隐私政策


伊甸园哈珀有限公司
数据保护政策
18/05/2018

1.    Introduction
本政策规定了Eden Harper Ltd的义务,该公司是在英国注册的公司,注册号为04335562,注册办事处位于伦敦巴特西公园路64号,SW11 4JP(“the Company”) regarding data protection 和 the rights of Landlords, Tenants, Consumers, Maintenance Contractors in respect of their 个人资料 under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).

GDPR定义“personal data”作为与已识别或可识别自然人有关的任何信息(“data subject”);可识别的自然人是指可以直接或间接识别的人,特别是通过参考诸如姓名,识别号码,位置数据,在线标识符之类的标识符,或针对一种或多种特定于身体,生理的因素自然人的遗传,心理,经济,文化或社会身份。

This Policy sets 公司’s obligations regarding the collection, processing, 转让, storage, 和 disposal of 个人资料. The procedures 和 principles set out herein must be followed at all times by 公司, its employees, agents, contractors, or other parties working on behalf of 公司.
The Company is committed not only to the letter of the law, but also to the spirit of the law 和 places high importance on the correct, lawful, 和 fair handling of all 个人资料, respecting the legal rights, privacy, 和 trust of all individuals with whom it deals.

2.   数据保护原则
This Policy aims to ensure compliance with the GDPR. The GDPR sets out the following principles with which any party handling 个人资料 must comply. All 个人资料 must be:
2.1    Processed lawfully, fairly, 和 in a transparent manner in relation to the 数据主体.
2.2   出于指定的,明确的和合法的目的而收集,并且没有以与那些目的不兼容的方式进行进一步处理。出于公共利益,科学研究或历史研究目的或统计目的而进行存档的进一步处理,不应视为与最初目的不相容。
2.3   适当,相关且仅限于与处理目的有关的必要内容。
2.4    Accurate 和 , where necessary, kept up to date. Every reasonable step must be taken to ensure that 个人资料 that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.
2.5   保留的形式允许识别数据主体的时间不得超过处理个人数据的目的所必需的时间。个人数据可能会保存更长的时间,因为仅出于公共利益,科学研究或历史研究目的或统计目的,个人数据将仅出于存档目的而处理,但须遵守GDPR所要求的适当技术和组织措施。为了维护数据主体的权利和自由。
2.6    Processed in a manner that ensures appropriate security of the 个人资料, including protection against unauthorised or unlawful processing 和 against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

3.   数据主体的权利
The GDPR sets out the following rights applicable to 数据主体s (please refer to the parts of this policy indicated for further details):
3.1   知情权(第12部分)。
3.2   访问权(第13部分);
3.3   纠正权(第14部分);
3.4   删除权(也称为‘被遗忘的权利’) (Part 15);
3.5   限制处理的权利(第16部分);
3.6   数据携带权(第17部分);
3.7   异议权(第18部分);和
3.8   有关自动决策和配置文件的权利(第19部分和第20部分)。

