Eccord - Data Privacy Notice
Eccord is a controller for the personal data that it collects and uses about you. We will treat your personal information as confidential and in accordance with applicable data protection legislation, and will only share your data where with others when absolutely necessary and in accordance with this Privacy Notice.
1. INFORMATION ABOUT US
Eccord Ltd - A limited company registered in England under company number 06006478.
|56 Sloane Square, London SW1W 8AX
|Data Protection Officer:
|+44(0)20 7244 4485
We are members of the:
- Association of Residential Letting Agents (ARLA)
- Association of Relocation Professionals (ARP)
- The Property Ombudsman (TPO)
2. WHAT THIS NOTICES COVERS
This Privacy Notice explains;
- What is personal data
- What personal data do we collect
- How we use your personal data
- What happens if you do not provide data that we request
- How we store your personal data
- How we transfer your personal data
- How long we keep your personal data
- What your rights are
- How you can access your personal data
- How you can contact us
- Changes to this Privacy Notice
3. WHAT IS PERSONAL DATA
UK GDPR regulations define personal data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Personal data is, in simpler terms, is any information about you that enables you to be identified. This could include information such as contact details, date of birth, bank account details or any information about your needs or circumstances which would allow us to identify you.
Some personal data is classified as ‘special category’ data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions and sexual orientation. This information is more sensitive and we need to have further justifications for collecting, storing and using this type of personal data. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data.
4. WHAT PERSONAL DATA DO WE COLLECT
We may collect some or all of the following personal data should you make a general enquiry with the business or have a prospective call about our services:
- Email address
- Telephone number
- Postal address
- Business name
- Job title
Additional personal data may be collected depending on your relationship with us and whether you contract with our services, including:
- Information about your preferences and interests, particularly when discussing a search criteria brief.
- Information about you or your family where necessary to perform a contract with you. Should this be ‘special category’ data this will only be collected and processed with your explicit consent.
- Information about your identity, where required by law (e.g. AML regulations) in the form of photographic identification (such as a passport, a driving licence and/or visa) and proof of residence (such as a recent utility bill).
- Where we are working alongside third parties such as solicitors, developers or agents, we may need to share these documents on the basis of consent.
- If we are dealing with an entity such as a company, trust or charity, we may need to obtain personal information of the beneficiaries / interested party(s) of the entity and those in a position of control. This will include, but is not limited to, identity and address documents.
- Information about appointed authorised party(s) / Power of Attorney where you have requested we liaise with them on your behalf.
- Bank account details to arrange onward payment of rent due to you.
- Where you engage us to manage a property on your behalf, we will ask for additional emergency contact information in case we need to get in touch with you outside of working hours or in the event there is a matter requiring your urgent attention. We may also, with your consent, share your personal information with third party lenders as is necessary to allow us to fulfil our obligations to you.
APPLICANTS & TENANTS
- In order to put a rental offer forward to our client on your behalf, we will collect data about your employment status, employer, job title, income level, reason for moving and credit history. This is so we can assess your application suitability in a non-automated manner.
- Bank / building / similar account details to allow us to make deposit return payments to you.
- If you are a tenant renting under the 'Right to Rent' scheme we will collect details of your biometric residence card or permit, your immigration status document and/or your date of birth to carry out our required checks.
CANDIDATES / PROSPECTIVE EMPLOYEES
As part of our recruitment process, Eccord collects and processes personal data relating to candidates collected via CVs and/or cover letters and through interviews or other forms of assessment. This includes:
- Details of your qualifications, skills, experience and employment history.
- Information about your current level of remuneration, including benefit entitlements.
- Whether or not you have a disability for which the firm needs to make reasonable adjustments during the recruitment process.
- Information about your entitlement to work in the UK, obtained from your passport or other identity documents.
- Recruitment agencies also regularly provide personal data, primarily in the form of candidate CVs.
- We will also collect personal data about you from third parties, such as references supplied by former employers, once a job offer has been made and once we inform you that this is being conducted.
