Privacy Policy

Cullen Property Limited – Privacy Notice

Contents

Introduction

This privacy notice explains what to expect when Cullen Property Limited collects personal information. It explains what information we collect, when we collect it and how we use it. During the course of our activities we will process personal information (which may be held on paper, electronically, or otherwise) and we recognise the need to treat it in an appropriate and lawful manner.

About us

We, Cullen Property Limited, 30 Rutland Square, Edinburgh, EH1 2BW, take the issue of security and data protection very seriously and strictly adhere to guidelines published in the Data Protection Act of 1998 and the General Data Protection Regulation (EU) 2016/679 which is applicable from the 25 May 2018, together with any domestic laws subsequently enacted.

We are notified as a data controller with the Information Commissioner’s Office (ICO) under registration number ZA054717 and we are the data controller of any personal data that you provide to us.

Any questions relating to this notice and our privacy practices should be sent to dataprotection@cullenproperty.com. Alternatively, you may contact us in any of the following ways:

Personal Information

“Personal Information” is information that identifies you as an individual or relates to an identifiable individual, such as:

  • Name;
  • Postal address;
  • Telephone number;
  • Email address;
  • Bank details.

We collect personal information in a number of ways:

  • Through your use of our services, such as when you sign up to receive our newsletters, when you engage us to let out a property or when you rent a property through us;
  • When you use our website;
  • When you engage with us about our services, for example to provide feedback or lodge a complaint;
  • If you are a current or prospective employee.

Use of Personal Information

We will use the information we have collected from you to:

  • undertake and perform our obligations and duties to you in accordance with the terms of our contract with you;
  • enable us to supply you with the services and information which you have requested;
  • enable us to respond to your repair request, housing application and complaints made;
  • analyse the information we collect so that we can administer, support and improve and develop our business and the services we offer;
  • contact you in order to send you details of any changes to our services or supplies which may affect you;
  • contact you in order to send you details of any newsletters, information or investment opportunities which you have requested to routinely receive from us;
  • contact you for your views on our products and services;
  • carry out all other processes for purposes consistent with the proper performance of our operations and business.

Our legal bases for processing your information are:

  • Contract – To provide services and fulfil our obligations for example as set out in our Terms of Business and in our role as agent in managing tenancy agreements. Without the provision of your personal information we shall be unable either to manage a property for you or let a property to you;
  • Consent – Where you have consented to receive newsletters and marketing materials from us;
  • Legal Obligation – Where we are required to process your information to comply with a legal requirement, for example in connection with the licensing of Houses in Multiple Occupation;
  • Legitimate Interest – Where this is appropriate in accomplishing our business purposes, for example for enhancing, improving and modifying our services or analysing the information we collect.

The information we collect about you depends on the purpose you wish to engage with us, as follows:

Landlord

If you are a Landlord for whom we let or manage property, we collect information about you:

  • when you instruct us to manage your property, or find a tenant for you, when you request services or advice from us or enter into a Client-Agent Terms of Business agreement with us;
  • from your use of our online services, when you request information from us, make a complaint or otherwise;
  • from your arrangements to make payment to us or from your request for us to make payments to you (such as bank details).

We collect the following information about you:

  • Name;
  • Home address (including proof of address);
  • Telephone number;
  • email address;
  • Passport and/or driving licence details (ID verification);
  • Date and place of birth;
  • Bank details;
  • Landlord Registration Number.

We receive the following information from third parties:

  • payments made by you to us;
  • HMRC Non-Resident Landlord numbers.

We may share relevant information as necessary with:

  • Tenants;
  • The City of Edinburgh Council, in connection with Council Tax, House in Multiple Occupation (HMO) licensing, planning and building warrant applications and dealing with any tenancy issues raised with the Council;
  • Utility companies in connection with the supply of gas and electricity when your property is not let;
  • Contractors when they need access to your property to carry out work;
  • Surveyors if you ask for your property to be valued;
  • Insurance providers and brokers in connection with the provision of buildings and contents insurance;
  • Factors where your property is in a factored development;
  • HMRC where we have a legal obligation to provide personal information;
  • Neighbours and the general public where we are required by law to post a site notice, for example in connection with an HMO application.