4.   合法,公平,透明的数据处理
4.1    The GDPR seeks to ensure that 个人资料 is processed lawfully, fairly, 和 transparently, without adversely affecting the rights of the 数据主体. The GDPR states that processing of 个人资料 shall be lawful if at least one of the following applies:
4.1.1    The 数据主体 has given consent to the processing of their 个人资料 for one or more specific purposes;
4.1.2    The processing is necessary for the performance of a contract to which the 数据主体 is a party, or in order to take steps at the request of the 数据主体 prior to entering into a contract with them;
4.1.3   为了遵守数据控制者所承担的法律义务,必须进行处理;
4.1.4    The processing is necessary to protect the vital interests of the 数据主体 or of another natural person;
4.1.5   该处理对于执行出于公共利益或行使数据控制者所赋予的官方权力而执行的任务是必需的;要么
4.1.6    The processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the fundamental rights 和 freedoms of the 数据主体 which require protection of 个人资料, in particular where the 数据主体 is a child.
4.2    [If the 个人资料 in question is “特殊类别数据” (also known as “sensitive 个人资料”) (for example, data concerning the 数据主体’的种族,种族,政治,宗教,工会会员资格,遗传学,生物特征识别(如果用于身份证明目的),健康,性生活或性取向),至少必须满足以下条件之一:
4.2.1    The 数据主体 has given their explicit consent to the processing of such data for one or more specified purposes (unless EU or EU Member State law prohibits them from doing so);
4.2.2    The processing is necessary for the purpose of carrying out the obligations 和 exercising specific rights of the data controller or of the 数据主体 in the field of employment, social security, 和 social protection law (insofar as it is authorised by EU or EU Member State law or a collective agreement pursuant to EU Member State law which provides for appropriate safeguards for the fundamental rights 和 interests of the 数据主体);
4.2.3    The processing is necessary to protect the vital interests of the 数据主体 or of another natural person where the 数据主体 is physically or legally incapable of giving consent;
4.2.4   数据控制者是具有政治,哲学,宗教或工会目的的基金会,协会或其他非营利组织,其处理是在其合法活动的过程中进行的,但前提是该处理仅涉及以下方面:该机构的成员或前任成员,或就其宗旨与之定期接触的人员,未经数据主体同意,不得在机构外部披露个人数据;
4.2.5    The processing relates to 个人资料 which is clearly made public by the 数据主体;
4.2.6   对于进行法律诉讼或法院以司法身份行事是必要的;
4.2.7    The processing is necessary for substantial public interest reasons, on the basis of EU or EU Member State law which shall be proportionate to the aim pursued, shall respect the essence of the right to data protection, 和 shall provide for suitable 和 specific measures to safeguard the fundamental rights 和 interests of the 数据主体;
4.2.8   为了预防或职业医学,评估员工的工作能力,进行医学诊断,提供健康或社会护理或治疗,或管理健康或社会护理系统或服务,必须进行处理根据欧盟或欧盟成员国法律或与医疗保健专业人员签订的合同,但须遵守GDPR第9(3)条提及的条件和保障措施;
4.2.9    The processing is necessary for public interest reasons in the area of public health, for example, protecting against serious cross-border threats to health or ensuring high standards of quality 和 safety of health care 和 of medicinal products or medical devices, on the basis of EU or EU Member State law which provides for suitable 和 specific measures to safeguard the rights 和 freedoms of the 数据主体 (in particular, professional secrecy); or
4.2.10    The processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR based on EU or EU Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection, 和 provide for suitable 和 specific measures to safeguard the fundamental rights 和 the interests of the 数据主体.]

5.   明确,明确和合法的目的
5.1    The Company collects 和 processes the 个人资料 set out in Part 21 of this Policy. This includes:
5.1.1    Personal data collected directly from 数据主体s
5.1.2   从第三方获得的个人数据。
5.2    The Company only collects, processes, 和 holds 个人资料 for the specific purposes set out in Part 21 of this Policy (or for other purposes expressly permitted by the GDPR).
5.3    Data subjects are kept informed at all times of the purpose or purposes for which 公司 uses their 个人资料. Please refer to Part 12 for more information on keeping 数据主体s informed.

6.   充分,相关和有限的数据处理
The Company will only collect 和 process 个人资料 for 和 to the extent necessary for the specific purpose or purposes of which 数据主体s have been informed (or will be informed) as under Part 5, above, 和 as set out in Part 21, below.

7.   数据准确性和保持数据最新
7.1    The Company shall ensure that all 个人资料 collected, processed, 和 held by it is kept accurate 和 up-to-date. This includes, but is not limited to, the rectification of 个人资料 at the request of a 数据主体, as set out in Part 14, below.
7.2    The accuracy of 个人资料 shall be checked when it is collected 和 at regular intervals thereafter. If any 个人资料 is found to be inaccurate or out-of-date, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.

8.    Data Retention
8.1    The Company shall not keep 个人资料 for any longer than is necessary in light of the purpose or purposes for which that 个人资料 was originally collected, held, 和 processed.
8.2    When 个人资料 is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
8.3    For full details of 公司’s approach to data retention, including retention periods for specific 个人资料 types held by 公司, please refer to our Data Retention Policy.

9.    Secure Processing
The Company shall ensure that all 个人资料 collected, held, 和 processed is kept secure 和 protected against unauthorised or unlawful processing 和 against accidental loss, destruction, or damage. Further details of the technical 和 organisational measures which shall be taken are provided in Parts 22 to 27 of this Policy.

