Privacy Policy

1. Who we are

This Privacy Policy explains how Lamala Group Ltd (“Lamala Group”, “we”, “us”, “our”) handles personal data collected through our website, enquiry forms and related correspondence.

For the purposes of UK GDPR and the Data Protection Act 2018, Lamala Group Ltd is the data controller for the personal data we process about enquirers, sellers and website visitors.

Company details (to be finalised on incorporation): Lamala Group Ltd, registered in England & Wales. Our registered office and company number will be published here once registration completes. Until then you can reach us at privacy@lamala.co.uk.

2. What we collect

We only ask for information we actually need to give you a cash offer and help you sell your property.

Information you give us

Identity & contact data: first name, last name, email address, phone number (if provided).
Property data: postcode, full address (once you choose to share it), property type, condition, tenure, and anything else you tell us about the property.
Situation data: the reason you are selling (e.g. probate, repossession, relocation) and any background you choose to share so we can help.
Correspondence: the content of emails, form submissions, messages or voicemails you send us.

Information collected automatically

Technical data: IP address, browser type, device type, operating system and approximate location (country / region).
Usage data: pages visited, time on page, referring page and other anonymous analytics data.

We do not collect special category data (such as health, biometric or religious information) as part of our normal process. If you choose to share sensitive information in correspondence we will handle it with extra care and only use it for the purpose you shared it.

3. How we use your data

We use the information you give us to:

Assess your property and prepare an indicative cash offer;
Reply to your enquiry and arrange viewings, valuations or surveys;
Instruct solicitors and conveyancers if you choose to proceed with a sale;
Discharge our legal and regulatory obligations (anti-money-laundering checks, identity verification, record-keeping);
Improve our website, services and written communications;
Respond to complaints, queries and requests for information.

We do not sell your personal data to anyone, ever. We do not pass your details to third-party marketing lists, “we-buy-any-house” introducer networks or lead generation services.

4. Our lawful basis

Under UK GDPR we must have a legal basis to process your data. We rely on the following:

Purpose	Lawful basis
Responding to your enquiry / preparing an offer	Taking steps at your request prior to entering a contract (Article 6(1)(b))
Completing a sale	Performance of a contract (Article 6(1)(b))
Anti-money-laundering checks	Compliance with legal obligation (Article 6(1)(c))
Website analytics & service improvements	Legitimate interests (Article 6(1)(f))
Keeping records after completion	Legal obligation + legitimate interests

5. Who we share it with

We only share your data with parties we trust to do a specific job, and only to the extent needed:

Solicitors & conveyancers instructed in connection with your sale;
RICS surveyors engaged to value your property;
Identity verification providers for AML checks required by law;
Email and hosting providers that run our systems under strict data-processing agreements;
HMRC, courts or regulators where we are legally required to disclose information.

We do not transfer your data overseas except where a supplier we use is based outside the UK / EEA (for example some email services). Where that happens we rely on the UK International Data Transfer Agreement or equivalent safeguards.

6. How long we keep it

Data type	Retention period
Enquiries that don’t proceed to an offer	12 months from last contact
Enquiries where a written offer was made	3 years from offer date
Completed transactions	6 years from completion (HMRC, tax, AML requirements)
Anti-money-laundering records	5 years from end of business relationship
Website analytics (anonymised)	26 months

You can ask us to delete your data earlier — see Your rights below. We will always honour the request unless we are legally required to keep certain records.

7. Your rights

Under UK GDPR you have the following rights in relation to your personal data:

Right of access: you can ask for a copy of the data we hold about you.
Right to rectification: you can ask us to correct inaccurate or incomplete data.
Right to erasure: you can ask us to delete your data (subject to legal retention requirements).
Right to restrict processing: you can ask us to limit how we use your data while a dispute is resolved.
Right to data portability: you can ask for your data in a structured, commonly used format.
Right to object: you can object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent: where we rely on consent, you can withdraw it at any time.
Right to complain: you can complain to the Information Commissioner’s Office (ICO) if you think we have mishandled your data.

To exercise any of these rights, email privacy@lamala.co.uk and we will respond within one calendar month. You do not need to give a reason, and using these rights is free of charge.

You can also complain directly to the UK regulator at ico.org.uk/make-a-complaint or by calling the ICO helpline on 0303 123 1113.

8. Security

We take the security of your data seriously. We use reasonable technical and organisational measures to protect the information you share with us, including:

HTTPS/TLS encryption for all data sent to or from this website;
Encrypted storage for customer data held at rest;
Role-based access controls so only people who need to see your data can see it;
Written data-processing agreements with every supplier that handles personal data;
Regular review of our systems, suppliers and policies.

No method of transmission over the internet is 100% secure. If we ever become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform you directly.

9. International transfers

Our servers and core suppliers are based in the UK or European Economic Area (EEA). Some software and email providers we rely on may transfer data outside the UK / EEA. Where that happens we ensure an adequate level of protection through:

UK Adequacy Regulations (for EEA transfers);
The UK International Data Transfer Agreement (IDTA) or Addendum to the EU Standard Contractual Clauses;
Providers certified under recognised international privacy frameworks.

10. Children

Our services are not directed at children and we do not knowingly collect data from anyone under 18. If you believe a child has provided us with personal data please contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our service, our suppliers, or applicable law. The “Last updated” date at the top of the page will always show the current version. Where changes are significant we will bring them to your attention, for example by email or by a prominent notice on the website.

12. How to contact us

Lamala Group Ltd — Data Protection enquiries

Email: privacy@lamala.co.uk

General: hello@lamala.co.uk

Post: Registered office to be published on incorporation

Regulator: Information Commissioner’s Office (ico.org.uk)

If something isn’t clear or you want to discuss how we handle your information before you contact us, please email first and we will be happy to explain.

Contents