Hinch PM Ltd is absolutely committed to protecting any and all personal information we hold, and being transparent about the data we process and our procedures of processing.
Hinch PM will process all personal data lawfully, fairly and transparently
2. Collecting data
Personal data will only be collected for specified, explicit and legitimate purposes. Data collection will be necessary for Hinch Property Management to carry out works orders. This may include but not be limited to:
Names, contact telephone numbers, email addresses, home addresses (of let property or forwarding address) for the purpose of arranging inventory inspections, transferring an inventory report, arranging a property visit, transferring a property visit report and discussing any items relevant to these reports. It may also include bank details for payment and invoicing.
3. Relevant Data
All data collected will be adequate, relevant and limited to what is necessary for processing and to carry out services encompassed in the operations of Hinch Property Management Services
4. Up to date
All data and records will be kept up to date. When we are notified of erroneous data this will be discarded securely and we will make necessary changes and updates.
An extensive general audit of data has been completed prior to the GDPR law brought in in 2018. All departments within Hinch Property Management will audit data regularly to ensure compliant with our GDPR policy, in particularly points 3 and 4. The process will involve necessary correction, deletion and notification of data subjects
Personal data will be kept in particular formats to ensure the data subject can be identified only as long as necessary for processing
Personal data will be processed in a manner that ensures its security. All personal data that is process will be encrypted and handled with Good Industry Practice. All individuals will be briefed on Hinch Property Management’s GDPR policy to comply with safe, diligent and responsible processing of all personal data within all operations of the company. Hard copies of any personal data will be processed with utmost care, not left unattended and stored securely. Once use of the hard copies has been expired the physical data will be destroyed and disposed of.
8. Third Party Data Processing
Many operations conducted by Hinch Property Management involve contractors and where necessary the processing of personal data by the contractor/third party. Hinch Property Management has thorough, written and signed agreements with all contracted workers to ensure processing of personal data is compliant with company policy and adheres to GPRD regulation. The fundamental principals of the agreement are set below (Controller as Hinch Property Management, Processor as agreed contractor)
i. Authority to process Controller Personal Data
a) The Processor may process data as instructed for agreed purposes for relevant contractual work for Hinch PM
b) The Processor will process any Controller Personal Data in accordance with Good Industry Practice and Applicable law
ii. Termination and suspension
a) The agreement may be terminated by the Controller to comply with the Data protection Legislation or applicable law, or the processor commits a breach of the agreement or fails to remedy such a material breach
b) The Processor’s obligations under this agreement will survive expiration of termination of any other agreements between the parties
iii. Security and Confidentiality
a) The Processor shall, in relation to the Controller’s data implement appropriate technical and organisation measures to ensure a level of security to the risk of rights and freedom of persons relating to the Personal Data
b) The Processor shall implement appropriate technical and organisational measures to protect the Controller Personal Data against unauthorised or unlawful processing and against any accidental loss, destruction damage or disclosure (in IT equipment, portable equipment)
iv. Data Security Breaches
a) The processor shall notify the Controller without undue delay and in any event within 72 hours, upon becoming aware of an actual or potential Data security breach affecting Controller personal data. Information should be sufficient to accurately inform data subjects and/or the relevant supervisory authority .
b) The processor will co-operate with the controller to take steps of investigation, mitigation and remediation of such a data breach
v. Data subject rights
a) The processor will notify the controller within 5 days on receiving a request from a data subject in respect to the Controller personal data, and include copies of requests
vi) Retention, Deletion or return of Controller Personal Data
a) The processor shall not store or retain any Controller Personal Data except as necessary for Agreed Purposes
b) The Controller may before the termination of this agreement instruct deletion, or return of transferred Controller Personal data
c) Audits- the processor will co-operate and provide necessary information should an audit of Personal data be instructed by the Controller
vii. General Terms
a) In the event of inconsistencies between the provisions of this agreement and the data protection provisions of any other agreement, the provisions of this agreement shall prevail unless except where explicitly agreed otherwise, and in writing by the controller
b) The controller may propose any amendments to this agreement which may be deemed necessary to comply with Data Protection Legislation. The processor will be cooperative with any variations which would be effective after notified in writing
9. Data Breach
This is defined as ‘A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service’
In the event of a potential data breach Hinch Property Management will notify the subject within 72 hours. Hinch Property Management as the data controller will execute an investigation, mitigation and remediation and communicate progress and findings to the subject. The ICO will be notified where necessary and internal processes reviewed.