top of page

Privacy Policy

Last updated: 18 December 2025

This Privacy Policy explains how KRM Property Investments Ltd (“we”, “us”, “our”) collects, uses and protects your personal data when you interact with us, use our website, or work with us as an investor, property owner or agent.

We handle personal data lawfully, fairly and transparently, in line with UK data protection law (UK GDPR and the Data Protection Act 2018).

1. Who we are (data controller)

KRM Property Investments Ltd
Company number: 15833299
Registered office: 42 Lytton Road, New Barnet, Barnet, Hertfordshire, England, EN5 5BY

We operate across England as a property sourcing and deal packaging business, working with residential and commercial investors, property owners and agents.

For data protection purposes, KRM Property Investments Ltd is the data controller.

We are registered with the Information Commissioner’s Office (ICO) under registration reference ZB742587.

How to contact us about your data
Email: info@krmpropertyinvestments.co.uk
Phone / WhatsApp: +44 7860 598253

2. What this policy covers

This policy explains:

  • what personal data we collect

  • how and why we use it

  • the lawful bases we rely on

  • who we share it with

  • how long we keep it

  • your rights under data protection law

It applies to:

  • investors and prospective investors

  • property owners and agents we work with

  • website visitors and people who contact us or join our mailing list

  • anyone else whose personal data we process in the course of our business

Children: Our website and services are not intended for children and we do not knowingly collect personal data relating to children.

Third-party links: Our website may include links to third-party websites, plug-ins or applications. If you follow a third-party link, your personal data will be processed under that third party’s privacy policy. We do not control third-party websites and are not responsible for their privacy practices.

3. The personal data we collect

The type of personal data we collect depends on how you interact with us. It may include:

3.1 Investors and prospective investors

  • name, title and contact details (address, email, phone number)

  • date of birth (where required)

  • identification documents (e.g. passport, driving licence) (where required)

  • proof of address (e.g. utility bill, bank statement) (where required)

  • investment preferences and criteria (budget, areas, strategies, risk appetite)

  • financial information relevant to a transaction, including:

    • proof of funds or funding (e.g. bank statements, mortgage in principle)

    • source of funds and/or source of wealth information (where required for AML)

  • records of communications with you (emails, messages, notes of calls)

  • copies of signed agreements, terms of business and deal documentation (where applicable)

3.2 Property owners and agents

  • name, title and contact details (address, email, phone number)

  • identity information (ID documents and proof of address, where required for AML)

  • property details (address, ownership information, property history and other details you submit)

  • information about your role (e.g. owner, agent, solicitor)

  • records of instructions, offers, negotiations and agreements

  • records of communications with you

3.3 Website visitors, enquiries and marketing contacts

Information you submit via our website contact form(s), such as:

  • name

  • email address

  • phone number (if provided)

  • whether you are an investor, property owner, agent or other

  • the content of your message or enquiry

  • newsletter / mailing list details (name, email, investor type/interest)

  • documents you upload via our website forms (for example, property information or supporting documents)

Technical / usage data from our website, such as:

  • IP address

  • browser type and version

  • device type

  • pages visited and actions taken

  • general location (city/region, not precise address)

This technical data is typically collected via cookies and similar technologies (see Section 12).

Aggregated / anonymised data: We may use aggregated or anonymised data (such as statistics) to understand website usage and improve our services. Where data is genuinely anonymised so it cannot identify you, it is not treated as personal data.

3.4 AML and compliance data

To comply with Anti-Money Laundering (AML) obligations and other legal requirements, we may also collect:

  • copies of identity documents and proof of address

  • source of funds and/or source of wealth information (where required)

  • results of screening checks (for example, PEP / sanctions checks)

  • notes and records of AML risk assessments and ongoing monitoring

  • any other information we are required to obtain by law or regulation

3.5 Special category data

We do not intentionally collect special category data (such as health information, race, religion, or biometric data) as part of our normal business.

If such information appears incidentally (for example, visible on a document you provide), we will not use it unless strictly necessary and lawful, and we will keep it protected.

3.6 Information about other people you provide to us

If you provide personal data about another person (for example, a joint owner, company representative, tenant, introducer, or another party involved in a transaction), you should ensure you have the right to share that information with us and that they have been directed to this Privacy Policy where appropriate.

