Data Protection Code of Practice
Our data protection code of practice lays out our procedures that ensure Vesper Group Limited and our employees comply with The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Vesper Group Limited is registered with The Information Commissioner’s Office as a Data Controller.
What data do we store?
To provide our landlords, tenants, buyers and vendors with a high standard of service we need to hold their personal information in line with GDPR. This personal data may include:
- Copies of passports, bank statements, tenant references, other forms of identification such as ID cards, bank account details and personal details such as date of births, address, telephone number, email address.
- Any correspondence relating to you with other landlords, tenants, vendors and buyers.
- We do not store credit or debit card details.
What do we use your data for?
We need to keep comprehensive and accurate personal data about landlords, tenants, vendors and buyers to comply with current regulations in accordance with the Estates Agents Act and as a means to comply with lettings regulations such as ‘Right to Rent’.
SMS/email notifications and marketing
We occasionally send you information via the above means. This information includes appointment reminders for viewings and occasional marketing notifications. Should you wish not to receive this type of information kindly ask our team to remove your consent to receive marketing information. Please note if you are a current active landlord, tenant, vendor or buyer will need to keep all your details on file due to Ant
What software do we run to manage data?
We use the following software to store and handle our data. All software systems are fully or are working towards being fully GDPR compliant by 25th May 2018.
- JUPIX (Part of the Property Software Group)
- XERO Accounting
- Microsoft 365 Suite
- Goodlord, Tenant Shop
- Van Mildert, Rent 4 Sure & FCC Paragon
- Credit Builder (Experian)
Security of information
The data is stored on cloud-based software hosted on the above-named companies’ servers.
Disclosure of information
In order to provide references and AML checks, we may need to disclose personal information about you to:
- Referencing Agencies
- Utility companies and the local authority
Disclosure will take place on a ‘need-to-know’ basis (only that information that the recipient needs to know will be disclosed).
In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your property. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent.
All data is retained for the appropriate lengths of time in compliance with all applicable legal, regulatory and contractual requirements. We will retain your records while you a client or ours and even when you move out or go with another agent. We will not keep your data for more than ten years. Once this period has lapsed, your digital data is archived and only deleted if specifically requested.
Access to your data
You have the right of access to the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to the accounts department at firstname.lastname@example.org. We may ask you to confirm your identify and provide the relevant consents.
If you do not agree
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with the team. You have the right to object; however, this may affect our ability to provide you with an ongoing level of service.