Campden Hill is committed to the security, confidentiality and protection of personal data.
This policy was last updated on 22nd January 2019 and may be amended from time to time.
ABOUT THIS NOTICE
Campden Hill Ltd (“we” or “us”) take the privacy of your information very seriously. This Privacy Notice is designed to tell you about our practices regarding the collection, use and disclosure of personal information which may be collected in person from you, provided by a third party supplier or partner, obtained via our website or collected through other means such as by an online form, email, other written correspondence or telephone communication.
This notice applies to ‘personal data’. Personal data means any information relating to an identified or identifiable natural person, who may be identified, directly or indirectly by reference to an identifier such as a name, an identification number, location data, online information (e.g. an IP address) or to one or more factors relating to that person.
This notice applies to personal information provided to us by tenants and lessees, prospective tenants and lessees, estate agents, surveyors, suppliers, contractors, property owners, employees, clients and other individuals with whom we interact directly or indirectly in the course of carrying out our property services business. In this notice “you” refers to any individual whose personal data we hold or process.
This notice is governed by the EU General Data Protection Regulation (the “GDPR”).
For the purposes of this policy, Campden Hill is a data controller in respect of any personal information we hold.
HOW WE OBTAIN YOUR PERSONAL DATA
We collect data from you directly or from third parties (for instance, clients, suppliers and agents instructed by us).
PERSONAL DATA WE COLLECT
We may collect the following personal data:
- Information contained in contractual agreements or other material provided during our relationship.
- Information which may be provided to us in the course of applications or negotiations to enter into a relationship with us or other parties we represent.
- Correspondence received from you such as email, telephone conversations, facsimiles, letters, face to face discussions, text messages, contact through our website and other forms of communication. We may keep a record of all correspondence received.
HOW WE SECURE YOUR PERSONAL DATA
Your information is stored on secure networks, protected by firewalls, virus checking, antispyware and security updates and there are regular secure back-ups. In certain instances, it may also be stored on local drives, in which case the relevant files are password encrypted.
We will ensure access to personal information is restricted to employees working within our group on a need to know basis. Training will be provided to any employees working within the group who need access to your personal data to ensure it is secured at all times. We do not request any special categories of personal data.
When requested, you are not required to provide personal information, however, in doing so, we may not be able to proceed with a business relationship.
We may share your personal information in accordance with our legitimate interest in the provision of certain property related services, including advising and assisting certain property owners with the management of their properties.
OUR USE OF YOUR INFORMATION
We may use personal information in the following ways:
- To provide our property-related services to our clients.
- To assist our property owning clients in the management of properties they own.
- To provide information relevant to the services we provide.
- To facilitate our business operations and to ensure compliance with any legal and regulatory requirements that we are subject to.
We may share your information as follows:
- We may share your information with other associated companies within the same group.
- We may share your information with our clients or suppliers if necessary to perform our services.
- We may share your information with Yardi Systems Limited (Yardi) which provides tenant database processing services to us. They are based in the US and some data may be transferred outside the EEA to them or any of their sub processors to facilitate this processing. We will ensure that appropriate safeguards are put in place to protect your personal information in accordance with the GDPR.
- From time to time we may need to share your information with parties outside of the EEA. If we transfer your information outside of the EEA, and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.
Personal information may be disclosed to third party associates who provide us with professional, legal, accounting or other services. Third parties are not permitted to use your data for any purpose other than that covered by their contractual arrangements with us.
We may disclose your personal information as required by, or to comply with, legal, regulatory or statutory requirements, or at the request of supervisory or governmental bodies.
Our current data retention policy is to delete or destroy (to the extent we are able to) personal data after the following periods:
- Records relating to leases, licences, ASTs or any other agreements entered into as a deed – 12 years from the end of the lease, licence, AST or other deed.
- Records relating to other property-related services or transactions – 10 years from either the end of the contract or the date you last used interacted with our business.
- Records relevant for tax purposes – 8 years from the end of the tax year to which the records relate.
- Records relating to other contracts with us – 7 years from the end of the contract, being the length of time following a breach of contract in which a contract party is entitled to make a legal claim.
- Records for marketing or business development – 3 years from the last date on which you have interacted with us.
For any category of personal data not specifically defined in this notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data. The retention periods stated in this notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
With respect to your personal data, you have the right to:
- request that your personal data will not be processed;
- ask for a copy of any personal data that we have about you;
- request a correction of any errors in or update of the personal data that we have about you;
- request that your personal data will not be used to contact you for direct marketing purposes;
- request that your personal data will not be used for profiling purposes;
- request that your personal data will not be used to contact you at all;
- request that your personal data be transferred or exported to another organisation, or deleted from our records; or
- at any time, withdraw any permission you have given us to process your personal data.
All requests or notifications in respect of your above rights may be sent to us in writing at the contact details listed below. We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) and/or our data protection manager.
If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.
If you have any questions or wish to exercise any of the rights detailed above, please email firstname.lastname@example.org or write to us at Campden Hill Limited, 27 Emperor’s Gate, London, SW7 4HS.