The General Data Protection Regulation (GDPR) is being implemented by EU and comes into force from 25th May 2018. The new regulation is designed to ensure that the ever-increasing volume of data held by all businesses is collected, held and secured lawfully, in line with some quite simple principles.
Any organically developed process (i.e. data management) requires checks and balances from time to time, and we are all aware of the big news articles where large corporations have been exposed trading private data – which has resulted in some instances with loss of security or unwanted intrusion.
Academy Estate Consultants Ltd only ever collects, stores and uses client (or business to business) data with the data owner’s full knowledge and consent. We never pass private data to any third party unless it is for legitimate and expressly or contractually agreed purposes. This has always been our policy, and despite the slightly more complex requirements of GDPR will remain the core of how we operate for you.
In simple terms we have developed our operating systems and procedures to ensure your data is kept in a secure and consistent location, within cloud storage. Both of these technologies have multi-layer security with unique passwords to control who can access and at what level.
In developing the client relationship management (CRM) module of our database we have removed the need for satellite lists, copies or versions of client data (e.g. spreadsheets) so unintentional duplication or publication of your data is reduced to a reasonable minimum. We can provide you with access to your data – please contact our data protection officer [email protected] for further details.
We will shortly be asking you to confirm you are happy for us to hold your data for the express purposes of doing business with you. GDPR regulations require us to establish ‘positive opt-in’ with you, although we appreciate like us you have been bombarded with a shower of emails asking you to do so. We are taking a more proportionate approach, wherein we will contact current/live clients first, then those for who we hold data but are not currently working with. Our standard operating terms and conditions, service level agreements or professional services agreements with you will be amended accordingly. To make sure we correctly give you genuine choice and control we will track your preferred options, and in any case where we have not established clear preference we will ask you formally to confirm your ‘opt-in’ choice when we next do business or meet with you.
Third parties will rely on your consent to hold/share data. These include suppliers of goods or services we arrange for you, Local Authorities or other public bodies involved in projects etc. When we ask for your consent to share your details we act ONLY in a processing capacity. We will never make decisions about how we control your data (e.g. for our marketing purposes) without securing your written and express consent to do so. We do not engage in any sort of blanket marketing activities, unless we are marketing to you. We do not sell or offer your data to any third party, and we never will.
As with all businesses our professionalism and effectiveness relies on our staff being aware, trained and competent to manage the day-to-day application of data management and security. To this end, our staff are receiving in-house training in the appropriate management of client data, we have reinforced this in our employment contracts and staff handbooks.
Academy Estate Consultants Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from the 25th May 2018.
What data do we hold?
Business or private address, telephone numbers, email addresses.
Images of your property and/or works we have carried out for you.
What consent do we have?
To date, you have consented through our terms & conditions of engagement, or a professional services agreement we have issued to you.
In future we will require your separate permission to hold and use such data.
How do we store the data?
We store your data in a bespoke and secure database, situated on our business server.
Our database is developed and managed using latest Microsoft ™ technology and security, and incorporates several levels of password protected access.
How do we use the data?
We only use your data as part of our express or contractual activities with you, most of which you will be fully aware of as they include investigations, procurement of goods or services on your behalf.
If we ever use your data for marketing purposes (e.g. the name of your business or property) we will always seek your formal approval first.
Can you access your data?
YES! We can give you access to key aspects of your data. Either email [email protected] or write to The Data Protection Officer, 3 Carvers Farm, Dunton Road, Billericay, Essex, CM12 9TY