*'personal data' refers to any information relating to an identified or identifiable natural person ('or data subject')
2. About Winchester White
Winchester White is a private limited company, registered under Company Number 07109394. Our registered company address is 60 Wimbledon Hill Road, Wimbledon, London, SW19 7PA. We are a property rental agency specialising in long term lettings, short lets and property management in Wimbledon & Battersea area.
For the purposes of UK data protection law and the GDPR, Winchester White is the 'Data Controller' of the personal data you provide to us.
3. Whose personal data do we process?
As a data controller, we process personal data about our clients, potential clients, tenants, prospective tenants, landlords, guarantors and referees. We also process business contact details relating to the representatives of our business partners, suppliers and contractors, and personal data relating to our own employees.
4. Why do we need to process your personal data?
- We only process your personal data where this is necessary for the purposes of fulfilling a service you have asked us to provide or necessary to run our own business.
- Establishing or negotiating agreements to providing the services you have requested,
- Promoting our own goods and services
- Managing our accounts and records
- Managing our data retention requirements including tenancy and lettings history on behalf of our clients
- If required by law, including responding to law enforcement authorities and competent bodies to prevent or detect crime (including fraud and money laundering).
5. What personal data do we process about you?
To provide the lettings services you have requested or have contracted to receive, we collect and process the following categories of personal data:
- Your name, address, telephone and email address
- Contact details for any other individuals involved in a lettings transaction (e.g. landlords, potential landlords, tenants, potential tenants, property owners, guarantors and property maintenance contractors
- Passport or other photo-ID or national identity papers
- Financial information (such as bank account details, pay slips, credit history)
- Land registry property ownership information
We may also process identifiable images of you if you visit one of our office premises where CCTV systems are in operation.
6. Uses of your personal data
We use your personal data to:
- Provide you with help, support and administration of our contracted lettings services
- Manage the tenancy search and fulfilment for all parties involved in a lettings transaction
- Establish and deliver the products and services you have contracted or asked to receive, including fulfilment of our own record keeping and regulatory reporting obligations
- Complete payment transactions for the services received such as holding deposits and collection of rent
- Email you with non-marketing routine service updates or issues relating to your use of our services
- Respond to your requests to be contacted or notified of available properties, or answer your enquiries including if you telephone, email or write to us
- Respond to applications for employment
- Resolve any complaints or disputes
- Send you offers and promotional material relating to our own products and services if you have given us your consent to do so, including industry updates, awards, events and news which may be of interest to you.
7. Sharing your personal data
We do not sell, rent or lease our client or business contact lists to any third parties. We may share your personal data with trusted partners who help us to run our business and deliver our services including:
- Legal and regulatory bodies, advisers, consultants and professional experts.
- Government departments such as HMRC where we are legally obliged to do so, including for the prevention and detection of crime or similar obligations placed upon us (e.g. anti-money laundering and fraud regulations).
- Service providers who to help us deliver our goods and services, perform statistical analysis, manage email or postal mail services, provide customer support, or to arrange for property maintenance to be undertaken on behalf of a landlord. All service providers are prohibited, under contract from using or disclosing your personal information for any purpose except to provide these services to and they are required to maintain the confidentiality, security and lawful use of your information.
In all cases, we only share or disclose the minimum amount of personal data necessary to fulfil the services you have requested or contracted to receive or to fulfil any associated legal obligations placed upon us as described.
8. Special category (sensitive) personal data
We may collect and process special category data, only where necessary and only with your explicit consent. The special category data we use is limited to:
- Evidence of physical or mental health or condition required to provide confirm suitability for tenancy, e.g. special needs or disability/accessibility. Winchester White will not process this information for any other purpose and only with your explicit consent. You have a right to withdraw your consent for processing this special category information at any time except where the processing relates to an overriding legal or regulatory obligation placed upon Winchester White. Withdrawing or withholding consent for processing medical data may result in the withdrawal of services dependent upon confirmation of suitability for tenancy on medical grounds.
- We may collect and process information such as race, religion, ethnicity or disability where we are legally required to report on statistics relating to equal opportunities, discrimination and diversity.
- We not include special category personal information in relation to any automated processing or profiling activities.
9. International processing
We do not routinely transfer your personal data outside of the European Economic Area (EEA). Where a third-party recipient is located outside of the EEA, we ensure that adequate safeguards are in place to protect your rights over the processing of your personal data, including approved EU contract clauses if the recipient country has not been previously approved by the EU data protection authorities as providing adequate protection for the rights and freedoms of individuals over the processing of their personal data (e.g. adequate equivalent laws)
10. How long do we retain your personal data?
11. Security of your personal data
Winchester White secures your personal information from unauthorised access, use or disclosure. We have adopted robust security controls drawn from recognised international standards of best practice to manage the security of your personal information throughout its lifetime, from creation to destruction and our security controls are continually reviewed. We have processes in place to deal with any suspected security incidents that include notifying you and any regulatory bodies where we are legally required to do so. Our computer servers and applications operate in a controlled, secure environment, protected from unauthorised access, use, disclosure, damage or destruction. Our computers that process your personal data online are routinely monitored and tested to protect against cybercrime.
12. Your data subject rights
Under the GDPR, and UK data protection law, you have specific rights over the processing of your personal data. These include:
- A general right to be informed about the processing of your personal data
- A general right to have your information processed securely
- A right to request access (e.g. receive a copy of the personal data we hold about you).
- A right to have inaccurate personal data corrected (rectification).
- A right to be informed about how long your personal information will be retained.
- A right to request erasure of your personal data if Winchester White has no legal, statutory or regulatory reason for continuing to process it
- A right to restrict the processing of your personal information causing, or likely to result in harm or distress (subject to Winchester White’s legal obligations for processing).
- A right to portability in certain circumstances (i.e. to have the personal data you have provided to us and any personal data subsequently arising from the services you receive from us packaged up in a commonly used machine readable format to another organisation of your choice without constraint).
- A right to object to the processing conducted by us (e.g. for direct marketing purposes)
- A right to have any automated processing and the logic used explained to you if any decisions about you are made solely by a computer program.
- A right to complain to the UK data protection supervisory authority (the UK Information Commissioner’s Office (ICO)), if you believe your rights have been breached and we have been unable to resolve the issue, and a further right to obtain judicial remedy through the courts if your complaint is upheld by the regulator. For more information on how to make a formal complaint to the ICO visit www.ico.org.uk )
If you would like to exercise any of the rights listed above, please write to the Data Protection Officer at the address below. We will explain any applicable exceptions to these rights in our response.
13. Changes to this Policy
14. Contact information
We welcome your comments regarding this Policy. If you believe that we have not adhered to this Policy, or have any concerns about how we process your personal data please contact [insert email address]. Or write to us at the address below. We will use commercially reasonable efforts to promptly determine and remedy the problem