This privacy notice sets out the basis on which we process any personal data that we collect from you or about you that you provide to us or that we receive from other sources. By processing, we mean when we collect, use, store, delete and access personal data.
“We” means Mudd & Co.
We are required to process your personal data in accordance with the law which includes The Data Protection Act 1998 (DPA) and from 25 May 2018, the General Data Protection Regulation 2016 (the “GDPR”).
If we ask you to provide information from which you can be identified, including as a result of using our website, www.tjmudd.com,
it will be used in accordance with this privacy notice, as it is varied from time to time.
What information do we collect about you?
The personal information detailed below relating to you or anyone else or in connection with our renting of property including but limited to tenant referencing, right to rent checking and general management services, maintenance of waiting lists in relation to rented property and sale of property will be collected and processed by us and/or on our behalf by our third party service providers.
• Information you give us. You may give us personal data by filling in paper or online forms or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, title, marital status and gender, current and previous postal and risk addresses, e-mail address, phone number, details of earnings, current and or previous occupation, National Insurance number, passport number, driving licence number, personal description and photograph, bank details, credit / debit card details, Next of Kin information, children’s names (optional) and their ages.
• Information we receive from other sources. To help us fulfil our contractual obligations and to verify the information you have given us we may receive personal data from third parties who we work with including insurers, landlords, employers, letting and managing agents, utility brokers and companies. We may also obtain information that is readily available in the public domain through Internet Search engines Social Media, Press etc
• We do not process special categories of personal data, for example: race, ethnic origin, politics, and health.
• Data for criminal convictions and offences will only be collected as permitted by UK Law.
How we will we use the information about you and for what purposes?
We collect a variety of information to enable us to provide our services and insurance. We collect this through your application form, your communications with us and your credit report.
Utility Management Service: We obtain, collect and process your personal data (which includes sharing your data with others) to enable us to fulfil our contractual and legal obligations on behalf of tenants, landlords and/or their agents to communicate and process “change of occupier” notifications to the statutory authorities, and utility providers.
Our legal basis for processing your data (Why we process or store your personal data)
In order to provide our services we will be using one or more of the following legal bases:
• Processing is necessary in order for us to take steps, at your request, to carry out the day to day management activities including but not limited to, maintaining data on a waiting list, maintaining rental information for the purposes of the rental of a particular dwelling or dwellings, maintaining Landlord information for the purposes of the rental of a particular dwelling or dwellings as per our Terms and conditions, maintaining information such as bank details to permit swift payment of clients, workmen and employees, to enter into a contract of repair or maintenance, and for the implementation of that contract, or we are required to arrange insurance as part of our contract with your landlord or letting agent or where it is a requirement of a legal tenancy agreement and or when you need to make a claim.
• Processing is necessary for fulfilling a contract with tenants, landlords and/or their agents for provision of references in connection with the application and granting of and managing a tenancy.
• Processing is necessary for us to comply with any legal or regulatory obligation including but not limited to providing change of occupiers details to statutory authorities and utility providers. However when we share this information we disclose only the personal information that is necessary to complete our legal or regulatory obligations.
• Where we believe a client is vulnerable, we may retain next of kin information to be able to provide a duty of care to that client.
We will not share your data for marketing purposes with any third party organisation.
We do not capture or store any personal information about individuals who access our website.
How long do we keep your data?
For legal reasons we hold your data securely for a minimum of 7 years from your last interaction with us, before we delete it unless we are required to retain the data for a longer period due to business, legal or regulatory requirements. This is to enable us to respond to any legal claim or similar.
After seven years, this may be destroyed without notice to you. The information will be deleted from any computer which held it and all paper documentation may be shredded and/or burnt. You should therefore retain all documentation issued to you.
However under the GDPR personal data may be erased earlier than this, if there ceases to be any ‘legitimate interest’ to process the data. Please see ‘Your rights in relation to your personal data’ below.
Who do we share data with?
In order to process your data we may be sharing your data with one or more other third party organisations (for example, insurance companies who underwrite our insurance policies, credit reference agencies, utility companies, and letting agents and landlords) to fulfil our contractual and legal obligations:
Letting agents, property managers and landlords
To manage and progress tenancy applications including obtaining and verifying references, arranging ancillary insurances and administration associated with any changes in tenancy terms or breaches
Statutory authorities, and utility providers To manage and progress tenancy applications and terminations including administration associated with any changes in tenancy
Quotation, cover, to manage and progress claims
Insurance Providers, (Placing Brokers, Delegated Authority Schemes, Wholesalers and the like) Quotation, cover, to manage and progress claims
To manage and progress claims
Insurance Fraud Bureau
Potential policy fraud
To manage and progress claims
Financial Conduct Authority
Financial Services & Compensation Scheme
Compensation in the event of insurer failure, if eligible
Financial Ombudsman Service
Unresolved Complaints, if eligible
National Crime Agency
Suspected criminal / fraudulent activity
HM Treasury Sanctions Checking clients are not on the banned list
Premium Finance Company
Payment of insurance premiums
Claims Management Company
To manage and progress insurance claims
Risk survey to analyse, report upon risk.
Also in the event of an insured loss, the opportunity to survey post-loss
Debt Collection Agency
To collect unpaid monies due
IT Providers – Hardware.
To detect issues, secure the system, and test the system. Also backup of data.
Third Party Insurers
To manage and progress claims
Third Party Assessor
To manage and progress claims
Credit Reference Agencies To obtain credit data, credit scores and ratings, to support applications for tenant references
Employers Liability Tracing Office
To provide confirmation of cover being in place
Our own Insurers
Where we need to provide information about you
Claims by us or on behalf of our clients, or claims against us
Other Data Controllers not detailed above
To be shared only for the purposes stated, or in a way you would reasonably expect us to, unless we inform you otherwise.
