- WHO WE ARE
Property Stack Management Ltd
Address:
Office 6, 1 New Era Square, Sheffield, S2 4RB
We have a Head of Property Management, who is responsible for data protection and can be contacted in the following way should you have any questions or feedback about the way your data is handled:
Email: Rebecca.newbould@property-stack.co.uk
- INTRODUCTION
We are committed to protecting and respecting your privacy.
This policy (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
- PERSONAL DATA WE COLLECT ABOUT YOU
We will collect, use, store and transfer different kinds of personal data about you which we have grouped together in the table below.
Category of personal data |
Description |
Identity data |
First Name, Last Name, Position in Organisation |
Contact data |
Telephone Number, Email Address, Postal Address |
Message data |
Feedback, Questions, Any data that is contained within a message body or a subject from an individual. |
Financial data |
Bank you use, card number, account number |
Technical data |
IP address, Log in information, Browser type, Cookie, Operating system, Site visit data, Products viewed |
Marketing Preferences |
Opt-in and Opt-out status, Communication preferences, Email interactions |
- HOW WE COLLECT YOUR PERSONAL DATA
We will collect your personal data in the following ways:
- When you visit our website
- When you make an enquiry
- When you subscribe to our marketing materials
- When you attend an event and speak to us
- When you fill in a form online or in person
- When you talk with us either over the phone, via post or through email;
- When you provide us with feedback
- When you apply for a role with us
- When you communicate with our partners (for example business partners, subcontractors, analytics providers, credit reference agencies)
- When another customer or perspective customer provides your information
- HOW WE USE YOUR PERSONAL DATA
We are only allowed to use your personal data if we have a legal basis to do so, and we are required to inform you of what that legal basis is. We have set out in the table below: the purposes for processing your data, the categories of personal data affected, and the legal basis on which we rely on when we process your personal data.
We are likely to process your data for the following reasons:
-
- where we need to perform the contract we are about to enter into or have entered into with you;
- where we need to comply with a legal obligation.
We may also use your personal information in the following situations, which are likely to be rare:
- where we need to protect your interests (or someone else’s interests); and/or
- where it is needed in the public interest (or for official purposes).
In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.
Purposes for processing |
Categories of personal data |
Legal basis for processing |
Legitimate Interests (if applicable) |
To provide our services to you |
· Identity · Contact · Usage |
· Performance of a Contract |
N/A |
To manage payments. |
· Identity · Contact · Financial |
· Performance of a Contract |
N/A |
To manage incoming general enquiries or complaints. |
· Identity · Contact · Message · Technical |
· Legitimate Interests |
To ensure that enquiries and complaints are managed. |
To gather feedback and improve our advertising and services |
· Identity · Contact · Message · Technical |
· Legitimate Interests |
To ensure that stakeholder opinions are considered and to improve our business practices. |
To administer and manage the website. |
· Identity · Technical · Usage |
· Legitimate Interests · Consent |
To ensure that the website is secure and is fit for purpose. |
To manage our relationship with you, including notifying you about changes to our terms or privacy notices. |
· Identity · Contact · Message |
· Performance of a Contract · Legal Obligation · Legitimate Interest |
To keep our records up to date. |
- FAILING TO PROVIDE PERSONAL DATA
If you fail to provide certain personal data when requested, we may not be able to perform the contract we entered into with you and we may be prevented from complying with our legal obligations.
- WHO WE SHARE YOUR PERSONAL DATA WITH
In order to meet our business requirements, provide our products and services, and meet our legal obligations, we share your personal data with third parties in the following circumstances:
- To provide our services to you such as setting up and managing energy and utilities packages
- To manage and store your personal data;
- To administer, analyse and continuously improve our website;
- To collect feedback;
- To assess credit scores;
- For insurance and claims management;
- For internal and external auditing; and
- To meet legal obligations, for example, for the purposes of national security, taxation and criminal investigations.
We may also disclose your personal data to a third party in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective buyer or seller of such business or assets.
If we or substantially all of our assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets
Before we share your personal data with a third party, we will ensure that there is an appropriate Data Processing or Data Sharing Agreement in place to protect the sharing of data.
We’ll never make your personal data available to anyone externally for them to use for their own marketing purposes without your prior consent.
- TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE UK AND THE EEA
Your data is stored on our management systems. In some circumstances, it is possible that our management systems may store your data outside of the United Kingdom.
Where this occurs, we will endeavour to ensure that the territory in which the data will be stored has been determined by the UK Government to offer an adequate level of data protection within its domestic legislative regime, or that appropriate contracts are in place to ensure that the data is stored in a manner which is compliant with the UK GDPR.
Where we share your data outside of the UK and EEA to a country that hasn’t been deemed adequate, we will ensure an appropriate safeguard is used in line with UK GDPR.
- HOW LONG WE RETAIN YOUR PERSONAL DATA
We will keep your personal data for as long as necessary to allow us to carry out our business functions. This includes satisfying any legal, accounting, or reporting requirements. When we assess how long to retain your personal data, we will consider the following:
-
- Any statutory or legal obligations;
- The purposes for which we originally collected the personal data;
- The lawful grounds on which we based our processing;
- The types of personal data we have collected;
- The amount and categories of your personal data; and
- Whether the purpose of the processing could reasonably be fulfilled by other means.
We will regularly review the retention of your personal data held within our care in line with our requirements to ensure that we are not keeping your personal data for longer than is necessary.
- HOW WE LOOK AFTER YOUR PERSONAL DATA
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
- YOUR RIGHTS
Everyone in the scope of the UK GDPR has rights relating to the collection and use of their personal data. The rights that apply to your personal data are listed below:
-
- Right to be Informed: We will always be transparent in the way we use your personal data. You will be informed about the processing through relevant privacy policies.
-
- Right to Access: You have a right to request access to the personal data that we hold about you.
-
- Right to Rectification: We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.
-
- Right to Erasure: You have the right to have your data ‘erased’ in the following situations:
-
-
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed;
- When you withdraw consent;
- When you object to the processing and there is no overriding legitimate interest for continuing the processing;
- When the personal data was unlawfully processed; or
- When the personal data has to be erased in order to comply with a legal obligation.
-
Please note that each request will be reviewed on a case-by-case basis and where we have a lawful reason to retain the data or where exceptions exist within our retention policy, then it may not be erased.
-
- Right to Restrict Processing: You have the right to restrict processing in the following situations:
-
-
- Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data;
- When processing is unlawful, and you oppose erasure and request restriction instead; or
- Where we no longer need the personal data, but you require the information to establish, exercise or defend a legal claim.
-
-
- Right to Data Portability: In certain situations, you have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file.
-
- Right to Object: You have the right to object to the processing of your personal data in the following circumstances:
- You no longer want to receive direct marketing; or
- Where processing is based on our legitimate interests.
We will respond to any request within one calendar month of the request being received. If you want to exercise any of your rights listed above, please contact us by email or in writing.
Please note that where you ask us to erase, correct, object to process or seek to restrict our processing of data we may refuse your request where we have a legal obligation, contractual or other legitimate business interest to refuse your request. If we refuse your request, then we will notify you of this refusal and you will have the right to appeal.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
- AUTOMATED DECISION-MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
- Where we have notified you of the decision and given you 21 days to request a reconsideration.
- Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
- In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
- CHANGES TO OUR PRIVACY POLICY
We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with the changes in the law. Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.
- NOT HAPPY?
If you feel that we have not upheld your rights, we ask that you contact us by emailing the Data Protection Officer.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioners Office (ICO) by using the details below. We would be grateful for the opportunity to manage your concerns directly before you approach the ICO so please contact us in the first instance.
Address: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/