Forge is the trading name of Forge Commercial Property LLP (“we”, “us”, “our”), a company registered in England and Wales under Company Registration Number OC448417 with its registered office at 80 Compair Crescent, Ipswich IP2 0EH.

​This Privacy Notice (“Notice”) explains how we use (“Process”) your personal information (including personal information that you provide to us about other persons) (together, “Personal Information”). It also explains your privacy rights and how you can exercise them.

​We respect your privacy and we are committed to protecting your personal data. We are responsible for the Personal Information we collect about you (including through the website The type of Personal Information we collect and how we Process it will vary depending on the relationship we have with you. Please note in particular that:

  • We may use cookies on our website and in any marketing emails to help us manage and improve our websites, your browsing experience, and the material/information that we send; and
  • As a collaborative business, we may share certain Personal Information with our related entities or other persons engaged to provide the agreed services to you and also select third parties, subject to appropriate safeguards.

We will publish updates to this Privacy Notice on this website, with relevant changes highlighted as appropriate. Where we hold or Process your Personal Data, we will also take appropriate measures to inform you of any amendments which have a material impact on you and your ability to exercise your privacy rights.

​If you have any questions regarding our processing of your Personal Information or would like to exercise your privacy rights, please email:

How We Collect Your Personal Information

We collect Personal Information to provide our services, for legal and regulatory purposes and to manage our business and relationships. For further details, please see the ‘Use of your Personal Information’ section of this Notice below.

Public information

Personal Information about you or your business which is publicly available, for example on your employers’ website, public professional social networking sites, the press; and relevant electronic data sources.

Information from third parties

Personal Information provided to us by third parties (for example by our clients; joint agents; sub-agents; suppliers; advisers; consultants, lawyers and other professional experts; counterparties; previous, current and future employers; correspondents and enquirers; regulators and public authorities; relatives; and other persons) where such Information is provided to us in connection with the relevant purposes set out in this Notice.

Information collected through our websites

We may use cookies on our website and certain marketing emails which collect your IP address and certain other information from you when you visit our website. For further details please see the ‘Marketing and Cookies’ section.

​You will voluntarily provide most of your Personal Information directly to us. We will also obtain Personal Information from other sources or persons. Sometimes the provision of your Personal Information to us by third parties will be unsolicited and/or provided in confidence (for example, reports made to us by regulators and other persons) and we will be unable to notify you of this. In all cases we shall take such necessary steps to ensure that Personal Information is obtained and used in a fair and lawful way.

The Types of Personal Information That We Collect

The categories of Personal Information we collect will vary, depending on our specific relationship with you and the context. We will not be able to further our relationship with you without certain Personal Information. For example, this may include your personal telephone number or email address.

Use of Your Personal Information

​Our Processing of your Personal Information will include obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, copying, analysing, amending, retrieving, using, systemising, storing, disclosing, transferring, retaining, archiving, anonymising, erasing or destroying it by automated or non-automated means.

​The UK GDPR as tailored by the Data Protection Act 2018 require us to communicate to you the purposes for which we Process your Personal Information (the “Permitted Purposes”), together with the corresponding ‘Legal Basis’. These are summarised in the tables below.

​Further details on: (a) security and business continuity arrangements; (b) client due diligence, supplier vetting; and (c) equal opportunities monitoring and reporting, can be found in ‘The types of Personal Information that we collect’ section above.

General Permitted Purposes

​We Process Your Personal Information for one or more of the following general Permitted Purposes.

Marketing and Cookies

​We generally rely on our legitimate interests to Process your Personal Information for marketing purposes. We will inform you in advance of sending you marketing or if a related entity will send you marketing material (unless this is reasonably obvious in the circumstances – for example, when you provide us with your business card during a formal meeting). You will be able to opt-out of any marketing email sent by us, by clicking the opt-out link that we include in each email.


​We may use cookies (small text files placed on your device) and similar technologies on our website and marketing emails to:

  1. make sure our website functions as it should;
  2. recognise you when you return to the website (for example, to remember your login details so that you do not need to re-enter it on subsequent visits);
  3. analyse how our website and online services are performing (for example to understand how people arrive at and use our website so that we can make it more intuitive); and
  4. to present you with customised options relating to your interests, based on your previous use of the websites (for example, where you are known to us, we will keep a record of the articles on our website that you have clicked on/downloaded, and use that information to send you material which we have identified as relevant to your interests).

​Please note that some of the cookies on our website may be third party cookies (e.g. Google advertising cookies) which we do not control. Please view the relevant website for details of their privacy policy.

