Heritable Trust Group of Companies
This policy applies on and from 25 May 2018
Keeping your data safe
Who are we?
The Heritable Trust Group of Companies is a property investment group that owns and manages a portfolio of properties
1 Who’s in control?
1.1 It is important that you understand who is responsible for keeping your data safe. We are the “controller” of all personal data collected which is used for the purposes of referencing our lettings and we are responsible for ensuring that your data is handled legally and safely.
2 What data do we collect and where from?
2.1 We collect some data about you when you apply to rent a flat. This may include the following;
2.1.1 your full name
2.1.2 your email address
2.1.3 your passport details
2.1.4 your date of birth
2.1.5 your gender
2.1.6 your current postcode and address
2.1.7 your pay slips or letter confirming salary
2.1.8 your current employer
2.1.9. your last three/six months bank statements
2.1.10. your National Insurance Number
2.2 We may also collect information that you voluntarily provide to us when you contact us with queries, complaints, comments or praise, or information that you voluntarily post about yourself on public areas (Voluntary Data).
2.3. We also collect some data about you from third parties (Third Party Data). This includes:
2.3.1 other companies who have obtained your permission to share data with us, such as previous landlords, current employers
3 What do we use your data for?
3.1 It is important that you understand how and why we use the personal data that we collect about you. This section sets out the different purposes for which we process personal data and which types of personal data we need for each purpose.
3.2 Managing your account and providing you with our services
3.2.1 We use your data, to reference, manage and administer your account
3.2.2 We use your data to contact you from time to time
4 What is our legal basis for using your data?
4.1 Data protection law says that we have to tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. This section tells you what that legal basis is in relation to each of the purposes set out above.
4.2 We process your personal data for all of the purposes identified under What do we use your data for? on the basis that it is in our legitimate interests.
5 Freedom of information
5.1 We are required under the Freedom of Information Act 2000 to provide certain information in response to Freedom of Information requests. You can make a request by emailing firstname.lastname@example.org In order to respond to requests, we will need to collect your name, address, email address, phone number and information about your request, including any additional personal data you choose to share with us when you make your request. We will use this personal data to respond to your request and will retain it for administrative purposes in line with the section headed How long do we keep your data for? below.
6 Who do we share your data with?
6.1 We do need to share your personal data with some third parties in some circumstances. This includes where we use third party suppliers to perform various services for us. The third party suppliers we share your personal data with are as follows:
6.1.1 third party service providers who help us protect our deposits
6.1.2 third party service providers who help us to manage the properties
6.1.3 other service providers such as information security service providers who help us to manage our IT systems and ensure that they are secure
6.1.4 third party service providers who are our bankers and auditors
7 How long do we keep your data for?
7.1 We will keep all your personal data for as long as you remain a tenant and your account remains open.
7.2 If you wish this retained information to be destroyed when you leave the premises please notify us in writing and this will be complied with.
7.3 We may need to keep your data after account closure for limited purposes, for example if we need your data in order to respond to any complaints or claims that you make. If this is the case, we will only keep the data for as long as we need to in order to fulfil those purposes.
8 What rights do you have?
8.1 You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section.
8.2 We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
8.3 A right to access your information
8.3.1 You also have a right to ask us to send you a copy of your all personal data that we hold about you (subject to some exceptions). A request to exercise this right is called a “subject access request” and must be made in writing to: email@example.com
8.4 A right to object to us processing your information
8.5 A right to have inaccurate data corrected
8.5.1 You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
9 How can you contact us?
10 What if you have a complaint?
10.1 You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
11 What if this policy changes?