PRIVACY

 

DRUM PROPERTY GROUP

 

PRIVACY POLICY

 

Drum Property Group (together with its subsidiary undertakings) (the “Company“, “we“, “us” or “our“) is committed to protecting the privacy of individuals whose data it processes (“you” or “your“).

 

Structure of this policy

 

This privacy policy is provided in a layered format so you can click through to the section which relates to the information that we collect about you below.

 

1. IMPORTANT INFORMATION AND WHO WE ARE

 

2. CATEGORIES OF DATA SUBJECTS

 

 

3. DISCLOSURES OF YOUR PERSONAL DATA

 

4. DATA RETENTION

 

5. INTERNATIONAL TRANSFERS

 

6. DATA SECURITY

 

7. YOUR LEGAL RIGHTS

 

8. CHANGES TO THIS PRIVACY NOTICE

 

9. FURTHER INFORMATION

 

1. IMPORTANT INFORMATION AND WHO WE ARE

 

The Company is committed to protecting the privacy and security of personal data which is entrusted to us.

 

This privacy policy aims to give you information on how the Company collects and processes your personal data as a controller of data supplied by tenants, contractors, including through your use of this website, by signing up to our newsletter and/or by sending us correspondence and/or providing us with products and/or services.

 

In addition, it outlines your data protection rights under the EU data protection regime introduced by the General Data Protection Regulation (Regulation 2016/679) (the “GDPR“).

 

This website is not intended for children and we do not knowingly collect data relating to children.

 

Please contact Drum Property Group (registered number SC262896]), 12 Rubislaw Terrace Lane, Aberdeen, AB10 1XF if you have any queries in relation to the processing of your personal data under this policy.

 

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager at [info@drumpropertygroup.com].

 

2. CATEGORIES OF DATA SUBJECTS

 

(A) BUSINESS CONTACTS

 

The following section of this policy sets out how the Company may process personal data (as a controller) about its business contacts and (current, previous and/or potential) service providers (and employees of service providers), tenants and contractors and data subjects that have provided a business card to, or have corresponded with the Company, and analysts, journalists and other interested parties who have requested further information on the Company and who have provided their contact and personal details.

 

The kind of information we hold about you

 

We may collect, use, store and transfer different kinds of personal data about you which you provide to us including: name, date of birth, address, email address, telephone numbers, place of work, job title, bank account details, passport details, next of kin and national identification number.

 

We do not collect any sensitive personal data or special categories of personal data about you through our website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

 

How we will use information about you

 

We will use your personal data in the following circumstances: where it is necessary for our legitimate interests, or those of a third party (including in relation to the sending of electronic marketing communications) and where your interests and fundamental rights are not overridden or where we need to comply with a legal or regulatory obligation.

 

Your personal data may be processed by the Company or its sub-processors (or any of its affiliates, agents, delegates or sub-contractors) for the following purposes:

 

 

Basis on which we process your data and right to withdraw consent

 

If we consider it necessary to obtain your consent in relation to the use your personal data (such as for sending emails to individuals that have not invested in the Company), we will contact you to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processes based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communication, please contact follow the unsubscribe instructions included in each electronic marketing communication. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

 

Where such processing is being carried out on the basis that it is necessary to pursue the Company’s legitimate interests, such legitimate interests do not override your interests, fundamental rights or freedoms. Such processing may include the use of your personal data for the purposes of sending you electronic marketing communication, in relation to which you can at any time unsubscribe by following the instructions contained in each marketing communication.

 

(B) VISITORS TO OUR WEBSITE

 

The following section of this policy sets out how the Company may process personal data (as a controller) about visitors to its website.

 

The kind of information we hold about you

 

We may collect, use, store and transfer different kinds of personal data about you which you provide to us though our website: name, date of birth, address, email address, telephone numbers, technical data (including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website, usage data (including information about how you use our website, products and services, and marketing and communications preferences (including your preferences in receiving marketing from us and your communication preferences).

 

We do not collect any sensitive personal data or special categories of personal data about you through our website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

 

How we collect your data

 

We use different methods to collect data from and about you including through:

 

 

How we will use information about you

 

Your personal data may be processed by the Company or its sub-processors (or any of its affiliates, agents, delegates or sub-contractors) for the following purposes:

 

 

We will use your personal data in the following circumstances: where it is necessary for our legitimate interests, or those of a third party (including in relation to the sending of electronic marketing communications) and where your interests and fundamental rights are not overridden by those interests, or where we need to comply with a legal or regulatory obligation.

