OUR PRINCIPLE AND APPROACH:
BLR manages communal areas for a wide range of properties including blocks of apartments and mixed use developments. The following outlines our principle which has been developed to ensure we and our clients comply with the Data Protection obligations
BLR acts as an agent and advisor to its client. Although primary legal responsibility for the management of the property and the control of records is with our clients, part of BLR’s service is to ensure our clients compliance with the law, their leases, and codes of practice. The client is however, responsible for setting policy and monitoring the work of their agent.
In order to perform the daily duties of running a property on behalf of the client, BLR collects and uses certain types of information about leaseholders, AST tenants, the client and other service users. Data collected is to maintain the client’s own accounts and records; and support and manage its employees and contractors. In specific circumstances, BLR gathers data for marketing its services but client and tenant information is not used for this purpose.
This personal information is collected and dealt with appropriately whether it is collected on paper, stored in a computer database or recorded on other material. BLR has put in place to safeguards to ensure this information is protected under the Data Protection Act 1998 and General Data Protection Regulation (GDPR).
BLR is predominantly a data processor under the GDPR rules. This is because we process data on behalf of our instructing clients. This is mainly providing management services to the blocks we manage.
The DPO (Data Protection Officer) is responsible for ensuring that we comply with all provisions within this policy and the Act.
Our data protection policy outlines what BLR does with the data that is collected, who it will be shared with and how it will be stored using the agency based relationship between BLR and its clients.
WHEN DO WE COLLECT YOUR DATA ABOUT YOU?
- When our client has instructed us to manage the communal areas in your development, your data is passed to us so that we can carry out our contractual obligations
- When you register with our online portal (BLR On-line)
- When you contact us by any means with queries or complaints
- When you choose to complete any surveys we send you
- When you comment on or review our services
- When you visit our website
- When you engage with us on social media
- When you fill in forms which we have provided
- When you have given a third-party permission to share with us the information they hold about you
- We collect data from publicly-available sources (such as Land Registry) when you have given your consent to share information or where the information is made public as a matter of law
WHAT DATA DO WE COLLECT ABOUT YOU?
- BLR collects the type of information set out below to carry out our property management services, as well as maintain our own records. These records include addresses, financial and sometimes bank details for the following groups:
- Clients, tenants, leaseholders, enquirers, suppliers/contractors
- BLR collects the following type of information to support and manage our employees and contractors:
- Personal details, family details, lifestyle and social circumstances, employment and educations details, goods and services provided, financial details, all information contained in references
- BLR also processes sensitive classes of information that may include:
- Racial or ethnic origin, religious or other beliefs, trade union membership and physical or mental health details
- If you have registered with our online portal or access our website, we MAY collect the following information:
HOW AND WHY WE USE YOUR PERSONAL DATA
As part of our legitimate interest in providing our customers the highest levels of service, the data-protection laws allow us to collect and use your personal data. This is how and why we use your data:
- To issue demands for service charge, ground rent or administration fee payments and provide you with information about the property you own.
- To respond to your queries and any complaints. Handling the information you have provided enables us to respond. We may also keep a record of these queries or complaints to help with any future communication and to demonstrate how we communicated with you We do this on the basis of our contractual obligations to our client, our legal obligations, our legitimate interest in providing you with the best service and understanding how we can improve our service based on your experience.
- To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our website. We’ll do all of this as part of our legitimate interest, e.g. by checking your password when you log in and using automated monitoring of IP addresses, we try to identify possible fraudulent logins from unexpected locations.
- To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
- If we discover any criminal activity or alleged criminal activity, we will process the data for the purposes of preventing or detecting unlawful acts. Our aim is to protect the individuals we interact with from criminal activities.
- To send you communications required by law or which are necessary to inform you about changes to the services we provide you. If we do not use your personal data for these purposes, we would be unable to comply with our contractual obligations.
- To comply with our contractual or legal obligations to share data with law enforcement, e.g. when a court order is submitted to share data with law enforcement agencies or a court of law
- To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email; or with your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text and telephone about relevant services
HOW WE PROTECT YOUR PERSONAL DATA
Your data held directly by BLR is stored on secure servers in the UK. We do not transfer your data outside the European Economic Area. BLR holds data in various forms, including electronic databases and paper files. We take all reasonable steps necessary to ensure your data is adequately protected and processed in line with this privacy notice.
We regularly monitor our system for possible vulnerabilities or attacks and carry out penetration testing to identify ways to further strengthen security.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is sent to us.
HOW LONG WE KEEP YOUR PERSONAL DATA
BLR will keep your information for as long as is necessary for the purpose for which it was collected.
However, some information may be kept for more or less time depending on how long BLR sensibly thinks it needs it to deal with its legal obligations, and any queries or complaints.
HOW WE SHARE YOUR DATA WITH THIRD PARTIES
We sometimes share your personal data with trusted third parties, e.g. arrears management companies; contractors/tradesmen who need to carry out repairs, etc.
In any circumstances we provide only the information they need to perform their specific services. They may only use your data for the exact purposes we specify in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government bodies, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
- Request copies of your Information that is under our control
- Ask us to further explain how we use your Information
- Ask us to correct, delete or require us to restrict or stop using your Information (details as to the extent to which we can do this will be provided at the time of any such request)
- Ask us to send an electronic copy of your Information to another organisation should you wish
- To ask for your information, please contact our Customer Services team or email firstname.lastname@example.org
- Should you need to amend your information, please do so via BLR On-line or contact our Customer Services team
- If we choose not to action your request we will explain to you the reasons for our refusal
If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it, please contact:
Address: Hyde House, The Hyde, NW9 6LH
Tel: 0208 905 8345
Data Protection Registration No: Z8181701
If we feel we have a legal right not to deal with your request, or to action it in different way to how you have requested, we will inform you of this at the time.
You should also make contact with us as soon as possible on you becoming aware of any unauthorised disclosure of your Information, so that we may investigate and fulfil our own regulatory obligations.
If you have any concerns or complaints as to how we have handled your Information you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us or by writing to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.