Privacy Policy

ESHER PLACE RESIDENTS LIMITED (“EPRL”)

CONTENTS

A. STATEMENT

B. OUR PRIVACY PROMISE

C. EPRL DATA CONTROLLER

D. WHO WE ARE

E. YOUR ACCEPTANCE OF THIS POLICY AND OUR RIGHT TO CHANGE IT

F. WHAT IS PERSONAL DATA?

G. PRIVACY POLICY IN BRIEF

H. THE FULL POLICY

 

  • PRIVACY AND YOUR INFORMATION
  • WHAT INFORMATION DO WE COLLECT AND WHY?
  • HOW DO WE — USE THIS INFORMATION?
  • LEGITIMATE INTEREST
  • PRIVACY AND YOUR INFORMATION
  • WHY WE COLLECT INFORMATION ABOUT YOU
  • HOW RECORDS MAY BE SHARED WITH OTHER PROFESSIONALS
  • OTHER REASONS FOR SHARING RECORDS
  • HOW YOU CAN HELP US
  • HOW WE KEEP RECORDS SAFE
  • SHARING YOUR INFORMATION
  • STORING YOUR INFORMATION
  • YOUR RIGHTS
  • LINKS
  • DO WE — USE COOKIES?
  • FOR MORE INFORMATION
  • MAKING A COMPLAINT

A. STATEMENT

At EPRL we are committed to ensuring that your privacy is protected and respected in compliance with the EU General Data Protection Regulation (GDPR). EPRL aims to look after your personal information. This privacy policy sets out the basis upon which any personal information collected about you or your family, or that you provide to us, will be processed by us.

In Appendix 1 we give details of the Automated Number Plate Recognition system that is in use on the estate. The cameras and associated equipment are owned by, but not operated by, EPRL.

B. OUR PRIVACY PROMISE

We will endeavour:

  • To keep your data safe and private
  • Not to exchange or sell your data to another organisation
  • To only hold your information for as long as necessary
  • To make sure that you are in control of how we use your information and that you will always have the right to ask us to stop using it
  • To give you ways to manage and review your communication preferences at any time.

C. EPRL DATA CONTROLLER

The EPRL Data Controller is Paul Boughton, Director EPRL, paulvboughton@aol.com, 07771 520777, 11 Esher Place Avenue, Esher KT10 8PU

D. WHO WE ARE

EPRL is a “Not For Profit” company that exists to provide and maintain the Esher Place Estate for the benefit of all residents. We carry out maintenance, improvements and administration of the estate.

All of the Board members are volunteers who give their time freely to ensure that the estate is well maintained.

None of the directors are paid for their time contributed, and none have any vested interest other than acting for all residents to try to ensure that the estate is well maintained and provides an excellent environment for all of us to co-exist in.

As an organisation, EPRL is registered with the Information Commissioner in accordance with the General Data Protection Regulation. CHECK THIS

Our registered company number is 01207956

E. YOUR ACCEPTANCE OF THIS POLICY AND OUR RIGHT TO CHANGE IT

 

By using our website or providing your information, you consent to our collection and use of the information you provide in the way(s) set out in this policy. If you do not agree to this policy please consider carefully the use of our website or services.

We may make changes to this policy from time to time. If we do so, we will post the changes on this page and make sure it’s publicised clearly on our website. These changes will apply from the time we post them.

This policy was uploaded  on AAth  April 2019. If you have any queries about this privacy statement please contact the Data Protection Officer at EPRL.

F. WHAT IS PERSONAL DATA?

Personal data is information that can be used to help identify an individual, such as name, address, phone number, email address, and now includes online identifiers (eg Cookies and your IP Address, which is the location of your computer on the Internet).

 

G. PRIVACY POLICY IN BRIEF

  • We will never sell your data and we will never share it with another company or organisation for marketing purposes without your explicit consent
  • We will only share data where we are required to do so by law or with carefully selected partners who we work with
  • Our website use Cookies – for further information, check our Cookies policy at the end of this document.

H. THE FULL POLICY

This policy applies to the website we operate, our use of emails and text messages and any other methods we use for collecting information. It covers what we collect and why, what we do with your information and what we will not do with your information, and what rights you have.

 

PRIVACY AND YOUR INFORMATION

Q – What information do we collect and why? A – We will only ever collect information we need (including data that will be useful to help to improve our services).

We collect information as follows:

Personal information such as name, email address, postal address, telephone number. Personal data has been extended to include online identifiers such as IP addresses.

This information does not tell us anything about who you are, it simply allows us to monitor and improve our services. We collect this information in connection with specific activities such as collection of annual subscription, newsletter requests, feedback etc. The information is either needed to fulfil your request or to enable us to provide you with a more personalised service.

You may give us information about you when you:

  • Register with us to find out more information about the Esher Place Estate
  • Request publications, newsletters or other information from us
  • Report a problem with our website
  • Otherwise give us personal information (You may give us this information when you correspond with us by phone, email, via our website or otherwise)

We collect information about you to:

  • Provide you with the services, or information you have requested
  • Carry out EPRL administration functions
  • Prevent or detect fraud or abuses of our website
  • Enable 3rd parties (such as our property administrator) to carry out functions on our behalf
  • Send you information and communications about what we do and how we can help you and how you can help us
  • Look into, and respond to, complaints, legal matters or any other issues
  • We may need to share your information with our service providers and associated organisations working on our behalf – for administration purposes only. We will never share your information so that you are contacted by other organisations.

