Who we are
We are committed to protecting your privacy and aim to be clear when we collect your information and use it only as you would reasonably expect.
HOW WE COLLECT PERSONAL INFORMATION
We collect personal information from you directly through our website, over the phone, through surveys, and sometimes on paper forms.
Indirectly, Local Authorities, third-party intermediaries, and our representatives may provide us with your personal information so long as they are GDPR compliant.
We may collect information about the software on your computer or device (your browser version etc.) and your IP address (your connection with the internet) to improve your interaction with our website and for our records. This may happen automatically without you being aware of it.
WHAT PERSONAL DATA WE COLLECT AND WHY WE COLLECT IT
We process personal information to enable us to provide property and land services to our clients either directly or through one of our partners and affiliates; promote the services we offer; maintain our own accounts and records; support and manage our employees.
We process information relevant to the above reasons/purposes. This may include:
- personal details
- family details
- lifestyle and social circumstances
- employment and education details
- financial details
- goods and services provided
We process personal information about:
- advisers and professional consultants
OUR LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
Our lawful basis for the purposes that we process personal information is for the performance of our contract with you regarding property letting, property management, property sales, and structural and defect warranty enforcement.
The law allows us to collect and use personal data if it is necessary to carry out our contractual duties so long as its use is fair, balanced and does not unduly impact your rights. In many situations, the best approach is to process personal data because of our contract with you and our legitimate interests as a land and property developer, rather than through explicit consent. However, we will ask for your consent to send you marketing emails and text messages. You can withdraw consent at any time.
We do not expect to receive or process sensitive personal data. In extreme situations, we may share your personal details with the emergency services if we believe it is in your ‘vital interests’ to do so. For example, if someone is taken ill during one of our events such as an open house or a scheduled viewing.
We may also share your personal information where we are compelled by law to do so.
We process employee personal information to meet our legal obligations as an employer.
WHO WE SHARE YOUR DATA WITH
We may share your personal data with the other companies in our group or with agents working in our behalf, which includes Mizen Design/Build, Ardrea Estates, Drylining UK, and St Mark Homes. For more information about our group, agents, and affiliated companies, please visit our main website at ‘mizen.co.uk’ or email us directly at the contact in the bottom of this document.
We share information with these companies so that they can help us to provide services, comply with our contract with you, and get to know you better. For instance, if you have an issue with your home we may share your info with our group contractors to schedule repairs.
If we run an event in partnership with another named organisation your details may need to be shared with them. We will be very clear what will happen to your personal information before you register for such an event.
You will only receive marketing emails from other companies in our group when you have given your consent to each individual company.
We do not sell your personal data to third parties and we only allow third parties to send you marketing communications if you have given your consent.
We may also give your personal data to the following third parties, for the purposes described below:
- Our partner contractors and construction traders, for instance, to schedule repairs covered under contract or warranty.
- Credit and debit card companies, credit reporting agencies and fraud control service providers, to process payments and (when necessary) carry out fraud controls.
- In response to legal requirements by the government and police, such as customs and immigration authorities.
- External service suppliers that we hire to provide services, like carrying out marketing initiatives or conducting surveys with customers on our behalf so long as they are GDPR compliant and have a legal basis for handling the data.
- Third parties like law firms and courts, to demand compliance or the application of a contract with you.
- Third parties, like the police and regulatory authorities, to protect our rights, property, or the safety of our customers, employees and assets.
- Third parties to which we give data on the use of the website (but not personal data) so they know you have visited our websites.
- When necessary in order to fulfil a legal obligation in any jurisdiction, including when said obligation is caused by an action or omission by us.
HOW LONG WE RETAIN YOUR DATA
We will only keep personal information for as long as we have a valid reason for keeping it. After that, we delete or dispose of the information securely.
We keep personal information about:
- Advice we have provided for two years irrespective of whether the contractual relationship has lapsed
- Complaints and feedback for two years.
- Tenant and private buyer details for seven years after offer has been accepted and contract signed.
- Tenant and private buyer details for two years after offer has been rejected.
- Event applications, registrations and administration for two years after the event has taken place.
- Surveys for three years after the survey so that data can be referenced for statistical analysis.
- Analytics information from Google for three years and two months.
- Employees for the duration of their employment and six years after employment ceases in accordance with the law.
WHAT RIGHTS YOU HAVE OVER YOUR DATA
If you believe we hold your personal data, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any and all data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
WHERE WE STORE YOUR PERSONAL INFORMATION
The data that you provide us with will typically be stored and processed within the European Economic Area (“EEA”). However, some of the services we use will mean that your data may be transferred to and stored at, a destination outside the EEA. In these cases we ensure that the provider is able to operate under the EU Binding Corporate Rules arrangement. Binding Corporate Rules (“BCRs”) are company-wide data protection policies approved by European data protection authorities to facilitate intra-group transfers of personal data from the European Economic Area (“EEA”) to countries outside the EEA. BCRs are based on strict privacy principles established by European Union data protection authorities and require intensive consultation with those authorities.
WHAT DATA BREACH PROCEDURES WE HAVE IN PLACE
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.
We provide guidance and regular data protection training to our staff.
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our computer network and servers are protected and routinely monitored.
We store all personal information that you supply us with on secured servers or in secured paper files. For your protection, any payment details that you provide us with will be encrypted using SSL (Secure Sockets Layers) technology.
Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have a right to know what personal data we hold, who we acquired it from, how we process it, the logic involved in any automatic processing, and who we disclose it to.
You have a right to ask us not to make decisions based solely on the automatic processing of your personal information.
You have a right to ask us not to process your personal information in a way that is likely to cause unwarranted and substantial damage or distress.
You have the right to request access to any of your personal data we hold, information about how and why it is processed, and to whom it may be disclosed.
You have a right to ask us to erase your personal information.
These statutory rights are qualified by exceptions and exemptions.
To exercise any of these rights, please contact us using the address below.
You can find out more about your rights from the Information Commissioner, who regulates data protection and privacy.
CHANGES TO THIS POLICY