Melinda Group Privacy Notice updated July 2018
This Policy sets out the obligations of Melinda Group which include Melinda Property Services Ltd and all its ‘subsidiaries’ regarding data protection under General Data Protection Regulation “GDPR”, regarding the collection, processing, transfer, storage, and disposal of personal data.
These procedures and principles must be followed at all times by the Company, its employees, agents, contractors or other parties working on behalf of the Company.
For clarity, Melinda Group “the company” includes the following:
Melinda Property Services Ltd
Melinda Construction Ltd
Melinda Property Investment 1 Ltd
Melinda Property Trading Ltd
Melinda Building services Ltd
Envirotec Services Ltd.
All registered in the United Kingdom at Park House, 15-23 Greenhill Cresent, Watford, WD18 8PH.
The purposes and lawful basis of Melinda Group processing your data
We may process your information for a number of different purposes. For each purpose, we must have a legal ground for such processing and we will rely on the following legal grounds:
- The processing is necessary for the performance of a contract with you or to take steps to enter into a contract with you. Your personal information is only used for providing quotes, arranging and amending an insurance policy, for the handling of claims, if any.
- The processing is necessary for compliance with a legal or regulatory obligation.
- The processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by your interests, rights or freedoms. You must have an objection to the processing of your personal data on “grounds relating to your particular situation” and we will stop processing the personal data unless:
- we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or
- the processing is for the establishment, exercise or defense of legal claims.
The Company have genuine business needs to use your personal information such as maintaining our business records and keeping records of insurance policies we place and analyzing and improving our business model and services, as well as the need to hold records for future liability claims. When using your personal information for these purposes, we have considered your rights and ensured that our business need does not cause you harm.
What personal data we may collect
We may ask for personal data such as; Full Name, Date of Birth, Addresses, Nationality, Telephone numbers, Occupation, Email address, IP address, Bank Account Name, account number and sort code. Information relating to your previous insurance policies and claims history in order to advise on your future needs, and special categories of information such as Criminal Convictions that are not considered spent under the Rehabilitation of Offenders Act 1974, as this is relevant to the underwriting of your insurance policy.
RIGHTS OF DATA SUBJECTS
Melinda Group will, to the extent legally permitted, action a request from a Data Subject to access, correct or delete that person’s Personal Data or if a Data Subject objects to the Processing thereof (“Data Subject Request”).
The Customer understands that Melinda Group may be required to provide Personal Data to carefully selected suppliers for the purpose of performing services under any Terms of Business. A list of suppliers can be supplied on request.
Melinda Group shall maintain appropriate technical and organisational measures for protection of the security (including protection against unauthorised or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorised disclosure of, or access to, Customer Data), confidentiality and integrity of any Personal Data.
Client information is confidential and is strictly always treated as such. We never, under any circumstances, release information or details about any of our clients or policyholders to anybody else or to any other company, organisation or third party. The only time that your information may be passed on to third parties will be if we are instructed to do so by law, when we are arranging insurance, or for the purpose of handling claims or complaints. These instances may require us to provide relevant information to a third party such as a broker acting on your behalf or other companies who act as insurance distributors, the insurer, independent loss adjusters, Consumer Credit provider, or Regulator/ Supervisory Authority, as well as our third-party services providers such as Estate Agency, Trade People, Utility Suppliers, IT suppliers, accountants, auditors, lawyers, tax advisers and insurance software providers.
We do not transfer data outside the European Union, to third countries or international organisations.
THIRD PARTY SERVICE PROVIDERS
We engage third-party service providers to perform a variety of business operations on our behalf. In so doing, we may share your personal information with them. We provide our service providers with only the personal information they need in order to perform the services we request and we require that they protect this information appropriately and do not use it for any other purpose.
For example, we may rely on a third-party service provider to:
• Fulfil your service requests and answer your questions.
• Host our sites and deliver our email or other communications.
• Analyse our data, sometimes combined with data from other sources, to send you communications.
• Maintenance requests reported by Tenants / Landlords under any Terms of Business.
• Where services are provided to us by a third party and it is necessary or expedient for us to share information with such third parties.
• Perform other services that we request.
DETAILS OF THE PROCESSING
Nature and Purpose of Processing
Melinda Group will Process Personal Data as necessary to perform the services pursuant to any Terms of Business, and as further instructed by a Customer in its use of the services.
Duration of Processing
Personal data is only retained by Melinda Group for as long as necessary. The retention periods differ based on the type of data processed, the purpose of processing or other factors. These considerations include where any legal requirements apply for the retention of any particular data. In the absence of any legal requirements, personal data will only be retained by Melinda Group for as long as necessary for the purpose of processing. This means that your data is to be deleted by us e.g. when:
- you have withdrawn consent to processing; or
- a contract has been performed or cannot be performed anymore; or
- the data is no longer up to date.
Exceptions may also apply to the processing for historical, statistical or scientific purposes.
Categories of Data Subjects
The Customer may submit Personal Data to obtain the Services, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to, Personal Data relating to the following categories of data subjects:
• Prospects, customers, business partners and vendors of Customer.
• Employees or contact persons, agents, advisers, sub-contractors and freelancers of Customer’s prospects, customers, business partners and vendors.
• Customer’s Users authorised by Customer to use the Services.
Melinda Group may collect Personal Data which falls under the following categories:
• Prospects, Contractors, Customers, Customer’s customer data (landlord and tenants), Business Partners and Vendors
Categories of data
The Customer may submit Personal Data to Melinda Group which may include, but is not limited to the following categories of Personal Data:
• First and Last Name
• Contact information (not limited to company, email, phone, physical business address)
• Professional life data
• Personal life data
The objective of Processing of Personal Data is the performance of Melinda Group services pursuant to any Terms of Business or any other contractual agreements between the parties.
How personal information is stored
Personal information that we hold about you is always held securely on our in-house computer systems. You have the right to have personal data erased and to prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed.
- The personal data has to be erased in order to comply with a legal obligation.
There are specific circumstances where the right to erasure does not apply and we can refuse to deal with a request: -
- To exercise the right of freedom of expression and information;
- To comply with a legal obligation or for the performance of a public interest task or exercise of official authority;
- For public health purposes in the public interest;
- Archiving purposes in the public interest, scientific research historical research or statistical purposes; or
- The exercise or defence of legal claims.
If we have disclosed the personal data in question to third parties, we will inform them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so. We will also do this if the processing of your data is restricted.
Should you need to contact us regarding the above, please email our team on Sabs@melindagroup.co.uk
Your right to complain
You have a right to complain to the Information Commissioner's Office if you believe that any use of your personal information by us is in breach of applicable data protection laws and/ or regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
This will not affect any other legal rights or remedies that you have.