We keep this Policy under regular review, Last reviewed: 14 April 2023. Last updated: 14 April 2023.
For the purposes of the Data Protection Act 1998 and the European General Data Protection Regulation (“GDPR”) that comes into force on 25 May 2018, the data processor is Glentworth letting Agencies Ltd (Company Number 4338723) whose registered office is at 4 King Square, Bridgwater, Somerset TA6 3YF.
We are committed to complying with the GDPR. Protecting your privacy online is an evolving area, and the Site is constantly evolving to meet these demands. If you have any comments or questions regarding our Privacy Notice, please contact our data controller at firstname.lastname@example.org. While we cannot guarantee privacy perfection, we will address any issue to the best of our abilities as soon as possible.
You have the right to lodge a complaint with the Information Commissioner’s Office in the UK on the basis that this is where Glentworth Letting Agencies Ltd is established.
Glentworth Lettings reserves the right to change this Privacy Notice at any time and in the event of change we intend to take every reasonable step to ensure that these changes are brought to your attention by posting all changes prominently on the Site for a reasonable period of time. If, in the event that we sell our business, customer information may be one of the transferred business assets. If this happens, your information will still be subject to this policy.
Your privacy rights explained
Under the new EU framework, one of the biggest changes to UK data law for 20 years, is changing the way companies use data and will come into force on 25th May 2018.
This is good news as it is a positive step towards having more control over how you’re contacted. The changes will also help to protect your personal data and how your data is used.
What is GDPR?
The General Data Protection Regulation (GDPR) legislation means that by law all organisations must review how they manage all personal data, such as customer addresses and staff details, to meet GDPR requirements and to ensure all organisations are set up to protect any personal data they hold to allow them to act appropriately if something should go wrong. It gives you easier access to the personal information organisations hold about you should you wish to check or change it. It is designed to give you confidence that this information is accurate, up to date and well managed.
The GDPR provides the following rights for individuals –
• The right to be informed
• The right of access
• The right to rectify
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling
GDPR stands for General Data Protection Regulation. GDPR applies to all organisations processing data from EU residents. It replaces the Data Protection Act of 1998.
• Data subject
• A person who has data held about them
• Data controller
• Someone who decides the means of processing data.
• Data processor
• Someone who processes data on behalf of a controller.
• Personal data
• Data relating to an individual that includes identifiable characteristics.
At its core it means Personal Data shall be:
• Processed lawfully, fairly and in a transparent manner to individuals;
• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• Adequate, relevant and limited to what is necessary in relation the purposes for which they are processed;
• Accurate and, where necessary, kept up to date;
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
Processed in a manner that ensures appropriate security including protection against unauthorised processing and loss, destruction or damage
Data controllers and Data Processers?
Under the Act, it is the Data Controller that must exercise control over the processing and carry data protection responsibility for it. They determine the purpose for which data are processed. The data processor processes data on behalf of the data controller.
Therefore, in terms of the relationship we have with our end clients (tenants, Landlords, contractors or companies) and the personal data we handle for them, it is the client (tenants, Landlords, contractors or companies) who is the Data processor, and it is Glentworth Lettings who is the Data Controller on behalf of the client, and our GDPR policies reflect that.
We undertake an analysis of the risks presented by our processing and use this to assess the appropriate level of security we need to put in place.
• When deciding what measures to implement, we take account of the state of the art and costs of implementation.
• We have an information security policy (or equivalent) and take steps to make sure the policy is implemented.
• Where necessary, we have additional policies and ensure that controls are in place to enforce them.
• We make sure that we regularly review our information security policies and measures and, where necessary, improve them.
• We have put in place basic technical controls such as those specified by established frameworks like Cyber Essentials.
• We understand that we may also need to put other technical measures in place depending on our circumstances and the type of personal data we process.
• We use encryption where it is appropriate to do so.
• We understand the requirements of confidentiality, integrity and availability for the personal data we process.
• We make sure that we can restore access to personal data in the event of any incidents, such as by establishing an appropriate backup process.
• We conduct regular testing and reviews of our measures to ensure they remain effective, and act on the results of those tests where they highlight areas for improvement.
• Where appropriate, we implement measures that adhere to an approved code of conduct or certification mechanism.
• We ensure that any data processor we use also implements appropriate technical and organizational measures.
Glentworth Lettings have the appropriate security to prevent the personal data we hold being accidentally or deliberately compromised. All our staff is well trained and are ready to respond to any breach swiftly and effectively. Alison Lees and Mel Davidson are responsible for ensuring information security.
It may also be worth addressing “social engineering” where staff are tricked into giving away information. Tactics for dealing with persistent requests for information over the phone, for example, or tips on dealing with the various e-mail risks may be worth considering.
This would include backup procedures (both for data and for key staff availability) and emergency planning. It may be worth setting out special precautions to be taken when information is in particularly risky situations, such as being worked on at home, with clients, at meetings, etc.