 

If we consider it necessary to obtain your consent in relation to the use of your personal data (such as for sending emails to individuals that have not invested in the Company), we will contact you to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processes based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communication, please contact us at [info@dripreit.co.uk] or follow the unsubscribe instructions included in each electronic marketing communication. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

 

Links to websites

 

Where the website provides links to other websites, the Company is not responsible for the data protection/privacy/cookie usage policies of such other websites, and you should check these policies on such other websites if you have any concerns about them. If you use one of these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting a linked website and such websites are not governed by this policy. You should always exercise caution and review the privacy policy applicable to the website in question.

 

Cookies

 

A cookie is a small file which asks permission to be placed on your computer. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular website. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

 

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our Website by tailoring it to the needs of users. We only use this information for statistical analysis purposes.

 

Overall, cookies help us provide a better website by enabling us to monitor which pages users find useful and which they don’t. A cookie does not give us access to a user’s computer or any information about them, other than the data they choose to share with us.

 

The browsers of most computers, smartphones and other web–enabled devices are usually set up to accept cookies. If your browser preferences allow it, you can configure your browser to accept all cookies, reject all cookies, or notify you when cookies are set. Each browser is different, so check the “Help” menu of your browser to learn about how to change your cookie preferences.

 

However, please remember that cookies are often used to enable and improve certain functions on our website. [If you choose to switch certain cookies off, it will affect how our website works and you may not be able to access all or parts of our website.]

 

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

 

You can find more information about the individual cookies that we use and the purposes for which we use them below:

 

Cookie

 

Cookie Name

 

Purpose

 

Google Analytics

 

_ga

 

This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.

 

_gat

 

This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.

 

_gid

 

This cookie name is associated with Google Universal Analytics.

 

Expression Engine

 

Exp_csrf_token

 

CSRF stands for Cross Site Request Forgery. This cookie is a security enhancement for Expression Engine. Immediately before any forms are sent on the site, this cookie is set. Craft then verifies that the cookie in the browser was the one that it set, therefore confirming the submission from the site is genuine.

 

Exp_last_activity

 

Every time the state is updated (the page reloaded) the last activity is set to the current datetime. Used to determine expiry. This is essential for logged in users, but not for guests – it is set for both.

 

Exp_tracker

 

Tracks the last 5 pages viewed by the user, and is used primarily for redirection after logging in etc. Affects guests and logged in users.

 

Exp_wrtBqRx4

 

This cookie is associated with Expression Engine.

 

For further details on cookies (including how to turn them off) can be found at WWW.ALLABOUTCOOKIES.ORG.

 

3. DISCLOSURES OF YOUR PERSONAL DATA

 

We will not disclose personal information we hold about you to any third party except as set out below.

 

We may disclose your personal data to other members of our group, to the board of the Company, to the company secretary, to third parties who are providing services to us, including IT service providers, auditors, tax and accountancy advisers, utility providers, commercial cleaning contractors, property maintenance contractors, event management, PR and marketing service providers, backup and disaster recovery service providers.

 

We may also disclose personal data we hold to third parties:

 

 

4. DATA RETENTION

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

5. INTERNATIONAL TRANSFERS

 

We do not transfer your personal data outside the European Economic Area (EEA).

 

6. DATA SECURITY

 

The Company has put in place measures to ensure the security of the personal data it collects and stores about you. It will use its reasonable endeavours to protect your personal data from unauthorised disclosure and/or access, including through the use of network and database security measures, but it cannot guarantee the security of any data it collects and stores.

 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

7. YOUR LEGAL RIGHTS

 

In certain circumstances, by law you have the right to:

 

 

If you wish to exercise any of the rights set out above, please contact the data privacy manager at Drum Property Group, 12 Rubislaw Terrace Lance, Aberdeen, AB10 1XF in writing.

 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We are registered with the ICO, registration number ZA382923. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

8. CHANGES TO THIS PRIVACY NOTICE

 

We may update this privacy notice from time to time, and will communicate such updates through our website. We may also notify you from time to time about the processing of your data.

 

9. FURTHER INFORMATION

 

If you have any queries about this policy or your personal data, or you wish to submit an access request or raise a complaint about the way your personal data has been handled, please do so in writing and address this to the data privacy manager at Drum Property Group (registered number SC262896), 12 Rubislaw Terrace Lance, Aberdeen, AB10 1XF.

 

© 2019 Drum Property Group Limited. All rights reserved.

 

Data Protection and Privacy Policy

 

Last updated February 2021