Privacy Policy.

1. PROTECTION OF PRIVACY & PERSONAL INFORMATION 

We, at CompassRock ("we", "us", “our”) collect, process, use and store information about individuals ("personal data") including: visitors to our premises at CompassRock, 83 Baker Street, W1U 8AG (“Premises”) (collectively our “Products and Services”), visitors to our website www.compassrock.com (“Website”), tenants, partners, suppliers and contractors, and job applicants (collectively "you", “your”).

We are aware of our responsibilities to handle your personal data with care, keep it secure and comply with applicable privacy and data protection laws. The purpose of this privacy policy (“Policy”) is to provide a clear explanation of when, why, and how we collect, process, use and store personal data as controller.

WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

CompassRock Real Estate Limited (company registration number: 13506164 and registered office address: 27 Old Gloucester Street, London, WC1N 3AX) is the controller for the personal data set out above.

The primary point of contact for all queries arising from this Policy, including requests to exercise legal rights, is our data protection manager, who can be contacted by email at: feedback@compassrock.com or post at: CompassRock, 83 Baker Street, W1U 8AG.

IMPORTANT

Please do read this Policy with care. It provides important information about how we use personal data and explains your statutory rights. Further, if you are visiting our premises, this Policy should be read in conjunction with our CCTV Policy. 

This Policy has been designed to be as user friendly as possible. We set out below an index of contents so you can easily find the information you are looking for by clicking on the relevant heading. We have clearly labelled sections of this Policy to make it easy for you to navigate to the information that may be most relevant to you.

2. WHAT PERSONAL DATA DO WE PROCESS AND HOW?

Information You Provide

We collect various types of personal data about you for the purposes described in this Policy including but not limited to:

Interested Parties Data

(where you are interested in our properties or services)

  • Name

  • Date of Birth

  • Title

  • Address

  • Phone Number

  • Email Address

  • Company Name

  • Company Contact Details

  • CCTV Recordings/Images (if you visit our premises)

  • Call Recordings (if you call us)

Applicant, Tenant, and Member Data

(where you apply for a tenancy with us)

  • Name

  • Date of Birth

  • Title

  • Address

  • Prior addresses

  • Phone Number

  • Email Address

  • Salary Details

  • Occupation

  • Employment Details

  • Company Details

  • Company Contact Details

  • Housing Benefit Details

  • Passport Copy

  • Passport Expiration

  • Visa Copy

  • Visa Expiration

  • Resident Permit Copy

  • Resident Permit Expiration

  • UK Driver’s License Copy

  • UK Birth Certificate

  • Photo

  • Next of Kin

  • Emergency Contact

  • Vehicle Registration

  • Vehicle Details

  • Bank Details

  • CCTV Recordings/Images

  • Call Recordings

Company, Vendors, Contractors, and Agents Data

 (where you are a prospective business partner, vendor, service provider, contractor, or agent)

  • Name

  • Address

  • Email Address

  • Phone Number

  • Company Name

  • VAT Registration

  • Bank Details

  • Photos

  • CCTV Recordings/Images (if you visit our premises)

  • Call Recordings (if you call us)

Website User Data

(where you access, browse and/or interact with us via, our website)

  • Your Domain

  • Your IP Address

  • Date, Time and Duration of Your Visit

  • Page Views, Clicks, and Scrolling Details

  • Your Browser Type

  • Your Operating System

  • Your Page Visits

  • Other Information About Your Computer or Device

  • Internet Traffic

  • Personal Preferences (Language and Location)

More information about our use of cookies can be found in our Cookie Policy.

Job Applicant Data

(where you apply for a job with us)

  • Identification Information and Details of Your Qualifications and Education History

  • CV

  • Application Letters

  • References

  • Applicant Assessment (Including Interview Notes)

  • Information Relating to Right to Work

  • Information About Your Skills, Experience and Education.

In order to access or use certain portions, or enjoy the full functionality, of our website, or otherwise in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal data to us in the following ways:

  • By filling in forms (for example, ‘Book a Viewing') on our website.