Glentworth Lettings staff members have regular training reviews, and as a company Glentworth Lettings operates with very strict training operating procedures, including:
• Once training has taken place employees sign to confirm that they have understood and agree to the policy
• Employees should request help from their line manager or the Data Controller if they are unsure about any aspect of data protection
• To help them understand their responsibilities when processing data.
• To NOT store data on paper
• To lock their computer screen when left unattended
• To NOT discuss or share sensitive data informally
• To NOT send personal sensitive information by email
• To use strong passwords which are to be changed on a regular basis
• To not leave documents where unauthorized people may see them
• Any files to be stored in a locked drawer / filing cabinet
It may worth setting out measures to ensure data accuracy (or to refer to a separate case recording policy if this is more appropriate). For example, where information is taken over the telephone, how is it checked back with the individual? If information is supplied by a third party, what steps will be taken to ensure or check its accuracy?
There is a regular cycle of checking, updating or discarding old data within the company.
Your information will be stored on a hard drive within the company backed up by a main server.
• Your personal Data will be held for the period you are in the property and 1 year after. We hold this information for any utilities unpaid after vacating the property and any court proceedings or any other legal requests for information. After this time we will securely delete information that is no longer needed for this purpose or these purposes; and update, archive or securely delete information if it goes out of date.
The procedure for archiving will be held as mentioned in Retention periods (above) and after this time your information will be destroyed.
Direct marketing and Third parties
Glentworth Letting Agencies Ltd will not without the prior consent of the client (Landlord, Tenant, Contractor or Company), share, distribute, print, or reference any Personal Information or Data unless it has been agreed by both parties.
A landlord, Tenant, Contractor or a company that is connected to a active tenancy will be classed as an legitimate interest consent therefore as per our terms we do not require consent on the basis that we communication about our services.
A tenant that is on the mailing list through our website and internal CRM system will be emailed and kept up to date following a previous consent provided. Please note that if you wish to opt out from this mailing list you can by contacting us at email@example.com
Our third-party suppliers have all complied with GDPR data protection from our internal risk assessments and you can find the below details of each one.
Fasthosts – This is where Glentworth Lettings website is hosted. We can confirm that it is in the UK, and no data goes outside the EU. Our internal CRM (Tenant contacts who opt in) database is stored throughout our website. We have various security measures internally and externally to protect this sensitive information. Details can be found https://www.fasthosts.co.uk/terms/privacy-policy
Referencing Company – We use a referencing company for all applications to obtain a full reference. For further information please speak with our Lettings Team so they can direct you to the relevant GDPR policy, firstname.lastname@example.org.
TDS – This is the company that holds all tenant deposits, there is client’s sensitive data stored throughout TDS. You can find TDS GDPR Policy at https://www.tenancydepositscheme.com/privacy-policy.html
Office 365 – This is our email service provider, all emails sent through Glentworth Lettings are sent through Office 365, we have introduced new staff training procedures to enhance security and reduce risks. Their GDPR policy can be found at https://privacy.microsoft.com/en-gb/privacystatement
AgentOS – This is Glentworth lettings internal management system, which holds all sensitive and personal data for all clients. After careful internal risk assessments undertaken, we have put in place a strict staff training policy and integrated new company procedures to adapt with the risks involved of a potential breach. Details of AgentOS GDPR policy can be found at https://www.agentos.com/gdpr-privacy-policy/
KPR – This is the software company that we use to carry out Midterm, inventory, legality and check out reporting. The only details they hold are a tenant’s name – Their GDPR policy can be found at http://www.kpr.global
Lloyds Bank – This is where we pay our clients from, Lloyds bank have access to a Clients bank details and names only. There policy can be found at http://www.lloydsbankinggroup.com/privacy/
The Website and cookies
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
Contact & Communication
Users contacting this website and/or it’s owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
This website and it’s owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.
This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.
Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties nor shared with companies / people outside of the company that operates this website. Under the Data Protection Act 1998 you may request a copy of personal information held about you by this website’s email newsletter program. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.
Email marketing campaigns published by this website or it’s owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list]. This information is used to refine future email campaigns and supply the user with more relevant content based around their activity. In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead.
Although this website only looks to include quality, safe and relevant external links users should always adopt a policy of caution before clicking any external web links mentioned throughout this website. The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy URL’s [web addresses] (this is an example: http://bit.ly/zyVUBo).
Users are advised to take caution and good judgement before clicking any shortened URL’s published on social media platforms by this website and it’s owners. Despite the best efforts to ensure only genuine URL’s are published many social media platforms are prone to spam and hacking and therefore this website and it’s owners cannot be held liable for any damages or implications caused by visiting any shortened links.
If you have any questions or require any further information connected to Glentworth Lettings GDPR Data Protection Policy or Privacy, please email our Data Controller Mrs Alison Lees at email@example.com . Details of the company’s registered office are available on the top of this agreement. Glentworth Lettings takes every effort to ensure that the information published on the Site is accurate. However, Glentworth Letting Agencies Ltd cannot accept any liability for the accuracy or content. Visitors who rely on this information do so at their own risk. General information about data protection may be found at www.ico.org.uk