GDPR
The General Data Protection Regulation (GDPR) is designed to bring new levels of protection for personal data. The new European directive GDPR came into effect on 25th May 2018.
What is personal data?
Personal data means any information that relates to a natural person through which they may be identified e.g. an email address such as: john.smith@googlemail.com
What personal data does MYNH hold?
MYNH provide an after care service to new home developers, contractors and housing associations. The delivery of such service involves communication with homeowners, occupants and tenants (the ‘data subject’). This means that we will seek, store and process the following:
-
Email address
-
Telephone number
-
Mobile phone number
-
Postal address
-
Legal completion date (property acquired).
Usually this information is largely provided by the developer or housing association.
How will the data be processed?
The use of the personal data enables MYNH to communicate with the data subject when dealing with reported building defects. This is the purpose of the service provided. MYNH's outbound communication may take the form of an Email, a telephone call, an SMS message or a letter.
Who else will see or have access to the personal data?
The developer (who most likely provided it in the first instance) and the contractor. MYNH will liaise with the relevant trade contractor to organise an appointment when work needs to be conducted. Personal data is captured in a formal Job Instruction which is raised by MYNH and issued to the contractor. Usually this is limited to the data subject’s name, postal address and nature of the reported building defect; however there may be occasions when the data subject may request that we also provide a telephone contact.
Consent
The quickest way for the data subject to report a defect is via the MYNH Occupant Portal (the web address is: www.defects.uk.com). This is a secure platform that can be accessed using any web enabled smart phone, tablet or PC. The data subject needs to register the first time they visit the Occupant Portal; this provides the opportunity to set their own password and at this stage will be asked to give their consent for MYNH to use their personal data (tick box). Any data subject receiving MYNH's service prior to 25th May 2018 will be contacted by MYNH to seek their consent; this will take the form of a tick-box return form.
Where will we store personal data?
All personal data is stored electronically, not in hard copy.
-
Emails – all stored externally on the Microsoft Exchange server
-
Postal address – captured by our CRM system and stored on Microsoft Cloud server
-
Landline/Mobile – captured by our CRM system and stored on Microsoft Cloud server
-
Letters – stored internally on MYNH server.
What will MYNH do with the data when it's no longer needed?
MYNH will archive the information on the Microsoft Cloud server.
Can a data subject refuse to give consent?
Yes certainly – either at the outset or later on. MYNH should point out however that it would be impossible to provide the service without their consent.
Can a data subject complain?
The data subject reserves the right to lodge a complaint with a supervisory authority.
Can a data subject request a copy of personal data?
Yes they can. MYNH will provide a copy of all personal data held on the system, within 72 hours and at no expense, subject to identity verification. Further copies may incur a small administrative expense.
What about personal data relating to the Developer, Housing Association and the Contractor?
MYNH will take the same procedural precautions when storing and processing this personal data however it is presumed that consent is implied to the extent that the contractual relationship between the contractor and developer or housing association, and the developer or housing association with MYNH, requires the use of such personal data to fulfil contractual obligations. The basis for this is ‘Legitimate Interest’.
MYNH's Data Controller
Any questions, queries or complaints should be directed to MYNH’s Data Controller:
Kerri Mansell
GENERAL MANAGER
Managing Your New Home
Units 1&2 Woodfield Farm Offices
Isaacs Lane, Burgess Hill
West Sussex RH15 8RA
Responsibility of the MYNH Data Controller
The Data Controller shall implement appropriate technical and organisational measures to ensure and demonstrate that processing is performed in accordance with GDPR. Those measures shall be reviewed and updated as necessary. The Data Controller shall also implement appropriate technical and organisational measures to ensure that, by default, only personal data which are necessary for each specific purpose of the service are processed.
Records
MYNH shall keep records of the data categories processed and the purpose of the processing. These records shall include details of the recipients to whom the personal data has been disclosed.
Security
The Data Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
-
The ability to ensure ongoing confidentiality
-
The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
-
Account shall be taken of the risks presented by processing, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
Personal data breach
In the case of a personal data breach the Data Controller shall without delay (not later than 72 hours of becoming aware of it) notify the Authorities, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the personal data breach to the data subject.
Information Commissioners Office (ICO)
MYNH (After Build) is registered at the Information Commissioners Office. Reg. No.:Z9846642.