  • Booking a viewing through a link provided by email.

  • Logging into the “Resident” Login.

  • By corresponding with us by phone, e-mail or otherwise using our contact details (for example, to book a viewing).

  • Registering to receive marketing from us.

  • Completing a tenancy application.

The personal data you will be asked to provide may include some of the types of personal data within Interested Parties DataApplicant, Tenant and Member Data or Job Applicant Data, including: name, address, telephone number, and email address. This personal data is required to enter into a contract with you (in anticipation of an agreement to provide services) or to perform a contract with you (such as to provide services at your request), and failure to provide any information may result in our inability to perform such contract. 

Information We Collect Automatically

When you visit our website, our server automatically collects certain browser or device generated information, which may in some cases constitute personal data, including but not limited to Website User Data. Our website uses cookies to remember information such as your login details and personal site preferences. More information about our use of cookies can be found in our Cookie Policy.

When you enter our premises, we have CCTV cameras at our premises, which automatically capture video footage.

Information We Collect from Other Sources

We may also obtain some types of personal data within Interested Parties DataApplicant, Tenant and Member Data or Job Applicant Data about you from third parties, namely other applicants, referring agencies, referring websites, and referencing companies, for example:

  • Details from publicly accessible sources such as government websites.

  • Details about you provided by another applicant.

  • Details from an agency.

  • Details from enquiries on websites like Rightmove and Zoopla.

  • Where you are identified as a guarantor.

  • Details from pre-tenancy checks conducted by referencing companies.

3. WHY, AND ON WHAT LEGAL BASIS, DO WE USE YOUR PERSONAL DATA?

All our processing and use of personal data is justified. Whenever we process your personal data we do so relying on a legal basis for that processing. The table below provides an overview of the justified legal grounds for processing personal data, and why we use your personal data:

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

Depending on your dealings with us, we may disclose some or all of the personal data we collect from and obtain about you to the following third parties:

We may also share your personal data in the manner and for the purposes described below:

  • With government organisations and agencies, law enforcement and regulators to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies.

  • Debt collection agencies to assist us with the collection of arrears and outstanding debts.

  • Banks and payment providers to authorise and complete payments.

  • With credit reference agencies and organisations working to prevent fraud.

If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third-party purchaser/investor of our business or assets.

In addition, there may be circumstances, where we share your personal data with relevant third parties (where authorised by you for such circumstances), which may include (but not limited to) another landlord, local council, bank etc.

5. INTERNATIONAL TRANSFERS

Some of the third parties listed in WHO DO WE SHARE YOUR PERSONAL DATA WITH? above are based outside the UK or EEA. Whenever we make transfers of your personal data, we implement appropriate safeguards in accordance with applicable data protection laws, for instance:

  • The EU Standard Contractual Clauses and additional measures to supplement such clauses as may be required in line with transfer impact assessments we carry out, to prevent interference by public authorities of third countries.

  • The UK Addendum.

  • By sending to countries that have an adequacy decision by the European Commission and/or the UK Information Commissioner's Office (ICO).

Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed. If you would like to find out more about any such transfers or obtain a copy of safeguards, please contact us using the details set out in HOW CAN YOU CONTACT US FOR MORE SUPPORT?.

6. MARKETING

We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you. You may change your marketing preferences at any time by contacting us.

Our processing of your personal data for marketing purposes is based on our legitimate interests, or it may be based on your consent (such as where required by law). In particular, you can always opt-out of email marketing communications by clicking the "unsubscribe" link at the bottom of marketing emails, or by contacting the contact details provided in HOW CAN YOU CONTACT US FOR MORE SUPPORT?.

