Our Data Protection Policy describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the relevant domestic and European data protection laws and regulations. This Policy covers Pillars Estates Ltd, and Pillars Estates Sales Ltd both trading as Pillars and referred to as Pillars in this document.
This Data Protection Policy applies to personal data we process regardless of the media on which it is stored or whether it relates to past or present employees, workers, customers, clients or supplier contracts, website users or any other data subject.
This Data Protection Policy sets out what we expect from you in order for the Company to comply with the applicable law. Your compliance with this policy is mandatory.
This data protection policy is to be read in conjunction with our marketing consent documents, personnel policy and, if applicable, privacy notice.
This data protection policy will become effective from 25th May 2018.
1.1 We take your privacy very seriously and protecting the confidentiality and integrity of personal data is a critical responsibility. You can find out more here and in other related policies and notices about your privacy rights and how we gather, use and share your personal information – that includes the personal information we already hold about you now and the further personal information we might collect about you, either from you or from a third party. How we use your personal information will depend on the products and services we provide to you.
1.2 Our Data Protection Officer (DPO) is responsible for overseeing this policy. The DPO provides help and guidance to make sure we apply the best standards to protecting your personal information. Our DPO can be reached by email at firstname.lastname@example.org using subject line (FOA THE DPO) or by post at Data Protection Officer, Pillars Estates Ltd, St Martins House Business Centre, Ockham Road South, East Horsley, Surrey, KT24 6RX if you have any questions or concerns about how we use your personal information.
See section 3 Your Privacy Rights for more information about your rights and how our DPO can help you.
1.3 This policy provides up to date information about how we use your personal information and will update any previous information we have given you about using your personal information (also referred to as personal data). We will update this policy if we make any significant changes affecting how we use your personal information, and if so we will contact you to let you know about the change.
- About us
We are what is known as the ‘data-controller’ of personal information we gather and use. In some instances, we are also the “data “processor” meaning that we process the personal information we collect and hold. When we say ‘we’ or ‘us’ in this policy, we mean Pillars Estates Ltd, St Martins House Business Centre, Ockham Road South, East Horsley, Surrey, KT24 6RX.
- Your privacy rights
3.1 You have the right to object to how we use your personal information. If we have relied on consent to process your personal information you can withdraw that consent at any time (this is discussed further below).You also have the right to see what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else. You can make a complaint to us via the email below with the subject line (DATE PROTECTION COMPLAINT):
You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, at https://ico.org.uk. To make enquires for further information about exercising any of your rights in this policy please contact our DPO by post at Data Protection Officer, Pillars Estates Ltd, St Martins House Business Centre, Ockham Road South, East Horsley, Surrey, KT24 6RX.
- What kinds of personal information we use
4.1 We collect and use a variety of personal information depending on the products and services we deliver to you. For all products and services, we need to use your name, address, date of birth, contact details, information to allow us to check your identity and information about your credit history. For some products and services we might need additional information, for example:
– information for, fraud prevention;
– information for, anti-money laundering; and
– to meet legal obligations.
4.2 Sometimes where we ask for your personal information needed to enter into a contract with you or to meet a legal obligation (such as a credit check), we will not be able to provide some products or services without that personal information.
- How we gather your personal information
We obtain personal information:
– directly from you, for example when you fill out an application;
– by observing how you use our products and services, for example from the transactions and operation of your accounts and services;
– from other organisations such as credit reference and fraud prevention agencies;
– from other people who know you including joint account holders and people you are linked to financially.
We also may obtain some personal information from monitoring or recording calls and if we use CCTV. We may record or monitor phone calls with you for regulatory purposes, for training and to ensure and improve quality of service delivery, to ensure safety of our staff and customers, and to resolve queries or issues. We may also use CCTV on our premises to ensure the safety and security of our staff and customers.
- How we use your personal information
To provide you with the products and services we offer we will need to know your name, address, date of birth, details of your current and previous countries of residence/citizenship, and a copy of identification documents (such as a passport or driving licence). We might also need health information to help support our customers who have a vulnerability.
We sometimes need to gather, use and share additional personal information for specific purposes, which are set out in more detail below.
6.1 To operate and administer our products and services, including dealing with your complaints and fixing our mistakes, we will use:
6.2 To administer payments to and from you, we will use:
6.3 To comply with our legal obligations, to prevent financial crime including fraud and money laundering we will use:
6.4 To comply with our legal obligations, to support our vulnerable customers:
6.5 For financial management and debt recovery purposes, we will use:
6.6 To enable payments to third parties who may have introduced you to us, we will use:
6.7 To carry out market research and analysis to develop and improve our products and services we will use:
6.8 To market products and services to you from us or our partners, we will use:
6.9 Personal information requirements for Business customers
- Our legal basis for using your personal information
7.1 We only use your personal information where it is permitted by the laws that protect your privacy rights. We only use personal information where:
– we have your consent (if consent is needed);
– we need to use the information to comply with our legal obligations;
– we need to use the information to perform a contract with you; and/or
– it is fair to use the personal information either in our interests or someone else’s interests, where there is no disadvantage to you. This can include where it is in our interests to contact you about products or services, market to you, or – – collaborate with others to improve our services.
Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent. See section 10 Keeping you up to date, clause 10.2 for details about how to withdraw your consent to marketing.
7.2 Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your physical and mental health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
– we have a legal obligation to do so (for example to protect vulnerable people);
– it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
– it is in the substantial public interest;
– it is necessary for the prevention or detection of crime;
– it is necessary for insurance purposes; or
– you have specifically given us explicit consent to use the information.
- Sharing your personal information with or getting your personal information from others
8.1 We will share personal information within our organisation and with others outside Pillars where:
- we need to do that to make products and services available to you,
- market products and services to you; or
- meet or enforce a legal obligation or where it is fair and reasonable for us to do so.
See section 6 How we use your personal information for more information about how we do this. We will only share your personal information to the extent needed for those purposes.
8.2 Who we share your personal information with depends on the products and services we provide to you and the purposes we use your personal information for. For most products and services we will share your personal information with our own service providers such as our IT Suppliers, with credit reference agencies and fraud prevention agencies. See section 6 How we use your personal information for more information on who we share your personal information with and why.
8.3 Most of the time the personal information we have about you is information you have given to us, or gathered by us in the course of providing products and services to you. We also sometimes gather personal information from and send personal information to third parties where necessary for credit checking and fraud prevention or marketing purposes, for example so you can receive the best offers from us and our partners. See section 6 How we use your personal information for more information on who we get your personal information from and why.
- How long we keep your personal information for
9.1 How long we keep your personal information for depends on the products and services we deliver to you. We will never retain your personal information for any longer than is necessary for the purposes we need to use it for. We monitor how long we keep personal information for and aim to comply with the legal framework for document retention.
For clarification, please review our Deletion Policy
- Keeping you up to date
10.1 We will communicate with you about products and services we are delivering using any contact details you have given us – for example by post, email, text message, social media, and notifications on our website and blog.
10.2 Where you have given us consent to receive marketing, you can withdraw consent and update your marketing and contact preferences by visiting our office or calling us directly. For contact details, visit our website at www.pillars-estates.co.uk
- Your online activities