Data will be stored in a range of different places, including on your application record, in a HR management system and on other IT systems (including email).
5. HOW WE COLLECT YOUR PERSONAL DATA
There are various methods we may use to collect personal data from you, including via:
ONLINE CONTACT FORM
- If you submit enquiries to us via our online contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your enquiry and in the event that we have further questions. We will not share this information without your consent.
- The processing of this data is on the basis of contractual necessity or legitimate interest to allow us to efficiently process your enquiry.
- The information you enter into the contact form shall remain with us until you ask us to delete the data, revoke your consent to the archiving of the data, or if the purpose for which the information is being archived no longer exists (e.g. after we responded to your enquiry). This shall be without prejudice to any mandatory legal provisions, in particular retention periods.
EMAIL OR TELEPHONE
- If you contact us by email or telephone, your request, including all resulting personal data, will be stored by us for the purpose of processing your request. We do not pass data on to third parties without your consent.
- The processing of this data is on the basis of contractual necessity or legitimate interest to allow us to efficiently process your enquiry.
- The information you provide us shall remain with us until you ask us to delete the data, revoke your consent to the archiving of the data, or if the purpose for which the information is being archived no longer exists (e.g. after we responded to your enquiry). This shall be without prejudice to any mandatory legal provisions, in particular retention periods.
- For communication with our contacts and other third parties, one of the services we use is the instant messaging service WhatsApp. The communication is encrypted end-to-end (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content.
- However, WhatsApp does gain access to ‘metadata’ created during the communication process (e.g. sender, recipient and time details) and WhatsApp has disclosed it shares personal data of its users with its U.S. based parent company Facebook.
- The use of WhatsApp is based on our legitimate interest in communicating as quickly and effectively as possible with our contacts and interested parties - If a response to a WhatsApp message has been received from you, this is considered consent to using this form of data collection and data processing will be carried out exclusively on the basis of the consent. This consent may be revoked at any time with effect for the future.
- The information exchanged with our contacts on WhatsApp shall remain with us until you ask us to delete the data, revoke your consent to the archiving of the data, or if the purpose for which the information is being processed no longer exists. This shall be without prejudice to any mandatory legal provisions, in particular retention periods.
6. HOW WE USE YOUR PERSONAL DATA
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary to performance our contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it, such as staying in touch with you. Your personal data may be used for one or more of the following purposes:
- Supplying our services to you - your personal details are required in order for us to contract with you and fulfil our obligations. This may include updates or changes in our service.
- Personalising and tailoring our services for you.
- Communicating with you - this may include responding to emails or calls from you.
- For recruitment or employment-related purposes.
- Where we need to comply with a legal obligation.
- Where we use third party services providers who process personal data on our behalf in order to provide services to us. This includes IT systems providers as well as third party referencing and compliance agencies for the purposes of the prevention and detection of crime.
- Where the processing is necessary for us to carry out activities for which it is in Eccord’s legitimate interests (or those of a third party) to do so, provided that your interests and fundamental rights do not override those interests, including:
- Processing that is necessary for us to stay in touch with you and/or keep a business record of your engagement with us should you contract with our services again, meaning your historic record needs to be referenced.
- Processing that is necessary for us to promote our services and brand – this will include sending you marketing newsletters via email, after you have engaged with us, which may be similar and of interest to you or where you have expressly indicated that you would like to receive such information. You have the right to opt out of receiving this information at any time using the unsubscribe button in the bottom of the email.
- Processing that is necessary for us to operate the administrative and technical aspects of our business efficiently and effectively – this will include verifying the accuracy of data that we hold about you; outsourcing certain functions to third parties who specialise in certain services, and for information security purposes i.e. in order for us to take steps to protect your data against loss, damage, theft or unauthorised access or to comply with a request from you in connection with the exercise of any of your rights outlined below.
In more limited circumstances we may also rely on the following legal bases:
- Where we need to protect your interests or someone else's interests.
- Where it is needed in the public interest or for official purposes.