When you choose to unsubscribe, your data is automatically moved to a suppression list to prevent your email address being accidentally added to our database again. If you wish your data to be fully deleted from our systems, we will do so at your request but, if your email address is at any point added back into our database, by you or on your behalf, there will be no automated process in place to prevent marketing being emailed to you again. Please note that where we have another lawful basis for processing, we will continue to process personal data for other purposes – for example, we may process information based on contract necessity. You may also receive indirect marketing from us by way of general marketing communications (e.g. post or non-targeted adverts in the media etc).

7. HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?

We will not retain your personal data longer than it is necessary to carry out the purposes listed in WHY, AND ON WHAT LEGAL BASIS, WE USE YOUR PERSONAL DATA? or than is required by law.

In some circumstances we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned. No security measures are perfect or impenetrable but, we regularly review our security procedures to consider appropriate new technology and methods. These measures include:

  • Placing confidentiality requirements on our staff members and service providers.

  • Destroying or permanently anonymising personal data if it is no longer needed for the purposes for which it was collected.

  • Following strict security procedures in the storage and disclosure of your personal data to prevent unauthorised access to it.

  • Training and awareness for staff members in the handling of your personal data.

  • Using secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol, and this ensure that the information is reasonably protected against unauthorised interception.

As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.

8. WHAT ARE YOUR LEGAL RIGHTS?

You have several rights in relation to your personal data set out in this section. In certain circumstances these rights might not be absolute, as they depend on our reason for processing your personal data.

You are not required to pay any charge for exercising your rights, although we may charge a reasonable fee if your request is unfounded, repetitive or excessive. We have one month to respond to you (unless you have made a number of requests or your request is complex, in which case we may take up to an extra two months to respond).

Please note that, where we ask you for proof of identification, the one-month time limit does not begin until we have received this. If we require any clarification and/or further information on the scope of the request, the one-month deadline is paused until we receive that information.

Access

You can ask us to:

  • Confirm whether we are processing your personal data.

  • Give you a copy of that data.

  • Provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from etc., to the extent that information has not already been provided to you in this Policy.

Rectification

You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.

Erasure

You can ask us to erase your personal data, but only where:

  • It is no longer needed for the purposes for which it was collected.

  • You have withdrawn your consent (where the data processing was based on consent).

  • Following a successful right to object (see 'Objection' below).

  • It has been processed unlawfully.

  • To comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:

  • For compliance with a legal obligation.

  • For the establishment, exercise or defence of legal claims.


There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.

Restriction

You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • Its accuracy is contested (see “Rectification” above), to allow us to verify its accuracy.

  • The processing is unlawful, but you do not want it erased.

  • It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims.

  • You have exercised the right to object, and verification of overriding grounds is pending.

 

We can continue to use your personal data following a request for restriction, where:

  • We have your consent.

  • To establish, exercise or defend legal claims.

  • To protect the rights of another natural or legal person.

Portability

You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format or you can ask to have it 'ported' directly to another Data Controller, but in each case only where:

  • The processing is based on your consent or on the performance of a contract with you.

  • The processing is carried out by automated means.

Objection

You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis (see WHY, AND ON WHAT LEGAL BASIS, DO WE USE YOUR PERSONAL DATA?) if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International Transfers

You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the EEA. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.

Supervisory Authority

You have a right to lodge a complaint with your local supervisory authority about our processing of your personal data. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Withdrawal of consent

If you have given your consent to the processing of your personal data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data before this remains unaffected.

9. CHANGES TO THIS POLICY

We may make changes to this Policy from time to time to keep it up to date with legal requirements and the way we operate our business and will place any updates on this webpage. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this Policy, we will seek to inform you by notice on our website or email.

It is important that the personal data we hold about you is accurate and up to date. Please let us know if any of your personal data changes during your relationship with us.

10. THIRD PARTY LINKS AND WEBSITES

You might find external links to third party websites on our website. This Policy does not apply to your use of a third-party site.

11. HOW CAN YOU CONTACT US FOR MORE SUPPORT?

We hope this Policy has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that have not been covered, please contact our data protection manager via email at: feedback@compassrock.com

If you have a concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with the ICO at any time.

This Policy was last updated in April 2024.