Braemar Estates Limited(and all subsidiaries)
Braemar Estates Limited, trading as Braemar Estates, is part of Rendall and Rittner Group.
We are required to notify you of our policies under the General Data Protection Regulation (GDPR), enacted on 25th May 2018.
This document begins with general information relevant to all people or companies whose data we hold, known as ‘Data Subjects’, and later on this is shown in detail depending on the type relationship you have with Braemar Estates
This documents includes the following information
Applicable to all
- Who we are
- Our data protections principles
- Where we may hold your personal information
- Do we transfer your data outside of the EEA
- Your rights
- Keeping your personal information secure
- How to complain
By data subject
- What information is collected by us
- How we use your personal information
- Who we share your personal information with
- How long your personal information will be kept for
- Reasons we can collect and use your personal information
- Who we share your personal information with
- Where your personal information may be held
- How long your personal information will be kept
Policies, Principles, rights and obligations
1. WHO WE ARE
Braemar Estates is part of Rendall and Rittner Group. Trading as Braemar Estates we collect, use and are responsible for personal information. When we do so we are regulated under the General Data Protection Regulation, which applies across the European Union (including in the United Kingdom) and we are responsible sometimes as the ‘controller’ of that personal information and sometimes as the ‘processor’ for the purposes of those laws.
2. OUR DATA PROTECTION PRINCIPLES
We will comply with the data protection principles of GDPR when gathering and using personal information as set out in this document. We collect different data from our Data Subjects and this policy covers all data collected by us.
We must have a lawful basis for processing your data. Our responsibilities are to:
- Process data lawfully, fairly and in a transparent manner
- Collect data for a specific, explicit and legitimate purpose and not to further process data in an incompatible manner with these purposes
- Ensure data is adequate, limited and relevant to what is necessary for the purposes for which they are processed
- Ensure data is accurate and up to date
- Process data securely
- Keep data in a form which permits the identification of a data subject
- Keep data for no longer than necessary and in relation to the purposes for which it is processed.
We have carried out an audit of our data covering all of our Data Subjects where we control, process or hold data. We interact differently with each Data Subject, and as such, these are included in this document in the following order:
- Our Leaseholders
- Sub Tenants and Residents in our managed buildings
- Our Clients, being Developers, Landlords and Management Companies
- Lettings Tenants (includes prospective tenants)
- Property Vendor
- Property Purchaser (includes prospective purchasers)
- Our Suppliers
- Our Contractors
- Our Business contacts
- Our Employees
3. WHERE WE MAY HOLD YOUR PERSONAL INFORMATION
Information may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above. We have security measures in place to seek to ensure that there is appropriate security in place protecting the information which we hold; further details of this are in Section 6.
4. DO WE TRANSFER YOUR INFORMATION OUT OF THE EEA?
No data we hold is transferred outside of the European Union (EU) or the European Economic Area (EEA). The Data Centres hosting our software are based in the UK and in the EU.
5. YOUR RIGHTS
Under the General Data Protection Regulation you have a number of important rights that are free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your personal information
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
- claim compensation for damages caused should we breach any data protection laws
- For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email, call or write to us at:
Through email email@example.com
or by telephone on 0161 929 2300
or by post at: Braemar Estates Limited, Richmond House, Heath Road, Hale, Cheshire, WA14 2XP
Please ensure that you provide enough information to identify you, for example, your full name, property address and tenant reference if appropriate. Please also provide proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and let us know the information to which your request relates.
6. KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
All of our IT systems are hosted in remote data centres provided by our service partners. These data centres can only be accessed by service partner staff as and when necessary and access is granted by authorised personnel only verified by photo and biometric ID.
Our data, including emails, is protected via security solutions to protect against viruses and malware; this includes firewalls patched to the latest security updates. We have documented business continuity plans that are tested and backups are taken of all data and servers on a daily basis ensuring system can be brought back online in a short time frame in the case of a disaster. Additionally all telephone calls are recorded for training and security purposes and kept for a 2 year period.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
7. HOW TO COMPLAIN
We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner, contactable at the Information Commissioner’s Office:
Through their website https://ico.org.uk/concerns/
or by telephone on 0303 123 1113
or by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
1. WHAT INFORMATION IS COLLECTED BY US
In the course of performing our duties, be it managing your property, collecting ground rent or insurance, or managing the sale of your property and any other relevant services that we are engaged to perform; we collect the following personal information. This information is collected when you, your landlord, or another third party, such as another managing agent, provides it to us. We collect this data as we have a contractual obligation to fulfil, normally the terms of your lease, or the data is being offered to us in order to complete a legal transaction such as an assured shorthold tenancy agreement or property sale/purchase:
- Various contact details, not limited to but including your name, address, correspondence address (if different), email address, telephone number, mobile telephone number. At some sites we may also require your car registration and biometric (fingerprint) data to maintain security at the building.
- If you decide to make your payment to us by Direct Debit through the Direct Debit Guarantee scheme, we will collect your bank details include your sort code, account number, bank name and address.
