Data Protection Policy

Wicklesham Commercial Properties Data Protection Policy

This policy explains how our company, which provides office services to businesses based at Faringdon, Oxfordshire, collects, stores, uses and shares personal data. We are committed to protecting the privacy and security of our tenants and complying with the General Data Protection Regulation (GDPR) and other relevant laws such as the Data Protection Act 1998 (DPA). The purpose of this policy is to make you aware of how we will handle your personal data.

We collect personal data from our tenants and others when they enquire or rent a property from us, such as their name, address, contact details, income, credit history, references and other information necessary to assess their suitability and eligibility for a tenancy. We may also collect personal data from other sources, such as landlords, agents, credit reference agencies, fraud prevention agencies (AML), public registers and social media.

We store personal data securely on our systems and only for as long as necessary to fulfil the purposes for which we collected it or to comply with legal obligations. We use personal data to provide our services to our tenants, such as managing their tenancy, communicating with them, processing payments, resolving complaints and disputes, conducting surveys and research, and improving our products and services.

We may share personal data with third parties when it is necessary to provide our services or to comply with legal obligations. For example, we may share personal data with contractors, utility companies, local authorities, regulators, law enforcement agencies, courts and tribunals. We may also share personal data with other organisations for fraud prevention and detection purposes. We will always ensure that any third parties we share personal data with have adequate security measures in place and respect the privacy rights of our tenants.

We respect the rights of our tenants to access, correct, erase, restrict or object to the processing of their personal data, as well as to withdraw their consent or make a complaint. We provide our tenants with easy ways to exercise these rights, such as by contacting us directly or email or phone. We will respond to any requests within one month and free of charge unless they are manifestly unfounded or excessive.

We are responsible for ensuring that this policy is followed by any and all of our staff and contractors who handle personal data on our behalf.  We will seek training and guidance on data protection issues and monitor compliance with this policy if necessary. We will also review and update this policy as necessary to reflect any changes in our practices or in the law.

Marketing
We may also use personal data from enquiries made directly to the company or via our website to send marketing communications to companies in accordance with GDPR guidelines.

Data Protection Principles

We will comply with the eight data protection principles in the DPA, which say that personal data must be:

a.         Processed fairly and lawfully.

b.         Processed for limited purposes and in an appropriate way.

c.          Adequate, relevant and not excessive for the purpose.

d.         Accurate.

e.         Not kept longer than necessary for the purpose.

f.          Processed in line with individuals' rights.

g.         Secure.

h.         Not transferred to people or organisations situated in countries without adequate protection.

"Personal data" means recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. "Processing" means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.

Fair & Lawful Processing
We will usually only process your personal data where you have given your consent or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in the DPA.

Data Retention
We will not keep your personal data for longer than is necessary for the purpose. This means that data will be destroyed or erased from our systems when it is no longer required.

Processing In Line With Your Rights

You have the right to:

a)     Request access to any personal data we hold about you.

b)     Prevent the processing of your data for direct-marketing purposes.

c)     Ask to have inaccurate data held about you amended.

d)     Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.

e)     Object to any decision that significantly affects you being taken solely by a computer or other automated process.

Data Security
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
Last reviewed: 2023