For the purposes of the Data Protection Act 1998 and the European General Data Protection Regulation (“GDPR”) that comes into force on 25 May 2018, the data processor is Keystone Property Reports Limited (KPR) (Company Number 08291172) whose registered office is at 4 King Square, Bridgwater, Somerset, TA6 3YF. Keystone Property Reports Ltd are registered with the Information Commissioner’s Office, registration number: ZA150197.

We are dedicated to GDPR compliance. Protecting your privacy online is an evolving area, and the Site is constantly modifying to meet these demands. If you have any comments or questions regarding our Privacy Notice, please do contact us at Whilst we cannot guarantee privacy perfection, we will address any matter to the best of our abilities, as soon as possible. This privacy notice was last updated on 08/05/2018.

You have the right to lodge a complaint with the Information Commissioner’s Office in the UK on the basis that this is where KPR is established.
KPR reserves the right to change this Privacy Notice at any time and in the event of change, we intend to take every reasonable step to ensure that these changes are brought to your attention by posting all changes prominently on the Site for a reasonable period. If, in the event, we sell our business, customer information may be one of the transferred business assets. Should this happen, your information will still remain subject to this policy.
KPR staff members have regular training reviews, and as a company, KPR operates with stringent training operating procedures, some being:

• To ensure they understand their responsibilities when processing data.
• To NOT store data on paper.
• To lock their computer screen when it is not in use.
• To NOT discuss or share sensitive data informally.
• To NOT send personal sensitive information via email.

What is this Privacy Policy for?
This privacy policy is for this website and served by Keystone Property Reports and governs the privacy of its users who choose to use it. The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.

Your privacy rights explained
Under the new EU framework, one of the biggest changes to UK data law for 20 years is changing the way companies use data and will come into force on 25th May 2018.

This is good news, as it is a positive step towards having more control over how you’re contacted. The changes will also help to protect your personal data and how your data is used.

What is GDPR?
The General Data Protection Regulation (GDPR) legislation means that by law, all organisations must review how they manage all personal data, such as customer addresses and staff details, to meet GDPR requirements and to ensure all organisations are set up to protect any personal data they hold to allow them to act appropriately if something should go wrong. It gives you easier access to the personal information organisations hold about you, should you wish to check or change it. It is designed to give you confidence that this information is accurate, up to date and well managed.

The GDPR provides the following rights for individuals:
• The right to be informed
• The right of access
• The right to rectify
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

GDPR stands for General Data Protection Regulation. GDPR applies to all organisations processing data from EU residents. It replaces the Data Protection Act of 1998.

Core Principles
At its core, it means Personal Data shall be:

• Processed lawfully, fairly and in a transparent manner to individuals;
• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• Adequate, relevant and limited to what is necessary in relation the purposes for which they are processed;
• Accurate and, where necessary, kept up to date;
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is intended;
• Processed in a manner that ensures appropriate security, including protection against unauthorised processing and loss, destruction or damage.

Data controllers and Data processors
“Under the Act, it is the data controller that must exercise control over the processing and carry data protection responsibility for it. They determine the purpose for which data is processed. The data processor processes data on behalf of the data controller”.

Therefore, in terms of the relationship we have with our Users and the personal data we handle for them, it is the User who is the Data Controller, and it is KPR who is the Data Processor, on behalf of the User, and our GDPR policies and operating procedures reflect that KPR GDPR policy reflects in Terms & Conditions

As part of GDPR, we have taken the opportunity to publish updated Terms and conditions for KPR and enforce all users to acknowledge them before using the software.

What Personal information we collect
We require customers who register to use the services (“Services”) offered on our Site to give us contact information, such as their name, company name, address, phone number, and e-mail address, and (in the case of paying customers) billing information, such as billing name and address, and the number of users within the organisation that will be using the Services. Customers of the Services may use the Site to host data and information that includes Personal Information (“Data”).

We may collect certain information about how you use the Services. This may include your IP address, geographical location, browser type, referral source and similar information. This information may be collected by a third-party website analytics service provider on our behalf and may be collected using cookies.

When a report is created through the Services, photos of the property and other information will be requested. It is important that the photos submitted do not include images of people.

Data accuracy
KPR will store personal data in as few places as necessary. Staff members are trained not to create unnecessary additional data sets. Staff members are trained to take every opportunity to ensure data is updated. For example, by confirming a customer’s details when they call.

KPR provides functionality on its site for customers to update the information it holds about them. Inaccuracies should be updated as soon as they are discovered.

Where is data processed and how it is stored
The Services are cloud based. Our data processing operations take place in the UK. Personal data for users within the European Economic Area will not be transferred to a country or territory outside the European Economic Area.

User sensitive data is encrypted. All data is encrypted during transit.

The Website and cookies
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies with all UK national laws and requirements for user privacy.

Please also view our Cookie Policy and Website Terms and Conditions that can be found on our website.

