The General Data Protection Regulation (GDPR) requires companies to have a valid lawful basis in order to process personal data.
Pisoria processes personal data under the following lawful bases:
Contract: the processing is necessary for a contract between Pisoria and individuals, including our tenants and the landlords that we work with.
Consent: individuals have given clear consent for Pisoria to process their personal data for a specific purpose.
Legal requirement: There are legal requirements for Pisoria to hold certain information, including information related to Right to Rent checks, and gas safety requirements.
Pisoria holds data on our landlords and tenants, which is necessary in order to perform our obligations under the contracts in place between Pisoria and those individuals and organisations. Pisoria only shares this information with third parties, such as landlords and contractors where it is necessary in order to perform our obligations under the contacts. Pisoria does not share this data with any other external parties, or for any other purposes.
Pisoria also holds email addresses and telephone numbers on a marketing database and distribution list. Whenever we communicate using a marketing database we provide a simple to use “unsubscribe” button, which those parties receiving the email may use to automatically remove themselves from the distribution list
If you want to know whether Pisoria holds any of your personal data, and what that data is, please send an email to firstname.lastname@example.org, with the subject line “Personal Data Enquiry”. If you wish Pisoria to delete any, or all, of the personal data that it holds for you, please state this intention in your email.
Prior to the introduction of GDPR, from 25 May 2018, Pisoria had taken appropriate steps to ensure that it was compliant with the previous data protection regulations, contained with the Data Protection Act (DPA). In the run up to the introduction of GDPR, Pisoria has taken the following steps:
- We have made our employees aware that the laws around data protection are changing to reflect GDPR, and the impacts that is likely to have.
- We have performed an information audit to document the personal data we hold, where it came from and who we share it with.
- We have checked our procedures to ensure they cover all of the rights that individuals have, including how we will delete personal data or provide data electronically and in a commonly used format.
- We have identified the lawful bases for our processing activity in GDPR, documented it and updated our privacy notice to explain it.
- We have reviewed how we seek, record and manage consent.
- We have familiarised ourselves with the Information Commissioner’s Office’s (ICO) code of practice on Privacy Impact Assessment as well as the latest guidance from the Article 29 Working Party.