These privacy notices explain what personal data (information) we hold about you, how we collect it, and how we use and may share information about you. It also contains important information about your rights with regard to your personal data, and how to contact us or supervisory authorities in the event you have a complaint. We are required to notify you of this information under the General Data Protection Regulation.
Where Your Personal Information May Be Held
Information may be held at our offices and in our servers which are also located within the UK. Information may also be held by our group companies, and third party agencies, service providers, representatives and agents as described above.
We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our Data Protection Notice.
How Long Your Personal Information Will Be Kept
We may retain information for up to 12 years after we have ceased managing a building in accordance with UK tax and liability laws.
Reasons We Can Collect and Use Your Personal Information
We rely on “contract” as the lawful basis on which we collect and use your personal data in order to carry out the functions described in our management agreements.
Your Rights Under GDPR
Under the General Data Protection Regulations you have a number of important rights for which we cannot charge. Those rights which are applicable to the data we hold include the right to:
fair processing of data and transparency over how we use your data
access your personal data and to certain other information given here
require us to correct any mistakes in your data
require the erasure of personal information concerning you in certain situations
receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
object at any time to processing of personal information concerning you for direct marketing
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
object in certain other situations to our continued processing of your personal information
otherwise restrict our processing of your personal information in certain circumstances
claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the UK Information Commissioner’s Office website.
If you would like to exercise any of those rights, please:
let us have enough information to identify you
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
let us know the information to which your request relates, including any account or reference numbers, if you have them
Keeping Your Personal Information Secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to Complain
We hope that we can resolve any query or concern you raise about our use of your information. If you wish to contact us about a suspected breach, or if you have any questions or queries about how we are processing your data, please Email us at email@example.com write to our Data Protection Officer at the following address: Bruton Street (Management) Ltd, 121 Sloane Street, London SW1X 9BW. 020 7495 5858.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone on: +44 (0)30 3123 1113.
Changes to This Privacy Notice
This privacy notice was published on 24/05/2018 and last updated on 11/07/2018. We may change this privacy notice from time to time.
You can contact our Privacy Team at firstname.lastname@example.org
Cyber Essentials Certification
Bruton Street (Management) Ltd are Cyber Essentials Certified, a government endorsed programme aiming to protect businesses against cyber security risks. The Cyber Essentials scheme helps organisations to protect the confidentiality, integrity and availability of data stored on devices which connect to the Internet. This certification verifies that Bruton’s IT is suitably secure and meets the standards set by Cyber Essentials.