Skip to content

Privacy Policy

Galbraith is committed to ensuring that your privacy is protected. This Privacy Policy explains what information we collect about you and how and why we use that information.

In this Privacy Policy, ‘Galbraith’, ‘Our’, ‘Us’ and ‘We’ each mean CKD Galbraith LLP, trading as ‘Galbraith’ (Company Number SO300208), and having its registered address at 4th floor, 18 George Street, Edinburgh, EH2 2PF.

In this Privacy Policy, any reference to “You” or “Your” refers to anyone whose personal information we process.

Other useful information

We have a separate Privacy Policy for our employees, including those wishing to become our employees, which will be available at the time of applying to join us.

Our Cookies Policy explains about our use of cookies which are small files placed on your electronic devices and track how individuals use our websites, helping us to understand user behaviours, identify improvements and target our marketing activities to be of more relevance to you.

1. What is personal Information?

Personal data is information that relates to an identified or identifiable individual. Personal information may include Special Category Data. Special Category Data includes, without limitation:

  • Physical or mental health or condition.
  • Commission or alleged commission of any offence.
  • Religious beliefs or other beliefs of a similar nature.
  • The racial or ethnic origin of the data subject.
  • Political opinions.
  • Sexual life, including orientation and gender.
  • Any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings.

2. What type of Personal Information do we collect and how do we collect it?

The type of personal information that we collect and process, will depend on the nature of your relationship with Galbraith. On all occasions we will collect the following information:

  1. Personal information including your full name and contact details, such as phone number, email address and postal address from you whenever you engage with Us; and
  2. We will collect information for proof of identity for the purposes of Anti-Money Laundering.

Additionally, and depending on the service that We provide to you, or on your behalf, We may also collect additional personal information, such as without limitation, bank account details, emergency contact details, details of any Power of Attorney, Guardianship Order or Confirmation/ Probate documents, any specific access requirements, and Title ownership.

3. How we get the personal information and why we have it?

Most of the personal information We process is provided directly by You, and allows Us to carry out the transaction in which We are instructed.

We may also receive additional personal information, indirectly, for example, on completion Anti-Money Laundering or Title Checks.

We use the information that you have given Us to fulfil our statutory compliance duties and the instructed work. We only process personal information, which is necessary for either purpose, and will not request anything more than necessary.

4. Why do we collect personal Information?

Under the UK General Data Protection Regulation (UK GDPR), we can only process your personal information where we have a lawful basis to do so. The basis for processing your personal information will depend on your relationship with Galbraith. This may include:

A contractual obligation.
A legal obligation.
A legitimate interest; or
Your consent. You can remove your consent at any time by contacting:

5. Do we share personal Information?

There are occasions where the personal data which You have provided to Galbraith will be shared with third parties to progress the transaction in which we are instructed. For example, if We are instructed in the sale of your property, we may share your address with a viewer of the property.

We may share your personal information with third parties when:

  • It is necessary to allow Us to fulfill our services to You.
  • It is required by law or regulation. Or
  • We have another legitimate interest in doing so.

We will never share your data without your consent or beyond our lawful basis for doing so.

We only share information with third parties who are committed to processing personal data to the standards set out under current Data Protection Legislation.

These third parties may include our:

  • Domain and hosting providers
  • Website and website tool providers
  • Cloud data storage providers
  • Cloud accounting software
  • External IT support companies
  • Email providers
  • CRM software providers
  • Marketing and analytics agencies
  • Statutory bodies
  • Regulatory bodies
  • Property advertising websites (‘Portals’)
  • Online payment providers
  • Anti-Money Laundering and identity check providers
  • Mortgage lender panel management companies

6. Data Security

The security of information is very important to Us. We have measures in place which are designed to prevent unauthorised access to Your personal information.

We maintain appropriate security measures in place to prevent personal data from being accidentally lost, used, or accessed in an unauthorised way. For example:

  • We limit access to your personal data to those who have a genuine ‘need to know’. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
  • We only keep paper files where completely necessary.
  • All computers and electrical devices used by Us are password protected.
  • We have procedures in place to deal with any suspected Personal Data or Data Security Breach.

7. How long do we hold your personal data?

The period for which we will keep Your personal information will depend on the type of service You have requested from Us. We have in place a Data Retention Policy which sets out the different retention periods for the types of information we hold.

The retention period may be longer than the period for which we are providing services to you and may consider Legal and regulatory requirements and guidance; Limitation periods that apply in respect of taking legal action; Our ability to defend ourselves against legal claims and complaints; good practice; and the operational requirements of our business.

We will not hold personal data for any longer than is necessary. When it is no longer necessary to retain your personal data, we will delete or anonymise it.

8. Your rights in respect of personal information

Under data protection law, you have rights, including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. You can exercise any of your rights by contacting

Once we’ve looked at your request, we’ll let you know when you can expect to hear from us. It will normally take us up to one month to complete your request, but it could take longer (up to a further two months) if it’s a complicated request or you send us a lot of requests at once.

9. How to complain about personal data use

If you have any concerns about our use of your personal information, you can make a complaint to our Chief Executive Officer, Martin Cassels.

Letters should be addressed to:
Martin Cassels, Galbraith, Suite C, Stirling Agricultural Centre, Stirling, FK9 4RN

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113
ICO website: