top of page

Privacy & Data Protection Policy

Charles J Harrison Inventory Specialists
Effective Date: 25 February 2026
Last Updated: 25 February 2026

1. Introduction

Charles J Harrison Inventory Specialists (“we”, “us”, “our”) is committed to safeguarding the privacy and personal data of our clients, tenants, landlords, letting agents and website users. We operate in full compliance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • Guidance issued by the Information Commissioner’s Office

This Privacy & Data Protection Policy explains how we collect, use, store and protect personal data in the course of delivering professional property inventory and inspection services throughout the United Kingdom.

2. Company Details

Business Name: Charles J Harrison Inventory Specialists
Website: www.charlesjharrison.co.uk
Email: info@charlesjharrison.co.uk
Telephone: 01223 979 001

Head Office:
Broadway House, 149 – 151 St Neots Road, Hardwick, Cambridge, CB23 7QJ

For the purposes of UK GDPR:

  • We act as a Data Controller when handling data directly from clients and website users.
  • We act as a Data Processor when providing inventory services on behalf of letting agents and landlords.

3. Personal Data We Collect

We collect only the information necessary and proportionate to provide professional property inventory and inspection services.

3.1 Identity & Contact Information
  • Full names
  • Email addresses
  • Telephone numbers
  • Property addresses
  • Business contact details
3.2 Tenancy & Property Information
  • Tenancy start and end dates
  • Occupier names
  • Key management information
  • Meter readings
  • Property condition records
3.3 Photographic & Digital Evidence
  • Property condition photographs
  • Images of fixtures, fittings, appliances and contents
  • Images that may incidentally capture personal possessions

We do not intentionally collect special category data (including health data, ethnicity, religious beliefs or biometric data).

3.4 Subcontractor & Contractor Compliance Data

Where individuals apply to act as subcontractors or contractors for Charles J Harrison Inventory Specialists, we may collect and process additional personal data for compliance and verification purposes. This may include:
• Full legal name
• Contact details
• Unique Taxpayer Reference (UTR)
• Proof of identity (passport or driving licence)
• Public liability insurance certificates
• Signed subcontractor agreements
• Digital signature confirmations
• Compliance and insurance renewal records

This data is collected solely for:
• Identity verification
• Confirmation of self-employed status
• Insurance compliance
• Contract administration
• Legal record-keeping
• Protection of business and client interests

Lawful basis for processing:
Processing is necessary for the performance of a contract and for compliance with legal obligations. In certain cases, processing is based on legitimate interests in maintaining professional standards and safeguarding clients.

Data retention:
Subcontractor compliance records, including identification and insurance documentation, are retained for the duration of the working relationship and for up to seven (7) years thereafter in line with legal limitation and audit requirements.

Security:
All subcontractor data is stored securely within encrypted systems and access is restricted to authorised personnel only.

4. How We Collect Personal Data

Personal data may be collected through:

  • Direct instruction from landlords or letting agents
  • Communication with tenants during inspections
  • Website enquiry forms
  • Email and telephone correspondence
  • Secure digital reporting platforms

5. Lawful Basis for Processing

We rely on Contractual Necessity (fulfilling agreements), Legitimate Interests (producing independent reports, protecting legal interests), and Legal Obligations (compliance with statutory or tax requirements).

  • Produce accurate and independent property reports
  • Protect clients’ legal and financial interests
  • Defend tenancy deposit or property condition disputes
  • Maintain appropriate business records

Legal Obligation: Where required to comply with statutory, regulatory or tax obligations.

6. Use of Personal Data

Personal data is processed strictly for preparing property reports, documenting condition, recording meter readings, communicating with stakeholders, and maintaining compliance records. We do not sell or trade personal data.

  • Preparing inventory, check-in, check-out and inspection reports
  • Documenting property condition
  • Recording meter readings and key handovers
  • Communicating with landlords, agents and tenants
  • Supporting tenancy dispute resolution processes
  • Maintaining secure accounting and compliance records

We do not sell, rent or trade personal data.

7. Data Sharing

Where necessary, we share relevant data with letting agents, landlords, tenants, deposit schemes, legal representatives, and approved cloud service providers.

  • Letting agents
  • Landlords
  • Tenants
  • Tenancy deposit protection schemes
  • Legal representatives or dispute adjudicators
  • Approved IT and cloud service providers

All third parties are required to process data securely and in accordance with UK data protection legislation.

8. International Transfers

Where data is stored outside the UK, appropriate safeguards are implemented, including IDTAs and Standard Contractual Clauses.

  • UK-approved International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses
  • Adequacy decisions where applicable

9. Data Retention

Inventory reports and associated documentation are retained for up to seven years based on legal limitation periods and tax requirements.

  • Legal limitation periods
  • Tax and accounting requirements
  • The need to defend potential claims

Data is securely deleted or anonymised when no longer required.

10. Data Security

We implement technical measures including encryption, password protection, and role-based access to safeguard personal data.

  • Encrypted cloud-based storage
  • Password-protected access controls
  • Two-factor authentication
  • Regular security monitoring

We take reasonable steps to prevent unauthorised access, alteration, disclosure or destruction of personal data.

11. Individual Rights

Under UK GDPR, individuals have the right to access, correct, erase, restrict, or object to the processing of their personal data.

  • Access their personal data
  • Request correction of inaccurate data
  • Request erasure (where applicable)
  • Object to processing

Requests should be submitted to info@charlesjharrison.co.uk. For complaints, you may contact the Information Commissioner’s Office.

12. Website Data & Cookies

Our website may collect limited technical data (IP, browser, device) for analytics and security purposes only.

  • IP address
  • Browser and device type
  • Pages visited
  • Date and time of visit

This information is used solely for analytics, website functionality and security purposes.

13. Data Breach Procedure

In the event of a breach, we will assess and contain the issue, mitigate risks, notify affected individuals, and report to the ICO where necessary.

  • Assess and contain the issue
  • Notify affected individuals
  • Report to the ICO within 72 hours

14. Amendments

We reserve the right to update this policy periodically. The most current version will always be available on our website.

bottom of page