Privacy Policy

This Privacy Notice applies to all individuals whose personal data we hold, except for current or former employees, workers, individual contractors, or job applicants.

This Notice covers, but is not limited to, the following categories of individuals:

• Clients and customers
• Suppliers and contractors
• External professionalsand consultants we engage while acting on behalf of our clients
• Visitors to our website
• Journalists and visitors to our offices or events
• Individuals contacting us, including those:
  • Seeking or providing services
  • Making media or press inquiries
  • Communicating on behalf of another organization in a professional capacity
• Individuals whose contact details have been shared with us for marketing or networking purposes (e.g., through business card exchanges at events)
• Individuals whose personal data is shared with us by third parties

Personal data, or personal information, refers to any information relating to an individual that enables that person to be identified.

We may collect, store, and use some or all of the following categories of personal information about you:

• Contact details such as your name, title, address, telephone number, email address, and other business-related contact information
• Date of birth
• Gender
• Marital status and information about dependants
• Bank account or payment details
• Identification documents and other personal information necessary to verify your identity for “know your client” (KYC) and anti-money laundering (AML) purposes (e.g., passports, driving licences, utility bills)
• Details included in invoices submitted by contractors and suppliers
• Information relating to your use of our IT and communication systems—including, where applicable, any personal use—such as data about your personal devices when accessing our Wi-Fi, website, or client portals
• Photographs or images if you attend our events
• Records of visits to our offices, including CCTV footage (as provided by building management)
• Publicly available or shared information (e.g., online profiles, interests, or activities) that may support networking at our events
• Any other personal information that you, or a third party, provide to us in connection with a matter on which you or one of our clients has instructed us

We may also collect, store, and use certain sensitive personal data—also known as Special Categories of personal data—when voluntarily provided by you. This may include:

• Racial or ethnic origin, religious or philosophical beliefs, political opinions, or sexual orientation
• Trade union membership
• Health-related information, including medical conditions or sickness records
• Details of criminal convictions and offences, where permitted by law and subject to appropriate safeguards (see below for more detail)

How We Collect This Information:

We may collect personal data through:

• Information you provide to us directly
• Data automatically collected via our website or client portals
• Information shared with us by third parties, including:
  • Clients
  • Individuals we communicate with on behalf of clients
  • Public relations agencies and media partners
  • External databases to which we subscribe
  • Other relevant third parties

How do we use this information ?

Depending on your relationship with us, we may use your personal data for purposes including (but not limited to):

• Delivering our professional services to you
• Managing your use of our website, portals, or online resources
• Issuing invoices, maintaining financial records, collecting payments, and processing payments to you
• Providing services to our clients, which may involve your data
• Supporting the delivery of your services to us (as a supplier, contractor, or professional partner)
• Communicating with you about our services, events, or legal updates that may be of interest to you
• Responding to your inquiries, including those submitted through our website
• Conducting marketing and client relationship management activities, including market research
• Administering, maintaining, and improving our website and digital services
• Managing media and public relations, including press releases and event invitations,
• Complying with applicable laws and regulatory obligations
• Negotiating and managing contractual terms with clients, suppliers, and other stakeholders
• Conducting identity, credit, immigration, and other due diligence checks where relevant
• Managing our internal business operations, including planning, auditing, and reporting
• Reviewing the nature and progress of our business relationships, including performance assessments
• Investigating and managing complaints and disputes
• Handling matters related to the extension, renewal, or termination of business relationships
• Detecting and preventing fraud or unlawful activity
• Ensuring network and information security, including safeguarding against unauthorised access or malware
• Performing data analytics to assess website usage and service efficiency
• Fulfilling obligations to the regulatory bodies (domestic and international)
• Implementing emergency contact procedures and business continuity plans
• Responding to any specific request made by you

Please note that some of these purposes may overlap, and there may be multiple lawful bases justifying our use of your data in a given context.

In certain circumstances, we may process your personal information without your knowledge or consent, where permitted or required by applicable law.

