Privacy Policy

Privacy Notice

Please read this privacy notice and any other privacy notice or fair processing notice we may provide on specific occasions carefully, as it is designed to help you understand what information we collect, why we collect it, and how you can update, manage, export and delete your information.
This privacy notice supplements the other any notices you may have been provided with and is not intended to override them.
We do not and will not sell your data to third parties.

Who we are
We are Comer Property Management Limited with company number 03973592. We are part of the Comer Homes Group and we manage Comer Homes residential and commercial properties.

The Comer Homes Group (the Group) is renowned for the high quality of its residential and commercial developments.
Our Group developments include projects spanning from London centric, to the leafy counties surrounding London, the Southwest coast and the Aberdeen countryside in Scotland Every site has a unique vision and style to produce developments of distinction.

Our Group comprises of a number of different companies and in view of the different activities we undertake within the Group you many know us by a different name. The Group is comprised of the companies listed below, all of which are incorporated and registered in England and Wales and each having its registered office at Harold Benjamin Solicitors Fourth Floor, Hygeia House, 66 College Road, Harrow, United Kingdom, HA1 1BE.

Our Group Companies
Beckfield Limited company number 03545538 the company who manages the lettings, sales, and purchase of our residential and commercial properties.

Dove Park Properties Limited company number 03973592 the company who manage residential rental properties and housing association properties

OPEC Prime Limited company number 01923040 the company who manages our residential and commercial development sites.

Data Controller
Comer Property Management Limited is the Controller (registered with the ICO under number ZA276427). As data controller we are responsible for processing your personal data as described in this privacy notice. This means we decide why we collect your data, how we collect it, what data is collected, how this data is going to be used and how this data is protected.

Our commitment
We respect your right to privacy and are committed to protecting it and complying with data protection law. We will always keep your personal data safe. We will be clear and open with you about why we collect your personal data and how we use it. Where you have choices or rights, we will explain them to you and respect your wishes.

Our contact details
Name: Please contact us via the Comer Homes Group, Privacy Team
E-mail: privacy@comerhomes.co.uk

Data protection officer (DPO)
We have appointed GRCI Law Limited as our DPO, who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, our privacy practices or how we handle your personal data, please contact our DPO at dpoaas@grcilaw.com.

What is meant by personal data?
Personal data is information which identifies you as an individual. Some examples are outlined below:
Personal data is anything which may identify you for example your name, address, bank account details, internet protocol (IP) address, username or another identifier.

Some personal data is unique to you and therefore requires greater protection. This data is referred to as special category data which includes information regarding your health, religious or philosophical beliefs, race, or ethnicity to provide a few examples.

The type of personal data we collect
We currently collect and process when you engage with us or one of the Group companies or where you visit our website www.thecomergroup.com. The type of personal data we collect, and process includes but is not limited to the following:

  • Identity data including your first name, last name, date of birth, title. Contact data including your billing address, email address and telephone number(s).
  • Employment data including details of your employer, job title, company address, email and telephone number and details of your directors and executive officers;
  • Experience and Qualification data including details of qualifications and certificates including but not limited to CSCS cards and details of insurance policies in operation when required;
  • Background data including, Residential Visas, Proof of Address, references checks, credit rating, and the existence of County Court Judgements;
  • Location data for example we may collect your location data from your postcode, IP address and telephone codes;
  • Transaction data including details about payments to and from you and other details of services you have purchased from us.
  • Technical data including IP address, your login data, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Profile data includes your email and password, the services you have used on our site, your use of social media functions on our website for authentication, feedback, survey responses and such information about your health as you provide to us.
  • Usage data includes information about how you use our website and the services you use.
  • Marketing and communications data includes your preferences in receiving marketing from us, interests and our third parties and your communication preferences.
  • Special Category Personal Data is personal data that needs more protection because it is sensitive, and we may collect this type of personal data from you in the course of providing you with our services or during our interactions with you. For example, where you order products or services from us it may be necessary to ask for information about you and your specific requirements which may mean we will require health data or other such sensitive data to meet or obligations to ensure you receive the product or goods you require.
  • Aggregated Data We may also collect, use, and share aggregated data such as statistical or demographic data for any purpose. aggregated data could be derived from your Personal Data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this privacy notice.
  • We will not process your special category personal data in order to aggregate it without a lawful basis to do so.
We use different methods to collect data from and about you, including:
 
