Core Property Management & Consultancy Ltd. PRIVACY STATEMENT 1st MAY 2018
Introduction
This Privacy statement sets out how Core Property Management & Consultancy Limited, (‘Core’), manages and processes personal data it collects and holds in the course of its business pursuant to the requirements of the General Data Protection Regulation, (‘GDPR’).
Personal Data is any information which directly or indirectly identifies an identifiable natural person, (‘data subject’).
Data Controller
Core will be the Controller of personal data that you provide to us. The full contact details of Core are as follows;
Core Property Management & Consultancy Limited, (Co No 3764466). 7 Union Court, Liverpool L2 4SJ. Tel 0151 255 2500. www.corepmc.com
Your Personal Data.
We collect personal data about you which may include your name, address and other contact information as well as your bank account details, VAT and tax registration details where applicable and means of identifying you, including for example copy passports, utility bills or other means of satisfying this requirement. We may also hold data about other individuals with an interest in your property or business interests. Before you provide us with information about such people you will need to check that you have their permission to give it to us.
A more detailed overview is given in appendix 1.
In order to process personal data there must be a lawful basis. These are set out under Article 6 of the GDPR as follows and at least one must apply.
• Consent. This is where an individual gives clear consent for us to process personal data for a specific purpose.
• Contract. The processing is necessary for a contract with the individual or because they have asked for specific steps to be taken before entering into a contract.
• Legal Obligation. Necessary for us to comply with the law, (not including contractual obligations).
• Vital Interests. The processing is necessary to protect someone’s life.
• Public Task. The processing is necessary for us to perform a task in the public interest or for our official functions and the task has a clear basis in law.
• Legitimate Interests. The processing is necessary for our legitimate interests or the interests of a third party unless there is good reason to protect the individual’s personal data which over-rides those legitimate interests.
Telephone Calls & Emails
To protect our legitimate interests, we reserve the right to electronically record telephone calls for monitoring and to ensure an accurate record of what is said. We may alternatively maintain file notes and logs or keep recorded messages.
We will retain emails, text messages and other communications for so long as they are reasonably necessary. It is in our legitimate interests to do so and may be a contractual or legal obligation.
CCTV
In circumstances where properties under our management have CCTV in communal areas and outside this is for security purposes and will be operated within the law. We regard this as a legitimate interest. We reserve the right to use CCTV recordings to detect breaches of tenancy terms and may keep recordings for such purposes.
Purpose & Principle
We need personal data to satisfy contractual and Legal Obligations and for legitimate Interests to facilitate the provision of our services.
We will seek to ensure that it is processed lawfully, fairly and transparently and we will not seek more data than we need.
How we deal with it.
The Information we collect is processed by our staff based at our office, 7 Union Court, Liverpool L2 4SJ. It is held on a localised and secure server, operational PCs and electronic and paper files. Data held on computer is password protected.
The office is secured and alarmed.
Electronic data is backed up regularly.
Core will treat information it holds as confidential but it will be necessary or appropriate to provide other parties, including statutory undertakers, legal advisers, insurers, local authorities, HMRC, contractors and service providers amongst others with information. This is to ensure that Core can satisfy its legal and contractual duties and is able to fulfil its service obligations. Further information on how data is shared is provided in Appendix 2.
Core’s staff are actively engaged in this privacy policy and obliged to comply with the GDPR.
Where personal data is to be erased or disposed of the services of a specialist company, (currently Data Shred), will be utilised.
It is not Core’s policy to trade, sell or rent information for marketing or any other purpose.
Accuracy of Data
Core will ensure that all personal data collected and processed is kept accurate and up to date. Where any inaccuracy is found all reasonable steps will be taken to amend without delay.
How long we keep it
Core will not keep personal data for any longer than is necessary in the context in which it is held. The information we hold will remain relevant for as long we continue to act or the currency of an occupation or legal agreement. After such time it is necessary for us to keep according to legal and regulatory requirements, professional indemnity and subsequent queries and audits. Generally, we would expect to keep data for not more than 7 years from the termination of our duties or less in the case of basic enquires and aborted tenancy or service applications.
Your Rights
Data Subjects have the following rights. To exercise these rights, you should contact us at the address given above. Normally no fee is payable but we reserve the right to make a reasonable and proportionate charge depending on the complexity and scale of the enquiry.
