Introduction
Comer Homes Group (“Comer Homes”) respects your privacy and is committed to protecting your personal data. This privacy Notice will inform you how we look after your personal data when you visit our website or when you otherwise provide personal data to us via other means (such as over the telephone – regardless of where you contact us from) and tell you about your privacy rights and how the law protects you.
The processing of your personal data within the UK is governed by the UK General Data Protection Regulation (GDPR) which is contained within the UK Data Protection Act 2018, (The Act) In essence the term processing means, recording, storage, alteration, destruction sharing, disclosure, basically anything we do with your personal data is deemed to be processing.
We at Comer Homes want to assure you that the protection of your personal data is paramount to our business model and ethics. We will ensure our staff respect your data and your privacy and when no longer required we will dispose of your data in a secure manner using recognised industry standard techniques.
This privacy notice supplements any other privacy notices and is not intended to override them.
We do not and will not sell your data to third parties.
Who we are
Our website address is: https://newlandpark.com.
Comer Homes is renowned for the high quality of its residential and commercial developments.
Data Controller
Beckfield Limited is our lead organisation the Controller (registered with the ICO under number ZA225167). As data controller we are responsible for processing your personal data as described in this privacy notice. This means we decide why we collect your data, how we collect it, what data is collected, how this data is going to be used and how this data is protected.
Our commitment
We respect your right to privacy and are committed to protecting it and complying with data protection law. We will always keep your personal data safe. We will be clear and open with you about why we collect your personal data and how we use it. Where you have choices or rights, we will explain them to you and respect your wishes.
Our contact details
Name: Please contact us at the Comer Homes Group UK, Privacy Team
E-mail: [email protected]
Data protection officer (DPO)
We have appointed GRCI Law Limited as our DPO, who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, our privacy practices or how we handle your personal data, please contact our DPO at [email protected].
What is meant by personal data?
Personal data is information which identifies you as an individual. Some examples are outlined below:
Personal data is anything which may identify you for example, your name, address, bank account details, internet protocol (IP) address, username or another identifier.
Some personal data is sensitive about you and therefore requires greater protection. This data is referred to as special category data which includes information regarding your health, religious or philosophical beliefs, race, or ethnicity to provide a few examples. We will not collect special category data unless it is required for processing and such processing can qualify as an exemption under the law.
The type of personal data we collect
We currently collect and process your data when you visit our website newlandpark.com. The type of personal data we collect, and process includes but is not limited to the following:
-
Identity data including your first name, last name, date of birth, title.
-
Contact data including your billing address, email address and telephone number(s).
-
Employment data including details of your employer, job title, company address, email and telephone number and details of your directors and executive officers;
-
Experience and Qualification data including details of qualifications and certificates including but not limited to CSCS cards and details of insurance policies in operation when required;
-
Background data including, Residential Visas, Proof of Address, references checks, credit rating, and the existence of County Court Judgements;
-
Location data for example we may collect your location data from your postcode, IP address and telephone codes;
-
Transaction data including details about payments to and from you and other details of services you have purchased from us.
-
Technical data including IP address, your login data, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform, and other technology on the devices you use to access our website.
-
Profile data includes your email and password, the services you have used on our site, your use of social media functions on our website for authentication, feedback, survey responses and such information about your health as you provide to us.
-
Usage data includes information about how you use our website and the services you use.
-
Marketing and communications data includes your preferences in receiving marketing from us, interests and our third parties and your communication preferences.
-
Special Category Personal Data is personal data that needs more protection because it is sensitive, and we may collect this type of personal data from you in the course of providing you with our services or during our interactions with you. For example, where you order products or services from us it may be necessary to ask for information about you and your specific requirements which may mean we will require health data or other such sensitive data to meet or obligations to ensure you receive the product or goods you require.
-
Aggregated Data We may also collect, use, and share aggregated data such as statistical or demographic data for any purpose. aggregated data could be derived from your Personal Data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this privacy notice.
-
We will not process your special category personal data in order to aggregate it without a lawful basis to do so.
We use different methods to collect data from and about you, including:
Personal Data provided directly by you
You may give us your personal data by filling in forms or surveys, on our website, or by corresponding with us by post, phone, email, chat or otherwise. This includes personal data you provide when you:
-
Making an enquiry regarding our services: related to our current properties we may have available, about any of our developments, and future sites;
-
Purchase or agree to rent a property from us from us;
-
Apply to join our organisation;
-
Give us feedback or contact us.
Information we receive from third parties
We may receive personal data about you from various third parties, such as:
Technical data from the following parties:
-
Analytics providers such as Google.
-
Credit reference agencies.
-
Advertising networks.