Prospective Investor

If you are a Prospective Investor who engages us to introduce and receive advice about potential properties for purchase, we collect information about you:

  • when you engage with us to source a property, discuss or request services or advice from us, or enter into a Client-Agent Terms of Business agreement with us;
  • from your use of our online services, when you request information from us, make a complaint or otherwise;
  • from your arrangements to make payment to us of from your request for us to make payments to you (such as bank details).

We collect the following information about you:

  • Name;
  • Home address (including proof of address);
  • Telephone number;
  • email address;
  • Passport and/or driving licence details (ID verification);
  • Date and place of birth;
  • Landlord Registration Number.

We may share relevant information as necessary with:

  • Vendors, agents, solicitors, surveyors and other professionals involved in the sale and purchase of property;
  • Financial advisors and lenders if you request assistance in arranging a mortgage;
  • Architects and building contractors if works are required to a property;
  • Insurance providers and brokers in connection with the provision of buildings and contents insurance.

Opting in and newsletter recipient

If you are opting-in to receive our newsletters and other marketing information from us, we collect information about you:

  • when you register to receive email marketing communications from us, or request services or advice from us by providing more information at the point of opting in.

We collect the following information about you:

  • Name;
  • Telephone number;
  • email address;
  • any other information you may provide such as investment amounts or plans.

We may share relevant information as necessary with:

  • Our marketing and IT service providers who have access to our client database and mailing list.

Opting in and newsletter recipient

If you are opting-in to receive our newsletters and other marketing information from us, we collect information about you:

  • when you register to receive email marketing communications from us, or request services or advice from us by providing more information at the point of opting in.

We collect the following information about you:

  • Name;
  • Telephone number;
  • email address;
  • any other information you may provide such as investment amounts or plans.

We may share relevant information as necessary with:

  • Our marketing and IT service providers who have access to our client database and mailing list.

Tenant / Prospective Tenant

If you are a Tenant who rents a property through us, we collect information about you:

  • when you view a property or apply for a property with us, become a tenant, request services/repairs, enter in to a tenancy agreement with ourselves or otherwise provide us with your personal details;
  • from your use of our online services, whether to report any tenancy related issues, make a complaint or otherwise; from your arrangements to make payment to us (such as bank details, payment card numbers, employment details, benefit entitlement and any other income and expenditure related information).

We collect the following information about you:

  • Name;
  • Address;
  • Telephone number;
  • Email address;
  • Date of birth;
  • National Insurance number;
  • Bank details
  • Guarantor’s name;
  • Employer/University details;
  • Income and/or savings;
  • Criminal convictions;
  • Any special access needs.

We receive the following information from third parties:

  • benefits information, including awards of Housing Benefit/Universal Credit;
  • payments made by you to us;
  • information from tenant referencing agencies;
  • complaints or other communications regarding behaviour or other alleged breaches of the terms of your contract with us, including information obtained from Police Scotland;
  • reports as to the conduct or condition of your tenancy, including references from previous tenancies, and complaints of anti-social behaviour.

We may share relevant information as necessary with:

  • Your landlord;
  • Reference agencies if we are obtaining references to support your application to rent a property;
  • Utility companies in connection with the provision of gas and electricity supplies;
  • The City of Edinburgh Council to register for Council Tax;
  • Banks and other payment processors in connection with the administration of rent or other payments;
  • Tenancy deposit schemes;
  • Contractors and architects when they need access to your property to assess and carry out work;
  • Surveyors if your Landlord asks for your property to be valued;
  • Insurance providers and brokers in connection with the provision of buildings and contents insurance;
  • Factors where your property is in a factored development;
  • Third parties assisting in the compilation and analysis if we are conducting a survey of our products and services;
  • Police Scotland, local authority departments, Scottish Fire & Rescue Service and others involved in any complaint, whether investigating the complaint or otherwise;
  • The First Tier Tribunal for Scotland (Housing and Property Chamber) and any others involved in investigating breaches of tenancy or other tenancy related issues.

