PRIVACY AND GDPR POLICY

1. DATA PRIVACY NOTICE

Surveying Corp. values the personal information you provide to us. This Data Privacy Notice explains how we protect your personal data and how you can control how we use your personal information.

1.1 Your rights under data protection legislation:

You have the following rights under Data Protection Legislation, which we commit to upholding:

  1. The right to be informed about the collection and use of your personal data. Refer to this Privacy Notice or contact us for more details.
  2. The right to access your personal data held by us, as explained in Part 3.
  3. The right to rectify inaccurate or incomplete personal data. Contact us for corrections.
  4. The right to request the deletion of your personal data (right to be forgotten). Inquire for details.
  5. The right to restrict processing of your personal data.
  6. The right to object to the use of your personal data for specific purposes.
  7. The right to withdraw consent if we rely on it for processing your personal data.
  8. The right to data portability, allowing you to request a copy of your data for reuse.
  9. Rights regarding automated decision-making and profiling, which we do not employ.

For more information or to exercise your rights, contact us (Part 4). Keep your data accurate and updated, informing us of changes.
If you have any concerns regarding how we handle your data, we encourage you to first contact us. However, if needed, you also have the option to file a complaint with the Information Commissioner’s Office.

2. DATA COLLECTION

Depending on your use of Our Site or Services, we may collect and hold personal and non-personal data outlined below. We do not collect special category data, sensitive personal data, data about children, or data related to criminal convictions.

2.1 THE INFORMATION WE COLLECT

We only collect information that you give us in the course of us providing you with a service that you have requested, or when you ask us to contact you. Sometimes other companies may pass on your contact details, but we check that you have given permission to do this. Ordinarily, we will only ask for the following information:

  1. Identity Information:
    1. Name, contact details, bank account information, or any data allowing identification.
    2. Obtained through our website or our affiliates’ websites.
    3. Collected during meetings, conferences, or business events.
  2. Validation Information:
    1. Information used for identity validation, like passport or proof of residency.
    2. Used to confirm your identity.
  3. Contact Information:
    1. Phone number, email address, and postal address.
    2. Obtained through our website, affiliates’ websites, or collected during meetings.
  4. Business Information:
    1. Business name, job title, profession.
    2. Gathered from our website, affiliates’ websites, or collected during meetings.
  5. Payment Information:
    1. Card details, bank account numbers.
    2. Provided in connection with payment for our services.
  6. CCTV Footage:
    1. Recorded on a DVR and securely stored at the managed site. Ensured safe and secure management.
  7. Cookies:
    1. Cookies are small text files that we use to improve your experience of our website. The cookie file is generated by our website and is accepted and processed by your computer’s browser software. You can disable the cookies using your browser’s options, although if you do this you may not be able to use some of the services shown on this site.

2.2 DATA RETENTION

We endeavor to keep the following types of data for the duration of our legitimate business or legal requirements (up to a maximum of 6 years):

  1. Identity Information
  2. Validation Information
  3. Contact Information
  4. Business Information
  5. CCTV Footage

After this period, we will securely and safely delete this data. If you prefer the deletion of your information, please contact us at [email protected].

2.3 HOW WE USE YOUR DATA

We use the information you give us in the following ways:

  1. Provide you with the service or information you’ve requested.
  2. Keep you informed and updated on relevant products you may be interested in.
  3. Improve our website and the range of services and products we provide.
  4. Provide you with useful information about data news, events and conferences.
  5. To detect, prevent and address technical issues
  6. Administer your account.
  7. We do not store credit card details.

2.4 WHO WE SHARE YOUR DATA WITH

We will not share your data with any other company without your prior consent. We will never sell your data to another company. We will refrain from sharing your personal data with any third parties for any purposes, except for the specified exceptions below:

  1. If we sell, transfer, or merge portions of our business or assets, your personal data might be transferred to a third party. The new business owner would then continue using your personal data in the same manner outlined in this Privacy Policy.
  2. Under specific legal circumstances, such as legal proceedings, compliance with legal obligations, court orders, or government authority instructions, we may be compelled to share certain personal data, including yours.
  3. Additionally, we may need to disclose data to tradesmen or contractors for the performance of service charge management duties, such as urgent repairs. This may also include sharing information with accountants for end-of-year accounts and solicitors for legal action related to covenant breaches.

We take data protection and data security very seriously. We have implemented a number of organizational and technical measures to ensure that only the people who need to see the data are allowed access and that the data is protected when stored and transmitted.

