The Insight Group takes a serious approach to protecting our customers and employee’s data and privacy. This Privacy Notice tells you what to expect when The Insight Group processes personal information. It applies to information about our investment clients, landlords, tenants (both potential and current) and other service users.
Why do we collect and store personal information?
We need to collect, process and store personal information about you and other business partners or household members* in order to fulfil our role as an investment company, training provider, letting agent and to deliver efficient and effective services relating to these business practices.
Our legal basis for processing your information will be at least one of the following:
- Contractual – The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Legal obligation – The processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests – The processing is necessary to protect someone’s life.
- Legitimate interests – The processing is necessary for our legitimate interests, or the legitimate interests of a third party; unless there is a good reason to protect your personal data which overrides those legitimate interests.
- Consent – You have given clear consent for us to process your personal data for a specific purpose.
* When you provide information about business partners or household members, it is your responsibility to ensure that you do so with their full knowledge and consent.
What information do we collect about you?
A number of elements of the personal data we collect from you are required to enable us to fulfil our contractual duties to you or to others. Where appropriate, some are required by statute or other laws. Other items may simply be needed to ensure that our relationship can run smoothly.
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or may not be able to continue with our working relationship.
We have identified certain categories to help you understand what type of data we collect at any given time in our relationship. But at The Insight Group we recognise these are not mutually exclusive – at any point in time, or over time, you may fall in to one, two or possibly more categories.
- Website Users: We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our websites and to help us manage the services we provide. This includes information such as how you use our websites, the frequency with which you access our website, and the times that our website is most popular.
- Client Data: If you are a Client, we need to collect and use information about you or individuals at your organisation; if you are operating as a Limited Company. We may also notify you of content published by The Insight Group which is likely to be relevant and useful to you.
- Tenants Data: In order to provide the best possible service to you we need to process certain information about you. We only ask for details that will genuinely help us to help you. In addition to the obvious, such as your name, DOB, contact details, etc. we may also need to know your immigration status, financial information (where we need to carry out financial background checks). Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, diversity information and/or details of any criminal convictions if you supply them.
- Supplier Data: We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
- Other People: In order to provide our services we need some basic background information. We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you’ve been listed as an emergency contact for one of our Tenants or Employees.
How do we collect information about you?
We prefer to collect the information we need directly from you. That way, you know what we have and we can be sure you’ve provided us with the most accurate and up to date information.
Generally the information we hold will have been provided by you (on application or enquiry forms or when we communicate with you), but we may also hold information provided by third parties where this is relevant to your circumstances.
We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide some services to you if you refuse to provide information that stops us from doing so.
What do we do with the information we collect?
Processing of your personal information will be undertaken in accordance with the principles of the UK Data Protection Act 2018 (the Act) and the EU General Data Protection Regulation (the Regulation). Access to personal information is restricted to authorised individuals on a strictly need to know basis.
We will treat your personal information fairly and lawfully and we will ensure that information is:
- Processed for limited purposes.
- Kept up-to-date, accurate, relevant and not excessive.
- Not kept longer than is necessary.
- Kept secure.
We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to ensure your details are accurate. To help us to ensure confidentiality of your personal information we may ask you security questions to confirm your identity when you call us and as may be necessary when we call you.
We will not discuss your personal information with anyone other than you, unless you have given us prior written authorisation to do so. Anyone calling on your behalf may also be subject to security questions to ensure we’re taking adequate steps to protect your personal information.
We may apply markers to your information (for example, in relation to your vulnerability or health status) to enable us to tailor and deliver services to you. The Insight Group only holds records during the period of our relationship and for a set period afterwards to allow us to meet our legal obligations including resolving any follow up issues between us.
How do we look after and secure your information?
- We make every effort to keep your information safe by taking appropriate care to secure the information we hold about you.
- We have robust technical security measures in place such as passwords and information encryption.
- We have policies and procedures to make sure your information is only available to our employees who need to see it to do their job, and we train those employees appropriately.
- We establish robust agreements and contracts to extend these protections to any other person or organisation we may need to give your information to.