Guarantor

If you are/will be acting as Guarantor for a tenant renting a property through us, we collect information about you:

  • when your guaranteed tenant submits an application form to rent a property from us, sign a tenancy agreement with us or otherwise provide us with your personal details;
  • from your use of our online services,
  • from your arrangements to make payment to us (such as bank details, payment card numbers, benefit entitlement and any other income and expenditure related information).

We collect the following information about you:

  • Name;
  • Address;
  • Telephone number;
  • email address;
  • Date of birth;
  • National Insurance number;
  • Employer details;
  • Income and/or savings.

We receive the following information from third parties:

  • benefits information, including awards of Housing Benefit/Universal Credit
  • payments made by you to us;
  • complaints or other communications regarding behaviour or other alleged breaches of the terms of your contract with us, including information obtained from Police Scotland;
  • reports as to the conduct or condition of your tenancy, including references from previous tenancies, and complaints of anti-social behaviour.

We may share relevant information as necessary with:

  • The landlord;
  • Reference agencies if we are obtaining references to support your application to rent a property;
  • Banks and other payment processors in connection with the administration of rent or other payments;
  • The First Tier Tribunal for Scotland (Housing and Property Chamber) and any others involved in investigating breaches of tenancy or other tenancy related issues.

Engaging With Us

If you are engaging with us to make any other enquiry, provide feedback about our services or lodge a complaint with us, we collect information about you:

  • when you contact us to engage with us whether in person, or via telephone, email, letter, online review, website or otherwise provide us with your personal details;
  • from your use of our online services;
  • from your arrangements to make payment to us (such as bank details, payment card numbers, benefit entitlement and any other income and expenditure related information).

We collect the following information about you:

  • Name;
  • Address;
  • Telephone number;
  • email address.

We may share relevant information as necessary with:

  • Landlords;
  • Tenants;
  • Insurance companies if the reason for your engagement relates to an insurance claim;
  • Police Scotland, local authority departments, Scottish Fire & Rescue Service and others involved if your engagement with us is to make a complaint;
  • The First Tier Tribunal for Scotland (Housing and Property Chamber) and any others involved in investigating if your engagement relates to a serious breach of tenancy.

Website Visitor

If you are visiting our website, we collect information about you:

  • when you are browsing the information on the website;
  • from your use of our online services.

We collect the following information about you:

  • IP address;
  • How you use the website;
  • The device you use to browse.

We may share your information with:

  • Our IT service providers;
  • Marketing service providers;
  • Google Analytics, Facebook Pixel Tracking, Twitter Personalisation.

Employee

If you are contacting us as a current, prospective or former employee, we collect information about you:

  • when you are employed by us;
  • when you apply, or have applied, to be employed by us;
  • when you contact us about your previous employment with us;

We collect the following information about you:

  • Name;
  • Address;
  • Telephone number;
  • Email address;
  • NI Number;
  • Previous employers;
  • Previous salary;
  • Date of birth;
  • Next of kin;
  • Medical records;
  • Absence information;
  • Passport and driving licence details;
  • Criminal convictions;
  • Qualifications;

We may share relevant information as necessary with:

  • Our payroll, pension and life assurance service providers;
  • HMRC;
  • Our IT service providers;
  • Landlords;
  • Tenants;
  • Our suppliers and contractors;
  • Training providers;
  • Professional bodies;
  • Health service providers if you request a referral;

Sharing of your information

The information you provide to us will be treated by us as confidential. As noted above we may disclose your information to other third parties and service providers who act for us for the purposes set out in this notice or for purposes approved by you.  Where this happens, we require, through a User Agreement between us and these third parties and service providers, that they declare they are fully GDPR compliant ensuring your data is protected, only used for specified purposes and in accordance with our instructions.

Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.

Transfers outside the UK and Europe

We may share your information with some of our third- party service providers who are based outside the European Economic Area (EEA) in order for us to fulfil some of our services or obligations to you.

Where this is necessary, we ensure these providers are providing adequate levels of security or that they are approved by the European Commission. For US-based providers we ensure they are part of the EU-US Privacy Shield which provides similar safeguards to those within the EEA.

Security

When you provide personal information to us we take steps to make sure that it is kept secure and safe.

Our operating systems and data processing security is reviewed regularly.  Our IT systems are encrypted and password protected, to ensure our processes prevent the accidental loss, misuse or disclosure of your data without our authorisation. We ensure our employees are trained and put contracts in place with third party service providers, partners and contractors who may require access to your data handle it under our instructions, confidentially and ensure the upmost security at all times.

Website

Our website include links to third parties. We ensure these links provide helpful information to you. However, clicking on these third-party links may allow your information to be collected or shared by those parties. We do not control or take responsibility for any such third-party actions and recommend you refer to their own privacy notice for information on how they will process your data.

Our website uses the Facebook Pixel to collect data on visitor’s behaviour and helps us to improve any Facebook advertising we may implement. We also track visitors use of our website through Google Analytics to better understand how we can improve our customer’s experience. These analytics do not save personal information. For more information on Google’s privacy policy visit: www.google.com/privacy.html

Cookies – We currently have three ‘user session’ cookies on our website – Google Analytics, Facebook Pixel Tracking and Twitter Personalisation. You can set your browser to refuse or alert you to cookies featured on a website, however by doing so the website may not operate correctly.

How long we will keep your information

We review our data retention periods regularly and will only hold your personal data for as long as is necessary to fulfil the purpose or relevant activity it was collected for, or as required by law (we may be legally required to hold some types of information), or as set out in any relevant contract we have with you.

If we suspect a breach of our security measures, where your personal data may have been compromised, we will inform the ICO within 72 hours as per the GPDR guidelines.

Automated Decision Processing

We will not use your personal information for any automated decision processing.

Your rights

You have a number of rights in relation to the personal information we hold about you.  These include the right to:

  • be informed about how we use your personal information;
  • obtain access to your personal information that we hold;
  • request that your personal information is corrected if you believe it is incorrect, incomplete or inaccurate;
  • request that we erase your personal information, if:
    • we continue to process personal information beyond the period when it is necessary to do so for the purpose for which it was originally collected;
    • our legal basis for processing your information is consent and you withdraw your consent;
    • our legal basis for processing your information is that we have a legitimate interest and you believe this not to be the case;
    • you believe we have processed your information unlawfully;
    • it is necessary to delete the personal information to comply with a legal obligation;
  • ask us to restrict our information processing activities where you consider that:
    • personal information is inaccurate;
    • our processing of your personal information is unlawful;
    • where we no longer need the personal information but you require us to keep it to enable you to establish, exercise or defend a legal claim;
    • where you have raised an objection to our use of your personal information;
  • object to our processing of your personal information where we are relying on legitimate interests to make the processing lawful;
  • not to be subject to wholly automated decisions which produce legal effects or which could have a similarly significant effect on you;
  • change any preferences about how we use your information;
  • remove your consent to receiving any marketing communications from us.

If you would like to exercise any of your rights above please contact us at dataprotection@cullenproperty.com.

Should you wish to complain about the use of your information, we would ask that you contact us to resolve this matter in the first instance. You also have the right to complain to the Information Commissioner’s Office (ICO) in relation to our use of your information.  The ICO’s contact details are noted below:

The Information Commissioner’s Office – Scotland
45 Melville Street, Edinburgh, EH3 7HL
Telephone: 0131 244 9001
email:scotland@ico.org.uk

The accuracy of your information is important to us – please help us keep our records updated by informing us of any changes to your email address and other contact details.