If you are a resident, occupier or tenant in a building managed by us, we may need to share your personal information with the property owner, but will only do this once we have considered if this is necessary and your own rights first.
Where we operate CCTV at a property under our management, we may capture your image which would constitute your personal data.
Do you have security and contingency measures in place to protect data?
Yes. Robust security measures are in place to prevent personal information from being lost, or used or accessed in an unauthorised way. Access to personal information is strictly those who have a genuine business need to know it and the individuals processing information do so bound by confidentiality and only in the ways they are authorised to.
We also have procedures in place to deal with any suspected data security breach. We will notify the relevant regulator (typically the Information Commissioner’s Office), our client and the data subject of a suspected data breach within 24 hours of it becoming known to us.
One of our business principles is ‘we are data driven’. Raising the standard of awareness surrounding data analysis, management and protection is therefore critical if our business is to succeed. To this end all of our team, whether employed at management level or on-site, undertake learning and development modules focusing on managing resident data and data security.
We have comprehensive Disaster Recovery and Business Continuity Plans in place to protect the data we hold.
How long do we retain resident data?
No longer than is necessary, although we may keep it for 12 years to satisfy UK tax law.
Doing our bit to raise awareness of data protection
On certain developments under our management we have previously run residents’ and community technology and data workshops, where those residents with questions relating to storage and usage of data the GDPR regulations can learn about the measures we take as a development manager to keep their data safe, and what they can do as individuals to mitigate the risk of their personal data being abused.
Data Protection Officer
How do residents escalate issues?
If residents have any questions around how we process data or should they wish to escalate a suspected data breach/incident, they can contact us at firstname.lastname@example.org or write to our Data Protection Officer:
F.A.O Data Protection Officer
Navana Property Group
London EC3V 0EH
Residents have the right to complain a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, usually live or where any suspected infringement of data protection laws happened.
In the UK the relevant supervisory authority is the Information Commissioner’s Office who can be reached at:
Telephone: +44 (0)30 3123 1113