GDPR Policy

GDPR Background

The General Data Protection Regulations (GDPR) came into effect on 25th May 2018, and the Board has implemented the policy below to comply and “legalise” all personal data held in our records. Although many of the concepts and principles in the new legislation are in line with those contained in the Data Protection Act (DPA), there are new elements and significant enhancements to consider. For example, the GDPR states that organisations must determine and document the lawful basis for holding personal data, explaining why it is required, how it is used and the consequence of it not being available.

GDPR Policy

The Company would submit that our lawful basis for holding personal data is to allow us to provide essential information; without such data we are unable to carry out our remit.  In the past that information flow has been achieved via post however the Board would like to take this opportunity to widen the channels of communication in order to provide a better service.  Of note, the new rules require us to formalise the holding of telephone numbers submitted by those who use them to gain access to the estate via the A’Beckets gate.

The data being held is:

Names

Addresses

Landline and/or mobile telephone numbers

Email addresses

The Company Secretary acts as the Company Data Protection Officer (DPO) and is responsible for holding and maintaining shareholder data and for obtaining consent.  All Directors will have access to the data which will be withheld from any third parties and stored either in a locked filing cabinet, or secure hard drive. Circulation lists on emails will be BCC (blind carbon copies) so that shareholders cannot access each other’s details. Residents are required to positively opt-in through the consent form or via email. Those who do not wish to opt-in will continue to receive information by post.  

In the event any shareholder wishes to inspect their personal information or withdraw consent, they need only contact the Company Secretary who will remove any relevant personal details from our files, except of course for name and address which relates to a shareholding. If a shareholder resigns or sadly passes away, all personal details will be destroyed within a reasonable period of time.
Feb 2021