Albanwise Synergy Logo

Albanwise Synergy Limited

Website Privacy Notice

 

The Purpose of this privacy notice is to explain how Albanwise Synergy Limited referred to as Synergy hereafter, processes personal data to fulfil its data protection responsibilities. Synergy will provide specific privacy notices for clients as required. Synergy is part of Wallace Partnership Group Limited (the Group) which comprises a diverse group of businesses operating in the UK.

The Role of Synergy in data protection terms is that of a data controller where it determines the purpose and the way it uses any personal data it requests and collects. Thereafter, the processing of it becomes the responsibility of the Group privacy manager (PM) contactable using privacy@albanwisewallaceestates.com, who ensures that all processing is undertaken in accordance with the latest UK data protection legislation. It has a data processor role when it is acting on the instructions of its clients such as property freeholders and other businesses within the Group.

The sort of personal data collected by Synergy will be basic contact details sufficient to be able to respond to general enquiries and then sufficient details to administer our contract with you, as required.

Synergy’s duty of confidentiality means that our staff will treat your personal data with due respect and in confidence. It is only disclosed to those that need to know it. We expect the same duty of confidentiality from all third parties with whom Synergy shares personal data and where appropriate, data processing agreements are in place. We use reasonable organisational and technical measures to ensure personal data is kept secure. These include having contractual obligations with those organisations with whom we share personal data, such as within the Group, and data processing agreements with those organisations that perform certain processing activities on our behalf. Sharing is kept to a minimum and the list of organisations that might receive your personal data is reviewed regularly. All processing undertaken by Synergy staff takes place on-site and/or agreed off-site locations, but all within the UK.

Synergy processes personal data against a lawful basis and such instances are described below:

·      We will pursue our legitimate interests to respond to your general enquiries and to stay in touch with you for marketing purposes as appropriate

·      When necessary for the performance of a contract with you and its prior preparation

·      To comply with our legal obligations

·       When processing for a pre-defined purpose for which your consent will be sought prior to the processing commencing – please note that consent can be withdrawn at any time by contacting the Group PM

In all cases the processing of personal data by Synergy shall be done in accordance with the principles of data protection.

Synergy will share personal data, on a ‘need to know’ basis with some or all of the following:

·      IT support companies that are subject to a data processing agreement

·      Appropriate third-party organisations, but only with your prior permission

·      Other businesses in the Group that are subject to a data sharing agreement

·       Other organisations providing managed services on our behalf

·       Unspecified recipients but only when compelled to do so for legal reasons

Synergy will process your personal data in the UK and all business data, including email, are backed up using a replicated systems based in the UK and the Republic of Ireland.

Synergy follows a retention schedule to determine the length of time it holds different types of personal data. The retention schedule is shown below:

·      Routine correspondence for casual and contract related business in hard copy or in emails will be stored for the current tax year plus 6 years

·      Minimal contact data is stored indefinitely unless a valid request to erasure is received from the interested data subject

·      Personal data collected for the preparation of a contract, will be retained for the duration of the activity plus 6 years after our last contact with you

·      Financial records and invoices, which may include personal data, will be retained for 6 years after the end of the current tax year of processing

·       By exception, documentation that includes personal data may be retained by Synergy beyond the schedule, but only for a specific purpose and only when we believe we have a legitimate interest or a legal obligation to do so

At the end of the retention schedule Synergy will either return, destroy or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, it will put it beyond operational use. It should be noted that Synergy allows up to 3 months after the retention schedule to complete the action.

The Synergy website uses non-essential cookies (and other technologies) but these will only be downloaded onto your device if you give permission through the cookie consent management platform – please see our cookie notice for an explanation of the cookies being used.

The UK General Data Protection Regulation defines the rights that you have, although these do not apply in all situations. For convenience, these rights are shown below:

·      Right to be informed as to how we process your personal data – this is done through this notice

·      Right to access your personal data held by us which is done by making a ‘Data Subject Access Request’ (DSAR) to the Group PM

·      Right to rectification of your personal data if you believe we have collected it incorrectly or it needs to be updated

·      Right to erasure of your personal data for which we no longer have a legitimate purpose to process

·      Right to restrict processing under certain circumstances, during which time your personal data but will be out of operational use until the related matter is resolved

·      Right to data portability of your personal data in a machine-readable version, but this only applies to data that has been provided with consent or under contract

·      Right to object to our processing your personal data for which we do not have a legal or contractual obligation

·       Rights related to automated decision making and profiling (although we do not use these techniques in its decision making)

Further details on data subjects’ rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.

Raising concerns, exercising rights or making queries about our processing of your personal data can be done by contacting the Group PM. Be aware that we will need to verify your identity before responding fully. This may involve asking you for documentary proof that, in context, will enable us to confirm your identity. Alternatively, you may contact the ICO directly without referring to us first, although naturally we would welcome the first opportunity to address your concerns or queries.

 

v1.0

November 2023