• To be Informed. We have sought to satisfy this within the context of this Privacy Statement.
• Access. You have the right to make a request about data we hold at any time. This is known as a ‘SAR’ (Subject Access Request) and we would normally respond within one month of receipt.
• Correction/Rectification. If you believe that the information we hold on you is incorrect you can ask us to correct it and change any inaccuracies. Any third parties to whom the data has been disclosed will also be informed.
• Erasure. You have the right in certain circumstances to ask that any data we hold is erased, (subject to any statutory, contractual or legal obligations on Core to the contrary). You should be aware that the deletion of any data may impact on Core’s ability to provide its services.
• Restriction of processing. Data Subjects can request, based on legitimate reasons, that Core ceases processing the personal data it holds about them. This includes where the accuracy or lawfulness of the data is being contested.
• Data Portability. This allows individuals to reuse their personal data for their own purposes across different services, allowing them to move, copy or transfer personal data more easily.
• Withdrawal of Consent. Where consent is the legal gateway to process data you can withdraw this at any time by contacting us at the address given above.
Core does not use personal data for automated decision making or profiling.
Data Breach
If a data breach occurs and that is likely to result in a risk to the rights and freedoms of the data subject Core will inform the Information Commissioners Office within 72 hours of becoming aware.
If the data breach is likely to result in high risk to the rights and freedoms of data subjects all affected data subjects are to be informed without undue delay.
Implementation
This policy shall be deemed to be effective as of 1st May 2018. No part shall have retroactive effect.
Complaints
If you wish to make a complaint about how we have handled your personal data you should contact Paul Roberts or Allan Pelan at Core’s offices who will investigate the matter. If you are not satisfied with our response you can complain to the Information Commissioners Office - ICO
Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
www.ico.org.uk
Appendix 1. Personal Data
The following personal data may be held and processed by Core. This is not necessarily exhaustive but gives an overview of the main examples
Identity and Contact details. We require this in order to communicate with you, provide our services and to enable us to satisfy legal and contractual requirements.
Other Interests and Controlling interests. This will be required to satisfy ‘know your client’ requirements for anti-money laundering and other such regulations.
Designated point of contact or representative. To enable us to communicate due to circumstances or in an emergency.
Personal and background information. This is in order for us to process tenancy applications, advise clients, make informed decisions, and facilitate the effective operation of our services. It may include details of any criminal convictions or Court judgements as well as employment and financial status.
Bank Details. This is done to enable us to receive and make payments legitimately, seek financial verification of status where relevant and assist with the performance of our contractual obligations.
Professional advisers. We may hold details about your solicitor, accountant or other professional adviser in order to ensure that we can communicate with them where required to fulfil our duties.
Tenancy information. Including lease, tenancy or other occupational information in order to ensure that we can maintain accurate management records and effectively operate our services.
Occupancy details. In certain cases we will need to know who resides at or occupies a property, including children and other family members in order to ensure that we can fulfil our management duties.
Details of guarantors. In order to be able to communicate with them and to enable us to fulfil our management duties.
Deposits. Including the amount, who pays it and steps taken to protect it.
Immigration and residency status. To ensure that we can comply with relevant immigration and offshore tax rules. Data to include suitable evidence to confirm status including but not limited to passports, utility bills and driving licences.
Payment records. We are required to keep detailed records of receipts and payments including any associated records, reminders and final demands. This is to enable us to fulfil our service obligations.
Legal documentation. This might include details relating to County Court debt, criminal convictions and other information to enable us to assess financial status.
Statutory and H&S records. This would include gas safety, electrical and other such inspection reports. This is to ensure that we can comply with relevant regulations and to ensure compliance with contractual terms.
Housing benefit records. To enable us to legitimately deal with benefit payments and other occupational issues.
Health & Disability information. This may be required where it affects your ability to communicate with us, to explain why there is absence or other operational or legal necessity. We would need this information to enable us to assist you and make informed operational decisions. There are additional rules relating to health information for which we may need your specific consent.
Online Information. Such information is often in the public domain and put there by you. We may access this information to assess tenant or guarantor suitability.
Insurance. Core does not advise on insurance matters but does communicate with clients’ brokers and insurers to assist with the administration of a contract. It is sometimes necessary to obtain information about insurance risks and previous claims to facilitate this.