-
Search information providers.
Contact, financial and transaction data from providers of technical, payment and delivery services, such as Stripe;
Transactional data from Stripe;
Technical data and device data from the following parties:
Analytics providers
Advertising networks
Search information providers such as Google and
Reviews from providers such as Trustpilot.
How we get the personal data and why we have it
Most of the personal data we process is provided to us directly by you for one of the following reasons:
-
To meet our obligations to you;
-
To contact you in relation to your enquiry, purchase(s)] or to notify of changes to our service or purchase;
-
To improve the services we provide to you;
-
To provide you with general information or marketing information which we think will be of interest to you;
-
To keep our website safe and secure and to prevent/detect fraudulent activity;
-
To enable other people or businesses to carry out work on our behalf;
-
To undertake financial checks and other compliance checks as required by law or professional bodies including Anti Money Laundering Checks;
-
Give us feedback or contact us
Under the GDPR the lawful bases we rely on for processing this information are:
(a) Your consent. Please be aware that you can withdraw your consent at any time. You can do this by contacting us at [email protected]
(b) We have a contractual obligation. For example, where you have paid for a good or a service and it is necessary for us to process your information to provide you with those goods or services.
For administration purposes for example to
-
Meet our obligations owed to you arising from any agreement entered into between you and us
-
take, or receive payment, deal with any transaction, respond to your queries, refund requests and/or mange any complaints;
-
to manage our relationship with you, which may include, notifying you of changes to our terms or our privacy notice;
-
to processing orders;
-
to ask you to leave a review, provide us with feedback on our products and/or services or take a survey;
-
to contact you regarding updates or informative communications related to the products, or services; and
-
to properly handle the information, you submit to us enabling us to respond effectively. We may also keep a record of these queries to inform any future communications between us and to demonstrate how we communicated with you throughout our contractual relationship.
(c) We have a legal obligation. For example, may be required to use your personal data to comply with relevant laws. For example, if we are required to co-operate with a police investigation and/or comply with a court order.
(d) We have a legitimate interest. When we rely on this, we will consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
Where we process personal data for our own legitimate business interest this relates to us managing our business to enable us to give you the best service/products and most secure experience, including:
-
When we respond to your queries and complaints.
-
To run our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise.
-
To make recommendations to you about services that may interest you.
-
To measure and analyse the effectiveness of the advertising we serve you.
-
Ensuring that our marketing is tailored to your interests and to keep our records up to date and to provide you with marketing as allowed by law.
-
To make suggestions and recommendations to you about goods or services that may be of interest to you and necessary for our legitimate interests
-
When we capture your service reviews, for example when you buy goods and services from us, we may follow it up with an enquiry about your experience of the service to help us gauge customer satisfaction.
-
To use data analytics to improve our products/services, marketing, customer relationships and experiences.
-
To define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
-
To study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy.
-
To enforce or apply our website terms of use, our policy terms and conditions, or other contracts.
-
To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with.
Using your data for other reasons
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the Lawful Basis that allows us to do so.
Sharing your Personal Data safely
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. In fact, we require them to maintain the same levels of security as are we.
We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Using Personal Data for marketing purposes
We may use your information to provide you with information regarding our services and goods we think will be of interest to you. Otherwise, we will ask for your consent and affirmation to send you other marketing materials.
You can choose to opt out of us using your personal data in this way for marketing purposes by following the unsubscribe link included in each marketing email or by contacting us via email [email protected]
Third parties with whom we share Personal Data
We may share your personal data with the following organisations that help us manage our business and deliver our products, applications, or services, or where we are legally obliged to share information, including with:
-
With any member of our Group of companies meaning our subsidiaries, our ultimate holding company and its subsidiaries as defined by s. 1159 of the Companies Act 2006;
-
Business partners, our employees, contractors’ consultants, agents and professional advisors;
-
Insurance providers;
-
Third parties carrying out services on our behalf, including billing, sales, marketing agencies, analytics, data storage, validation, security, fraud prevention and legal services;
-
GRCI Law for data privacy services;
-
Stripe for payment processing;
-
Third-party service providers to assist us with client insight analytics, such as Google Analytics;
-
Third parties to which we outsource certain services such as couriers, IT systems or software providers, IT support service providers, and document and data storage providers;
-
Third-party platforms to manage and deliver customer relationship management (CRM);
-
Third parties in the event of any merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our assets (including without limitation in connection with any bankruptcy or similar proceedings);
-
Other organisations for the purposes of fraud/crime protection and investigation;
-
Courts of law and government, regulatory authorities or third parties to the extent required by law, court order or a decision rendered by a competent public authority and for the purpose of law enforcement; or
-
Other third parties where we have asked for your consent.
