our system, methods or approach, we will be pleased to listen and apply improvements for the benefit of each and every Customer.  Thank you.