4. How we collect your data

We collect personal data in a number of ways, including:

Directly from you, when you:

  • contact us by phone, email, WhatsApp, social media or via our website

  • complete our enquiry form or sign up for our newsletter

  • provide ID, proof of address or proof of funds for AML checks

  • enter into a sourcing or deal packaging agreement with us

  • take part in calls or meetings with us

From third parties, for example:

  • other professionals involved in a transaction (e.g. solicitors, brokers, agents)

  • referrals from our professional network or existing clients

  • compliance and ID verification providers (for AML checks) (for example, HIPLA)

From public sources, such as:

  • HM Land Registry

  • Companies House

  • online property portals and planning portals

Automatically, when you use our website:

  • via cookies and analytics tools that record how you use and navigate the site

If you do not provide data: Where we need personal data to respond properly, progress a transaction, enter into a contract with you, or comply with legal obligations (including AML checks), and you do not provide it, we may be unable to proceed or may have to pause/stop engagement. We will explain this at the time.

5. How and why we use your personal data (and lawful bases)

We will only use your personal data where we have a lawful basis to do so. The main lawful bases we rely on are:

  • Legitimate interests – our legitimate interest in running and growing our business, communicating with contacts, improving services, and keeping our website secure.

  • Contract – where processing is needed to take steps at your request and/or enter into or perform a contract with you.

  • Legal obligation – where we must comply with legal/regulatory duties (including AML).

  • Consent – where you have actively opted in (typically marketing and certain cookies).​

5.1 To respond to enquiries and manage our relationship with you

Purpose: To respond to your messages, answer questions, arrange calls/meetings, and manage our relationship.
Lawful basis: Legitimate interests; Contract (where relevant to entering into or performing a contract).

5.2 To provide our property sourcing and deal packaging services

Purpose: To assess your requirements, source suitable opportunities, package deals, communicate with parties in a transaction, and manage contracts.
Lawful basis: Contract; Legitimate interests.

If you proceed with a deal: If you decide to move forward with a specific opportunity, we may issue separate terms of business and/or engagement documents and may request additional information needed to progress the transaction (for example, identification/verification and proof of funds). We may also share relevant information with professional parties involved (such as solicitors, brokers, surveyors/valuers and agents) where necessary and lawful.

5.3 To comply with legal and regulatory obligations (including AML)

Purpose: Identity verification, due diligence (including enhanced due diligence where required), monitoring, record keeping, and co-operation with regulators/law enforcement where required.
We may use specialist third-party compliance and identity verification providers (for example, HIPLA) to help us carry out these checks securely and efficiently.
Lawful basis: Legal obligation.

5.4 To send you deal updates and marketing communications

Purpose: Selected opportunities and updates about how we work.
Lawful basis: Consent (opt-in); and in limited cases Legitimate interests for relevant service updates where appropriate and your rights are not overridden.
You can opt out at any time (see Section 6).

5.5 To run and improve our website

Purpose: Operate our website, understand usage, maintain security and improve user experience.
Lawful basis: Legitimate interests; Consent for non-essential cookies/analytics where required (see Section 12).

5.6 To protect our business and manage risk

Purpose: Prevent fraud or misuse, handle complaints, manage disputes, and enforce our legal rights.
Lawful basis: Legitimate interests; Legal obligation where relevant.

5.7 Automated decision-making

We do not use automated decision-making (including profiling) that produces legal or similarly significant effects for you.

5.8 Change of purpose

We will use your personal data only for the purposes we collected it for, unless we reasonably consider we need to use it for another related reason that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis for doing so, unless the law permits otherwise.

6. Marketing communications

If you join our mailing list or otherwise consent to receive marketing, we will use your contact details to send you:

  • selected residential and commercial property opportunities

  • occasional updates about how we work and our services

You can opt out at any time by:

If you opt out of marketing, we may still contact you for service, administrative or legal reasons (for example, about an ongoing deal or AML requirements).

We do not sell your personal data to third parties for their own marketing.

7. Who we share your personal data with

We only share your personal data where necessary and lawful. This may include:

7.1 Internal access

We restrict access to personal data to those who need it for their role (for example, directors and authorised personnel/contractors). Access is controlled and treated confidentially.

7.2 Professional advisers and transaction parties

We may share relevant information with professional parties involved in a transaction, for example:

  • solicitors / conveyancers (yours, or a firm you instruct)

  • mortgage brokers and financial advisers (where you ask us to introduce you)

  • surveyors, valuers, architects or other property professionals

  • other agents or sourcing partners involved in a deal

  • prospective buyers, sellers or landlords/tenants, where necessary to progress a transaction

We only share what is reasonably necessary for the purpose at hand.