Personal Data provided directly by you 
You may give us your personal data by filling in forms or surveys, on our website, or by corresponding with us by post, phone, email, chat or otherwise. This includes personal data you provide when you:
  • Making an enquiry regarding our services: related to our current properties we may have available, about any of our developments, and future sites;
  • Purchase or agree to rent a property from us from us;¬†
  • Apply to join our organisation;
  • Give us feedback or contact us.
 
Information we receive from third parties
We may receive personal data about you from various third parties, such as:
 
 Technical data from the following parties:
  • Analytics providers such as Google.
  • Credit reference agencies.
  • Advertising networks.
  • Search information providers.
Contact, financial and transaction data from providers of technical, payment and delivery services, such as Stripe;
Transactional data from Stripe;
Technical data and device data from the following parties:
Analytics providers such as Google Analytics Facebook
Advertising networks such as Google, Facebook and Instagram
Search information providers such as Google and
Reviews from providers such as Trustpilot.
 

How we get the personal data and why we have it
Most of the personal data we process is provided to us directly by you for one of the following reasons:

  • To meet our obligations to you;
  • To contact you in relation to your enquiry, purchase(s)] or to notify of changes to our service or purchase;
  • To improve the services we provide to you;
  • To provide you with general information or marketing information which we think will be of interest to you;
  • To keep our website safe and secure and to prevent/detect fraudulent activity;
  • To enable other people or businesses to carry out work on our behalf;
  • To undertake financial checks and other compliance checks as required by law or professional bodies including Anti Money Laundering Checks;

Give us feedback or contact us
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. Please be aware that you can withdraw your consent at any time. You can do this by contacting us at [email]
(b) We have a contractual obligation. For example, where you have paid for a good or a service and it is necessary for us to process your information to provide you with those goods or services.
For administration purposes for example to

  • Meet our obligations owed to you arising from any agreement entered into between you and us
    take, or receive payment, deal with any transaction, respond to your queries, refund requests and/or mange any complaints;
  • to manage our relationship with you, which may include, notifying you of changes to our terms or our privacy notice;
  • to processing orders;
  • to ask you to leave a review, provide us with feedback on our products and/or services or take a survey;
  • to contact you regarding updates or informative communications related to the products, or services; and
  • to properly handle the information, you submit to us enabling us to respond effectively. We may also keep a record of these queries to inform any future communications between us and to demonstrate how we communicated with you throughout our contractual relationship.

(c) We have a legal obligation. For example, may be required to use your personal data to comply with laws. For example, if we are required to co-operate with a police investigation and/or comply with a court order.

(d) We have a legitimate interest. When we rely on this, we will consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.

Where we process personal data for our own legitimate business interest this relates to us managing our business to enable us to give you the best service/products and most secure experience, including:

  • When we respond to your queries and complaints.To run our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise.
  • To make recommendations to you about services that may interest you.
  • To measure and analyse the effectiveness of the advertising we serve you.
  • Ensuring that our marketing is tailored to your interests and to keep our records up to date and to provide you with marketing as allowed by law.
  • To make suggestions and recommendations to you about goods or services that may be of interest to you and necessary for our legitimate interests
  • When we capture your service reviews, for example when you buy goods and services from us, we may follow it up with an enquiry about your experience of the service to help us gauge customer satisfaction.
  • To use data analytics to improve our products/services, marketing, customer relationships and experiences.
  • To define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
  • To study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy.
  • To enforce or apply our website terms of use, our policy terms and conditions, or other contracts.
  • To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with.

Using your data for other reasons
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the Lawful Basis that allows us to do so.

Sharing your Personal Data safely
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

Using Personal Data for marketing purposes
We may use your information to provide you with information regarding our services and goods we think will be of interest to you.