10。   问责制和记录保存
10.1    The Company’s的数据保护官是Ajaye Gopal,可以通过发送电子邮件至[email protected],电话为020 3514 4056或通过邮寄至伦敦SW2 1RH阿灵顿游行3阿灵顿游行的伊甸园哈珀。
10.2    The Data Protection Officer shall be responsible for overseeing the implementation of this Policy 和 for monitoring compliance with this Policy, 公司’其他与数据保护相关的政策,以及GDPR和其他适用的数据保护法规。
10.3    The Company shall keep written internal records of all 个人资料 collection, holding, 和 processing, which shall incorporate the following information:
10.3.1    The name 和 details of 公司, its Data Protection Officer, 和 any applicable third-party data processors;
10.3.2    The purposes for which 公司 collects, holds, 和 processes 个人资料;
10.3.3    Details of the categories of 个人资料 collected, held, 和 processed by 公司, 和 the categories of 数据主体 to which that 个人资料 relates;
10.3.4    Details of any 转让s of 个人资料 to non-EEA countries including all mechanisms 和 security safeguards;
10.3.5    Details of how long 个人资料 will be retained by 公司 (please refer to 公司’的数据保留政策);和
10.3.6    Detailed descriptions of all technical 和 organisational measures taken by 公司 to ensure the security of 个人资料.

11。   数据保护影响评估
11.1    The Company shall carry out数据保护影响评估 for any 和 all new projects 和 /or new uses of 个人资料 which involve the use of new technologies 和 the processing involved is likely to result in a high risk to the rights 和 freedoms of 数据主体s under the GDPR.
11.2   数据保护影响评估应由数据保护官监督,并应解决以下问题:
11.2.1    The type(s) of 个人资料 that will be collected, held, 和 processed;
11.2.2    The purpose(s) for which 个人资料 is to be used;
11.2.3    The Company’s objectives;
11.2.4    How 个人资料 is to be used;
11.2.5   要咨询的各方(内部和/或外部);
11.2.6   数据处理相对于处理目的的必要性和比例性;
11.2.7    Risks posed to 数据主体s;
11.2.8    Risks posed both within 和 to 公司; 和
11.2.9   建议的措施以最小化和处理已识别的风险。

12   保持数据主体的知情
12.1    The Company shall provide the information set out in Part 122 to every 数据主体:
12.1.1    Where 个人资料 is collected directly from 数据主体s, those 数据主体s will be informed of its purpose at the time of collection; 和
12.1.2    Where 个人资料 is obtained from a third party, the relevant 数据主体s will be informed of its purpose:
a)    if the 个人资料 is used to communicate with the 数据主体, when the first communication is made; or
b)    if the 个人资料 is to be 转让red to another party, before that 转让 is made; or
c)    as soon as reasonably possible 和 in any event not more than one month after the 个人资料 is obtained.
12.2   应提供以下信息:
12.2.1    Details of 公司 including, but not limited to, the identity of its Data Protection Officer;
12.2.2    The purpose(s) for which the 个人资料 is being collected 和 will be processed (as detailed in Part 21 of this Policy) 和 the legal basis justifying that collection 和 processing;
12.2.3    Where applicable, the legitimate interests upon which 公司 is justifying its collection 和 processing of the 个人资料;
12.2.4    Where the 个人资料 is not obtained directly from the 数据主体, the categories of 个人资料 collected 和 processed;
12.2.5    Where the 个人资料 is to be 转让red to one or more third parties, details of those parties;
12.2.6    Where the 个人资料 is to be 转让red to a third party that is located outside of the European Economic Area (the “EEA”),转让的详细信息,包括但不限于现有的保障措施(更多信息,请参阅本政策的第28部分);
12.2.7   数据保留的详细信息;
12.2.8    Details of the 数据主体’GDPR的权利;
12.2.9    Details of the 数据主体’s right to withdraw their consent to 公司’s processing of their 个人资料 at any time;
12.2.10    Details of the 数据主体’向信息专员投诉的权利’s Office (the “监督机构” under the GDPR);
12.2.11    Where applicable, details of any legal or contractual requirement or obligation necessitating the collection 和 processing of the 个人资料 和 details of any consequences of failing to provide it; 和
12.2.12    Details of any automated decision-making or profiling that will take place using the 个人资料, including information on how decisions will be made, the significance of those decisions, 和 any consequences.

