Under GDPR, personal data held by us must follow the core principals here in.
- Processing is transparent, fair and lawful.
- Data collected is for legitimate and specific purposes.
- Data collected is relevant to and limited to what is required for the purpose of processing.
- Data will be kept up to date and rectified where inaccurate as soon as possible.
- Data is processed in a way that ensures that the correct security of personal data including accidental loss, destruction or unauthorised use is dealt with using appropriate technical or organisational measures.
- GDPR procedures are complied with for the transferring of personal data internationally.
- Eiddo Cyf will hold various types of data in order to process information and conduct business in an efficient and legal manner.
- Specifically, we hold your name, address, telephone number and email.
- We will hold photographic and or photocopied documents, such as passport, driving license, bank statements, council tax statements in accordance with the Money Laundering Regulation 2003 and Proceeds of Crime Act 2002.
- We shall sometimes request your income details in order to carry out an affordability assessment for rental properties.
- Your data will be collected at various stages, and this is kept in secure files and or within the company’s IT system.
LAWFUL BASIS FOR PROCESSING DATA.
- Business to business and customer contact.
- Marketing information purposes.
- Your data will be processed to comply with GDPR and will be held for as long as is legally required or no longer necessary.
- Employees of Eiddo Cyf who have the responsibility for processing your data will comply with GDPR guidelines. All employees have been informed of GDPR required procedures to conduct their daily business requirements.
- We may share your data with other parties, with your authorisation, to facilitate quotes or access. This would specifically include financial services, surveyors, and solicitors. There may be other reasons to share data to comply with legal obligations put upon us. Third parties must ensure the data provided is not compromised and in turn implement appropriate technical and organisational measures to ensure the security of your data under GDPR.
- We do not share your data with bodies outside of the European Economic Area.
PROTECTING YOUR DATA.
Eiddo Cyf are aware of the requirements under GDPR to ensure your data is protected against accidental loss, disclosure destruction or abuse. Processes have been implemented to protect against this.
DATA RETENTION PERIOD.
We will hold your data for as long as we need to conduct business with you or as long as you allow us to hold your data. Some data retention periods are set by Law and can vary depending on why we need your data and for that reason we may not be able to delete your data.
YOUR RIGHTS A DATA SUBJECT.
Your rights to the data Eiddo Cyf hold on you.
- To request a copy of the information we hold on you.
- To request any inaccuracies are corrected on data we hold on you in a timely fashion.
- To request that data we hold on you is erased. In certain circumstances this may not be possible as it falls outside of the Law and requirements of professional bodies.
- The right to transfer your data we hold on you to another party.
- The right to object to the inclusion of data.
If you believe your data rights have been breached in anyway by Eiddo Cyf you are able to speak to our appointed compliance officer Mr Rhys Jones 01407 761403.
Should you wish to raise this directly to the Information Commissioner ( ITU ) they can be contacted at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 SAF. Telephone 0303 123 1113.
Data will be held in accordance with HMRC, AML and ICO requirements.