Privacy Notice

Atiresh is committed to providing a service that consistently meets customer needs as well as applicable regulatory and statutory requirements.

Atiresh recognises the importance of protecting personal data and takes care to meet our legal duties. Atiresh puts in place reasonable security and procedural controls to protect your personal information and in light of the General Data Protection Regulation (GDPR) from 25th May 2018, we have updated this Privacy Notice. The purpose of this policy is to give you a better understanding of:

  • The type of information we collect

  • How we use and store this information

  • Your Rights

THE INFORMATION WE COLLECT

1.0 COLLECTION OF PERSONAL INFORMATION

We will use your personal and non-personal information only for the purposes for which it was collected or agreed with you, for example:

  • To carry out our obligations arising from any agreement entered into between you and us;

  • To notify you about changes to our service;

  • For the detection and prevention of fraud, crime, or other malpractice;

  • To conduct market or customer satisfaction research or for statistical analysis;

  • For audit and record keeping purposes;

  • In connection with legal proceedings;

  • We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe, or which apply to us, or when it is otherwise allowed by law;

  • To respond to your queries or comments;

  • For users’  participation in the Residents Portal webapp.

Depending upon the nature of our relationship with you, we may collect different information and these differences are outlined below.

CUSTOMERS (INCLUDING RESIDENTS PORTAL WEBAPP USERS)

We collect and process your personal information mainly to provide you with access to our services and products, to help us improve our offerings to you and for certain other purposes explained below. Personal data is generally collected directly from you via our website, by our Residents Portal webapp, by phone (including our SMS service) or by email.

Once collected, this data is only used to deliver the service and to respond to any questions you have. We do not collect sensitive data – financial, health, or information about children. This does however include name, phone number, email etc. We generally collect and process the following information relating to our customers:

  • Information collected includes information provided at the time of requesting or registering for our services or for any other reason if you need to make a complaint or report a problem;

  • Examples of information we collect from you include name, email address, postal address and telephone number and this is done at the point of engaging our services;

  • For Resident Portal webapp users, we will collect your name, email address, mobile number, lease agreement dates, disability information (if relevant to ensuring your safe evacuation from your home in the event of a fire) and language details (if English is not your mother tongue and you require fire emergency information provided in another language by your Building Manager);

  • For Resident Portal webapp users, we will also keep a record of your correspondence concerning building complaints, consultations and any contraventions that may apply to you;

  • If you contact us, we may keep a record of that correspondence;

  • We may also ask you to complete surveys that we use for research purposes;

  • We also hold bank details as part of our invoicing and accounting procedures.

EMPLOYEES

We will collect information relevant to our legal obligations as an employer and may include your name, date of birth, phone number and email, in addition to address, bank account details and information for employment. Further information is provided separately within our Employee Handbook.

SUPPLIERS

We will collect information relevant to our status as a customer of yours and may include your name, phone number and email, in addition to address, bank account details and information relating to the services and products you provide to us.

1.1 WHY WE NEED IT

We need to know your personal data in order to reply to you and provide you with our services. We will not collect any personal data from you which we do not need to provide and oversee this service to you. The lawful basis for processing data identified by Atiresh Ltd includes:

  • Legal obligations (for example, as an employer or as part of obligations with regards to HMRC);

  • Our clients’ legal obligations relating to the Building Safety Act 2022 and the amended Regulatory Reform (Fire Safety) Order 2005;

  • Performance of a contract (especially with regards to our customers and our suppliers);

  • Legitimate interest (such as when we ask for your feedback or advice on how to continually improve);

  • Consent (only used when sensitive information is required to be processed by us or as part of marketing initiatives).

1.3. WHAT WE DO WITH IT

The personal data we process is processed and hosted in the UK. Third parties will have access to your personal data only when they are under appropriate contractual safeguards. These services are limited to third parties who are necessary for the performance of Atiresh’s functions and to enable provision of our services.

In some circumstances there may be a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce or apply our terms and conditions of supply and/or any other agreements; to protect the rights, property, or safety of Atiresh personnel, our customers, or others.

1.4. HOW LONG DO WE KEEP IT

Service user personal data will be retained for no more than seven years, following each use of our service, unless you exercise your rights highlighted below.

Similarly, we are required to keep any complaint and query records for the same period of time.

Employee data will be retained for seven years from the end of their employment with Atiresh and financial data will be retained for six years from the date of the transaction or record.

Atiresh Ltd do not retain records for longer than is necessary and will dispose of all records securely.

1.5. HOW WE KEEP IT SECURE

We use a wide range of organisational and technical measures to keep all of our information secure. These include (but are not limited to):

  • Password protection on mobile devices, files, folders and assets;

  • Restricted access to files with sensitive information;

  • Anti-virus and anti-malware programmes;

  • Use of encrypted platforms to store data;

  • Access restriction protocols for information assets;

  • Use of in-house data storage arrangements where possible to minimise data transfers.

Another key part of our arrangements is to use systems providers, underpinned by robust and resilient data processing agreements, who enable us to work smartly and securely.

1.6. WHAT WE WOULD ALSO LIKE TO DO WITH IT

We only use data collected for the reason it was collected. If you are a customer, we use this data to deliver the service to you and do not collect personal data for marketing purposes.

If you are interested in our services or projects and have an interest in learning more about us, we may on occasion contact you but only where you have provided explicit consent to do so. We may publish articles from time to time and simply post these on our website and/or on social media sites to assist and generate interest in our business. We will not record any personal data that may be used by cookies in order for this website to interact with you.

WHAT ARE YOUR DATA SUBJECT ACCESS RIGHTS?

You have the right for the following:

  • The right to be informed – data subjects must be aware of what personal data we have about them and what we are doing with it.

  • The right of access – data subjects can request we provide them the personal data we have about them.

  • The right to rectification – Data subjects can have their personal data rectified if it is inaccurate or incomplete.

  • The right to erasure (or the ‘right to be forgotten’) – Data subjects have the right for their data to be erased where the personal data is no longer necessary in relation to the purpose for which it was collected/processed, if consent is withdrawn or there are no overriding legitimate interest to continue processing.

  • The right to restrict processing – Data subjects have the right to restrict the processing of personal data where they have contested its accuracy, where they have objected to the processing and we are considering whether we have a legitimate ground which overrides this and where processing is unlawful.

  • The right to data portability – The right to data portability allows data subjects to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

  • The right to object – Data subjects have the right to object to processing based on legitimate interests including profiling and direct marketing.

  • Rights relating to automated decision making and profiling – Data subjects have the right not to be subject to a decision when it is based solely on automated processing, and it produces a legal effect or a similarly significant effect on the individual.

If at any point you believe the information we process for you is incorrect, you may request to see this information, have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Lead who will investigate the matter. You can also opt out by contacting our Data Protection Lead by email.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can make a complaint to the Information Commissioner’s Office at Home | ICO.

Our Data Protection Lead is Marigold Beaver and her contact details are marigold@atiresh.co.uk, 01422 417288, Unit 33 Hebden Bridge Town Hall, St George’s Street, Hebden Bridge, HX7 7BY.