13    Data Subject Access
13.1   数据主体可以提出主题访问请求(“SARs”) at any time to find out more about the 个人资料 which 公司 holds about them, what it is doing with that 个人资料, 和 why.
13.2    Employees wishing to make a SAR should do using a Subject Access Request Form, sending the form to 公司’s Ajaye Gopal的数据保护官,可以通过电子邮件联系[email protected],电话是020 3514 4056,也可以邮寄到伦敦SW2 1RH阿灵顿游行3阿灵顿游行的Eden Harper。
13.3    Responses to 特区 shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex 和 /or numerous requests are made. If such additional time is required, the 数据主体 shall be informed.
13.4    All 特区 received shall be handled by 公司’数据保护官。
13.5    The Company does not charge a fee for the handling of normal 特区. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a 数据主体, 和 for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.

14。   纠正个人资料
14.1    Data subjects have the right to require 公司 to rectify any of their 个人资料 that is inaccurate or incomplete.
14.2    The Company shall rectify the 个人资料 in question, 和 inform the 数据主体 of that rectification, within one month of the 数据主体 informing 公司 of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the 数据主体 shall be informed.
14.3    In the event that any affected 个人资料 has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that 个人资料.

15   删除个人资料
15.1    Data subjects have the right to request that 公司 erases the 个人资料 it holds about them in the following circumstances:
15.1.1    It is no longer necessary for 公司 to hold that 个人资料 with respect to the purpose(s) for which it was originally collected or processed;
15.1.2    The 数据主体 wishes to withdraw their consent to 公司 holding 和 processing their 个人资料;
15.1.3    The 数据主体 objects to 公司 holding 和 processing their 个人资料 (and there is no overriding legitimate interest to allow 公司 to continue doing so) (see Part 18 of this Policy for further details concerning the right to object);
15.1.4    The 个人资料 has been processed unlawfully;
15.1.5    The 个人资料 needs to be erased in order for 公司 to comply with a particular legal obligation
15.2    Unless 公司 has reasonable grounds to refuse to erase 个人资料, all requests for erasure shall be complied with, 和 the 数据主体 informed of the erasure, within one month of receipt of the 数据主体’s request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the 数据主体 shall be informed.
15.3    In the event that any 个人资料 that is to be erased in response to a 数据主体’如果已将要求披露给第三方,则应将删除信息告知这些第三方(除非这样做是不可能的,否则将需要不成比例的努力)。

16。   个人数据处理的限制
16.1    Data subjects may request that 公司 ceases processing the 个人资料 it holds about them. If a 数据主体 makes such a request, 公司 shall retain only the amount of 个人资料 concerning that 数据主体 (if any) that is necessary to ensure that the 个人资料 in question is not processed further.
16.2    In the event that any affected 个人资料 has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so).

17。    Data Portability
17.1    The Company processes 个人资料 using automated means such as via software systems, email 和 other electronic methods.
17.2    Where 数据主体s have given their consent to 公司 to process their 个人资料 in such a manner, or the processing is otherwise required for the performance of a contract between 公司 和 the 数据主体, 数据主体s have the right, under the GDPR, to receive a copy of their 个人资料 和 to use it for other purposes (namely transmitting it to other data controllers).
17.3    To facilitate the right of data portability, 公司 shall make available all applicable 个人资料 to 数据主体s in the following formats:
17.3.1   书面或电子邮件
17.4    Where technically feasible, if requested by a 数据主体, 个人资料 shall be sent directly to the required data controller.
17.5    All requests for copies of 个人资料 shall be complied with within one month of the 数据主体’s request. The period can be extended by up to two months in the case of complex or numerous requests. If such additional time is required, the 数据主体 shall be informed.

18岁   反对个人数据处理
18.1    Data subjects have the right to object to 公司 processing their 个人资料 based on legitimate interests, direct marketing (including profiling).
18.2    Where a 数据主体 objects to 公司 processing their 个人资料 based on its legitimate interests, 公司 shall cease such processing immediately, unless it can be demonstrated that 公司’s legitimate grounds for such processing override the 数据主体’的利益,权利和自由,或进行合法索偿所必需的处理。
18.3    Where a 数据主体 objects to 公司 processing their 个人资料 for direct marketing purposes, 公司 shall cease such processing immediately.

19   自动化决策
19.1    The Company uses 个人资料 in automated decision-making processes for referencing
19.2    Where such decisions have a legal (or similarly significant effect) on 数据主体s, those 数据主体s have the right to challenge to such decisions under the GDPR, requesting human intervention, expressing their own point of view, 和 obtaining an explanation of the decision from 公司.
19.3   第19.2部分中描述的权利不适用于以下情况:
19.3.1    The decision is necessary for the entry into, or performance of, a contract between 公司 和 the 数据主体;
19.3.2   该决定是法律授权的;要么
19.3.3    The 数据主体 has given their explicit consent.

