+44 7444 139 434 bookings@blue-bridge.co.uk

Data Protection Policy

BLUE BRIDGE PROPERTY SERVICES LLP

Our website address is: https://blue-bridge.co.uk

Data Protection

Bluebridge Property Services LLP (BBPS LLP) and its associated companies take its responsibilities with regard to the management of the requirements of the Data Protection Act 1998 (the “Act”) and the General Data Protection Regulations superseding the Act very seriously. This document provides the policy framework through which effective management of data protection matters can be achieved.

1. Scope of the Policy

The purpose of this policy is to ensure that BBPS LLP, and its staff comply with the provisions of the Data Protection Act 1998 and the General Data Protection Regulations of May 2018 when processing personal data. Any significant infringement of the Regulations will be treated seriously by BBPS LLP. This policy applies regardless of where the data is held, ie if it is held on personally-owned equipment or outside BBPS LLP’s property.

BBPS LLP is required to adhere to the principles of data protection as laid down by the Regulations. In accordance with those principles, personal data shall be:

  1. Processed fairly, lawfully and in a transparent manner in relation to individuals.
  2. Processed for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accurate and where necessary, kept up to date.
  5. Not kept longer than necessary
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

In addition, personal data will not be transferred outside the countries of the European Economic Area without adequate protection and where the same principles of data protection under the Regulations are enforced.

2. Responsibilities

BBPS LLP’s responsibilities

As the Data Controller BBPS LLP is responsible for establishing policies and procedures in order to comply with the requirements of the Data Protection Act 1998, superseded by the General Data Protection Regulations 2018. In particular this involves

  • Drawing up guidance, giving advice and promoting compliance with this policy in such a way as to ensure the easy, appropriate and timely retrieval of information;
  • The appropriate compliance with subject access rights and ensuring that data is released in accordance with subject access legislation.
  • Ensuring that any data protection breaches are resolved, catalogued and reported appropriately in a swift manner and in line with guidance from the Information Commissioner’s Office;
  • Investigating and responding to complaints regarding data protection including requests to cease processing and holding personal data.
  • Obtaining an individual’s explicit and unambiguous consent for Escape to hold personal data.
Staff responsibilities

Staff members who process personal data must comply with the requirements of this policy.

Staff members must ensure that:

  • All personal data is kept securely;
  • No personal data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party;
  • Personal data is not kept longer than necessary;
  • Any queries regarding data protection, including subject access requests and complaints, are promptly directed to the appropriate person (Finance Director);
  • Any data protection breaches are swiftly brought to the attention of the Finance Director who will support staff in resolving breaches;
  • Where there is uncertainty around a Data Protection matter advice is sought from the Finance Director;
  • Staff who are not sure to whom they can legitimately disclose personal data should seek advice from the Finance Director.
Third-Party Data Processors

Where external companies are used to process personal data on behalf of the BBPS LLP, responsibility for the security and appropriate use of that data remains with BBPS LLP.

Where a third-party data processor is used:

  • a data processor must be chosen which provides sufficient guarantees about its security measures to protect the processing of personal data under the General Data Protection Regulations;
  • reasonable steps must be taken to check that such security measures are in place;
  • a written contract establishing what personal data will be processed and for what purpose must be set out.
Contractors and Short-Term Staff

BBPS LLP is responsible for the use made of personal data by anyone working on its behalf. Managers who employ contractors or short term staff must ensure that they are appropriately vetted in respect of the data they will be processing. In addition managers should ensure that:

any personal data collected or processed in the course of work undertaken for BBPS LLP is kept securely and confidentially;
all personal data is returned to BBPS LLP on completion of the work, including any copies that may have been made. Alternatively BBPS LLP should request that the data is securely destroyed and that BBPS LLP receives notification and evidence in this regard from the contractor or short term staff member;
all practical and reasonable steps are taken to ensure that contractors and short term staff do not have access to any personal data beyond what is essential for the work to be carried out properly.

3. Subject Access Requests

BBPS LLP is required to permit individuals to access their own personal data held by BBPS LLP via a subject access request. Any individual wishing to exercise this right should do so in writing to BBPS LLP at 24 Bouverie Road West, Folkestone CT20 2SZ, addressing all requests to the Finance Director.

BBPS LLP aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within one calendar month as set out under the General Data Protection Regulations.

4. Data Protection Breaches

Where a Data Protection breach occurs, or is suspected, it should be reported immediately in accordance with the Data Security Breach Policy.

5. Contact

Queries regarding this policy can be made to the Finance Director.