Atelier Property Jersey – Privacy & Confidentiality (Last updated: 14/12/25)

 

Privacy & Confidentiality

Atelier Property Jersey is committed to discretion, integrity and the protection of our clients’ personal information.

We collect and process personal data only where necessary to deliver our estate agency services, including property sales, valuations and regulatory compliance. All personal information is handled lawfully, fairly and transparently in accordance with the Data Protection (Jersey) Law 2018.

Client data is stored securely, access is restricted, and information is shared only with trusted professional partners where required to complete a transaction or meet legal obligations.

We do not sell personal data and do not use it for unsolicited marketing.

Clients have full rights over their personal information, including access, correction and the right to withdraw consent for marketing communications at any time.

 

1. Who we are

Atelier Property (referred to as “we”, “us”, or “our”) is an independent estate agency registered in Jersey. We are the data controller responsible for processing personal data collected through our website, by phone, by email, or in person. If you have questions about this policy or about how we handle your personal data, contact kate@atelierproperty.je

 

2. The law that applies to your data

We process personal data in line with the Data Protection (Jersey) Law 2018 (the DPJL) and the guidance of the Jersey Office of the Information Commissioner. The DPJL sets out the rights of individuals and the obligations on organisations that process personal data.

 

3. What personal data we collect

Depending on the service, we may collect:

  • Identity & contact information: name, postal address, email, telephone numbers.
  • Transactional data: property details, sale/letting history, offer details, payment records.
  • Financial and identification documents where required for anti-money-laundering checks (copies of ID, proof of address).
  • Marketing preferences and communications.
  • Technical data from website visits (IP address, device/browser, cookies — see Cookies section).
    We only collect what is necessary for the purpose stated at the time of collection (data minimisation).

 

4. How we use your data (purposes & lawful basis)

We rely on one or more lawful bases under the DPJL to process personal data, commonly:

  • Contract — processing necessary to perform a contract (e.g., sale or tenancy).
  • Consent — where you have given clear consent (e.g., to receive marketing).
  • Legal obligation — to comply with laws (e.g., AML checks, tax reporting).
  • Legitimate interests — where our business needs are balanced against your rights (e.g., matching properties to buyer requirements), unless those interests are overridden by your rights.

    We will always tell you which lawful basis applies when we collect your data.

 

5. Your rights

Under the DPJL you have rights including:

  • Right of access to your personal data.
  • Right to request rectification (correction).
  • Right to erasure (subject to legal/contractual retention obligations).
  • Right to restriction of processing and to object to processing (including direct marketing).
  • Right to data portability where applicable.
  • Right to lodge a complaint with the Jersey Office of the Information Commissioner.

    To exercise any of these rights contact [DPO email]. We will respond within the statutory timescale unless a lawful exemption applies.

 

6. How long we keep personal data (retention)

We retain data only as long as necessary for the purpose collected and to meet legal or regulatory obligations. Typical retention examples:

  • Marketing consent records: until consent is withdrawn.
  • Client files and transaction records: a minimum of 7 years after completion of the transaction (to satisfy tax, contractual and professional requirements).
  • AML identification documents: retained for 7 years after the end of the business relationship (per AML guidance).

 

7. How we secure your personal data

We use appropriate technical and organisational measures to protect data, including:

  • Access controls and role-based permissions for staff.
  • Encryption of data in transit and, where appropriate, at rest.
  • Regular backups and patch management.
  • Staff training and contractual safeguards for processors.

    Encryption and other technical security measures are effective safeguards recognised by regulators and should be implemented where feasible.

 

8. Third-party processors and sharing

We may share data with third-party processors who provide services (CRM platforms, email providers, cloud hosting, payment processors, conveyancing/legal partners). We only use suppliers who provide appropriate data-protection assurances (data processing agreements) and where we have verified necessary safeguards. Where required by law or to comply with legitimate requests from authorities we may disclose information to regulators, law enforcement or courts.

If you instruct us to market properties and we do so via portals or third-party listing services, the information you provide will also be shared with those platforms to the extent necessary.

 

9. International transfers

Where personal data is transferred outside Jersey (or the EEA), we will ensure adequate safeguards are in place (e.g., standard contractual clauses, or transfers to countries with an adequate level of protection) unless a permitted derogation applies.

 

10. Cookies and online tracking

Our website uses cookies and similar technologies for essential functions, analytics and marketing. You can manage cookie preferences via the cookie banner or your browser settings. For more detail see our separate Cookie Notice [link to cookie page].

 

11. Children

We do not knowingly collect personal data from persons under 18 for marketing. If you believe we have collected personal data of a minor without appropriate consent, please contact us to request deletion.

 

12. Data breaches

We have a breach-response plan. If we become aware of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms, we will notify the Jersey Office of the Information Commissioner and affected individuals where required by law or guidance.

 

13. Registration & accountability

Under Jersey law controllers and processors must register with the Data Protection Authority where required and adopt a risk-based approach to compliance. We maintain records of processing activities and will be ready to demonstrate compliance.

 

14. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will show when changes were made.

 

15. Contact & complaints

Email: kate@atelierproperty.je
Postal address: The Barn, La Rue de la Hague, St Peter, Jersey, JE3 7DB

 

If you are unhappy with our handling of your personal data you can complain to us first. You also have the right to lodge a complaint with the Jersey Office of the Information Commissioner. Please see their website for contact details and guidance.