3. DATA SUBJECT ACCESS REQUEST (DSAR)

This policy outlines the internal procedures for managing data subject access requests received by the Surveying Corp. The guidance within this policy is designed to ensure that such requests are handled in a systematic, transparent, and equitable manner.
The Data Protection Act 2018/General Data Protection Regulation (GDPR) confers upon all individuals the right to access their personal data held by any organization. This right can be exercised easily and at reasonable intervals, allowing individuals to be informed about and verify the lawfulness of the processing.

3.1 How Can I Access My Personal Data?

  1. If you wish to inquire about the personal data we hold about you, you can request details and a copy of it through a ‘subject access request.’ To facilitate this process, please submit all subject access requests in writing to the email or postal addresses specified in Part 4.
  2. Subject access requests are typically free of charge. However, if a request is deemed ‘manifestly unfounded or excessive,’ such as repetitive requests, an administrative fee may apply.
  3. We commit to responding to your subject access request within 30 days, and in no event later than one month from its receipt. Our goal is to provide a thorough response, including a copy of your personal data, within this timeframe. If your request is more intricate, additional time, up to a maximum of three months from receipt, may be necessary. Throughout this process, we will keep you fully informed of our progress.

3.2 HANDLING DATA SUBJECT ACCESS REQUESTS

Data Protection Officer: Ahmad Ammar
Email address: [email protected].
Telephone number: 020 8068 2938
Postal address: 3 Station Road, Chadwell Heath, Essex, London, RM6 4BE.

  1. The Data protection officer is responsible for the handling of data subject access requests made to The Surveying Corp.
  2. Once received, the data protection officer will investigate and respond to the request accordingly, taking into account the requirements of the Data Protection Act 2018/GDPR.
  3. All other employees are prohibited from responding to any data subject access request and for the purposes of this policy are defined as “unauthorised employees”

3.3 DEFINITIONS

“Information asset” “Information asset” refers to a set of data in hardcopy/ manual or electronic format (e.g., paper records, databases, systems)
“Data subject” means the person who the personal data relates to
“Personal data” this is data which relates to a living individual who can be identified (a)from that data, or (b) from the data and other information which is in the possession of, or is likely to come into the possession of, the data controller and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
“GDPR”/Data Protection Act 2018 this is data which relates to a living individual who can be identified (a)from that data, or (b) from the data and other information which is in the possession of, or is likely to come into the possession of, the data controller and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
“GDPR”/Data Protection Act 2018 Data Protection Act/GDPR came into force in 2018. It harmonizes data protection laws across the EU and updates the previous regulations to take full account of globalization, and the ever-changing technology landscape. Businesses will now need to demonstrate that they comply with the regulation when handling personal data. The Act/Regulation applies to any company processing the personal data of individuals in the UK/EU in relation to offering goods and services, or else to monitor their behavior. Significant penalties can be imposed on employers who breach the Data Protection Act 2018/GDPR, it is therefore very important that businesses meet all the requirements, one of which is the processing of subject access requests.
 

3.4 Who is eligible to submit a data subject access request?

The following individuals are authorized to make a data subject access request:

  1. The individuals themselves.
  2. A representative nominated by the individual to act on their behalf, such as solicitors or a relative, with valid consent from the individual granting this authority.
  3. Data subject access requests can be made in any form, including verbally, in writing, via post, email, telephone and social media.

3.5 Individuals requesting their own personal data will need to provide the following

  1. Signed consent from the data subject stating that the requestor has their permission to make the request on their behalf.

3.6 Individuals requesting the personal data of another individual will need to provide the following

  1. Photographic proof of identity (e.g. passport or full UK driving license)
  2. Proof of address (e.g. recent utility bill, bank statement)

3.7 What information can they request?

Subject access is most often used by individuals who want to see a copy of the information an organization holds about them. However, subject access goes further than this and an individual is entitled to be:

  1. told whether any personal data is being processed
  2. given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organizations or people
  3. given a copy of the personal data; and
  4. given details of the source of the data (where this is available).
  5. An individual can also request information about the reasoning behind any automated decisions taken about him or her.

4. CONTACT DETAILS

Data Protection Officer: Ahmad Ammar
Email address: [email protected].
Telephone number: 020 8068 2938
Postal address: 3 Station Road, Chadwell Heath, Essex, London, RM6 4BE.

CHANGES TO THIS PRIVACY POLICY

We may change this privacy notice from time to time—when we do, we will inform you via our website or by email [email protected]