PRIVACY POLICY – EFFECTIVE FROM 25TH MAY 2018

Last updated: 29 June 2018

For the purposes of the Data Protection Act 1998 and the European General Data Protection Regulation (“GDPR”) which is in force from 25 May 2018, the data processor is Glentworth Letting Agencies Ltd (Company Number 4338723) whose registered office is at 4 King Square, Bridgwater, Somerset TA6 3YF. Glentworth Letting Agencies Ltd is registered with the Information Commissioner's Office, registration number: Z6148543.

You have the right to lodge a complaint with the Information Commissioner’s Office in the UK on the basis that this is where Glentworth Letting Agencies Ltd is registered.

Glentworth Lettings reserves the right to change this Privacy Notice at any time and in the event of change we intend to take every reasonable step to ensure that these changes are brought to your attention by posting all changes prominently on the Site for a reasonable period. If, in the event that we sell our business, customer information may be one of the transferred business assets. If this happens, your information will still be subject to this policy.

What is this Privacy Policy for?

This privacy policy is for this website www.glentworthlettings.co.uk and served by Glentworth Letting Agencies Ltd and governs the privacy of its users who choose to use it. The policy sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.

Your privacy rights explained

Under the new EU framework, one of the biggest changes to UK data law for 20 years, is changing the way companies use data.

This is good news as it is a positive step towards having more control over how you’re contacted. The changes will also help to protect your personal data and how your data is used.

What is GDPR?

GDPR stands for General Data Protection Regulation. GDPR applies to all organisations processing data from EU residents. It replaces the Data Protection Act of 1998.The GDPR legislation means that by law all organisations must review how they manage all personal data, such as customer addresses and staff details, to meet GDPR requirements and to ensure all organisations are set up to protect any personal data they hold to allow them to act appropriately if something should go wrong. It gives you easier access to the personal information organisations hold about you should you wish to check or change it. It is designed to give you confidence that this information is accurate, up to date and well managed.

GDPR provides the following rights for individuals –

  • The right to be informed
  • The right of access
  • The right to rectify
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Definitions

  • Data subject - A person who has data held about them
  • Data controller – The person responsible for deciding the means of processing data.
  • Data processor – The person responsible for processing data on behalf of a controller.
  • Personal data - Data relating to an individual that includes identifiable characteristics.

Core Principles

Personal Data shall be:

  • Processed lawfully, fairly and in a transparent manner to individuals;
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary in relation the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • Processed in a manner that ensures appropriate security including protection against unauthorised processing and loss, destruction or damage

Data Controllers and Data Processing

Under the Act, it is the Data Controller that must exercise control over the processing and carry data protection responsibility for it. They determine the purpose for which data are processed. The data processor processes data on behalf of the data controller.

Therefore, in terms of the relationship we have with our end clients (Tenants, Landlords, Contractors or Companies) and the personal data we handle for them, it is the client (tenants, Landlords, contractors or companies) who is the Data Processor, and it is Glentworth Lettings who is the Data Controller and Data Processor on behalf of the client, and our GDPR policies reflect that.

Glentworth Letting Agencies Ltd GDPR privacy policy reflects throughout this document, our cookies policy, and as part of GDPR, we have taken the opportunity to publish updated Terms and Conditions.

Security

We undertake an analysis of the risks presented by our processing and use this to assess the appropriate level of security we need to put in place.

  • We have an information security policy (or equivalent) and take steps to make sure the policy is implemented. This is reviewed and updated regularly.
  • Where necessary we have additional policies and ensure that controls are in place to enforce them
  • We have in place basic technical controls such as those specified by established frameworks such as Cyber Essentials.
  • We use encryption when it is appropriate to do so.
  • We understand the requirements of confidentiality, integrity and availability of the personal data we process.
  • Glentworth Lettings have the appropriate security to prevent the personal data we hold being accidentally or deliberately compromised. All our staff are well trained and are ready to respond to any breach swiftly and effectively. Our Data Processors are responsible for ensuring information security.

Staff Training

Glentworth Lettings staff members have regular training reviews, and as a company Glentworth Lettings operates with very strict training operating procedures, including:

  • Once training has taken place employees sign to confirm that they have understood and agree to the policy
  • Employees are informed to request help from their line manager or the Data Controller if they are unsure about any aspect of data protection
  • To help them understand their responsibilities when processing data.
  • To not store data on paper
  • To lock their computer screen when left unattended
  • To not discuss or share sensitive data informally
  • To not send personal sensitive information by email
  • To not use their business email address to send personal emails
  • To use strong passwords which are to be changed on a regular basis
  • To not leave documents where unauthorized people may see them
  • All documents to be stored in a locked drawer / filing cabinet
  • Standard security questions are in place to safeguard employee/ client

Data Recording and storage

Updating

There is a regular cycle of checking, updating or discarding historical data within the company

Storage

Your information is stored on a hard drive within the company which is backed up by a main server

Retention period

Personal Data will be held for the period that the Tenant is in the property and for 1 year after the vacating date. We hold this information for any utilities unpaid after leaving the property, any court proceedings or any other legal requests for information. Once this time has lapsed we will securely delete information that is no longer needed for these purposes.

Invoice information will be held for 6 years

Email Newsletter

Email marketing means us engaging with you via the use of email. This involves sending out a regular email newsletters with updates, special offers, information and advice. We will send out emails using Mailchimp to inform you about news and special offers, giving you the opportunity to arrange an appointment for free in house advice.

