GQRC Data Privacy
GQRC is committed to protecting the data privacy of all owners & residents in line with UK law and your expectations.
We process & handle some personal data in conjunction with our Management Agent but hold no such data on a permanent basis.
Our specific commitments to data privacy are contained within our general confidentiality document which all directors and committee members are required to sign. This sets out that personal & other information related to dealings with individuals in respect of conveyancing, service charges, covenants and disputes is kept in the strictest confidence and only used for its intended purpose. We also ask directors & committee members to destroy / delete any confidential / personal information they have when they end their roles with GQRC.
At times we may refer to a discussion with an individual owner or resident in our communications but this is anonymised / redacted – e.g. as “a resident of xxxxxx (block)”, as you may have seen over the years – except when we have consent to display the individuals name. .
Most handling of data of a personal information – including names, addresses, e-mails, phone numbers & bank details – is delegated to our Managing Agents who have their own commitment and policies in regard to data privacy as required by RICS and others. Another important role of the managing agent is to train and supervise staff of GQRC in these aspects. Rest assured that all those involved are covered.
Some may have heard of GDPR in regard to Data Privacy & wonder how this applies. GDPR (General Data Protection Regulation) was an EU law regulation implemented in the UK through the 2018 Data Protection Act (DPA) – and retained post Brexit as “UK GDPR”. Hence any references to UK law (such as here) are to DPA & hence GDPR. In GDPR technical terms, GQRC, like most RMCs, is a non-profit organization, so only a “data processor”, not registered with the ICO (Information Commissioners Office) but committed to adhering to the principles of GDPR. Our managing agent (AFP) would be a GDPR “data controller” so registered with the ICO & fully compliant with GDPR.
We have CCTV on the site, as many are aware. It is managed & operated with the support of our managing agent. The GQRC CCTV scheme is registered with the ICO under the terms of the Data Protection Act. We have a written policy (available on request) which describes how it complies with the Act and with the ICO CCTV Code of Practice.
This notice is kept under review and may be updated periodically. Please contact the board for any queries.