Information covered by this Statement
This Privacy Statement applies to the use and processing of Personal Information collected and used by members of Branded Bricks Ltd. For information concerning the collection, use or processing of personal information by Branded Bricks Ltd. The phrase Branded Bricks Ltd, us or we shall, when used herein, means members of Branded Bricks Ltd. On behalf of and in respect of whom this statement is made. Please read this Privacy Statement carefully and contact us if you have any questions. Personal information is information, or any combination of separate pieces of information, that could be used to identify you. Should you have any queries in respect of this statement or our use of Personal Information, please contact Branded Bricks Data Protection Office at firstname.lastname@example.org.
This Policy sets out the obligations of Branded Bricks Ltd under number 12459247 whose registered office is at 14 Hampden Way, Watford WD17 4SS “the Company” regarding data protection under General Data Protection Regulation “GDPR”.
The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Policy sets the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.
The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
“Personal Data” in relation to a Customer means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Customer Data. “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Controller” means the entity which receives the Personal Data “Processor” means the entity which Processes Personal Data on behalf of the Controller.
Customer’s Processing of Personal Data- Branded Bricks Ltd shall Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, a Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. A Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Branded Bricks Ltd acquires Personal Data.
Branded Bricks Ltd’s processing of Personal Data. Branded Bricks Ltd shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with any Terms of Business(s); (ii) Processing initiated for the use of Branded Bricks Ltd’s services; and (iii) Processing to comply with other documented reasonable instructions provided by the Customer (e.g., via email) where such instructions are consistent with the terms of this policy.
Details of the Processing. The subject-matter of Processing of Personal Data by Branded Bricks Ltd is the performance of the services pursuant to Terms of Business. The duration of the processing, the nature and purpose of the processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 4 (Details of the Processing) to this DPA.
RIGHTS OF DATA SUBJECTS - Branded Bricks Ltd will, to the extent legally permitted, action a request from a Data Subject to access, correct or delete that person’s Personal Data or if a Data Subject objects to the Processing thereof (“Data Subject Request”).
BRANDED BRICKS LTD PERSONNEL - Confidentiality. Branded Bricks Ltd shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Branded Bricks Ltd shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
Reliability. Branded Bricks Ltd shall take commercially reasonable steps to ensure the reliability of any Branded Bricks Ltd personnel engaged in the Processing of Personal Data.
Limitation of Access. Branded Bricks Ltd shall ensure that Branded Bricks Ltd’s access to Personal Data is limited to those personnel performing services in accordance with any Terms of Business.
CUSTOMER DATA INCIDENT MANAGEMENT AND NOTIFICATION
Branded Bricks Ltd maintains security incident management policies and procedures and shall notify the Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data, including Personal Data, transmitted, stored or otherwise Processed by Branded Bricks Ltd.
“Personal Data Incident” – Branded Bricks Ltd shall make reasonable efforts to identify the cause of any Customer Data Incident and take those steps as Branded Bricks Ltd deems necessary and reasonable in order to remediate the cause of such a Personal Data Incident to the extent the remediation is within Branded Bricks Ltd’s reasonable control.
SUB-PROCESSING -The Customer understands that Branded Bricks Ltd may be required to provide Personal Data to carefully selected suppliers for the purpose of performing services under any Terms of Business. A list of suppliers can be supplied on request.
SECURITYBranded Bricks Ltd shall maintain appropriate technical and organisational measures for the protection of the security (including protection against unauthorised or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorised disclosure of, or access to, Customer Data), confidentiality and integrity of any Personal Data. Branded Bricks Ltd regularly monitors compliance with these measures.
THIRD-PARTY SERVICE PROVIDERS
We engage third-party service providers to perform a variety of business operations on our behalf. In so doing, we may share your personal information with them. We provide our service providers with only the personal information they need to perform the services we request, and we contractually require that they protect this information appropriately and not use it for any other purpose.
For example, we may rely on a 3rd party service provider to: Fulfil your service requests and answer your questions / Host our sites and deliver our email or other communications / Analyse our data, sometimes combined with data from other sources, to send you communications / Conduct research and analyse data to improve our products, services and sites / Maintenance request reported by Tenants / Landlords under any Terms of Business / Where services are provided to us by a third party and it is necessary or expedient for us to share information with such third parties / Perform other services that we request.
RETURN AND DELETION OF CUSTOMER DATA - Branded Bricks Ltd shall return and/or delete Customer Data to the extent allowed by applicable law.
GDPR -With effect from 12th Feb 2020, Branded Bricks Ltd will control Personal Data in accordance with the GDPR requirements directly applicable to Branded Bricks Ltd’s provision of its services.
Data Protection Impact Assessment -With effect from 12th Feb 2020, Branded Bricks Ltd shall have in place a Data Protection Impact Assessment related to its Processing of any Personal Data as required under the GDPR.
Transfer mechanisms for data transfers.
Sending data outside the EEA, We will only send your data outside of the European Economic Area (‘EEA’) to Follow your instructions / Comply with a legal duty / Work with our suppliers who help us to provide you with a service.
If we do transfer your personal information outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA. We’ll use one of these safeguards:
Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. / Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
DETAILS OF THE PROCESSING
Nature and Purpose of Processing -Branded Bricks Ltd will Process Personal Data as necessary to perform the services pursuant to any Terms of Business, and as further instructed by a Customer in its use of the services.
Categories of Data Subjects -The Customer may submit Personal Data to obtain the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects: Prospects, customers, business partners and vendors of Customer (who are natural persons) /Employees or contact persons of Customer’s prospects, customers, business partners and vendors / Employees, agents, advisors, freelancers of Customer (who are natural persons) /Customer’s Users authorised by Customer to use the Services
Type of Personal Data -Customer may submit Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data: - First and last name / Title / Position / Employer - Contact information (company, email, phone, physical business address) / ID data /Professional life data - Personal life data / Connection data - Localisation data / Financial Data – Bank Details
Definition- For the purpose of points
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data.
(b) 'the Customer' means the person who provides their Personal Data to Branded Bricks Ltd.
(c) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the Processing of Personal Data applicable to a data controller in the Member State in which the data exporter is established.
(d) 'technical and organisational security measures' means those measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of Processing.
Point B - Data subjects - Branded Bricks Ltd may collect Personal Data which falls under the following categories: Prospects, Customers, Customer’s customer data (landlord and tenants), business partners and vendors
Point C - Categories of data -The Personal Data transferred could concern the following categories of data: The Customer may submit Personal Data to Branded Bricks Ltd which may include, but is not limited to the following categories of Personal Data:
First and last name / Title / Position /Employer /Contact information (not limited to the company, email, phone, physical business address) / Professional life data /Personal life data
Point D -Special categories of data (if appropriate) -Branded Bricks Ltd will not collect Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or data concerning health or sex life.
Point E - Processing operations -The objective of Processing of Personal Data is the performance of Branded Bricks Ltd services pursuant to any Terms of Business or any other contractual agreements between the parties.
Complaints about the use of your personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by writing to [the data protection officer 14 Hampden Way WD17 4SS]