What is our role under the General Data Protection Regulation (GDPR) ?
We consider ourselves to be the Data Processor and Data Controller acting on behalf of the Landlord who is also the Data Controller and a Data Subject. Both the Data Controller and the Data Processor are subject to the Office of the Data Protection Commissioner, the Supervisory Authority.
In our role as letting and management agent we also collect data from the tenant.
Where did we get your data ?
We received your data from you.
What is the purpose of processing your data ?
You are party to a Tenancy to which you the Data Subject are bound. We have been appointed by the Landlord to arrange the Tenancy and / or administer the covenants of the Tenancy.
What is the lawful basis for this processing?
1. Processing is necessary for the performance of a contract to which the Data Subject is party [ Article 6 GDPR (1)b ].
2. Processing is necessary for compliance with a legal obligation to which the Data Controller is subject [ Article 6 GDPR (1)c ]. Namely :
- The Residential Tenancies Acts 2004 to 2016
- Criminal Justice (Money Laundering and Terrorist Financing) Act 2010
- Property Services (Regulation) Act 2011 (Client Moneys) Regulations 2012
- Property Services (Regulation) Act 2011
What type of data do we keep ?
Name, address, phone, email, bank details, PPS numbers, references, ID, next of kin contact details
Where is this data stored ?
This data is stored in a database called Letman which is operated on Amazon Web Services located in Ireland. Data stored and transferred is encrypted. Access is only granted to administrators associated with our office.
It is also stored in a locked filing cabinet in a secured alarmed building
e-mail is with office 365 which is gdpr compliant
Who is this data shared with ?
This data is shared only with similar Data Processors for the purpose described above. The categories of Data Processors are :
- Our property management system called Letman
- Maintenance Contractors
- The Landlord
- Emergency Service providers
- Property button which is a utility transfer company
- Electricity and gas suppliers
- Residential Tenancy Board
- Staff members of New City Property Management Services
- Block management company
Phone numbers stored in contact lists on office mobile phones
In some circumstances we may also be required to give your contact details to the following:
- Emergency services eg: Gardai, Fire Service, Ambulance Service
- Property Services Regulator
- Revenue Comissioners
- Legal advisors / Debt collectors
How long will the data be stored ?
Your data will be maintained by us for as long as the contract between the Data Controller and us ( the Data Processor ) exists or for as long as required by legislation.
What if your tenancy ends ?
There is still an obligation on the Data Controller to main adequate accounting records. See above.
What are your rights ?
- You have a right to be informed.
- You may request a copy of your data stored.
- You may request correction to any erroneous data.
- You may request deletion of data, if not in violation of statutory or contractual requirements.
- You may lodge a complaint to the controller or object to processing.
- You may lodge a complaint to the Supervisory Authority.
- You may withdraw consent if processing originally required consent.
What happens in the event of a Data Breach ?
In the case of a data breach, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority and Data Subject, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.