1. Introduction
This Privacy Policy explains how Mapgro Limited ("Mapgro", "we", "us" or "our") collects, uses, stores, shares and protects personal data about you when you visit our website, contact us, or engage with our services. We are committed to protecting your privacy and handling your personal data in a transparent and lawful manner.
This notice is issued in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 ("PECR").
2. Who we are
Mapgro Limited is the "controller" of your personal data for the purposes of UK data protection law.
Registered in England & Wales — Company Number 11881462
Registered office: The Station House, 15 Station Road, St Ives, Cambridgeshire PE27 5BH
Email: info@mapgro.com · Phone: 0800 999 1190
3. What personal data we collect
We may collect and process the following categories of personal data:
- Identity and contact data: your name, job title, employer, email address, postal address, and telephone number.
- Correspondence data: the contents of enquiries, emails, letters, and call records relating to our services.
- Transaction and due diligence data: where you are an investor, counterparty, supplier, agent, landowner or their representative, we may collect information needed to satisfy our legal, regulatory and contractual obligations (including identification documents, source of funds information, and beneficial ownership information for anti-money-laundering ("AML") checks).
- Technical data: your IP address, browser type and version, device information, time zone setting, and information about how you arrived at and interacted with our website.
- Marketing preferences: your choices about receiving marketing communications from us.
We do not knowingly collect special category personal data (such as health or biometric data) through this website, and we do not direct our services at children under the age of 13.
4. How we collect your personal data
We collect personal data:
- Directly from you when you contact us by email, telephone, or through our website;
- From third parties such as commercial agents, professional advisers, Companies House, credit reference and identity verification providers, and publicly available sources; and
- Automatically through cookies and similar technologies when you use our website (see the Cookies section below).
5. Why we use your personal data and our lawful basis
Under UK GDPR we must have a lawful basis to process your personal data. The bases we rely on are:
- Contract: to take steps at your request before entering a contract and to perform a contract with you or the organisation you represent.
- Legitimate interests: to run, promote and improve our business, to respond to enquiries, to maintain business records, to pursue transactions, and to keep our website and systems secure. We have balanced these interests against your rights and freedoms.
- Legal obligation: to comply with laws that apply to us, including anti-money-laundering, know-your-customer, tax, accounting, and companies legislation.
- Consent: where we send you marketing communications by electronic means to which consent applies, and for non-essential cookies. You can withdraw consent at any time.
6. Who we share your personal data with
We may share your personal data with:
- Our group companies, including Westminster Homes, where necessary to deliver our services;
- Professional advisers (legal, accountancy, audit, tax, surveyors, planning and compliance consultants);
- Banks, payment providers, and identity/AML verification providers;
- IT, hosting, email, analytics and CRM service providers operating under written data processing terms;
- Regulators and law-enforcement bodies where we are required or permitted by law to do so (including HM Revenue & Customs, the Information Commissioner's Office, and the National Crime Agency); and
- Prospective purchasers, sellers, investors or lenders in connection with any sale, merger, restructuring or financing of our business.
We never sell your personal data.
7. International transfers
We prefer to keep personal data within the United Kingdom or the European Economic Area. Where we use service providers based elsewhere, we rely on appropriate safeguards recognised under UK GDPR — such as UK adequacy regulations, the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses — to protect your data. You can ask us for further information about these safeguards.
8. How long we keep your personal data
We only keep personal data for as long as is necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax or reporting requirements. Typical retention periods include:
- General enquiries and marketing records: up to 24 months from your last interaction with us;
- Contract, transaction, and investor records: for the duration of the relationship and for at least 6 years after it ends, in line with the Limitation Act 1980;
- AML and KYC records: for 5 years after the end of the business relationship, in line with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
9. Your rights
Under UK GDPR, you have the right to:
- Be informed about how we use your personal data (this policy);
- Access a copy of the personal data we hold about you;
- Request correction of inaccurate or incomplete personal data;
- Request erasure of your personal data in certain circumstances;
- Request restriction of processing in certain circumstances;
- Object to processing we carry out on the basis of legitimate interests, and to direct marketing at any time;
- Request portability of personal data you have provided to us where processing is by automated means and based on consent or contract; and
- Withdraw consent at any time where we rely on consent to process your personal data.
To exercise any of these rights, please contact us using the details in section 12. We will respond within one calendar month. There is no fee, although a reasonable fee may be charged, or the request refused, if it is manifestly unfounded or excessive.
10. Cookies and similar technologies
Our website uses only cookies and similar technologies that are strictly necessary for the site to function (for example, to remember your cookie preferences or maintain security). These do not require your consent under PECR.
Where we embed third-party content (such as the Westminster Homes preview), those third parties may set their own cookies on their own pages. Please refer to their privacy policies for details.
If in future we introduce non-essential cookies (such as analytics or advertising cookies), we will first ask for your consent via a cookie banner and provide granular controls.
You can manage or delete cookies in your browser settings at any time. Further guidance is available at ico.org.uk.
11. Security
We use appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration or disclosure. Only authorised personnel and trusted service providers have access to personal data, and they do so on a need-to-know basis under duties of confidentiality.
12. How to contact us or complain
If you have any questions about this policy, wish to exercise your rights, or would like to make a data-protection complaint, please contact us:
Email: info@mapgro.com
Phone: 0800 999 1190
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office ("ICO"), the UK's data-protection regulator:
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would, however, appreciate the chance to address your concerns before you approach the ICO.
13. Changes to this policy
We review this policy regularly. Where we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you directly.