Privacy Policy
1. Background
This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all services, and instances where we collect your personal data.
This privacy notice applies to personal data processed by or on behalf of James Gibb Property Management Ltd.
Changes to this privacy notice
We may change this privacy notice on occasion, to reflect changes in the law and/ or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – https://www.jamesgibb.co.uk
Our Company and Data Protection Officer
We are James Gibb Property Management Ltd, we have 4 offices in Scotland, Bellahouston, Edinburgh, Dundee, Aberdeen and Glasgow, with Bellahouston being designated Head Office. Our Head Office address is Bellahouston Business Centre, 423 Paisley Road West, Glasgow, G51 1PZ.
We have a nominated data protection officer (“DPO”). You can contact the DPO by writing to the above address, marking it for the attention of the DPO, using the Contact Us form on our website, or by e-mail to DPO@jamesgibb.co.uk
2. What kinds of Personal Data about you do we process?
Personal Data that we will process about you includes:
- Personal and contact details, such as title, full name, contact details and contact details history.
- Data about property, such as location, value, (for insurance purposes, if applicable), property type and any repairs and maintenance work we have carried out on behalf of the registered owners.
- Personal and contact details of any named person who you have authorised to act on your behalf in relation to the service we provide or managing the account you have with us, such as letting agent, relative, solicitor. (please note the authorisation must be provided in writing confirming the named persons details).
- Records of contact with us, such as letters, e-mails, contact via our website, client portal or the James Gibb + App.
- Data relating to client property and account, such as Income Recovery Actions.
- Data about the use of services held with our business partners, such as Insurance policies.
- Financial details relating to an account, such as Bank details, (if payment method is direct debit).
3. What is the source of your personal Data?
We will collect personal Data from the following general sources:
- From you directly, and any Data received from a third party named person on the account.
- Data generated about you during the provision of our services.
- Business partners, such as insurers, (if applicable), and others who are part of providing services or operating our business.
- From other sources, such as publicly available Data, debt recovery and / or tracing agents, Registers of Scotland.
4. What do we use your personal data for?
We use your personal data, for the following purposes:
- Managing your property and services you have with us.
- Managing your account with us.
- Providing you with Data relating to our services.
- Updating our records, tracing your whereabouts and recovering debt.
- Managing any aspect of the services we provide.
- Monitoring the performance of our services and internal processes.
- To improve the operation of our business and that of our business partners.
- To follow guidance and best practice under the change to rules of government and regulatory bodies.
- For management and auditing of our business operations including accounting.
- To monitor and to keep records of our communication with you and our staff.
- To administer our good governance requirements such as internal reporting and compliance obligations.
- To comply with legal and regulatory obligations, requirements and guidance.
- To share data as needed with business partners, such as, contractors who provide services to you, debt recovery agent, insurers.
- To share data with other agencies such as the police, for the prevention / detection of crime.
5. What are the legal grounds for our processing of your Personal Data (including where we share it with others)?
Where it is needed to provide you with our services, such as:
- Managing the services, we provide to you or the contact data where you have asked us to provide you with our services.
- Updating your account details, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate).
- Sharing your personal data with business partners as required, and service providers. i.e. to provide contractors access details.
- All stages and activities relevant to managing the service including enquiry, administration and managing of accounts.
Where it is in our Legitimate interests to do so such as:
- Managing your services and account, updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt, (where appropriate).
- To perform our services and internal processes.
- To follow guidance and best practice of government and regulatory bodies.
- For management and audit of our business operations, including accounting.
- To carry out monitoring and to keep records of our communications with you and our staff.
- To administer our good governance requirements such as internal reporting and compliance obligations.
- Where we need to share your personal Data with people or organisations to run our business or comply with any legal and / or regulatory obligations.
- To comply with our Legal obligations.
With your Consent:
- For some “marketing” communications.
For a Public interest, such as:
- Processing special categories of personal data, such as health or if you are a vulnerable client.
6. When do we share your personal Data with other organisations?
We may share Data with the following third parties for the purposes listed above:
- Service providers, such as contractors to make contact with you regarding access arrangements.
- Business partners such as, insurers, debt recovery agents, or others who are part of providing your services or operating our business.
- Government or regulatory bodies, such as HMRC, the Financial Conduct Authority, the Information Commissioners Office and The First Tier Tribunal for Scotland, (Housing and Property Chamber).
- Other organisations and businesses who provide services to us, such as, back up and server hosting providers, IT software and maintenance providers and providers of other back office functions.
Please note, we do not sell your personal details to third party.
7. How and when can you withdraw your consent?
Where we are relying on your consent to process personal data, you can withdraw this at any time. i.e. for some “marketing” communications.
8. Is your personal Data transferred outside the UK or the EEA?
We do not anticipate transferring your personal data outside of the UK or the European Economic Area, but if our back up/ server uses “Cloud” services which may be outside of these areas, we will make sure that suitable security and safeguards are in place.
9. What should you do if your personal Data changes?
You should tell us so that we can update our records. You can do this by sending us an e-mail, writing to us, or by using the Contact Us form on our website.
10. Do you have to provide your personal Data to us?
We require your personal data to fulfil our legitimate obligations in providing service to property owners.
11. Do we do any monitoring processing of your personal Data?
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, e-mail, text messages, letters, in person (face to face) meetings and other communications.
We will monitor where permitted by law and will do this where the law requires it, or to comply with regulatory rules, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This data may be shared for the purposes described above.
12. What about automated decision making?
We do not use automated decision making in either the provision of our services to you or managing your account.
13. For how long is your personal Data retained by us?
Unless we explain otherwise to you, we will retain your personal data based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationships with you and managing our operations.
- For as long as we provide services to you and then for as long as someone could bring a claim against us / you in relation to the services we provided on your behalf.
- Retention periods in line with legal and regulatory requirements or guidance.
14. What are your rights under General Data Protection Regulations (GDPR)?
Here is a list of the rights that all individuals have under the General Data Regulations which applies from 25th May 2018. They do not apply in all circumstances. If you wish any clarification on these, please contact our Data Protection Officer by e-mail to DPO@jamesgibb.co.uk .
- The right to be informed about the processing of your personal data. We do this by adding our privacy notice to our website which is available in paper copy on request.
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed.
- The right to object to processing your personal data. i.e. if your data is being used for marketing purposes.
- The right to restrict your personal data. In certain circumstances, i.e. if you contest the accuracy of your personal data we use.
- The right to have your personal data erased, i.e. when we no longer require to store your personal data.
- The right to request access to your personal data and to obtain information about how we process it. This is a “Subject Access Request”, request must be in writing and addressed the Data Protection Officer, using the details provided in the Contact Us section below.
- The right to move, copy or transfer your personal data (“data portability”). This right only applies where we require your Consent to process your personal data (i.e. Marketing)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you. James Gibb residential factors do not use Automated decision making in any of its processes.
You have the right to complain to the Information Commissioner’s Office which enforces all data protection regulations and laws: https://ico.org.uk
15. Your right to object
You have the right to object to certain purposes for processing, to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by using the Contact Us form on our website.
16. What are your marketing preferences and what do they mean?
If you have opted to receive marketing information from us, you can stop this at any time by using the Contact Us form on our website.
We may use your home address, phone numbers, e-mail address and social media channels (for example, Facebook, Google and message facilities in other platforms).
Contact Us
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by using the Contact Us form on our website.
Alternatively, you can write to us: The Data Protection Officer, James Gibb Property Management Ltd, Bellahouston Business Centre, 423 Paisley Road West, Glasgow, G51 1PZ. You can also e-mail by contacting the DPO on DPO@jamesgibb.co.uk