Privacy Policy

Rapleys LLP and its subsidiaries are committed to protecting and respecting your privacy.  This Privacy Policy explains how we collect, use, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and applicable data protection legislation.

Information we collect

The personal data we collect will usually be information that you provide directly to us. This may include:

  • name
  • postal address
  • telephone numbers
  • email address
  • information contained in correspondence you send to us, including emails, letters and other communications
  • documents you provide to us in connection with our services

We may also collect information about your use of our website, such as through cookies. Please refer to our Cookies Policy for further details.

In some circumstances we may obtain personal data from third parties, including publicly available sources such as Companies House or from other individuals or organisations where this is necessary for the provision of our services.

Rapleys LLP treats all personal data it holds securely and takes appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Credit reference and affordability checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

  • Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority. FCA Firm Reference Number: 742313
  • Transunion International UK Limited is authorised and regulated by the Financial Conduct Authority. FCA Reference Number: 805757

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.

Further information about how Creditsafe and TransUnion process personal data can be found in their respective privacy notices:

Creditsafe Transparency Notice:
https://www.creditsafe.com/gb/en/legal/transparency-notice.html

TransUnion Credit Reference Agency Information Notice (CRAIN):
https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference TransUnion Bureau Privacy Notice:
https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

Basis for processing and use of your data

Where you enquire about becoming, or where you become, a client of Rapleys LLP or its subsidiaries, the basis for our processing of your personal data will usually be:

  • Performance of a contract – to ender into and perform the contract between you and us
  • Legitimate interests – for the proper management and administration of our business
  • Legal obligations – where we are required to process personal data to comply with applicable law

Where you sign up to receive newsletters, marketing communications, or property marketing particulars, the basis for our processing of your personal data will be your consent, which you are free to withdraw at any time.

We may from time to time send you information about events we are holding or other matters that we believe may be of interest to you. In such cases, our basis for processing will be legitimate interests and/or your consent.

Provision of personal data

Is the provision of personal data statutory or contractual?

The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal or regulatory obligations.

Personal data may be required in order to:

  • enter into and perform contracts with customers, suppliers, or business partners
  • process orders, manage accounts and deliver goods or services
  • verify identity and prevent fraud
  • comply with applicable legal, regulatory, accounting, and tax obligations

Consequences of not providing personal data

If you choose not to provide personal data requested by us:

  • we may be unable to enter into a contract with you
  • we may be unable to fulfil orders, supply goods, or provide services
  • we may be unable to conduct necessary verification, compliance, or fraud-prevention checks

As a result, our services may be delayed, restricted, or declined.

Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory and you may withdraw your consent at any time without affecting your ability to receive our services.

Disclosure of information

During the course of providing services to you, we may engage other companies or service providers to perform functions on our behalf. These organisations will have access only to the personal information necessary to perform those services and are required to keep the information confidential and secure.

Unless required by law or regulatory obligation, we will not sell, share, or distribute personal information to third parties without your consent.

International Data Transfers

We may transfer personal data to service providers or recipients located outside the United Kingdom and/or the European Economic Area (EEA).

Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include:

  • the use of approved Standard Contractual Clauses
  • International Data Transfer Agreements
  • transfers to countries recognised as providing an adequate level of data protection.

Non-automated decision-making and profiling

We may use third‑party systems and tools to support certain business processes, such as identity verification, fraud prevention, or risk assessment. These tools may analyse personal data using predefined criteria to generate indicators or recommendations.  However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.

Data retention

We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting, or reporting requirements.

The retention period will depend on the nature of the data and the purpose for which it was obtained.

By registering with us via our contact forms, booking events, or instructing us in connection with services provided by Rapleys LLP and its subsidiaries, you consent to the collection, use and processing of your information as described in this Privacy Policy.

We record when and how consent was provided.

If at any time you wish to stop receiving marketing communications, you may opt out by:

  • clicking the unsubscribe link in marketing communications, or
  • contacting us at gdpr@rapleys.com, or
  • telephoning 0370 777 6292

Your rights

Under data protection law, you have the right to:

  • request access to the personal data we hold about you
  • request correction of inaccurate or incomplete data
  • request deletion of your personal data where appropriate
  • object to or restrict certain types of processing
  • withdraw consent where processing is based on consent

To exercise these rights or update your details, please contact us at: info@rapleys.com.

Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at info@rapleys.com.

You also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office. Further information can be found at: https://www.ico.org.uk/concerns