GDPR Policy

Privacy Policy – Core Estate Management Services

GDPR Privacy Notice

 

Who are we? 

We are: Q Agile Ltd t/a Core Estate Management;

our registered office is: 15 Adelaide Street, Dun Laoghaire, Co. Dublin Post Code A96D8Y9

Company No: 416066,

PSRA licence number: 002054

 

What is our role under the General Data Protection Regulation (GDPR)?

We consider ourselves to be the Data Processor acting on behalf of Owners Management Companies who are the Data Controllers for whom we act.
We consider ourselves to be the Data Processor for the Landlords for whom we act.

 

Both the Data Controllers and the Data Processors are subject to the:

Office of the Data Protection Commissioner, the Supervisory Authority.

Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland

LoCall 1890 25 22 31
Email:  info@dataprotection.ie
Web:    https://www.dataprotection.ie

 

Where we act as Managing Agent for Owners Management Companies:

 

Where did we get your data?

Originally your data was received through the Data Controller from your solicitor on purchase. Subsequently any data received by us was through the Data Controller or directly from you or another Data Processor for the purposes described below.

 

What is the purpose of processing your data?

Your property is subject to a lease to which you, the Data Subject, and the Owners Management Company who is the Data Controller are bound. We have been appointed by your Owners Management Company to administer fully the covenants of that lease. This involves maintaining accounts, company corporate compliance and common area matters.

 

What is the lawful basis for this processing?

Processing is necessary for the performance of a contract to which the data subject is party

[Article 6 GDPR (1)b].

Processing is necessary to fulfil PSRA regulatory requirements and under PSRA legal form of agreement and/or ‘Letter of Engagement’ binding between client/s and Managing Agent.
Processing is necessary for compliance with a legal obligation to which the Data Controller is subject [ Article 6 GDPR (1)c ]. In this instance OMCs are required by the Companies Act 2014 to maintain adequate accounting records. Similarly, under the Multi-Unit Developments Act 2011(Mud Act) a unit owner is under an obligation to furnish the OMC with the below information. Failure to do so would constitute a breach of the MUD Act which could result in civil action.
The unit owner(s) name.
The unit owner(s) resident address.
The names of the tenant(s) living in the unit.
The details of any habitual occupiers of the unit other than tenants.
Any other contact details that the Owners’ Management Company may reasonably request. It can be suggested that contact details (phone numbers, email addresses) for the owner(s), tenant(s) and emergency contact(s) could be considered a reasonable request.
 

 

What type of data do we keep?

Name, address, email, phone, interested parties, key holder names, key holder email, key holder phone, tenant names, tenant email, tenant phone, other general contact information, payment comment, general notes, email, transaction details, bank details.

 

Where is this data stored?

This data is stored in a database called ‘Blockman’ and ‘MyBlockman’ which is operated on Amazon Web Services located in Ireland. Data stored and transferred is encrypted. Access is only granted to administrators associated with our office.

 

Who is this data shared with?

Owner’s Management Company Client’s will have approved the data processing and data sharing agreement to us as Managing Agent, working on behalf of and as Data Controller role for each OMC.

This data is shared only with similar Data Processors for the purpose described above. These Data Processors are:  could be as list below ‘Classes of Processors’.

 

How long will the data be stored?

Your data will be maintained by us for as long as the contract between the Data Controller (OMC) and Core Estate Management (the Data Processor on behalf of the Data Controller) exists or for as long as required by legislation or State authorities.

 

What if you sell the property?

There is still an obligation on the Data Controller to maintain adequate accounting records, and a list of past and present members of the Owners Management Company. However if you sell the property only your name, address and transaction details are necessary to satisfy this requirement. All other contact details are erased.

 

Where we act as agents for Landlords:

 

Where did we get your data?

We received your data from you and tenants residing in your premises.

 

What is the purpose of processing your data? 

You are party to a Tenancy to which you the Data Subject are bound. We have been appointed by the Landlord to arrange the Tenancy and / or administer the covenants of the Tenancy.

 

What is the lawful basis for this processing?

Processing is necessary for the performance of a contract to which the Data Subject is party [Article 6 GDPR (1)b].

