Last updated: 15th July 2024
The Purpose of this privacy notice is to explain how Simarc Property Management Limited referred to as Simarc hereafter, processes personal data to fulfil its data protection responsibilities. Simarc will provide specific privacy notices for clients, such as leaseholders, and third parties as required. Simarc is part of the Albanwise Wallace Estates group (the Group) which comprises a diverse group of businesses operating in the UK.
The Role of Simarc in data protection terms is that of a data controller where it determines the purpose and the way it uses any personal data it requests and collects. Thereafter, the processing of it becomes the responsibility of the Group privacy manager (PM) contactable using privacy@albanwisewallaceestates.com, who ensures that all processing is undertaken in accordance with the latest UK data protection legislation.
Simarc has a legitimate interest to provide effective management services on behalf of the Group’s freeholders to ensure the best possible leaseholder/resident experience, and in this role it serves as a data processor (under the instruction of the group’s freeholders).
The sort of personal data collected by Simarc will be basic contact details sufficient to be able to respond to general enquiries and then sufficient details to administer our contract with you, as required.
Simarc’s duty of confidentiality means that our staff will treat your personal data with due respect and in confidence. It is only disclosed to those that need to know it. We expect the same duty of confidentiality from all third parties with whom Simarc shares personal data and where appropriate, data processing agreements are in place. Simarc uses reasonable organisational and technical measures to ensure personal data is kept secure. These include having contractual obligations with those organisations with whom we share personal data, such as within the Group, and data processing agreements with those organisations that perform certain processing activities on our behalf. Sharing is kept to a minimum and the list of organisations that might receive your personal data is reviewed regularly. All processing undertaken by Simarc staff takes place on-site and/or agreed off-site locations, but all within the UK.
Simarc processes personal data against a lawful basis and such instances are described below:
- We will pursue our legitimate interests:
- to respond to your general enquiries and stay in touch with you for marketing purposes
- to provide our services to the Freeholders whose properties we are managing
- To comply with our legal obligations
- When processing for a pre-defined purpose for which your consent will be sought prior to the processing commencing – please note that consent can be withdrawn at any time by contacting the Group PM
In all cases the processing of personal data by Simarc shall be done in accordance with the principles of data protection.
Simarc will share personal data, on a ‘need to know’ basis with some or all of the following:
- IT support companies that are subject to a data processing agreement
- Third-party professional service providers that we engage to provide our services, all of which are subject to a data processor agreement
- Other third-party organisations that we may refer you to, but only with your prior permission
- Other businesses in the Group that are subject to a data sharing agreement
- Unspecified recipients but only when compelled to do so for legal reasons
Simarc will process your personal data in the UK and all business data, including email, are backed up using a replicated systems based in the UK and Ireland.
Simarc follows a retention schedule to determine the length of time it holds different types of personal data. The retention schedule is shown below:
- Routine correspondence for casual and contract related business in hard copy or in emails will be stored for the current tax year plus 6 years. Contact data is stored indefinitely unless a valid request to erasure is received from the interested data subject.
- By exception, documentation that includes personal data may be retained by Simarc beyond the schedule, but only for a specific purpose and only when Simarc believes it has a legitimate interest or a legal obligation to do so.
At the end of the retention schedule Simarc will either return, destroy or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, it will put it beyond operational use. It should be noted that Simarc allows up to 3 months after the retention schedule to complete the action.
The Simarc website uses non-essential cookies (and other technologies) but these will only be downloaded onto your device if you give permission through the cookie consent management platform – please see our cookie notice for an explanation of the cookies being used.
The UK General Data Protection Regulation defines the rights that you have, although these do not apply in all situations. For convenience, these rights are shown below:
- Right to be informed as to how we process your personal data – this is done through this notice
- Right to access your personal data held by us which is done by making a ‘Data Subject Access Request’ (DSAR) to the Group PM
- Right to rectification of your personal data if you believe we have collected it incorrectly or it needs to be updated
- Right to erasure of your personal data for which we no longer have a legitimate purpose to process
- Right to restrict processing under certain circumstances, during which time your personal data but will be out of operational use until the related matter is resolved
- Right to data portability of your personal data in a machine-readable version, but this only applies to data that has been provided with consent or under contract
- Right to object to Simarc processing your personal data for which it does not have a legal or contractual obligation
- Rights related to automated decision making and profiling (although we do not use these techniques in its decision making)
Further details on data subjects’ rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.
Raising concerns, exercising rights or making queries about our processing of your personal data can be done by contacting the Group PM. Be aware that we will need to verify your identity before responding fully. This may involve asking you for documentary proof that, in context, will enable us to confirm your identity. Alternatively, you may contact the ICO directly without referring to us first, although naturally we would welcome the first opportunity to address your concerns or queries.