At Attwood Property Services Limited we take the Data Protection Act 1988, 2018 and General Data Protection Regulation very seriously. Our staff are trained on the collection and processing of your data. We are under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason and we also have to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it.
Whatever we do with your information, we need a legal basis for doing it.
But we do not always need permission. In some cases, having assessed whether our use would be fair and not override your right to privacy, we may come to the view that it falls within ‘legitimate interests’ to use the information in a particular way such as for law enforcement, when a minor may be at risk, etc.
We want to make sure that any personal information we hold about you is up to date. So if you think your personal information is inaccurate, you can ask us to correct or remove it at no charge to you.
If you would like to know whether we hold personal information about you, or to request a copy, you can ask us by emailing firstname.lastname@example.org or by calling our offices on 01375 898879.
Before we can undertake any search for your personal data, we will require proof of identity, such as a copy of photo ID, e.g. your passport or photo driving licence together with a recent (no less than 3 months old) utility bill or official letter with your name and current address.
We do not use your information for marketing in any way.
All our staff are Data Processors and process data provided by you and any authorised third-parties, as agreed with you.
All staff are Data Controllers, thereby determining the data required to carry out work for you. Typically this is contact information, such as full name/s addresses/s, telephone numbers and email addresses.
All data is held in either paper form or electronically within our BlockMan system. Data stored within BlockMan is stored in encrypted form and access allowed on an individual basis by way of username and strong password. All staff are forbidden from sharing logon information with anyone.
You can access our web site and browse the site without disclosing personal data.
Our web site collects no Personally Identifiable Information (PII) unless you specifically complete our Quick Enquiry Form (QEF). Should you complete our QEF the data you provide is sent to us by email to allow us to contact you following your request to do so.
Your data is not stored or processed in any way, shape or form and is not used for advertising, customising your web site experience, or any other analytical information.
We do not share or sell any PII with any other third-party.
Attwood Property Services Limited use Microsoft Windows and Microsoft Windows Server. Our workstations, servers, and the data held on our servers, is password protected and encrypted. When our hardware is decommissioned any internal media devices, such as hard disk drives, are destroyed. Should our equipment be stolen no information can be retrieved without decryption codes.
Our office network is firewalled to the highest level to prevent all access from outside our organisation. Access to social media and all unorthodox sites is barred.
All workstations and servers employ the latest technology to combat file and email viruses, malware, spyware, web browsing protection, etc. All workstations and servers are automatically updated at least once a day to ensure our protection is kept as up to date and can combat the latest security threats.
Access to our computer systems is controlled by complex passwords. It is forbidden for staff to share logon information and all activity is fully audited on an individual basis.
Amendments to our Policy
Who are we ?
We are Attwood Property Services Limited of 20 London Road, Grays, Essex RM17 5XY.
What do we do ?
We have been appointed by [Freeholder and/or Management Company] of [Freeholder and/or Management Company Address / ℅ Attwood Property Services Limited, 20 London Road, Grays, Essex RM17 5XY] to manage the common areas of [Block Name].
What is our role under the General Data Protection Regulation (GDPR) ?
We consider ourselves to be the Data Processors and Controllers acting on behalf of [Freeholder and/or Management Company]. Both the Data Controller and the Data Processor are subject to the Office of the Information Commissioner, the Supervisory Authority.
Information Commissioner’s Office
Cheshire SK9 5AF
Tel 0303 123 1113
Where did we get your data ?
Originally your data was received from your solicitor on purchase. Subsequently any data received by us was through the Data Controller or directly from you or another Data Processor for the purposes described below.
What is the purpose of processing your data ?
Your property is subject to a lease or deed to which you, the Data Subject, and [Freeholder and/or Management Company] are party to. We have been appointed by [Freeholder and/or Management Company] to administer the covenants of that lease. This involves maintaining accounts, administration and common area matters.
What is the lawful basis for this processing ?
- Processing is necessary for the performance of a contract to which the Data Subject is party [Article 6 GDPR (1)b].
- Processing is necessary for compliance with a legal obligation to which the Data Controller is subject [Article 6 GDPR (1)c]. In this instance [Freeholder and/or Management Company] is required by the Companies Act 2006 to maintain adequate accounting records and a list of members past and present. Failure to comply would be a breach of covenant under the terms of the lease which may result in legal action.
Where is this data stored ?
This data is stored in a database called Blockman which is operated on Amazon Web Services located in the EU. Data stored and transferred is encrypted. Access is only granted to administrators associated with our office.
Who is this data shared with ?
This data is shared only with similar Data Processors for the purpose described above. These Data Processors are :
- Database Management System : Topfloor Systems Ltd, D18 F863, Ireland (Storage and retrieval of data).
How long will the data be stored ?
Your data will be maintained by us for as long as our appointment exists or for as long as required by Statute or for as long as Lawfulness of Processing can be established without consent.
What if you sell the property ?
Where the Lessor is a Company, there is still an obligation on the Data Controller to maintain adequate accounting records, and a list of past and present members. However, if you sell the property only your name, address and transaction details are necessary to satisfy this requirement. All other contact details are erased.
What are your rights ?
- You have a right to be informed.
- You may request a copy of your data stored.
- You may request correction to any erroneous data.
- You may request deletion of data, if not in violation of statutory or contractual requirements.
- You may request a restriction on processing.
- You may lodge a complaint to the controller or object to processing.
- You may lodge a complaint to the Supervisory Authority.
- You may withdraw consent if processing originally required consent.
What happens in the event of a Data Breach ?
In the case of a data breach, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority and Data Subject, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.
Where can you find more information ?