Processing is necessary to fulfil PSRA regulatory requirements and under PSRA legal form of agreement and/or ‘Letter of Engagement’ binding between client and Letting Agent.
Processing is necessary for compliance with a legal obligation to which the Data Controller is subject [ Article 6 GDPR (1)c ]. Namely:
The Residential Tenancies Acts 2004 to 2016
Criminal Justice (Money Laundering and Terrorist Financing) Act 2010
Property Services (Regulation) Act 2011 (Client Moneys) Regulations 2012
Property Services (Regulation) Act 2011

 

What type of data do we keep?

Name, address, phone, email, bank details, PPS numbers, references, ID, Anti Money Laundering.

 

Where is this data stored?

This data is stored in a database ‘Letman’ and which is operated on Amazon Web Services located in Ireland Data stored and transferred is encrypted. Access is only granted to administrators associated with our office.

 

Who is this data shared with? 

This data is shared only with similar Data Processors for the purpose described above. These Data Processors are:  could be as list below ‘Classes of Processors’.

 

How long will the data be stored?

Your data will be maintained by us for as long as the contract between the Data Controller and Core Estate Management (the Data Processor on behalf of the Data Controller) exists or for as long as required by legislation or State authorities.

 

What if your tenancy ends?

There is still an obligation on the Data Controller to maintain adequate accounting records. See above.

 

Classes of Processors:

This data is shared only with similar Data Processors for the purpose described above.
 

These Data Processors are:
Call Centre Management Emergency Service, Access control specialists, Accountants/ Auditors / Tax Advisors, Architects, Banks, Builders, Building suppliers, Building Surveyors, Carpet Cleaning, Carpet Replacement, CCTV Installers, Maintainers and Suppliers, Cleaning Contractors, Utilities Suppliers,

Photographers, Plumbing contractors, Project Managers, Pump maintenance companies, Refurbishment companies, Refuse / Recycling companies, Repairs and maintenance companies, RTB, Security Companies, Solicitors / Legal Advisors, Debt Management and Credit Control Agents, Tarmacadam / Road surfacing companies, Tree Surgeons / Arborists, Utility Companies, White goods supply companies, Window Cleaning, Window / Glass installation and replacement companies.

Database Management Systems, District Heating Specialists & Service Managers, Drain Companies, Electricians, Emergency after-hours contractors, Engineers, Building Surveyors, Estate Agents,

Roof Safety & Fall Prevention Specialists, Fire equipment maintenance companies, Fire Inspectors, Fountain Maintenance companies, Furniture Suppliers, Garden Landscaping, General Maintenance, Information Technology Specialists, Insurance Adjusters, Insurance Assessors, Insurance Brokers, Intercom Systems, Key Cutting companies, Landscaping contractors, Lift Service engineers, Locksmiths, Painting Contractors, Parking management & control companies, Pest Control companies,

This list is not exhaustive and will be extended, we have had to deal with these classes at various times in our various departments and at times these processors have to deal with client OMC’s, property owners and tenants.

 

What are your rights? 

You have a right to be informed.
You may request a copy of your data stored ‘live’ at that current date of request.
You may request correction to any erroneous data.
You may request deletion of data, if not in violation of Statutory / State Law authorities, Financial Regulator requirements or Contractual requirements.
You may lodge a complaint to the controller or object to processing.
You may lodge a complaint to the Supervisory Authority.
You may withdraw consent if processing originally required consent.

 

What happens in the event of a ‘Data Breach’?

In the case of a data breach by discovery or notified by customer, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority and Data Subject, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

In the event of a data breach affecting you please email to us: dpo@core-em.com

 

Changes to this Notice

This Policy may be subject to change or revision, the latest version will be on our website.
 

You can find more information here:
GDPR Act 2016 (pdf): https://www.blockman.ie/downloads/gdpr_act_2016.pdf
GDPR Act Easy Read:  https://gdpr-info.eu
Official GDPR Website:  https://www.eugdpr.org

 

 

Published on:

Last updated: 20/05/2019                                                 

 Version: CoreEM_05

 

____________________________________________

END OF POLICY

 

 

 

 

Download your Data Subject Access Request Form here: FORM

 

Q Agile Ltd t/a CORE ESTATE MANAGEMENT

PSRA Licence No.: 002054

Company Registration Number: 416066

Registered Office: 72 Northumberland Road, Dublin 4, D04 P2F8.

 

Due to the many different relationships you may have with CORE ESTATE MANAGEMENT if you are going to request information as a data subject we would like to give you the best possible answer.

 

To assist us make a timely reply to you in gathering the information we have on file, we have generated this handy PDF document which will advise of data you should request to get a clear and accurate answer.