How we use the Personal Information we collect
KPR uses the information that we collect to set up the Services and for ongoing utilisation by individuals and organisations, for example, customers are asked to provide an email address when registering for the Services to receive a username and/or password.

KPR shall process Personal Information in accordance with the customer’s instructions and shall not process Personal Information for any other purpose than that stated, as explicitly set out in this Privacy Notice.

Any photos that are uploaded by you remain your intellectual property. By uploading any photos for KPR to provide the Service you require, you give us the right (an irrevocable worldwide royalty free licence) to host, store, modify, reproduce, communicate, publish and distribute those photos, only to the extent permitted by this Privacy Notice. By uploading any photo, you confirm that you have the right to send that photo to us and for us to use it in the ways outlined in this Privacy Notice. We have the right to limit the size and nature of any photos that are uploaded through the Service.
All information, other than photos that you submit, will become our intellectual property, but can only be used to the extent permitted by this Privacy Notice.
KPR may also use the information to contact customers to further discuss customer interest in our company, the Services that we provide and any updates to it, and to send information regarding our company or partners, such as promotions and events. Customers may be invited to receive an email newsletter by providing an email address.
Personal Information is processed to protect a landlord’s legitimate interest in maintaining its property or properties that are managed using the Services.

Security and data retention
KPR will retain personal data for no longer than is necessary, for the purposes for which it is processed, as set out above. This means that KPR will delete or anonymize data within 60 days, following the expiry of any agreement with a customer to use the Services. During the term of any agreement with a customer to use the Services KPR will retain personal data for the duration of the applicable limitation period, such period to commence on the last date on which the data was processed.

Wherever your Personal Information may be held within KPR or on its behalf, we shall take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Information and against the accidental loss or destruction of, or damage to, Personal Information.

Children’s Privacy
For paying customers, KPR is a business to business website and thus is not structured to meet the needs of children. For non-paying customers KPR is intended to be used either in the context of a business to business website, or by owners or occupiers of properties who are over 18 years of age. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 18 years of age.

Contact & Communication
Users contacting this website and/or it’s owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely, until a time it is no longer required, or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process, but advise users using such form to email processes, that they do so at their own risk.

This website and its owners use any information submitted to provide you with further information about the products / services they offer, or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates, but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or, whereby you, the consumer, have previously purchased from, or enquired about purchasing from the company, a product, or service that the email newsletter relates to. This is by no means an entire list of your user rights regarding receiving email marketing material. Your details are not passed on to any third parties.

Email Newsletter
This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process, should they wish to do so, but do this at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.

Subscriptions are taken in compliance with UK Spam Laws, detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties, nor shared with companies / people outside of the company that operates this website. Under the Data Protection Act 1998, you may request a copy of personal information held about you by this website’s email newsletter program. If you would like a copy of the information held on you, please write to the business address at the bottom of this policy.

Email marketing campaigns published by this website, or its owners, may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include: the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is, by no means, a comprehensive list].

This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated unsubscribe system is unavailable, clear instructions on how to unsubscribe will be detailed instead.

External Links
Although this website only looks to include quality, safe and relevant external links, users should always adopt a policy of caution before clicking any external web links mentioned throughout this website.

The owners of this website cannot guarantee or verify the contents of any externally linked website, despite their best efforts. Users should therefore note that they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on, are custom to the terms and conditions, as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution regarding their own privacy and personal details. This website, nor its owners, will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels, such as telephone or email.

This website may use social sharing buttons, which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save their request to share a web page respectively through their social media platform account.

Shortened Links in Social Media
This website and its owners, through their social media platform accounts, may share web links to relevant web pages. By default, some social media platforms shorten lengthy URL’s [web addresses] (this is an example:

Users are advised to take caution and good judgement before clicking any shortened URL’s published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine URL’s are published, many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.

Third Party Information
KPR will not, without the prior consent of the User, share, distribute, print, or reference any Personal Information or Data, unless it has been agreed by both parties.

Our third-party suppliers have all complied with GDPR data protection from our internal risk assessments and you can find the below details of each one.

• Mailchimp Privacy Policy – This is a marketing service provider. It is only used to send information to personal users that have opted into receive our marketing. Details of their GDPR policy can be found at or please refer to our website for further opt in / out information.
• Fasthosts Privacy Policy – This is our server and hosting provider, they are based in the UK and their policy states at no stage is data leaving the UK.
• Fixflo Privacy Policy – Fixflo are connected to KPR through an API link, this process is simply passing maintenance data through the feed, the only personal data that leaves our system is the tenants name.
• Maxus It – This is the company that manages our hosting of emails.

Further Information
If you have any questions or require any further information connected to KPR GDPR data protection policy or Privacy, please email our data controller . Details of the company’s registered office are available on the top of this agreement. KPR takes every effort to ensure that the information published on the Site is accurate. However, KPR cannot accept any liability for the accuracy or content. Visitors who rely on this information do so at their own risk. General information about data protection may be found at

KPR logo white
KPR logo