GDPR PRIVACY NOTICE
This notice explains what information we collect, when we collect it and how we use this. During the course of our activities, we will process personal data (which may be held on paper, electronically, or otherwise) about you and we recognise the need to treat it in an appropriate and lawful manner. The purpose of this notice is to make you aware of how we will handle your information.
WHO WE ARE
Indigo Square Property Limited trades as Indigo Square and is a company registered in Scotland (SC535586) with a registered office at 42 Stirling Street, Denny, FK6 6DJ (“we” or “us”). We take the issue of security and data protection very seriously and our staff members have a responsibility to ensure compliance with the terms of this policy, and to manage individuals’ data in accordance with the procedures outlined in this policy and documentation referred to herein.
We need to gather and use certain information about individuals. These can include customers (tenants, landlord clients etc.), employees and other individuals that we have a contractual relationship with. We manage a significant amount of data, from a variety of sources. This data contains “personal data” and “sensitive personal data” (known as “special categories of personal data” under the GDPR).
This policy sets out our duties in processing that data, and the purpose of this policy is to set out the procedures for the management of such data.
The relevant legislation in relation to the processing of data is:
• the General Data Protection Regulation (EU) 2016/679 (the GDPR);
• the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as may be amended by the proposed Regulation on Privacy and Electronic Communications); and
• any legislation that, in respect of the United Kingdom (UK), replaces, or enacts into UK domestic law, the General Data Protection Regulation (EU) 2016/679, the proposed Regulation on Privacy and Electronic Communications or any other law relating to data protection, the processing of personal data and privacy as a consequence of the UK leaving the European Union.
We hold a variety of data relating to individuals, including customers and employees (also referred to as “data subjects”) which is known as personal data.
Personal data is that from which a living individual can be identified either by that data alone, or in conjunction with other data held by us.
Consent as a ground of processing will require to be used from time to time by us when processing personal data. It should be used by us where no other alternative ground for processing is available. In the event that we require to obtain consent to process a data subject’s personal data, we shall obtain that consent in writing. The consent provided by the data subject must be freely given and the data subject will be required to sign a relevant consent form if willing to consent. Any consent to be obtained by us must be for a specific and defined purpose (i.e. general consent cannot be sought).
PROCESSING OF SPECIAL CATEGORY PERSONAL DATA OR SENSITIVE PERSONAL DATA
In the event that we process special category personal data or sensitive personal data, we must do so in accordance with one of the following grounds of processing:
• the data subject has given explicit consent to the processing of this data for a specified purpose;
• processing is necessary for carrying out obligations or exercising rights related to employment or social security;
• processing is necessary to protect the vital interest of the data subject or, if the data subject is incapable of giving consent, the vital interests of another person;
• processing is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity; and
• processing is necessary for reasons of substantial public interest.
We share our data with various third-parties for numerous reasons in order that day to day activities are carried out in accordance with our relevant policies and procedures.
HOW LONG WE WILL KEEP YOUR INFORMATION
We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law (we may be legally required to hold some types of information), or as set out in any relevant contract we have with you.
Personal data is from time to time shared amongst us and third-parties who require to process personal data that we process as well. Both us and the third-party will be processing that data in their individual capacities as data controllers.
DATA STORAGE AND SECURITY
All personal data held by us must be stored securely, whether electronically or in paper format.
if personal data is stored on paper it should be kept in a secure place where unauthorised personnel cannot access it. Employees should make sure that no personal data is left where unauthorised personnel can access it. When the personal data is no longer required it must be disposed of by the employee so as to ensure its destruction. If the personal data requires to be retained on a physical file then the employee should ensure that it is properly secured within the file (e.g. stapled, or the documents are put on a Treasury Tag within the file) which is then stored in accordance with our storage provisions.
Personal data stored electronically must also be protected from unauthorised use and access. Personal data should be password protected when being sent internally or externally to our data processors or those with whom we have entered in to a data sharing agreement. If personal data is stored on removable media (CD, DVD, USB memory stick) then that removable media must be stored securely at all times when not being used. Personal data should not be saved directly to mobile devices and should be stored on designated drivers and servers.
DATA PROTECTION OFFICER
We do not require to appoint a Data Protection Officer.
You have the right at any time to:
• ask for a copy of the information about you held by us in our records;
• require us to correct any inaccuracies in your information;
• make a request to us to delete what personal data of yours we hold; and
• object to receiving any marketing communications from us.
• Indigo Square have an Information Security Policy and you can request a copy of this from our office at any time.
If you would like to exercise any of your rights above please contact our Director Val West – Val@Indigolets.com.
Should you wish to complain about the use of your information, we would ask that you contact us to resolve this matter in the first instance. We are members of the Property Ombudsman and all complaints are dealt with in line with the procedures as set out for members. You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information.
The accuracy of your information is important to us – please help us keep our records updated by informing us of any changes to your email address and other contact details.