Why we share your Personal Data
As a general principle, we share personal data in order to facilitate or improve our services or offers.
You can opt out of us using your personal data for marketing purposes by following the unsubscribe link included in each marketing email or by contacting us via privacy@comerhomes.co.uk
From time to time, we may share personal data and other information that we have collected about you:
To get help run our business, and deliver our products and services to you;
Where we are legally required to do so, such as in response to court orders or legal process, or to establish, protect or exercise our legal rights or to defend against legal claims or demands;
Where we are acquired by or merged with another entity (in which case we will require such entity to assume our obligations under this privacy notice or inform you that you are covered by a new privacy notice);
If we believe it is necessary in order to investigate, prevent or act regarding illegal activities, fraud, or situations involving potential threats to the rights, property or personal safety of any person, or other such circumstances; or
If we believe it is necessary to investigate, prevent or act regarding situations that involve abuse of our infrastructure or the Internet in general (such as voluminous spamming, denial-of-service attacks, or attempts to compromise the security of the website infrastructure), or to otherwise protect our assets or rights.

Sharing your Personal Data
In general, we will store your personal data within the UK. However, there may be circumstances where we may send personal data outside of the country generally for, but not limited to, reasons relating to processing and storage by our service providers.
When we do this, we will ensure it has an appropriate level of protection and the transfer is made in line with Data Protection Law. Often, this protection is set out under a contract with the organisation that receives that information. You can find more details of the protection given to your information when it is transferred overseas by contacting us.

Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties that have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We periodically test the security of our systems to check for vulnerabilities.

Risk
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information.

Data breach
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Third-party websites, plugins and services links to other websites
You should be aware that information about your use of this website (including your IP address) may be retained by your ISP (Internet Service Provider), the hosting provider and any third party that has access to your Internet traffic.
Our website may contain links to third-party websites and plugins, for instance a social media login plugin. If you choose to use these websites, plugins, or services, you may disclose your information to those third parties.
We are not responsible for the content or practices of those websites, plugins, or services. The collection use and disclosure of your personal data will be subject to the privacy notices of these third parties and not this Privacy Notice. We urge you to read the privacy and cookie notices of the relevant third parties.

Use by children
We do not target children, and our website is not intended to attract children. Accordingly, our online services that collect Personal Data are not directed at and should not be accessed by individuals under the age of 18 years, and we request that such individuals do not provide any personal data to us.

Retention of Personal Data
We will keep your Personal Data in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your data protection rights
Under data protection law, you have rights including:
Your right to be informed – We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal data and our use of it.
Your right of access – You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee.
Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the Personal Data for one of the following reasons:

  • To exercise the right of freedom of expression and information.
  • To comply with a legal obligation.
  • To perform a task in the public interest or exercise official authority.
  • For archiving purposes in the public interest, scientific research, historical research or statistical purposes.
  • For the exercise or defence of legal claims.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:
The accuracy of the Personal Data is contested.
Processing of the Personal Data is unlawful.
We no longer need the Personal Data for processing, but the Personal Data is required for part of a legal process.
The right to object has been exercised and processing is restricted pending a decision on the status of the processing.

Your right to object to processing – You have the right to object to processing in certain circumstances. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party).

Your right to data portability – This right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated.
Please contact us at dpoaas@grcilaw.com if you wish to make a request.

How to exercise your rights
In most circumstances, you do not need to pay any charge for exercising your rights. We have one calendar month to respond to you.
To exercise your rights or get more information about exercising them, please contact us using the details above and providing us with enough information to identify you.

How to complain
If you have any concerns about our use of your personal data, we hope we can resolve any query or concern you may have in relation to our processing of your personal data and ask that you contact us in the first instance at privacy@comerhomes.co.uk.
You can however, at any time, contact the Information Commissioners Office (ICO) if you unhappy with how we process your personal data or if you are unhappy with our response to your complaint using the contact details below:

ICO website: https://www.ico.org.uk
ICO Helpline number: 0303 123 1113
ICO postal address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF