Privacy Policy

Last updated: 1st January 2024

Please read this Privacy Policy carefully. If you use this website, or sign up to the Ostrich service, you will be regarded as having read and accepted this Privacy Policy. If you don’t wish to be bound by what you read below, you shouldn’t use this website or sign up for our services.

Who are we?

Ostrich.co.uk (Ostrich) is owned and operated by Ostrich X Ltd. Ostrich X Ltd is registered in England and Wales at 4.04, 60 Grays Inn Road, London, WC1X 8LU, UK. Our company number is 13774574 and our UK Data Protection registration number is ZB287263.

Our Data Protection contact is Richard Foister who can be contacted by email at privacy@ostrich.co.uk.

What is personal data?

In this policy, when we use the term “personal data” we mean any information relating to an identified or identifiable human being. (An “identifiable” person is one who can be identified, directly or indirectly, for example, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, biometric, mental, economic, cultural or social identity of that person.)

User accounts

If you create an account on Ostrich we will store the data you provide to us. We use this data to maintain a user account for you on the Ostrich service, and to make it easy for you to use our services (for example, to facilitate submission of offers). We will also send you emails to keep you up to date with product changes and new properties that have been added to the platform.

You can unsubscribe from email communications at any time by clicking the unsubscribe link in each email or by contacting us by email. You can also change your email preferences within your Ostrich account. You may also request that we delete your user account by email, and we will process all such requests within 7 days.

We process your user account data to provide you with the Ostrich service (lawful basis: contract) and to provide an easy to use service to our users (lawful basis: legitimate interests).

Identity verification

Before viewing requests made on Ostrich are sent to the homeowner you must first verify your identity. We also require homeowners to verify their identity before a property listing goes live.

Identity verification requires you to upload a photograph of your passport, driver’s licence or other authorised ID. Identity verification is typically processed through our third party partner Stripe.

You can read more about how Stripe uses your personal data here:
https://stripe.com/gb/privacy

In certain circumstances Identity verification may be processed using Thirdfort.

You can read more about how Thirdfort uses your personal data here:
https://www.thirdfort.com/privacy/

We require identity verification to facilitate trust on our platform, and to protect the homeowners who list their properties (lawful basis: legitimate interests).

Property listings

If you decide to list your property on Ostrich we will collect details related to the property, some of which will be displayed to users of Ostrich. We will only do this if you provide us with explicit consent confirming that you want to list your property on Ostrich (lawful basis: consent).

You can withdraw this consent and request your property be removed from Ostrich at any time by contacting us via email, and we will process all such requests within 7 days.

Historical sales

We list information about historical property sales. This information is from the Land Registry Sold Property Prices data set. The lawful basis for processing this information is legitimate interests to provide a better service to our users.

Homeowner requests and user support

If you are interested in listing your home on Ostrich you may fill out a form with details about yourself and the property you may wish to list. We use this information to contact you about listing your property.

If you contact us through a user support form, or by email, we will use this information, including any contact details you have provided, to reply to you.

The lawful basis for processing your personal data in relation to homeowner requests and user support is legitimate interests so that we can get in touch with you in relation to the request you have made.

User interactions

We track interactions of visitors and users on our website. For example, pages visited, properties viewed and interest expressed in properties. While interactions are not personally identifiable by themselves, when a user is signed into their account, these interactions will be identifiable as being from that specific user.

We process this data to understand how visitors and users interact with our website so that we can improve our services. In certain circumstances, interaction data is used to provide functionality, for example, allowing users to join waitlists for a property.

Please note that we do not alter our webite’s data collection and use practices when we see a Do Not Track signal from your browser.

The lawful basis for processing user interaction data is legitimate interests to provide functionality to our users, to be able to improve our services and make better business decisions.

We use Google Analytics, to help us understand how our customers use our website. You can read more about how Google uses your personal data here: https://www.google.com/intl/en/policies/privacy/.

You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Sellers identity verification and proof of address

When a homeowner appoints Ostrich by signing the Ostrich Sales Terms, Ostrich is obliged by law under Anti-Money Laundering Regulations to obtain and hold evidence of identity and proof of address.

This evidence may be obtained using one of our third party partners as described in the Identity verification section of this privacy policy.

