At Lee Baron Group Limited we are committed to safeguarding and preserving the privacy of our visitors. This Privacy Notice explains how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018.
For the purposes of the Data Protection Legislation and this notice we, Lee Baron Group Limited, are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
WHAT DOES THIS MEAN TO ME?
As a customer of Lee Baron Limited we handle personal data and we have a legal obligation to ensure it is stored securely and that the data we hold is protected. We will not disclose any information without the express consent of the person concerned.
INFORMATION WE COLLECT
We obtain personal data about you by email, telephone, post or social media, for example:
From you when you contact us with a query about our services
Information provided voluntarily by you. For example, when you register for information
From you when you engage us to provide our services and during the provision of those services
From third parties and/or publicly available resources (including for example, from your employer, your agent, your bookkeeper, your bank, your IFA, mortgage lenders or landlords seeking a reference, your former accountant, HMRC, Companies House)
USE OF YOUR INFORMATION
We use the information that we collect from you to provide our services to you. We may process your personal data for the purposes necessary for the performance of our management contract and to comply with our legal obligations for the management of your property.
We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are a tenant, lessee, landlord, subcontractor, supplier or customer of our client.
We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
CCTV, ANPR and EACS
This section of the policy applies to the management of personal data collected by CCTV and or Electronic Access Control Systems (EACS) at sites managed by Lee Baron.
Closed Circuit Television (CCTV) & Access Control Systems are in operation at some of the sites managed by Lee Baron.
Where these systems are able to process Data which by itself or with other Data available to us can be used to identify you, this is known as Personal Data.
This data protection policy sets out how we use that personal data, you can contact us at www.leebaron.com if you have any questions Including site specific details of whether or not a particular site you are or are about to visit has a CCTV and or Access Control System installed, which does or could process your personal data and where and if data processors are operating for and on behalf of us at that site.
We take the security of your personal data very seriously and take a stringent approach to data protection including its secure storage and taking the appropriate technical, physical and organisational steps to protect it. We regularly evaluate whether it is necessary and proportionate to use CCTV systems at each of the sites for which we are responsible as Data Controllers.
Each site that uses CCTV has had a privacy impact assessment conducted and annual audits are undertaken to ensure that correct legal procedures are followed.
We also conduct regular legitimate Interest Assessments and document them.
Prior to disclosing any CCTV footage, we seek the advice of a specialist data protection advisory service to protect your personal data from inappropriate or wrongful disclosure.
Your data will not be processed or stored outside of the European Economic Area (EEA)
The types of personal data we collect and use
CCTV, the lawful basis for processing personal data by the use of CCTV is: For the legitimate interest of the Data Controller or that of other persons or organisations.
We will use the data obtained from CCTV images for the purposes set out below
For the purposes of,
- Good property management,
- Maintaining the security of the premises and the prevention and investigation of crime.
- To monitor goods and services.
- For health and safety.
- For Protecting the rights, property and for the personal safety of the occupiers of the buildings, including the staff and the tenants, visitors to the buildings including, the tenant’s staff, visitors to the building or premises including members of the public and those of Lee Baron.
- When you exercise your rights under data protection law and make requests
- Based on your consent. When you request us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf, or otherwise agreed to disclosures:
- For the security and wellbeing of equipment and vehicles
CCTV recorded images
Recorded images will be kept for a limited period only usually a maximum of 30 days and are then erased.
The exception being where images are required for evidential purposes or another legally valid reason including responses to your legal rights (subject rights).
The Data will be collected directly during any visits you make to the site in question.
Electronic Access Control the Lawful Basis for Processing Personal Data via the use of an Access Control System is:
For the legitimate interest of the data controller or that of other persons or organisations.
We will use your data for the purposes set out below
The data will be collected directly and may include a combination of the following Personal Data dependant on the system itself and its objectives.
Your photographic image
The company you work for
Your position within that company
Your vehicle registration number
Your address and contact details
The Access Control System may record the days / times that you enter and leave the premises.
This information will not be given to any third parties including your employer without first obtaining your permission and will not be used to make any automated decisions concerning your employment.
Prior to any of your data being entered or processed by or into an access control system you will be advised of the exact content of the required data and the purposes for which your data will be used.
You will have the right to question why the data is required and to object to anything that you do not want to be processed.
Where you give your consent to your personal data being processed you will have the right to withdraw that consent at any time.
Your data will only be kept within the access control system for the duration of time during which you asked to use the system to gain entry and to leave the premises where it is installed.
Following which your Data will be deleted from the system, for example when and if you are no longer employed in the building or are not intending to re-visit the building again.
We will process your personal data:
As necessary to comply with a legal obligation, e.g.:
- When you exercise your rights under data protection law and make requests:
- For compliance with legal and regulatory requirements and related disclosures:
- For establishment and defence of legal rights:
- For activities relating to the prevention, detection and investigation of crime:
- To verify your identity.
- For the security of the premises
- For Health and Safety
- For the safety and security of tenants, their employees and members of the public
- For Good property/estate management
Sharing of my personal data
Subject to applicable data protection law we may share your personal data with:
- Companies and other persons providing services to us:
- Courts and Law enforcement agencies to comply with legal requirements, and for the administration of justice:
- In an emergency or to otherwise protect our vital interests:
- To protect the security or integrity of our business operations and those of our tenants
- The tenants of the premises
- For Health and Safety
Automated decision making and processing
- Your data will not be used in order to make any automated decisions which may or could significantly affect you
Your rights under applicable data protection law
Your rights are as follows:
- The right to be informed about the processing of your personal data:
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed.
- The right to object to processing of your personal data:
- The right to have your personal data erased (the “right to be forgotten”)
- The right to request access to your personal data and information about how we process it (Subject Access requests)
- The right to move, copy, or transfer your personal data (data portability) and
- Rights in relation to automated decision-making including profiling
You also have the right to complain to the Information Commissioner’s office. It has enforcement powers and can investigate compliance with data protection law:
The contact details are as follows
The information Commissioners Office
Wycliffe House, Water Lane,
Wilmslow SK9 5AF
Telephone 0303 123 1113
Information Commissioners Office
2nd Floor, Churchill House,
Churchill Way, Cardiff, CF10 2HH
Information Commissioners Office
45 Melville Street,
Edinburgh EH3 7HL
Telephone 0131 244 9001
Information Commissioners Office
3rd floor, 14 Cromac Place,
Belfast BT7 2JB