- If you wish to rent at any of the properties we let or wish to purchase any of properties we have available for sale we will require contact details as above and proof of funds. In addition to this, we will require your bank details, employer details, previous address and landlord details and next of kin details. In order to identify you we will also require proof of ID and a copy of your UK VISA details if applicable.
- If you sublet your apartment, we will require a copy of the AST rental agreement and your subtenant’s contact details. Please ensure you have their permission to share this information with us.
- If you are a supplier of services to us and/or our clients, we will retain information such as your business name, company number, address and your bank details in order to make payment to you. In the majority of cases, we will also require a copy of your current public liability insurance certificate.
Data collected by is not limited to the above but all data collected by us will be relevant and used for the purpose intended. Braemar Estates will never sell or give your information to third parties for marketing purposes. We will retain your data for lawful and legitimate purposes only.
2. REASONS WE CAN COLLECT AND USE YOUR PERSONAL INFORMATION
Depending on our relationship with you, we rely on different legal contracts and documents to hold and process your data, such as your lease. We are engaged through a Property Management Agreement to manage your property including collection of ground rent/insurance premiums/rent etc. by your landlord.
If you are buying, selling or renting a property through us, your information would be provided to us with your consent.
We also believe that there are occasions where due to legitimate interests, we believe value can be added in offering additional services which we provide, but only if these are not overridden by your interests, rights or freedoms. For example, we can manage letting your property. As the manager of your property this additional service makes communication, accounting and information gathering much easier through one agent.
These are the lawful bases on which we collect and use your personal data.
3. HOW WE USE YOUR PERSONAL INFORMATION
We will typically collect and use this information for the following purposes:
- For the performance of a contract, you have with your landlord, our client and pursuant to which we are appointed as their agent.
- For the purposes of our legitimate interests, such as where we believe value can be added in offering additional services which we provide, but only if these are not overridden by your interests, rights or freedoms.
We seek to ensure that our information collection and processing is always legitimate and proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.
We collect information about you to process your payment, manage your account and, if you agree, to email you about other services we think may be of interest to you.
If you agree, we shall pass on your personal information to our group of companies so that they may offer you their services.
Braemar Estates Limited will not share your information for marketing purposes with companies outside the Group.
In processing your payment, we may send your details to, and use information from, credit reference agencies and fraud prevention agencies.
The Online Payments service is a secure [part of the] website and it will not be possible for any unauthorised person to access details of your payment.
To make using Online Payments even more secure we automatically instruct most Internet browsers to no longer cache personal information (i.e. store information in their memory).
Although we are able to do this in the majority of cases, we strongly advise that after you have completed payment you return to the Online Payments home page using the link on the final page.
If you are using a computer in a public place, we strongly advise you to make sure someone is not watching you as you enter your card details. This is to prevent your details being misused by someone else.
4. WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We do routinely share your data with third parties in the performance of our obligations. This includes the following categories of personal data:
- Various contact details, not limited to but including your name, address, correspondence address (if different), email address, telephone number, mobile telephone number, with the following third parties to ensure that the terms of the contract (for example your lease, or our management agreement) are adhered to:
- Insurers and insurance brokers
- Out of hours support, used to help provide 24/7 care for your leasehold interest
- Our IT support contractors and software providers
- Third party agents, for example, if we are no longer instructed to manage your apartment building we are obliged to hand over leaseholder information to the new managing agent or if we use a third party to help let your property.
- Contractors and suppliers as appropriate, for example your concierge
- Solicitors, for example if conditions of your lease are not met
- Deposit Registration Schemes
- Utility Companies, including brokers, as appropriate
- Credit reference agencies
- HMRC, as required
- Our bank, currently the Royal Bank of Scotland
If you are looking to rent or buy properties we have available for sale, your bank details, employer details, previous address and landlord details proof of ID and a copy of your UK VISA details if applicable may be shared with credit reference agencies.
If you sublet your apartment, we will require a copy of the AST rental agreement and your subtenant’s contact details. This data will be shared with our client’s insurers. Please ensure you have their permission to share this information with us.
This list is not exhaustive but is designed to help you understand the third parties required to assist us in fulfilling our contractual obligations. We will also share personal information with law enforcement or other authorities if required by applicable law.
5. HOW LONG YOUR PERSONAL INFORMATION IF KEPT FOR
In many cases, much of your data that we process relates to accounting for leaseholder or tenant charges and income for our clients. In line with current UK Government legislation, requiring accounting data to be held for 6 years after the latest accounting year-end we will retain your data for this period of time.
This includes situations such as:
- Where we no longer manage your block, after 6 years post the latest financial year-end, we will delete your data
- If you cease to be a leaseholder at a property we manage in 6 years post the latest year-end we will delete your data
There are exceptions, and unless express consent is given to the contrary:
- If you apply for a job with us and are unsuccessful we will delete your data after 6 months
- If your data has been provided as a sub-tenant from a leaseholder and your tenancy has ended we will delete your data after 6 months.
- If you apply to rent or buy a property through us and are unsuccessful, we will delete your data after 6 months.
Exceptions are not limited to these examples and if you would like to discuss the deletion of your data or your ‘right to be forgotten’ please contact us.