LEGITIMATE INTEREST

EPRL will process personal information for certain legitimate organisational purposes. For example, when you request to receive services or information from EPRL, we have a legitimate organisational interest to use your personal information to respond to you and where there is no overriding prejudice to you by using your personal information for this purpose.

This also includes some or all of the following:

  • Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of Esher Place Estate residents
    • Invoicing and collection of annual and other subscriptions
    • To identify and prevent fraud
    • To better understand how our resident shareholders interact with our website
    • To provide postal or email communications
    • To enhance the security of our network and information services.

You have the right, at any time, to object to EPRL processing your data in this way.

PRIVACY AND YOUR INFORMATION

In extreme circumstances, we could be required by law to share Records and may therefore be prevented from respecting your wishes not to share these Records.

HOW YOU CAN HELP US

You can help us by providing us with the correct details about yourself, and by letting us know if you have any particular wishes about sharing your Records. You can also help by letting us know when any of these details change.

HOW WE KEEP RECORDS SAFE

We take our obligations to keep your records safe very seriously. Everyone helping to administer EPRL, or who has received their Records from us, has a legal duty to keep records confidential.

SHARING YOUR INFORMATION

We will only share your information if:

  • We are legally required to do so eg compelled by a Court Order or required by a law enforcement agency legitimately exercising a power
  • We believe it is necessary to protect or defend our rights, property, or visitors to our website
  • We are working with a carefully selected partner that is carrying out work on our behalf. These partners may include, for example, ESH who administer records of households on the estate, invoicing and collection of annual contributions and maintenance. We only choose partners that we can trust.

We will only pass on personal data to them if they have signed a contract that requires them to:

o Abide by the requirements of the General Data Protection Regulations

o Treat your information as carefully as we would

o  Only use the information for the purposes it was supplied (and not for their own purposes or the purposes of any other organisation)

o Allow us to carry out checks to ensure they are doing all these things.

STORING YOUR INFORMATION

Information is stored by us on computers located in the UK. We may also store information in paper files.

By submitting your personal information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.

We place great importance on the security of all personal data and information. Whilst we cannot ensure or guarantee that loss, misuse or alteration of data will not occur while it is under our control, we comply with GDPR guidance on data storage and management to try to prevent this.

We will keep your information only for as long as we need it to provide you with the services or information you have requested, to administer your relationship with us, to comply with the law, or to ensure we do not communicate with you if you have asked us not to do so. When we no longer need information we will always dispose of it securely, as outlined in our data retention policy.

YOUR RIGHTS

The General Data Protection Regulations give you certain rights over your data and how we use it.

  • You retain control of how we use your data and you have the right to ask us to stop processing your personal information, which we will do. In some circumstances, we may legally be required to retain your personal information for legal or audit purposes. However, this will be discussed with you depending on your requirements.
  • You have the right to ask for a copy of the information we hold about you and, of course, to have any inaccuracies in your information corrected.

If you wish to exercise these rights, please contact Paul Boughton, Director EPRL, paulvboughton@aol.com, 07771 520777, 11 Esher Place Avenue, Esher KT10. You will need to complete a Subject Access Request Form and return it to us at the above address.

  • You have the right to object to our use of your personal information, or ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’ or the ‘right to be forgotten’. There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it. If you want to object to how we use your data, or ask us to delete it or restrict how we use it, please contact us in writing at: Paul Boughton, Director EPRL, paulvboughton@aol.com, 07771 520777, 11 Esher Place Avenue, Esher KT10

HOW TO WITHDRAW YOUR CONSENT

You can withdraw your consent at any time. Please contact us if you want to do so. If you wish to exercise these rights, please contact Paul Boughton, Director EPRL, paulvboughton@aol.com, 07771 520777, 11 Esher Place Avenue, Esher KT10 8PU

FOR MORE INFORMATION

For more information about your rights under the General Data Protection Regulation, go to the website of the Information Commissioner’s Office at www.ico.org.uk .

EPRL is not a ‘public authority’ as defined under the Freedom of Information Act and we will therefore not respond to requests for information made under this Act

MAKING A COMPLAINT

If you would like to make a complaint about how we process your personal data, please contact our Data Controller. If you are not happy with how your complaint is dealt with, you should contact the Information Commissioner’s Office (www.ico.org.uk ).

 

APPENDIX 1

AUTOMATED NUMBER PLATE RECOGNITION SYSTEM

Please find points relating to the GDPR below:

  1. The system is in place for the prevention and detection of crime on the Esher Place Estate.
  2. The above is predominantly achieved through the comparison of vehicle registration numbers against a national police database.
  3. Monitoring of the number plate data collected is done so entirely by Surrey Police on an exception basis. I am Surrey Police vetted but, I do not have access to this data.
  4. The data is transported via a secure VPN connection to Surrey Police. Footage from the cameras is also securely transported and stored in an encrypted format on Amazon’s cloud servers (AWS) for 30 days after which it is completely deleted. This footage is accessible by me on an exception basis and my access to the system leaves a trail that is possible to audit. No-one else has access to the system.
  5. The system has been designed to be resilient against hacking (theft of data and DDOS attacks)
  6. The cameras are checked weekly by me to ensure they are operating correctly.
  7. Whilst the cameras are there to protect residents, information (data) from the cameras cannot be “ordered” from me. Where a crime has been committed I request that the victim reports the crime and provides me with the crime / incident number, then with the number, I ensure that Surrey Police marry this with any footage and number plate data from the cameras.