Buyers AML / Proof of funds checks

If you make a viewing request on a property it may lead to further interactions such as viewing the property and making a firm offer. If you make a firm offer on a property we will require evidence of proof of funds and the source of those funds.

We will use a third party partner, Thirdfort, to obtain and process proof of funds and source of those funds.

You can read more about how Thirdfort uses your personal data here:
https://www.thirdfort.com/privacy/

We require proof of funds and source of funds to comply with our obligations under Anti-Money Laundering Regulations and to adhere to the Property Ombudsman Code of Practice.

Data security

We will always take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing (including taking reasonable steps to ensure the reliability of employees who have access to personal data). Our employees may only process personal data in accordance with this privacy policy, and any employee who breaches this privacy policy may be subject to disciplinary action, up to and including dismissal.

We have put in place internal procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Retention of personal data

We are committed to only keeping personal data while it is being used. If you request that we delete your account, update the name, address or email address, or details of a property you have listed with us, we will process all such requests within 7 days. You can make deletion requests by contacting us at privacy@ostrich.co.uk.

You can unsubscribe from email communication at any time by clicking the unsubscribe link included in all of our email marketing communications.

Data sharing

If we use a third party data processor to process personal data on our behalf we will obtain contractual commitments to safeguard the security of the personal data to ensure that the third party only acts on our instructions when using that personal data and that the third party has in place appropriate technical and organisational security measures to safeguard the personal data.

We may transfer certain personal data that we hold on individuals living in the UK to a country outside the UK, provided that one of the following conditions applies:

  • the country to which the personal data is transferred ensures an adequate level of protection for that individual’s rights and freedoms;
  • an individual has given their explicit and informed consent having had the risks explained to them;
  • the transfer is covered by one of the derogations set out in the UK GDPR and the Data Protection Act 2018, including the performance of a contract between us and that individual, or to protect the vital interests of individuals;
  • the transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims; or
  • the transfer is authorised by the relevant data protection authority where we have checked adequate safeguards exist with respect to the protection of the individual’s privacy, their fundamental rights and freedoms, and the exercise of their rights.

Subject to the requirements set out above, the personal data we hold may also be processed by individuals operating outside the UK who work for us or for one of our suppliers. Those individuals may be engaged in, among other things, the fulfilment of contracts with the relevant individual, the processing of payment details and the provision of support services.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the data regulator in the UK (the Information Commissioner’s Office, also known as the ICO).
  • Where we use service providers, we may use specific contracts approved by the ICO (and we also take other steps) all of which give personal data at least the same protection it has in the UK.

We may also share personal data we hold with selected third parties for the purposes set out below. We do not allow our third-party service providers to use your personal data for their own purposes; we only permit them to process your personal data for specified purposes and in accordance with our instructions.

When we use the term “third party”, we mean any entity who is not the Company, including third party service providers, contractors and designated agents. The following third party service providers may process personal data for the following purposes:

  • Service providers such as Amazon Web Services, Mailchimp, Sisense and Intercom in the United States, who provide hosting services, email marketing services, business intelligence software and customer relationship management software.
  • Service providers who provide IT and system administration services.
  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.

If we sell or buy any business or assets, or sell the Company, we may disclose your personal data to the prospective seller or buyer of such business or assets. We may also disclose personal data we hold to third parties if we are under a duty to disclose or share an individual’s personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with that individual or other agreements; or to protect our rights, property, or safety of our employees, customers or others. This includes exchanging personal data with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Cookies

Ostrich uses cookies within your browser, in order to give you the best possible experience while using our services. Cookies and similar technologies are used to store pieces of information on your computer or mobile device when you visit a website or use an app.

You can read our cookie policy for more information.

Your rights

You have the right to access, rectify, erase, restrict, and object to our use of your data. You can also request a portable version of your data. Email us to request any of these rights.

You can unsubscribe from email communications at any time by clicking the unsubscribe link in each email or by contacting us by email.

You have the right to make a complaint at any time to the Information Commissioner's Office, the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner's Office, so please contact us in the first instance.

Changes to our Privacy Policy

We reserve the right to change this policy at any time. Where appropriate, we will notify individuals of those changes by post or email. Each time you enter or use our website, you agree that the privacy policy current at that time shall apply to all information we hold about you.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@ostrich.co.uk.

© Ostrich X Ltd 2024