Car registration. We reserve the right to collect and hold data about cars kept in the vicinity of properties under our management. This is to check for trespass, breaches and general parking regulation.
Correspondence. We receive and keep communications by email, letter, text, fax, phone and all other legitimate means. We handle and maintain this within the context of required records to undertake our duties.
Licencing information. Some properties will be the subject of licencing and it is important that we have full details in order to facilitate the effective operation of our duties.
We consider that the above information is necessary in our legitimate interests and to satisfy contractual and legal obligations.
Appendix 2. Sharing Information.
The property industry is by its nature highly regulated and in the performance of our duties it is necessary and appropriate for us to share information with third parties. This is a broad overview of who data might typically be shared with and why.
Clients. We will share tenant, occupiers and other personal data with our clients who will generally be a landlord or property owner. This is required to ensure that they can satisfy their contractual requirements and make informed decisions.
Tenants & occupiers. We will generally need to share relevant client details with tenants, guarantors, occupiers or others with a legitimate interest in order to satisfy legal and contractual obligations.
Guarantors. We will provide guarantors with data where their financial status may be affected by a breach, arrears or other legitimate interest.
Joint tenants & other interests. We may need to share information with other interested parties where there is a legitimate interest in a particular context.
Contractors & Service providers. In order to assist with our responsibilities in the performance of our duties, arrange works and services, facilitate access, ensure correct invoicing.
Utility Companies & Service providers. To establish correct payment liability, ensure continuation or cessation of services, facilitate metering and statutory checks.
Next of Kin, legal representatives or designated point of contact. To ensure the effective provision of our service and deal with emergency situations.
Debt Collection and Enforcement agencies. To enable us to fulfil our legitimate duties in the pursuance of debt.
Credit Reference Agencies. To enable credit and other relevant checks to be made to facilitate informed decisions.
Insurers and Brokers. To enable the proper arrangement of insurance policies and meet the contractual and legal requirements of the insurers. To include Core’s own PI insurers as well as Landlords’ property and personal cover. To assist with claims.
Banks & Lenders. To facilitate payments and receipts. To provide information about tenants and borrowers which is relevant to loan facilities granted. To assist with the detection of crime.
Neighbours & other residents. Includes information relating to complaints and alleged breaches or anti-social behaviour to ensure that we can satisfy our management and legal responsibilities.
Freeholders & Management Companies. For the effective management of a property. To obtain consents, provide contractual notices, assess legal responsibilities, deal with alleged breaches, make payments and arrange correct invoicing details.
Home Office. Performance of legal obligations. Immigration checks.
HMRC. Performance of legal obligations, deal with VAT returns and tax queries.
Benefit Authority. To administer and process benefits and payments.
Deposit Scheme. To ensure adequate protection of deposits held according to residential deposit rules.
Employers. Where orders against wages are granted or references and status enquiries are required.
Local Authority & Licencing Authority. To deal with legal and statutory issues arising, planning consents, Environmental health issues etc. To enable the performance of management duties.
Rating Authorities. For Council tax and non-domestic rating issues. To ensure correct liability and billing is established. Response to statutory notices.
VOA & rent assessment committees or land tribunals To assist with rates appeals, rent registrations, satisfy requests for information, deal with property disputes.
Professional advisers. Including solicitors, surveyors, accountants, architects and the like. For assistance and advice in connection with management, valuation, professional and legal matters. To assist with breaches, enforcement and financial issues.
Law Enforcement Bodies. Prevention of crime and anti-social behaviour. To satisfy anti money laundering regulations.
Regulatory Bodies and Agencies. To enable them to carry out their functions and legitimate interests. Satisfy legal obligation.
Letting, Sales and Managing Agents. The performance of management, sales and letting services in our legitimate interests.
Courts. For the administration of justice and legal matters. Pursuit and defence of claims.
Insolvency Practitioners and Official Receivers. In connection with administrations, bankruptcies and financial matters.
Emergency Services. Police, Fire-Brigade, Ambulance. To deal with emergency and legal situations.
Prospective Purchasers and their advisers. Tenancy and personal information is legitimately required to facilitate informed decision about a purchase and to facilitate access.
We consider that this information needs to be shared to satisfy our legitimate interests, contractual and legal obligations.