Under some circumstances we may be required to disclose or share your information, for example if we are required to by the police, the courts, or for other legal reasons.
We will never sell or give your data to another company for marketing or research purposes.
We do not transfer your data to countries outside the European Union
Data security is of great importance to us and we have always taken the management of data extremely seriously as part of best practice In line with the General Data Protection Regulation (GDPR) we have been working to ensure we are compliant as follows:
• Updating our processes and policies for privacy and data protection
• Training / updating staff on the new Regulations
• Destroying old and obsolete records
• Improving IT security and testing which includes but is not limited to ensuring we have up to date IT systems and software in place.
• We will never give or sell your personal information with or to a third party for marketing purposes furthermore we will not use your personal information for direct marketing unless we have your express and informed agreement to do so.
Whilst we endeavour to carry out our best to protect your personal data, transmission of information over the internet is not entirely secure and is done at your own risk. To protect your data, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data.
Where and how is your data stored?
Electronic data is stored on computers within the office which are password protected.
Manual records are maintained within our filing cabinets at our office which is locked and alarmed when personnel are not present. Only those employees with the correct level of clearance are permitted to access this information. Any bank details or title deeds held are kept within a locked safe.
We maintain a clear desk policy and any information not stored within the filing cabinets is locked into a safe overnight, over weekend and other time when personnel are not present.
Your rights in relation to your personal data
You have several rights in relation to how we use your information. They are:
Right to be informed
The General Data Protection Regulation sets out the information we must provide to you about your Data. All of the information we are required to give you is contained within this Privacy Notice. If you do not understand any part of this, you should contact us immediately and we will be happy to explain it to you.
Right of access
You have the right of access to your personal information. If you wish to receive a copy of the personal information we have about you, you can send us a request for access to this information using the contact details set out at the end of this privacy statement.
After receiving your request and sufficient information to verify your identity we will provide you with a copy of the personal information we have about you which you are entitled to have under applicable law. We will also confirm the purposes for which such personal information is being used, its recipients and the origin of the information.
Right to request that your personal information be rectified
If your personal information is inaccurate or incomplete, you can request that it is corrected.
• Your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;
• You withdraw consent and no other legal ground permits the processing;
• You object to the processing and there are no overriding legitimate interests for the processing;
• Your Personal Data was unlawfully processed; or
• Your Personal Data must be erased for compliance with a legal obligation
We refuse the right to delete your information when it falls within our data retention period stated above, as this data may be required to exercise or defend litigation in the event of a claim whether covered or not by an insurance policy.
Right to restrict processing
You have the right to restrict our processing of your Personal Data where any of the following circumstances apply, although we will still be allowed to store it:
• Where you feel that the Personal Data which we hold about you are not accurate. Processing will be restricted until you verify the accuracy of the information
• Where the processing is unlawful and you do not want your Personal Data be erased and request the restriction of its use instead;
• Where we no longer need to process your Personal Data but the data may be required to establish, exercise or defend a legal claim
• Where you have objected to our processing of your Personal Data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms.
Where you exercise your right to restrict our processing of your Personal Data, we will only continue to process it in accordance with the requirements of this notice or our legal obligations.
Right to data portability
You have a right to receive and transfer the Personal Data that we hold about you. This only applies to:
• Personal data you have provided to us
• Where the data was processed by you giving us your individual consent or for the performance of a contract and where processing was carried out by automated means.
Where you make such a request, this will be provided in a structured, commonly used, machine readable format such as a CSV file.
Right to object
In certain circumstances, you have a right to object to our processing of your Personal Data.
• Where we have processed it as a legitimate interest (including profiling)
• Direct Marketing (including profiling)
• Processing for scientific / historical research and statistics
• We will still be able to process your Personal Data where
• We can demonstrate compelling legitimate grounds for us to process your Personal Data which override your interests, rights and freedoms
• The processing is for establishment, exercise and defence of legal claims.
Where the legal basis of consent has been used you have the right to withdraw that consent at any time.
How to request access, deletion or correction of your personal data
If you would like to exercise any of your rights detailed above, please contact us using the contact details set out at the end of this privacy notice.
You may write to us at any time requesting amendments to certain personal information that you consider to be incorrect or irrelevant or to request that we block, erase or otherwise remove your personal information.
You may also write to us at any time to object to our use of your personal information, restrict our use of your personal information, or request that we provide your personal information in a usable electronic format and transmit to a third party (right to data portability).
You may also write to us at any time to request a copy of some or all of your personal information we hold.
We will comply with these requests in relation to your personal information in line with current law. We aim to respond to requests for information within 28 days of receipt of s request,
Mudd & Co does not capture and store any personal information about individuals who access our website.
Changes to this privacy notice
We keep our privacy notice under regular review to keep pace with new developments and stay in line with applicable law.
This privacy notice was last updated on 24th May 2018
How to make a complaint
You may raise any concerns with us about our processing of your Personal Data, using the contact details below
If you are not happy with how we have investigated your complaint you can refer your concerns to the Information Commissioner’s Office (or ICO), the body that regulates the handling of personal data in the UK. You can contact them by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF or going to their website at www.ico.org.uk
How to contact us
If you want to change the way in which we use your data, exercise your rights or if you have a question about how your personal information is used please contact us using the methods below:
• Email: firstname.lastname@example.org
• Phone: 01904 621554
• Postal address: 5 Peckitt Street, York, YO1 9SF