Privacy Policy
registered address The Granary Brewer Street Bletchingley Surrey RH1 4QP. Our Data Protection Lead can be contacted at hello@fortis.homes We have produced this privacy notice in order to keep you informed of how we handle your personal data. All handling of your personal data is done in compliance with the General Data Protection Regulation (EU) 2016/679 (“Data Protection Legislation”).
What are your rights?
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:
- • The right to be informed of how your Personal Data is used (through this notice);
- • The right to access any personal data held about you;
- • The right to withdraw consent at any time, by emailing hello@fortis.homes;
- • The right to rectify any inaccurate or incomplete personal data held about you;
- • The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy, or where you have withdrawn consent;
- • The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
- • The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.
Who is the Data Controller?
- • If we have collected your personal data directly from you for our own purposes, we are the Data Controller.
- • If we have purchased your personal data from a third-party for our own purposes, we are the Data Controller. Where we have purchased your personal data, we will contact you to let you know before we first start to use it, or, at the latest, within one month of acquiring it.
- • If we have been passed your personal data from a third-party for our own purposes, we are the Data Controller. We will contact you to let you know before we first start to use it, or, at the latest, within one month of acquiring it.
- • If we have been passed your personal data from a third-party for a joint purpose that we both influence, we are the joint Data Controller. We will contact you to let you know before we first start to use your data, or, at the latest, within one month of acquiring it.
- • If your data has been passed to us by a third party for processing under their instruction, that third party is the Data Controller. They should have notified you that they would be passing your personal data to us, Fortis Properties Limited, at the time they collected your data and within their own privacy notices/standards. For a list of Data Controllers that we process personal data for, the section below ‘Third Party Interests’.
- • If we have received your personal data as part of a business to business relationship, the Data Controller is your employer.
- • In order to provide the Home Setup and Utility Management Services we may, in the course of provision of the services, share move-to and move-from addresses, moving dates, tenancy details, council tax status, and other data required for the provision of those services (including data relating to other occupants or household members to Ethical Introductions Ltd (T/A Just Move In).
- • Where a tenant receives Home Setup Services provided by Just Move In then, for the purpose of fulfilling the contract for those services, we will need to also provide relevant personal data to Just Move In. Just Move In will store and be a controller of such personal data. Just Move In (full company name Ethical Introductions Ltd) provides a privacy notice describing their use of data available here: www.justmovein.com/privacy
What are the Lawful Basis for Processing Personal Data?
Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR. They are sub-sections:
- • a) ‘your consent’;
- • b) ‘performance of a contract’;
- • c) ‘compliance with a legal obligation’;
- • d) ‘protection of your, or another’s vital interests’;
- • e) ‘public interest/official authority’; and
- • f) ‘our legitimate interests’.
About our Processing of Your Data
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. Reference |
What catergories of information about you do we process? |
Why are we processing your data? |
Where did we get your personal data from? |
B2B Marketing |
|
Direct marketing to former, current and prospective clients. This processing is conducted lawfully on the basis of ‘our legitimate interests’. |
Directly obtained or by referral from existing clients/partners/suppliers. |
Analytics |
|
To understand how you use our website, how you reached us and how long you spend on our website, in order to analyse our performance and improve our service. This processing is conducted lawfully on the basis of ‘our legitimate interests’. |
Directly obtained or indirectly obtained through a client’s website (notice given at the point of collection). |
Fraud Prevention |
|
To combat fraud, we share information of clients who instruct the payment issuer to cancel payments to us without first informing us of why and/or allowing us the opportunity to issue a refund with credit reference agencies. This processing is conducted lawfully on the basis of ‘protection of your, or another’s vital interests’. |
Directly obtained or indirectly obtained through a client’s website (notice given at the point of collection). |
Contact Submission |
|
When you send us information about you by posting on a forum or blog, we will store this information in order to make it available for viewing on the website. You consent is obtained at the time of posting and via reference to this notice. This processing |
Directly obtained or indirectly obtained through a client’s website (notice given at the point of collection). |