7.3 Compliance and regulatory bodies

  • HM Revenue & Customs (HMRC) – AML supervision and where relevant for tax matters

  • National Crime Agency (NCA) – where we are required to submit suspicious activity reports

  • The Property Ombudsman (TPO) – where a complaint is escalated to redress

  • The Information Commissioner’s Office (ICO) – if data protection issues require it

  • law enforcement agencies, courts or regulatory authorities where we are legally obliged to do so

7.4 Service providers and IT systems

We use trusted third-party providers to help us run our business, for example:

  • website hosting and platform provider – our company website is hosted on Wix.com

  • email and document services – such as Google Workspace

  • CRM systems – to organise contact data and communications

  • email marketing tools – to manage mailing lists and send newsletters

  • compliance / identity verification (AML/CDD) providers – for example, HIPLA, to help verify identity and address and carry out screening checks (such as PEP/sanctions) where required

  • IT support and security providers

These providers may process personal data on our behalf. We only use providers who commit to keeping data secure and confidential and we have appropriate agreements in place with them. We do not allow service providers to use your personal data for their own purposes. Where you are asked to complete an identity check, the provider may also provide privacy information at the point of use.

7.5 Business changes

If we sell, transfer or merge parts of our business or assets, personal data may be shared with relevant advisers and prospective purchasers (under confidentiality) and transferred to new owners where appropriate.

8. International data transfers

Some of our service providers may store or process data outside the UK.

Where this happens, we will ensure appropriate safeguards are in place to protect your personal data (for example, UK adequacy regulations and/or contractual safeguards). You can contact us if you would like more information about international transfers and the safeguards we use.

9. How long we keep your data

We will not keep your personal data for longer than necessary for the purposes for which it was collected, including to meet legal, accounting or reporting requirements.

Broadly, we retain data as follows (unless a longer period is required by law or necessary for a dispute):

  • AML and identity records: normally 5 years from the end of the business relationship or the date of the transaction.

  • Transaction files (deals, offers, contracts): typically up to 6 years after completion or termination.

  • General client records and communications: as long as reasonably needed and up to 6 years after our last meaningful contact.

  • Enquiry-only records: usually up to 2 years after our last communication.

  • Marketing list data: until you unsubscribe or we consider you inactive, after which your details may be removed or anonymised.

  • Website analytics data: retained in line with the default periods of our analytics providers, typically up to 2 years.

When data is no longer needed, we will delete it or anonymise it securely.

10. How we protect your data

We take appropriate technical and organisational measures to keep your personal data secure, including:

  • using reputable cloud, email and website providers with strong security standards

  • restricting access to personal data to those who need it

  • password protection and, where appropriate, multi-factor authentication

  • regular software updates and security monitoring

  • training and guidance for those working with client data

  • secure disposal of records when they are no longer required

While no system can be 100% secure, we strive to protect your information and respond promptly to any suspected data issues.

11. Your rights under data protection law

You have rights including:

  • Access

  • Rectification

  • Erasure

  • Restriction

  • Objection (including to direct marketing at any time)

  • Data portability (where applicable)

  • Withdraw consent (where we rely on consent)

These rights are subject to legal limitations (for example, we may not be able to delete data we must keep for AML or legal reasons).

To exercise your rights, contact: info@krmpropertyinvestments.co.uk

We may need to verify your identity before acting on your request. We aim to respond within one month.

12. Cookies and similar technologies

Our website uses cookies and similar technologies to help it work properly and to understand how visitors use the site.

We use:

  • Essential cookies – needed for the site to function (e.g., security/basic features).

  • Analytics / performance cookies – help us understand usage so we can improve the site.

  • Functional cookies – may remember choices you make to provide a more personalised experience.

When you first visit our site, you may see a cookie banner asking you to accept or manage cookies. Essential cookies will always be set. Non-essential cookies (such as analytics) will only be used if you accept them (or enable them) via our cookie banner/settings.

You can:

  • use the controls in our cookie banner (where available) to accept or reject non-essential cookies; and

  • adjust your browser settings to block or delete cookies.

Blocking some cookies may affect how the website functions. For more information, please see our Cookie Policy.

13. Contacting us or the ICO

If you have questions about this Privacy Policy, how we handle your data, or you would like to exercise your rights, please contact:

KRM Property Investments Ltd
Email: info@krmpropertyinvestments.co.uk
Phone / WhatsApp: +44 7860 598253

If you are not satisfied with our response, you can complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. The ICO’s current contact details are available on their website, and they can also be contacted by telephone on 0303 123 1113.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, or how we operate. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.

bottom of page