- We may process ‘special categories’ of personal data but will obtain your explicit consent and will explain the purpose for which the data will be used at the point where we ask for your consent.
7. WHAT HAPPENS IF YOU DO NOT PROVIDE DATA THAT WE REQUEST
We need some of your personal data to perform the services you have requested from us. For example:
- Where we are acquiring a property on your behalf, we need to know your contact details so that we can update you with information on the property search and progress of purchase.
- Where you have asked us to find you a property which meets certain access requirements, we may need to know some further details about your particular circumstances so that we can find you a suitable property.
- We may need identity documents, proof of residence, political and source of funds documentation from you to meet our obligations to prevent fraud and money laundering.
If you do not provide the data required for these purposes, we will not be able to perform our contract with you and may not be able to provide services to you. We will explain when this is the case at the point where we collect information from you.
8. HOW WE STORE YOUR PERSONAL DATA
The security of data is very important to us and we have measures in place which are designed to prevent unauthorised access to your personal data, including but not limited to:
- Our client files are stored on our secure file server.
- Access is restricted to those within the business who are required to have access to your data for legitimate business purposes.
- Hard copy documentation is stored in locked cabinets.
All data is hosted in datacentres which have systems and protections in place to protect against both unauthorised access, and other external factors that could cause damage to, your personal data. There are strict access requirements in place and access is restricted to those absolutely necessary. We ensure access to personal data is restricted to Eccord employees on a need to know basis.
9. HOW WE TRANSFER YOUR PERSONAL DATA
We may transfer the personal data we collect about you to third party service providers in countries other than the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information.
When we transfer your data to recipients in other countries:
- We will perform those transfers in accordance with the requirements of applicable law.
- We will protect the transferred personal data in accordance with this Privacy Notice.
We only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect any data held in that country and that the service provider acts at all times in compliance with applicable privacy laws.
10. HOW LONG WE KEEP YOUR PERSONAL DATA
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- For the period during which we provide services to you and for any subsequent period during which we are required by legislation to retain data or due to legitimate interests in regard to running Eccord business activities and staying in touch with you.
- When you have agreed to continue to receive marketing material from us, we will continue to hold your personal data up until the point that you may choose to opt-out.
11. WHAT YOUR RIGHTS ARE
Under GDPR laws, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data.
- The right to access the personal data we hold about you.
- The right to have your personal data corrected or changed if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten - i.e. the right to withdraw your consent and ask us to delete or otherwise dispose of any of your personal data that we hold.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful.
- The right to data portability – i.e. you have the right to request a copy of certain personal data that you have provided to us in a commonly used electronic format.
- The right to not be subject to wholly automated decisions which produce legal effects or which could have a similarly significant effect on you. Eccord however, do not use your personal data in this way.
If you would like to exercise any of your rights, please contact email@example.com and mark you email for the attention of Jo Eccles.
Please note that we will keep a record of the fact that you have made a request to exercise your rights, and our response to your request, in order to demonstrate compliance with our data protection obligations and so that we can handle any queries, complaints or claims in relation to your request. This record will be kept in accordance with our retention policies.
Further information about your rights, or if you have any cause for complaint about our use of your personal data, you can speak with your local Citizens Advice Bureau or the Information Commissioner’s Office.
12. HOW YOU CAN ACCESS YOUR PERSONAL DATA
If you want to know what personal data we have about you, you can ask us for details of that personal data and/or for a copy of it (where any such personal data is held). This is known as a 'subject access request'.
All subject access requests should be made in writing and sent via email to firstname.lastname@example.org, marked for the attention of Jo Eccles.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 20 working days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
13. HOW YOU CAN CONTACT US
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please email our Data Protection Officer on email@example.com and mark for the attention of Jo Eccles. Alternatively you can call us on +44(0) 20 7244 4885.
14. CHANGES TO THIS PRIVACY NOTICE
We may change this Privacy Notice from time to time. This may be necessary, for example if the law changes or if we change our business in a way that affects personal data protection. Any changes will be made to this Privacy Notice and made available on our website.