Legal
Privacy Policy
Brecker Grossmith Limited · Last updated: June 2026 · Effective: June 2026
1. Who we are
This Privacy Policy explains how Brecker Grossmith Limited (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit breckergrossmith.co.uk, contact us, or use any of our services.
We are the data controller for the personal data we process about you. We are registered in England and Wales.
Registered address: 63 Wigmore Street, London W1U 1BQ
Telephone: 020 7486 3531
This policy is made under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all personal data we hold in any format.
2. What we collect
Depending on how you interact with us, we may collect the following categories of personal data:
- Identity data — your name, job title, and company name.
- Contact data — email address, telephone number, and postal address.
- Enquiry data — the details you provide when submitting a contact form, property enquiry, or client requirements form.
- Transaction data — details of services provided to you and payments made.
- Technical data — IP address, browser type, operating system, and pages visited, collected via cookies and analytics tools.
- Marketing preferences — your preferences for receiving communications from us.
We do not intentionally collect any special category data (such as health, ethnicity, or political views) through this website. Please do not include such information in any forms or correspondence unless we have specifically requested it.
3. How we use your data
| Purpose | Data used | Lawful basis |
|---|---|---|
| Responding to your enquiry or contact form | Identity, contact, enquiry data | Legitimate interests / Contract |
| Providing property management or agency services | Identity, contact, transaction data | Contract |
| Sending marketing emails about properties and services | Identity, contact, marketing preferences | Consent / Legitimate interests (soft opt-in) |
| Registering for and administering events | Identity, contact data | Consent / Contract |
| Improving website performance and user experience | Technical data (anonymised) | Consent (analytics cookies) |
| Complying with legal or regulatory obligations | Identity, contact, transaction data | Legal obligation |
| Accounting and tax record-keeping | Identity, contact, transaction data | Legal obligation |
We will only use your personal data for the purposes for which it was collected. If we need to use it for a materially different purpose, we will notify you and, where required, seek your consent.
4. Lawful basis for processing
Under UK GDPR, we rely on the following lawful bases:
- Consent — where you have actively opted in (e.g. newsletter sign-up or analytics cookies). You may withdraw consent at any time.
- Contract — where processing is necessary to perform a contract with you, or to take steps at your request before entering a contract.
- Legitimate interests — where processing is necessary for our legitimate business interests (e.g. responding to enquiries, soft opt-in marketing to existing clients), provided those interests are not overridden by your rights.
- Legal obligation — where we are required to process data to comply with a legal or regulatory requirement (e.g. HMRC record-keeping).
5. Cookies
We use cookies and similar technologies on this website. When you first visit, a cookie consent banner allows you to accept or decline non-essential cookies before any are set.
- Strictly necessary cookies — essential for the site to function. These are set automatically and cannot be declined.
- Analytics cookies — used by Google Analytics to help us understand how visitors use our site. These are only set with your consent.
- Functionality cookies — remember your preferences and settings (e.g. saved property shortlists).
You can change your cookie preferences at any time by clicking “Cookie settings” in the site footer, or by adjusting your browser settings. For full details, see our Cookie Policy.
6. Sharing your data
We do not sell your personal data. We may share it with trusted third parties in the following circumstances:
- Service providers — companies that provide services on our behalf, such as email broadcasting, website hosting, and CRM platforms. All such providers are subject to data processing agreements and must comply with UK GDPR.
- Professional advisers — solicitors, accountants, and insurers, where necessary.
- Regulatory authorities — where we are legally required to disclose information, for example to HMRC or law enforcement.
- Business transfers — if Brecker Grossmith is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you in advance.
We do not carry out third-party marketing on behalf of other organisations.
7. International transfers
Some of our third-party service providers (including Google Analytics) may process data on servers located outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as:
- The UK Government’s adequacy regulations for transfers to certain countries;
- Standard contractual clauses approved by the UK Information Commissioner’s Office (ICO); or
- Other lawful transfer mechanisms recognised under UK GDPR.
You may request details of the safeguards in place for any specific transfer by contacting us using the details in Section 13.
8. Retention periods
We keep personal data only for as long as necessary for the purpose it was collected, or as required by law.
| Data type | Retention period |
|---|---|
| Client / transaction records | 7 years after the last transaction (legal and tax requirement) |
| General enquiry data | 2 years from the date of enquiry, unless a business relationship develops |
| Marketing contact data | Until you withdraw consent or opt out, then retained on a suppression list only |
| Analytics / technical data | Up to 26 months (standard Google Analytics retention) |
When data is no longer needed we securely delete or anonymise it.
9. Your rights
Under UK GDPR you have the following rights regarding your personal data. To exercise any of them, please contact us using the details in Section 13. We will respond within one month of receiving your request (we may ask you to verify your identity first).
Right to be informed
To know how and why we use your data — this policy fulfils that obligation.
Right of access
To receive a copy of the personal data we hold about you (a Subject Access Request).
Right to rectification
To have inaccurate or incomplete data corrected.
Right to erasure
To ask us to delete your data where there is no valid reason to keep it.
Right to restrict processing
To ask us to pause processing of your data in certain circumstances.
Right to data portability
To receive your data in a machine-readable format where processing is based on consent or contract.
Right to object
To object to processing based on legitimate interests or for direct marketing (an absolute right for marketing).
Automated decision-making
To not be subject to decisions made solely by automated processing that significantly affect you. We do not carry out such processing.
How to complain
If you are unhappy with how we have handled your data, please contact us first so we can try to resolve your concern. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time:
ico.org.uk/make-a-complaint · Telephone: 0303 123 1113
10. Children
Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.
11. Third-party links
Our website contains links to third-party websites (including our social media profiles on LinkedIn and X/Twitter). Clicking these links takes you away from our site and this policy does not apply to those destinations. We encourage you to review the privacy policy of any external site you visit.
12. Changes to this policy
We review this Privacy Policy at least annually and update it whenever there is a material change to how we process personal data. The “Last updated” date at the top of this page indicates when it was most recently revised.
For significant changes, we will notify you by email (if you are on our mailing list) or by placing a prominent notice on our website prior to the change taking effect.
13. Contact us
For any questions about this policy, to exercise your data rights, or to make a Subject Access Request, please contact us by any of the following means:
We may ask you to provide two forms of identification (e.g. passport, driving licence, or utility bill) before we can process requests that require us to confirm your identity.
