Preamble

CFH Management Company (hereinafter referred to as ‘the Company) is registered with ICO under registration number ZA475750.

Any reference in this document to ‘the Legislation’ refers to the General Data Protection Regulation (EU) 2016/679, and the Data Protection Act 2018.

Contact details

CFH Management Co, Hamill House, 112-116 Chorley New Road, BOLTON, BL1 4DH

Email - enquiries@cfhmanco.com

 

Data Protection & Privacy Policy

1. The Company’s Overarching Principals

a. The Company acts as an agent and advisor to its clients’. Our service is to ensure that our clients comply with the law, the terms and conditions of their transfer/lease, and any applicable code of practice.

b. The primary legal responsibility for the properties’ and the record keeping remains with the client, and it is they who control and monitor the work of the Company in its capacity as Agent.

c. In order to carry out our duties as the Agent, the Company collects and uses certain types of information about leaseholders, freeholders, tenants, clients’ and other service users. This data is used to manage the client accounts, maintain client records, and to manage any contractors and employees engaged for or on behalf of the client.

d. This personal information is collected and dealt with appropriately and securely on whichever medium it is recorded. The Company has taken every precaution to ensure that any and all recorded information is protected under the Legislation.

e. Our data protection policy outlines what the Company does with the data which is collected, who it is shared with, and how it will be stored within the agent and principal relationship between the Company and the client.

 

2. Data Controller and Data Processor

a. The Company acts as both Data Controller and Data Processor under the Legislation as appropriate. The Company is a Data Processor when data is being processed on behalf of our clients, and this includes anything to do with the management of our clients’ estate. The company is a Data Controller when it collects and stores personal data relating to our clients’ estate for the purposes of communications and the preparation of demands relating to the estate.

b. The Company is also responsible for notifying the Information Commissioners Office of the data it holds or is likely to hold, and the general purposes that this data will be used. Our registration number is located in the preamble of this document.

c. The Company has assigned individuals who are responsible for ensuring that the Company complies with this policy and the Legislation.

 

3. Data Protection Principles

a. The Company will adhere to the following data protection principles to ensure that the data we hold is: 

• used fairly, lawfully and transparently
• used for specified, explicit purposes
• used in a way that is adequate, relevant and limited to only what is necessary
• accurate and, where necessary, kept up to date
• kept for no longer than is necessary
•  handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

b. The Company will ensure that appropriate technical and other measures are employed in respect of the above principles.

 

4. Disclosure

a. The Company will share data where it could be reasonably expected such as with statutory bodies such as the Police and the Local Authority.

b. The client, leaseholders, freeholders, tenants or other service users will be made aware of how and with whom their data may be shared via the Company’s documentation.

c. There are circumstances where the Company may disclose data without consent as and when required under statute, and for the purpose of conducting legal proceedings, obtaining legal advice and defending legal rights.

d. The Company may share an individual’s data in an emergency in circumstances such as, but not limited to, engaging a tradesperson to carry out urgent repairs on behalf of the client.

e. Disclosing information in pursuit of legal proceedings or debt owed to or by the client.

f. Where data needs to be shared with the client pursuant to the Agent – Principal relationship.

g. Complaints regarding service levels.

h. Concerns raised in respect of matters raised with the Company in relation to the Clients property.

i. Leaseholder/freeholder/tenant account information is not divulged except in the circumstances hereinbefore mentioned.

j. Residents Association or committee are not considered as Directors for this purpose therefore personal information will not be disclosed to them.

 

5. Data Collection

1. We get personal information

• Directly from you

• Regulatory authorities

• Legal bodies or professionals (such as courts or solicitors)

• Publicly available sources

b. This policy provides the data subject with information on what the data will be used for and the Company will collect information from the following types for the purposes of effective property management.

• i. Clients
• ii. Leaseholders
• iii. Freeholders
• iv. Tenants
• v. Professional advisers and consultants
• vi. Suppliers and contractors
• vii. Landlords

c. The Company will collect the following information in respect of the preceding.

• i. Names
• ii. Addresses
• iii. Household occupation details
• iv. Financial details
• v. Details of goods and professional services offered.

6. Data Protection

a. The Company has dedicated information owners who are responsible for data protection compliance; those people are.

• i. Legal, client and service user data – Brian Fletcher
• ii. Financial data – Sarah Campbell
• iii. Contractor and maintenance data – Mark Hughes

b. They are responsible for assessing systems and data periodically or when required in order to identify potential risks, and to take actions to reduce that risk as appropriate, in particular to ensure that confidentiality is not breached and is only accessed by those authorised to do so, and to ensure the Company meets its obligations under the Legislation.

c. To ensure that third parties with whom the data is shared in line with this policy meet their obligations under the Legislation and satisfy the Company’s accreditation scheme.

7. Data Storage

1. The Company will maintain control of confidentiality of the client records and will take steps to ensure that personal data is kept secure at al times against unlawful disclosure.

2. The Company will undertake privacy assessments as and when necessary to assess the risk to individual rights when using new or enhanced systems.

3. Service users whose personal information is used or stored by the Company may use those rights afforded to them under the Legislation to access, correct, block, or erase that information as appropriate.

4. It is a requirement of the General Data Protection Regulation and Data Protection Act that information must only be retained as long as necessary. Keeping information for longer than it is required is breach of the rights of the Data Subjects that the information relates to. Consequently, data will be retained dependent on the requirements of our clients as set out below:

a. Property occupation records and current occupancy financial records will be maintained until six years beyond the date where occupant has sold or vacated the property.

b. Communications via post or email from the owner or occupier of a property will be retained for one year beyond the date where the occupant has sold or vacated the property

c. Where a record is retained longer than those periods the reasons for its continued retention should be recorded

8. The Legal Basis We Rely Upon

1. Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website. Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website

a. Contractual Obligation – In certain circumstances we need your personal data to fulfil our contractual obligations. We manage the property on behalf of the client under the terms of a management agreement, and our client is a party to the lease and/or transfer documentation which has obligations related to the property.

b. Legal Compliance – The Company has obligations to provide documentation to various statutory bodies such as the Land Registry and/or Local Authorities.

c. Legitimate Interest – The Company has a legitimate interest in recovering debt which may be owed to the client and in order to achieve this purpose it is necessary to use this ground for processing. At the same time the company's other customers and the public in general also have a legitimate interest in ensuring that fraud and/or money laundering is prevented and detected

d. Consent – In certain situation the Company may store details you have agreed to have stored through for example, ticking a box to receive emails and/or newsletters.

 

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address: