Privacy notice for: Boaden Service Charge Management Limited t/a BSCM (referred to herein as us / we)
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The changes are designed to ensure that you have more control over how your data is used and how you are contacted, also to help protect your personal data. This personal data makes a person capable of being identified, or identifiable, and includes information such as name, address, contact details (email address & telephone number), date of birth or bank account details. Set out below is the basis on which we process any personal data that we collect from you, or that you provide to us.
What information we may collect?
You may give us information about you by filling in forms or tenancy agreements, or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, address, phone number and e-mail address, financial and banking information, personal description and photograph.
Disclosure of your information
We may share your information with selected third parties, including:
Business partners, suppliers, utility companies, councils and sub-contractors for the performance of any contract we enter into with them or you.
If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
The legal basis on which we hold your personal data
We hold and process your data subject to the following legal basis’s:
- To perform any contract or potential contract we enter with you
- To comply with our legal and regulatory responsibilities
- For our legitimate interests including business compliance
Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). By submitting your personal data, you agree to this transfer, storing or processing.
If we transfer your data outside the EEA, we will take all reasonable steps to ensure that any such transfer is made securely and that there is adequate protection in place in order to protect your personal data, as required by GDPR.
We will retain your personal information for a minimum of six years and for so long as it is reasonably needed for the purposes for which it was obtained and to comply with our legal obligations. When your data is no longer needed, we will destroy your data using our data destruction processes.
The regulations give you a number of rights set out below. If you wish to exercise any of these rights please contact us using the details provided below.
Right of access: You can access your personal data that we hold.
Right to rectify: You have the right to rectify or correct any information we hold about you that is inaccurate.
Right to be forgotten: You have the right to request that we delete your personal information. This right is not absolute and we may be not be able to delete your personal information if this would prevent us from complying with our legal obligations.
Right to restrict or object to processing: You have the right to object to our processing of your data, or restrict the processing we carry out.
Right to data portability: You have the right to move, copy or transfer your data to another data processor.
Changes to our policy
We may change our policy from time to time. Any changes made will be binding on you and you are expected to check this page from time to time to take note of any changes. Where appropriate, we may email you to make aware of changes to this policy.
If you have any queries about this policy, please address these to firstname.lastname@example.org
23 May 2018