​If you are concerned about cookies, most web browsers (Safari, Brave, Internet Explorer, Microsoft Edge, Chrome etc) now recognise when a cookie is offered and allow you to opt-out of receiving it. You can also delete all cookies that are already on your browser. If you choose to do this, you may have to manually adjust some preferences every time you visit our website and some services and functionalities may not work.

​For more information about cookies and how to disable and/or delete them, please visit

​Where Is Your Personal Information Stored and Who Will It Be Shared?

​We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

​We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

​We will also at times need to share some of your Personal Information with select third parties, such as:

​We do not disclose (or sell) your Personal Information to any other third parties.

​This Processing may involve the transfer (sometimes via cloud computing) of some of your Personal Information to other countries whose privacy laws may not be as comprehensive to those where you are based. Where third party and/or cross-border transfers take place, we will put enhanced confidentiality and information security safeguards in place to ensure the lawfulness of the transfer and protect your Personal Information. For further details, please see the Security of your Personal Information and data breaches section of this Notice below.

Security of Your Personal Information and Data Breaches

​We operate technical, non-technical and procedural controls to safeguard your Personal Information (including protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage). In particular:

​We will keep these arrangements under regular review, taking into account security and compliance best practices, current risks, threats, vulnerabilities, mitigating controls, technology, and changes in applicable legal requirements.

​However, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Information transmitted to our websites – and any such transmission is at your own risk. Our website may also, from time to time, contain links to third party websites – which are outside of our control and are not covered by this Notice. If you access other websites using the links provided, please check their privacy policy before submitting any Personal Information to them.

Data Breaches

​If a data breach (leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Information) occurs which is likely to result in a high risk of adversely affecting your rights and freedoms, we will inform you of this without undue delay. Where legally permitted, any such notifications will be made either via email, post or telephone.

How long we keep Your Information

​We will only keep your Personal Information in an accessible form which can identify you for as long as we need to for the Permitted Purposes. As retention periods can vary significantly depending on the Permitted Purpose and the relevant jurisdictions concerned, it is not possible for us to commit to an overall retention period for all of your Personal Information held by us. For example, we are under legal obligations to keep certain records for specific periods which will usually extend after the end of a contractual relationship (including minimum statutory retention periods in respect of client due diligence documents – which vary from jurisdiction to jurisdiction).

​As a result, we use certain categories and criteria to determine how long we keep certain of your Personal Information, and these are set out below. Where your Personal Information is used for more than one Permitted Purpose, there will be overlapping retention periods in respect of that Information. In such cases, we will retain your Information for the longer of those overlapping retention periods. We will also transfer paper files into, and store them in, electronic format where appropriate.

​Where we no longer require your Personal Information, we will take steps to delete or anonymise it. There will be circumstances where certain Information cannot be permanently deleted or anonymised, for example because it is stored in our back-ups for business continuity purposes.

​In such cases, we will take appropriate steps to minimise (and pseduonymise where technically practicable) the Personal Information that we hold, and to ensure that it is: (a) not used in connection with any decision involving you; (b) not shared with anyone, except where we are legally required to do so (e.g. following a court order); (c) kept secure and virtually inaccessible; and (d) permanently deleted if, or when, this becomes technically possible.

Your Rights

​The following privacy rights apply under the UK GDPR as tailored by the Data Protection Act 2018. Although applicable data protection legislation in relevant jurisdictions afford similar rights, there may be circumstances where some of these rights do not apply under or are modified by, local law. Further information can be sought from our privacy contacts. In the event of any inconsistency, the applicable local legislation will prevail.

For further details about these privacy rights under UK GDPR (including their limitations), please see the Guide to the UK GDPR on the Information Commissioner’s Office website .

​To exercise your rights, please send a written and dated request (a “Request”) to

Please note that:

  • We will need to verify your identity in order to be able to comply with certain of your Requests.
  • When you Request access to your Personal Information, there will be some Personal Information which we are not able to disclose to you, such as documents which include confidential or personal information about another entity or person; documentation relating to management forecasting or planning; legally privileged documents; and copies of references.
  • We will not be able to comply with your Request in certain circumstances, for example where your Request is manifestly unfounded or excessive.

​We hope to address any enquiry or Request to your satisfaction, but if we do not, you have the right to lodge a complaint with the relevant data protection regulator in the country where you normally live or work, or where an alleged breach of data protection is said to have occurred (such as the Information Commissioners’ Office in England)

​Contacts And other Important Privacy Information

​If you have any queries regarding this Privacy Notice or our processing of your Personal Information, please email us at