GDPR Privacy Notice
Who are we?
We are Realty Management Limited of Ground Floor, Discovery House, Crossley Road, Stockport, SK4 5BH.
What do we do?
We have been appointed by the party within your lease who is responsible for appointing a managing agent to manage the common areas of your development.
What is our role under the General Data Protection Regulation (GDPR)?
We consider ourselves to be the Data Processor and Controller acting on behalf of the party within your lease who is responsible for appointing a managing agent. Both the Data Controller and the Data Processor are subject to the Office of Information Commissioner, the Supervisor Authority.
- ICO (Information Commissioners Office), Wycliffe House, Water Lane, Wilmslow, Cheshire, Sk9 5AF
- Tel : 0303 123 1113 | firstname.lastname@example.org | www.ico.org.uk
Where did we get your data?
Originally your data was received from your solicitor on purchase. Subsequently any data received by us was through the Data Controller or directly from you or another Data Processor for the purposes described below. When you bought your property we issued a contact sheet and we retained the details provided on that contact sheet and update whatever new information is provided to us. All calls to and from our office are recorded for training and quality purposes. Information and details are held securely and are not shared or disclosed to any other third party
What is the purpose of processing your data:
Your property is subject to a lease to which you, the Data Subject and the party within your lease responsible for placing management are party to. We have been appointed by the party within your lease responsible for placing management to administer the covenants of that lease. This involves maintaining accounts, administration and common area matters an placing works orders with contractors where may require your contact details.
What is the lawful basis for this processing:
- Processing is necessary for the performance of a contract to which the Data Subject is party (Article 6 GDPR (1)b).
- Processing is necessary for compliance with a legal obligation to which the Data Controller is subject (Article 6 GDPR(1)c). In this instance the party within your lease responsible for placing management is required by the Companies Act 2006 to maintain adequate accounting records and a list of members past and present.
Failure to comply would be a breach of covenant under the terms of the lease which may result in legal action.
Where is this data stored?
This data is stored in a database called Blockman which is operated on Amazon Web Services located in the EU. Data stored and transferred is encrypted. Access is only granted to administrators associated with our office. We also maintain a schedule of flat owners’ correspondence addresses in Microsoft Word for the purpose of printing address labels.
Who is this data shared with?
This data is shared only with similar Data Processors for the purpose described above. These Data Processors are:
- Database Management System: Topfloor Systems Ltd, D18 F863, Ireland (Storage and retrieval of data).
- Leaseholders names are evident when we send service charge documentation to accountants at the end of each financial year.
How long will the data be stored?
Your data will be maintained by us for as long as our appointment exists or for as long as required by Statute or for as long as Lawfulness of Processing can be established without consent.
What if you sell the property?
Where the lessor is a Company, there is still an obligation on the Data Controller to maintain adequate accounting records and a list of past and present members. However, if you sell the property only your name, address and transaction details are necessary to satisfy this requirement. All other contact details are erased.
What are your rights?
- You have a right to be informed
- You may request a copy of your data stored
- You may request correct to any erroneous data
- You may request deletion of data, if not in violation of statutory or contractual requirements
- You may request a restriction on processing
- You may lodge a complaint to the controller or object to processing
- You may lodge a complaint to the Supervisor Authority
- You may withdraw consent if processing originally required consent
What happens in the event of a Data Breach?
In the case of a data breach, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority and Data Subject, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.
Where can you find more information?
A copy of your data and this statement is available by emailing our office at email@example.com and we will provide the information promptly. Further information is available here: