Privacy Policy

1. Privacy Policy Overview

PIPS & BRICKS LTD ("PIPS & BRICKS", "we", "us", or "our") is committed to protecting the privacy and security of personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website at https://pips-bricks.site/, engage with our residential and commercial property investment, acquisition, and leasing services, or otherwise interact with us.

This policy applies to visitors to our website, prospective and existing clients, partners, investors, suppliers, and job applicants whose data we process in connection with our corporate activities. It complements any service-specific terms, including our Cookie Policy and Terms and Conditions, and should be read alongside them.

We process personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU GDPR (where applicable), and the UK Data Protection Act 2018.

2. Information We Collect

We collect and process different types of personal information depending on how you interact with us and which services you use. This may include:

2.1 Information you provide directly

When you choose to contact us or work with us, you may provide:

Identification and contact details, such as your name, job title, company name, postal address, email address, and telephone number.
Professional and business information, such as your organisation, role, investment preferences, leasing requirements, or project details.
Account and communication details, including records of correspondence with us (for example, via our Contact Us page, email, telephone, or meetings).
Recruitment-related information, such as your CV, cover letter, employment history, qualifications, and references if you apply for a role via our Careers information (where available) or through a recruitment channel.
Compliance information required for due diligence, anti-money laundering (AML), and know-your-customer (KYC) checks, where relevant to a transaction.

2.2 Information collected automatically

When you visit our website, we may automatically collect certain technical and usage information, including:

Device and browser data, such as IP address, browser type and version, device identifiers, operating system, and settings.
Usage and interaction data, such as pages visited, links clicked, access times, referring pages, and the approximate location inferred from your IP address.
Cookie and tracking data, gathered through cookies and similar technologies for analytics, security, and performance purposes (see Section 9 and our Cookie Policy for details).

2.3 Information from third parties

We may receive personal data about you from trusted third parties, such as:

Professional advisers, intermediaries, or joint venture partners involved in a property, investment, or leasing transaction.
Publicly available sources, including Companies House, property registers, professional networking platforms, or official publications.
Service providers that assist us with background screening, credit assessments, or compliance checks, where lawful and appropriate.

3. How We Use Your Information

We use personal data to operate our business, provide our services, and maintain a secure and efficient online experience. In particular, we may use your information to:

Respond to enquiries submitted via our Contact Us page, email, or phone, and provide information about our residential and commercial property investment, acquisition, and leasing services.
Evaluate and progress potential investments, acquisitions, disposals, leases, and related property transactions.
Manage relationships with clients, partners, investors, suppliers, and other stakeholders, including contract administration and performance monitoring.
Provide you with information you request about our services, property listings, case studies, or market updates, where appropriate.
Administer and improve our website, including troubleshooting, data analysis, testing, research, and statistical purposes.
Enhance the security, integrity, and resilience of our systems, preventing and detecting fraud, misuse, or unauthorised access.
Review and assess job applications, manage recruitment processes, and maintain a talent pipeline where candidates consent to this.
Comply with legal, regulatory, and risk management obligations, including record-keeping and reporting requirements.

We do not use personal data for automated decision-making that produces legal or similarly significant effects about you without appropriate safeguards.

4. Legal Basis for Processing

Under the UK GDPR and applicable EU data protection laws, we must have a valid legal basis to process personal data. Depending on the context, our processing is based on one or more of the following grounds:

Performance of a contract: where processing is necessary to enter into or perform a contract with you or your organisation, such as engaging in property investment or leasing activities.
Legitimate interests: where processing is necessary for our legitimate business interests or those of a third party, and those interests are not overridden by your rights and freedoms. These interests may include operating and developing our business, managing corporate transactions, improving our website, maintaining network security, and communicating with professional contacts.
Legal obligation: where we must process personal data to comply with legal or regulatory requirements, including anti-money laundering checks, tax rules, and statutory reporting obligations.
Consent: where you have given clear consent for us to process your personal data for a specific purpose, for example, receiving certain marketing communications or retaining your CV for future roles. You may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

Where we rely on legitimate interests, we balance those interests against your privacy rights and implement safeguards to protect your information.

We treat personal data confidentially and only share it with parties who need to access it for legitimate business or legal reasons. We may disclose personal information to:

Service providers and professional advisers who perform functions on our behalf, such as IT and hosting providers, cloud and data storage services, analytics tools, legal advisers, accountants, surveyors, valuers, managing agents, and other property professionals.
Transaction counterparties and partners involved in specific investments, acquisitions, disposals, leasing arrangements, or joint ventures, where necessary to negotiate or fulfil a transaction.
Regulators, authorities, and law enforcement where required by law, regulation, court order, or to protect our rights, property, or the safety of others.
Corporate reorganisation parties in connection with any merger, sale, restructuring, financing, or acquisition of all or part of our business, where appropriate safeguards are in place.