Special Categories of personal data—such as information relating to your health, race, or beliefs—are subject to enhanced protection under data protection laws. We may process such data only in specific circumstances, including:

• Where you have given your explicit written consent
• Where processing is necessary in connection with legal proceedings, including prospective legal claims, obtaining legal advice, or for the establishment, exercise, or defence of legal rights
• Where processing is required for reasons of substantial public interest
• Where processing is necessary for preventive or occupational medicine purposes, including assessing your working capacity
• Where processing is necessary to protect your vital interests or those of another person, and you are unable to give consent
• Where the information has been manifestly made public by you

How We Use Special Categories of Personal Information

We may process Special Category personal data, where permitted, for the following purposes:

• To provide our services and related information to you, including through our website
• To deliver services to a client where your data is involved
• To support your provision of services to us
• To respond to your inquiries, including requests made through our website regarding our team or services
• To comply with legal or regulatory obligations
• To collect evidence and investigate matters involving concerns or disputes
• To comply with the requirements of domestic or international regulatory bodies
• To respond to a specific request made by you

We will only process information concerning criminal convictions where permitted by law. In most cases, this will be where it is necessary to meet our legal or regulatory obligations—such as complying with anti-money laundering or anti-fraud requirements.

In limited circumstances, we may also process this type of information where it is required for the establishment, exercise, or defence of legal claims; to protect your vital interests (or those of another individual) if you are unable to provide consent; or where you have publicly disclosed the information yourself.

The General Data Protection Regulations (GDPR) provides protection for individuals against the risk that a potentially damaging decision is made about them without human intervention.

This right allows you (in certain circumstances):

to object to the Company making significant decisions about you where the decision is completely automated;

to access information about the reasoning behind any automated decision taken about you;

to ask the Company to reconsider a decision taken about you by automated means.

Automated decision-making refers to a decision made without any human involvement.

Profiling means your personal data is used for analytical purposes or to predict things.

Profiling can occur in some automated decision making.

You have the right:

• Not to be subject to a decision that is based solely on automated processing if the decision affects your legal rights for example
• To understand the reasons behind decisions made about you by automated processing and the possible consequences of the decisions
• To object to profiling in certain situations, including for direct marketing

When you cannot object to automated decision-making:

You cannot object to automated decision-making when it is:

• necessary for entry into, or the performance of, a contract with you
• required or authorized by law
• based on your explicit consent

When you will be told if automated decisions are made about you:

• When automated decisions are made about you, you have the right to be told:
• that our processing activity involves automated decision-making
• the logic involved and the likely consequences of the processing for you
• what measures and safeguards we’ve implemented to protect your privacy
• how to challenge or ask for a review of a decision

We do not require your consent to process your personal data where we rely on an alternative lawful basis for processing and in accordance with the UK General Data Protection Regulation (UK GDPR). Where we do seek your consent, we will provide you with clear and comprehensive information regarding the nature of the data to be processed and the purpose(s) for which it is required, to enable you to make an informed decision.

You are under no obligation to provide consent, and any such request will not be a condition of any contractual relationship with us. Where consent is provided, you retain the right to withdraw it at any time, without detriment, by contacting our Data Privacy Officer.

Right of Access – (commonly referred to as a “data subject access request”). This right entitles you to obtain a copy of the personal data we hold about you, as well as information regarding the purposes for which it has been collected, how it has been used, and with whom it has been shared.

Right To data Portability – In specific circumstances, where the processing of your personal data is founded on your consent or the performance of a contract, you have the right to request that LFREP transmits your personal data directly to another organisation, provided that such transmission is technically feasible.

Right Of Erasure  – If you wish for us to no longer retain or process your personal data, you may request that we erase it. However, please note that we may be required to retain certain personal information to comply with legal or regulatory obligations.

For marketing purposes, should you request to opt out, your details will be added to our suppression list to ensure that you are not contacted in the future, particularly if you are identified as a prospective client.