- In everything we do with your information we try to be fair, lawful and open; we take seriously our obligations towards your privacy and the protection of information we may hold about you.
When we use information about you we will:
- Take all reasonable efforts to do so fairly.
- Never use information about you unless it is lawful for us to do so and we have a clearly defined need or purpose.
- Make sure we minimise what we collect.
- Try to collect enough accurate and up-to-date information so we can provide you with the excellent, efficient customer service you demand and no more.
- Not keep your information for longer than we need it and make sure the records we have about you are managed properly and deleted promptly and securely when we no longer need them.
Who do we share your information with?
We appreciate you have provided your information to us and may not want us to share it with other people or organisations, however, sometimes it is necessary for us to do so. Our relationships with such providers are governed by our contracts with them which include strict data sharing and confidentiality protocols.
We only share your information where we have a legitimate interest in doing so, where we are permitted or required to by law, or where you have requested us to do so. We may share your information with, for example:
- Third party service providers, in connection with services performed on our behalf. For example, lenders/brokers/accountants while in the process of looking at investment options.
- Our contractors, in order to undertake maintenance and improvement works.
- Landlords, in connection with tenancy references and associated enquiries.
- Utility companies (and their representatives) and Council Tax offices, to ensure billing details are correct.
- Credit reference agencies and debt collection agencies, in connection with applications and in relation to any outstanding charges.
- Local authorities and government departments, as necessary for administering justice, or for exercising statutory, governmental, or other public functions.
- Police and other relevant authorities (e.g. Probation Service, Department of Work and Pensions, HM Revenue and Customs) in relation to the prevention or detection of crime and fraud the apprehension or prosecution of offenders and the assessment or collection of tax or duty.
- Other statutory organisations, e.g. social services and health authorities, as necessary for exercising statutory functions.
- Our regulators to comply with our regulatory obligations.
This list is not exhaustive as there are other circumstances where we may also be required to share information, for example:
- To meet our legal obligations.
- In connection with legal proceedings (or where we are instructed to do so by court order).
- To protect the vital interests of an individual (in a life or death situation).
International transfer of personal information
We do not envisage transferring any information about, or relating, to you to anyone who is located outside of the European economic area other than as indicated above and we have a commitment from our business partners and data processors that they too will honour this commitment.
Your rights in relation to your personal information
- Right of access – You have the right of access to information we hold about or concerning you. If you would like to exercise this right, please do so in writing. We have a Subject Access Form which you can use for this purpose and we ask that your written request is accompanied by proof of identity. If you are seeking to obtain specific information (e.g. about a particular matter or from a particular time period), it helps if you clarify the details of what you would like to receive in your written request.
If someone is requesting information on your behalf they will need written confirmation from you to evidence your consent for us to release this and proof of ID (both yours and theirs). We have one month to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible).
In response to SARs, we will provide you with a copy of the information we hold that relates to you. With regard to Tenants this will not generally include information about your property such as repair logs, details of contractor visits, or general property maintenance information as this is unlikely to be ‘personal information’.
- Right of rectification or erasure – If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data.
Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared your data about your request for erasure.
- Right to restriction of processing – You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have requested its erasure, or where we don’t need to hold your data anymore but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
- Right to portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means called a data portability request.
- Right to object – You have a right to object to our processing of your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
For further information on how to request your personal information and how and why we process your information, you can contact us using the details below:
Data Protection Officer
The Insight Group
49 Queen Street
01723 353 255 | firstname.lastname@example.org
The Information Commissioner (ICO) is also a source of further information about your data protection rights. The ICO is an independent official body, and one of their primary functions is to administer the provisions of the UK Data Protection Act 2018 and the EU General Data Protection Regulation. You also have a right to lodge a complaint about any aspect of how we are handling your data with the ICO and can do so at the following address:
Information Commissioner’s Office
0303 123 1113 | www.ico.org.uk
Changes to this privacy notice
We may change this privacy notice from time to time, but if we change it in a way which significantly alters the terms upon which you have agreed, we will post notice of the change on our website and you will be deemed to have accepted such changes. This privacy notice was last updated June 2018.