Why we share your Personal Data
As a general principle, we share personal data in order to facilitate or improve our services or offers.
You can opt out of us using your personal data for marketing purposes by following the unsubscribe link included in each marketing email or by contacting us via [email protected]
From time to time, we may share personal data and other information that we have collected about you:
-
To get help operate our business, and deliver our products and services to you;
-
Where we are legally required to do so, such as in response to court orders or legal process, or to establish, protect or exercise our legal rights or to defend against legal claims or demands;
-
Where we are acquired by or merged with another entity (in which case we will require such entity to assume our obligations under this privacy notice or inform you that you are covered by a new privacy notice);
-
If we believe it is necessary in order to investigate, prevent or act regarding illegal activities, fraud, or situations involving potential threats to the rights, property or personal safety of any person, or other such circumstances; or
-
If we believe it is necessary to investigate, prevent or act regarding situations that involve abuse of our infrastructure or the Internet in general (such as voluminous spamming, denial-of-service attacks, or attempts to compromise the security of the website infrastructure), or to otherwise protect our assets or rights.
Sharing your Personal Data
In general, we will store your personal data within the UK. However, there may be circumstances where we may send personal data outside of the country generally for, but not limited to, reasons relating to processing and storage by our service providers.
When we do this, we will ensure it has an appropriate level of protection and the appropriate safeguards are in place. Any transfer is made in line with Data Protection Laws. Often, this protection is set out under a contract with the organisation that receives that information and is accompanied by the appropriate supplemental measures for processing the data. You can find more details of the protection given to your information if it is transferred outside of the UK by contacting us.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to only those employees, agents, contractors and other third parties that have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We periodically test the security of our systems to check for vulnerabilities.
Risk
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information.
Data breach
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Third-party websites, plugins and services links to other websites
You should be aware that information about your use of this website (including your IP address) may be retained by your ISP (Internet Service Provider), the hosting provider and any third party that has access to your Internet traffic.
Our website may contain links to third-party websites and plugins, for instance a social media login plugin. If you choose to use these websites, plugins, or services, you may disclose your information to those third parties.
We are not responsible for the content or practices of those websites, plugins, or services. The collection use and disclosure of your personal data will be subject to the privacy notices of these third parties and not this Privacy Notice. We urge you to read the privacy and cookie notices of the relevant third parties.
Use by Minors
We do not target minors for our business, and our website is not intended for children. Accordingly, our online services that collect Personal Data are not directed at and should not be accessed by individuals under the age of 18 years, and we request that such individuals do not provide any personal data to us.
Retention of Personal Data
We will keep your Personal Data in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
We will only retain your data as long as necessary to fulfil the original purpose for processing, to complete our obligations to you and comply with regulations. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your data protection rights
Under data protection law, you have rights including:
Your right to be informed – We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal data and our use of it.
Your right of access – You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee.
Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the Personal Data for one of the following reasons:
-
To exercise the right of freedom of expression and information.
-
To comply with a legal obligation.
-
To perform a task in the public interest or exercise official authority.
-
For archiving purposes in the public interest, scientific research, historical research or statistical purposes.
-
For the exercise or defence of legal claims.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:
-
The accuracy of the Personal Data is contested.
-
Processing of the Personal Data is unlawful.
-
We no longer need the Personal Data for processing, but the Personal Data is required for part of a legal process.
-
The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
Your right to object to processing – You have the right to object to processing in certain circumstances. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party).
Your right to data portability – This right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated.
Please contact us at [email protected] if you wish to make a request.
How to exercise your rights
In most circumstances, there is no charge for accessing your data via a data subject access request (DSAR). We will respond to all verified requests within one calendar month.
To exercise your rights or get more information about exercising them, please contact us at [email protected]. You will need to provide us with a valid form of identification, which will be immediately deleted from our systems once we verify your identity. We will then carry out your data request within one calendar month. In some extenuating cases, we may need to extend the length of time of our response to two (2) months. However, this will only be in limited circumstances of improper requests. Likewise, we may refuse a request if the request is manifestly unfounded or excessive.
How to complain
If you have any concerns about our use of your personal data, we hope we can resolve any query or concern you may have in relation to our processing of your personal data and ask that you contact us in the first instance at [email protected]
You can however, at any time, contact the Information Commissioners Office (ICO) if you unhappy with how we process your personal data or if you are unhappy with our response to your complaint using the contact details below:
ICO website: https://www.ico.org.uk Information Commissioner’s Office, ICO Helpline number: 0303 123 1113, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Document Control
This procedure was approved by the in April 2024and is issued on a version-controlled basis under his/her signature.