Direct marketing and Third parties

Glentworth Letting Agencies Ltd will not without the prior consent of the client (Landlord, Tenant, Contractor or Company) share, distribute, print, or reference any Personal Information or Data unless it has been agreed by both parties.

A Landlord, Tenant, Contractor or Company who are connected to an active tenancy will be classed as having a legitimate interest. Therefore, according to our terms, we do not require consent to communicate regarding our services.

A tenant who is on the mailing list through our website and internal CRM system will be emailed and kept up to date following a previous consent provided. Please note that if you wish to opt out from this mailing list you can by contacting us at info@glentworthlettings.co.uk

Our third-party suppliers have all complied with GDPR data protection in line our internal risk assessments. Details are as follows: -

  • Fasthosts – This is where Glentworth Lettings website is hosted. We can confirm that it is in the UK, and no data goes outside the EU. Our internal CRM (Tenant contacts who opt in) database is stored within our website. We have various security measures both internally and externally to protect this sensitive information. Details can be found at https://www.fasthosts.co.uk/terms/privacy-policy
  • Rent4sure – This is our referencing company; we use rent 4 Sure for all credit checks and full refencing when required. For further information please see our referencing terms and conditions. For further information about Rent4Sure GDPR policy please refer to https://www.rent4sure.co.uk/legal#privacyo
  • TDS - This is the company that holds all tenant deposits, there is client’s sensitive data stored throughout TDS. You can find TDS GDPR Policy at https://www.tenancydepositscheme.com/privacy-policy.html
  • Office 365 – This is our email service provider, all emails sent through Glentworth Lettings are sent through Office 365, we have introduced new staff training procedures to enhance security and reduce risks. Their GDPR policy can be found at https://privacy.microsoft.com/en-gb/privacystatement
  • CFP – This is Glentworth lettings internal management system, which holds all sensitive and personal data for all clients. After careful internal risk assessments undertaken, we have put in place a strict staff training policy and integrated new company procedures to adapt with the risks involved of a potential breach. Details of CFP GDPR policy can be found at http://www.cfp-software.co.uk/privacy-policy/
  • KPR – This is the software company that we use to carry out property reports. The only details they hold are a tenant’s name – Their GDPR policy can be found at http://www.kpr.global
  • Lloyds Bank – This is who we use for our banking services. Lloyds bank have access to client bank details and names only. Their policy can be found at http://www.lloydsbankinggroup.com/privacy
  • DPS – This is the company that holds some of our tenant deposits, there is client’s sensitive data stored throughout DPS. You can find DPS GDPR Policy at https://www.depositprotection.com/privacy-policy/
  • DocuSign – This is who we use to complete approvals and agreements quickly, securely and electronically. Their policy can be found at https://www.docusign.co.uk/company/privacy-policy
  • Mailchimp Privacy Policy – This is a marketing service provider. It is only used to send information to personal users that have opted into receive our marketing. Details of their GDPR policy can be found at https://mailchimp.com/legal/privacy/ or please refer to our website for further opt in / out information.

The Website and cookies

The website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

Please also view our Cookie Policy and Website Terms and Conditions which can be found on our website.

Contact & Communication

Users contacting this website and/or it's owners do so at their own discretion and provide any such personal details requested at their own risk. Personal information is kept private and stored securely until a time it is no longer required or is of no more use. Every effort has been made to ensure a safe and secure enquiry form to email the submission process.

This website and its owners use any information submitted to provide further information about the products / services they offer or to assist you in answering any questions or queries you may have requested. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your permission was granted when submitting any form to email process. In addition, whereby you the consumer have previously purchased from or enquired about purchasing a product or service from the company that the email newsletter relates to. This is by no means a conclusive list of your user rights regarding receiving email marketing material. Your details will not be passed on to any third parties.

This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003.No personal details are passed to third parties nor shared with companies / people outside of the company that operates this website. Under the GDPR regulations in place from 25th May 2018 you may request a copy of personal information held about you via their website's email newsletter program.If you would like a copy of the information held on you please write to the business address at the end of this policy.

Email marketing campaigns published by this website or it's owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity. Please note that this is not a comprehensive list.

This information is used to refine future email campaigns and to supply the user with more relevant content based around their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead.

External Links

Although this website aims to only include quality, safe and relevant external links users should always adopt a policy of caution before clicking any external web links mentioned throughout this website.

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note that they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution with regards to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy URL’s (web addresses) for example: http://bit.ly/zyVUBo.

Users are advised to take caution and good judgement before clicking any shortened URL’s published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine URL’s are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.

Further information

If you have any questions or require any further information regarding Glentworth Lettings GDPR Data Protection Policy or Privacy please email our Data Controller at alison@glentworthlettings.co.uk. Details of the company’s registered office are available at the beginning of this agreement. Glentworth Lettings takes every effort to ensure that the information published on the Site is accurate. However, Glentworth Letting Agencies Ltd cannot accept any liability for the accuracy or content.

Visitors who rely on this information do so at their own risk. General information about data protection may be found at www.ico.org.uk .This privacy notice will come into effect FROM 25 May 2018.

Glentworth Lettings Ltd 56, Orchard Street, Weston-super-Mare BS23 1RL