Please be aware that under the GDPR, this right to erasure applies only where the processing is based on consent which has been withdrawn, or in cases where the data is no longer necessary, is irrelevant, excessive, outdated, unlawfully processed, or where we do not have a legal basis to retain it.

Right to Rectification – If you believe that any personal information we hold about you is inaccurate, please notify us. We are dedicated to ensuring that all personal data we maintain is accurate, relevant, and up to date, and we will take prompt action to verify and rectify any discrepancies.

Right to Restrict Processing – You have the right to request the suspension of the processing of your personal data under certain circumstances, such as when you dispute the accuracy of the information or raise concerns about how your data has been handled. Generally, any restrictions imposed will remain in effect for a limited period while we verify the accuracy of the data or assess the legitimate grounds for its processing.

Object to processing of your personal data  – Under applicable privacy laws, including the UK GDPR, you have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis for processing. Additionally, you have an absolute right to object to the processing of your personal data for direct marketing purposes.

These rights may be limited in some situations, such as where we can demonstrate that we have a legal requirement or compelling  legitimate grounds to process your personal data.

How you exercise these rights:

Any request in relation to any of the above rights should be directed to the Data Privacy Officer at dpo@lfrep.com

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.

We may share your personal data with third parties—including service providers and affiliated entities—where this is required by law, necessary to manage our relationship with you, or where we have a legitimate interest in doing so.

Where personal data is shared, we ensure that those third parties implement appropriate security measures and process your data solely for the purposes specified and in accordance with applicable data protection legislation.

We may also disclose personal information to a range of third parties, where necessary, including but not limited to the following categories:

• Our professional advisers, such as legal counsel, accountants, and consultants.
• Government bodies and regulatory authorities.
• Insurers, including providers of professional indemnity and other relevant insurance coverage.
• Regulatory, tax, or corporate registry authorities.
• External service providers to whom we outsource certain functions, such as document processing, IT systems and support, software solutions, and data storage.
• Third parties involved in the delivery of legal or related services to our clients, document review platforms, and subject-matter experts such as tax advisors or valuers.
• Providers of data analytics and client insight services
• Postal and courier services assisting with the delivery of marketing materials or documents related to our services.

We have implemented appropriate security measures to protect your personal information from accidental loss, unauthorized access, use, alteration, or disclosure.

Our staff are required to adhere to a comprehensive Data Protection Policy, and they receive regular training to ensure they understand their responsibilities in safeguarding your personal data. Employees are made aware that any misuse of personal data may result in disciplinary action.

Additionally, we have established procedures to address any suspected data security breaches and will notify you and any relevant regulatory authority of such breaches where required by law.

We aim to retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including compliance with professional regulations, insurance requirements, business practices, and any applicable legal, accounting, or reporting obligations.

When determining the appropriate retention period, we take into account factors such as the volume, nature, and sensitivity of the data, the potential risks associated with unauthorized use or disclosure, the purposes for which the data is processed, and whether those purposes can be achieved by other means.

If you require further details regarding our data retention practices, please contact us atdpo@lfrep.com

When you visit the site, whether as a Longfellow Real Estate Partners customer or a non-registered user just browsing (any of these, a “Longfellow Real Estate Partners User”), our servers automatically record information that your browser sends whenever you visit a website (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, or the webpage you were visiting before you came to our site, pages of our site that you visited, the time spent on those pages, the information you search for on our site, access times and dates, and other statistics. We use this information to monitor and analyze the use of the site and the Service and for the site’s technical administration, to increase our site’s functionality and user-friendliness, and to better tailor it to our visitors’ needs. We also use this information to verify that visitors to the site meet the criteria required to process their requests.

If you have further questions, feedback or complaints regarding this policy please contact the Data Protection Officer at dpo@lfrep.comor in writing to :

DPO , Longfellow Real Estate Investment Management UK, Limited
10th Floor, 110 Cannon Street, London, EC4N 6EU