When we engage third-party service providers, we require them to use personal data only as necessary to provide the contracted services and to protect it in accordance with applicable data protection laws and our instructions.

We do not sell personal information to third parties.

6. Data Security Measures

We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures are designed to reflect the nature of the data, the scope of processing, and the risks involved.

Our safeguards may include:

Secure infrastructure and hosting arrangements, utilising reputable providers with robust security controls.
Access controls and role-based permissions to ensure personal data is only accessible to individuals with a legitimate business need.
Encryption and secure protocols to protect data in transit where appropriate.
Logical and physical security practices to reduce the risk of unauthorised access, interference, or data loss.
Internal policies, procedures, and awareness measures designed to promote responsible handling of personal data.

While we aim to protect all personal information we hold, no system can be guaranteed to be completely secure. If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will take steps to investigate and, where required, notify you and the relevant supervisory authorities.

7. Data Retention

We keep personal data only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting, or reporting obligations.

In determining appropriate retention periods, we consider factors such as:

The type of personal data and the purposes for which it is processed.
The nature and duration of our relationship with you or your organisation.
Applicable legal, regulatory, and professional requirements, including limitation periods for claims.
The likelihood of disputes, audits, or investigations that may require relevant records.

Once personal data is no longer required, we will securely delete, anonymise, or archive it in accordance with our retention policies and applicable laws.

8. User Rights

Subject to certain conditions and exemptions under data protection law, individuals whose personal data we process have a range of rights, which may include:

Right of access: to request confirmation of whether we process your personal data and, if so, to receive a copy along with certain information about how it is used.
Right to rectification: to request correction of inaccurate or incomplete personal data.
Right to erasure: to request deletion of personal data in specific circumstances, for example, where it is no longer needed for the purpose for which it was collected or where you withdraw consent and no other legal basis applies.
Right to restriction: to request that we limit the processing of your data in certain situations, such as while we are investigating a concern you raise.
Right to object: to object to processing based on our legitimate interests, on grounds relating to your particular situation. We will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where needed for legal claims.
Right to data portability: where applicable, to receive certain personal data in a structured, commonly used, machine-readable format and to request that we transmit it to another controller.
Right to withdraw consent: where we rely on your consent, to withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Right to lodge a complaint: to raise concerns with a supervisory authority if you believe your data protection rights have been infringed. In the UK, this is the Information Commissioner’s Office (ICO).

To exercise any of these rights, please contact us using the details in Section 11. We may need to verify your identity before responding to your request.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to support essential functionality, improve performance, enhance security, and help us understand how visitors use our site. Cookies are small text files placed on your device when you visit our website.

Depending on your settings and local law, we may use:

Strictly necessary cookies to enable core functions such as page navigation, access to secure areas, and submission of forms (for example, via our Contact Us page).
Performance and analytics cookies to collect aggregated information about how visitors use the site, helping us refine content, navigation, and user experience.
Security-related technologies to detect and prevent fraudulent or malicious activity.

You can manage or disable cookies through your browser settings and, where implemented, through on-site cookie controls. However, blocking some types of cookies may affect the functionality and performance of the website.

For more detailed information about the cookies we use, their purpose, and how long they remain on your device, please refer to our dedicated Cookie Policy.

10. International Data Transfers

PIPS & BRICKS LTD is based in the United Kingdom. However, some of our service providers or counterparties may be located outside the UK or the European Economic Area (EEA), or may use infrastructure in other jurisdictions.

Where personal data is transferred outside the UK or EEA, we take steps to ensure that it is afforded an equivalent level of protection, including, where appropriate:

Transferring data to countries that have been formally recognised as providing an adequate level of data protection.
Entering into contracts that incorporate standard data protection clauses approved by the UK or EU authorities.
Implementing additional organisational and technical safeguards to protect the data during and after transfer.

You may contact us for further information about the safeguards we apply to international data transfers that affect you.

11. Contact and Updates

11.1 How to contact us

If you have any questions about this Privacy Policy, our data protection practices, or if you wish to exercise your data subject rights, please contact us using the details provided on our Contact Us page.

When contacting us about your personal data, please provide sufficient information for us to identify you and understand your request. We may need to ask for additional details or proof of identity to ensure we are responding securely and appropriately.

11.2 Right to complain

If you are based in the UK and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Further details are available on the ICO website at www.ico.org.uk.

11.3 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the way we operate our website and services. Any updates will be posted on this page with an updated "Effective date" at the top.

We encourage you to review this page periodically to stay informed about how we protect your personal data. Where appropriate, we may also notify you of significant changes through other channels.