20    Profiling 
20.1    The Company does not currently use 个人资料 for profiling purposes. Should it do in the future, the following will apply:
20.2    When 个人资料 is used for profiling purposes, the following shall apply:
20.2.1    Clear information explaining the profiling shall be provided to 数据主体s, including the significance 和 likely consequences of the profiling;
20.2.2   应使用适当的数学或统计程序;
20.2.3   应采取技术和组织措施以最大程度地减少错误风险。如果发生错误,则此类措施必须使它们易于纠正;和
20.2.4    All 个人资料 processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling (see Parts 22 to 26 of this Policy for more details on data security).

21   收集,持有和处理的个人数据
The following 个人资料 is collected, held, 和 processed by 公司 (for details of data retention, please refer to 公司’的数据保留政策):

 

数据参考

资料类型

数据目的

供应商1

名称&联系方式,地址证明和护照

需要注册,标识和验证所有权,以满足法律要求

房东1

 

名称&联系方式,护照

需要注册,标识和验证所有权,以满足法律要求

房东2

保险

为了确保财产保险

房东3

抵押详情

确保房东已获得同意让

房东4

银行明细

要支付租金,处理税务问题

租户1

名称& 联系 Details

需要核实适合性,核实身份证,核实可负担性,执行房租检查权,进行推荐,符合法律要求

租户2

电话号码(工作,家庭,移动)

处理租户报告的维护和维修问题

租户3

当前& Forwarding address

偿还押金(如适用),与公用事业公司打交道&地方当局,与寻人机构,律师,法律顾问和法院服务机构联系(如适用)

租户4

银行明细

用于还款(如果适用)

维修承包商1

名称& 联系 Details

参考和验证承包商

维修承包商2

联系方式& 电话 Numbers

指示维护和修理,发布工单,提供声明

维修承包商3

银行明细

支付相关作品

 

22   数据安全-传输个人数据和通讯
The Company shall ensure that the following measures are taken with respect to all communications 和 other 转让s involving 个人资料:
22.1    All emails containing 个人资料 must be encrypted. All emails containing 个人资料 must be marked “confidential”;
22.2   个人数据只能通过安全网络传输;在任何情况下都不允许在不安全的网络上进行传输;
22.3   如果存在合理可行的有线选择,则可能无法通过无线网络传输个人数据;
22.4   电子邮件正文中包含的个人数据,无论发送还是接收,都应从该电子邮件正文中复制并安全地存储。电子邮件本身应删除。与之关联的所有临时文件也应使用
22.5    Where 个人资料 is to be sent by facsimile transmission the recipient should be informed in advance of the transmission 和 should be waiting by the fax machine to receive the data;
22.6    Where 个人资料 is to be 转让red in hardcopy form it should be passed directly to the recipient BY POST OR GIVEN TO THE RECIPIENT IN PERSON
22.7    All 个人资料 to be 转让red physically, whether in hardcopy form or on removable electronic media shall be 转让red in a suitable container marked “confidential”.

23。   数据安全-存储
The Company shall ensure that the following measures are taken with respect to the storage of 个人资料:
23.1    All electronic copies of 个人资料 should be stored securely using passwords 和 data encryption;
23.2    All hardcopies of 个人资料, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet, or similar;
23.3   所有以电子方式存储的个人数据都应每周备份,并在异地存储备份。所有备份都应加密。在以下情况下,未经主管Ajaye Gopal的正式书面许可,不得将任何个人数据存储在任何移动设备(包括但不限于笔记本电脑,平板电脑和智能手机)上,无论该设备是否属于公司:严格按照批准时所描述的所有说明和限制进行此类批准,且期限不得超过绝对必要;和
23.4    No 个人资料 should be 转让red to any device personally belonging to an employee 和 个人资料 may only be 转让red to devices belonging to agents, contractors, or other parties working on behalf of 公司 where the party in question has agreed to comply fully with the letter 和 spirit of this Policy 和 of the GDPR (which may include demonstrating to 公司 that all suitable technical 和 organisational measures have been taken).

24   数据安全-处置
When any 个人资料 is to be erased or otherwise disposed of for any reason (including where copies have been made 和 are no longer needed), it should be securely deleted 和 disposed of. For further information on the deletion 和 disposal of 个人资料, please refer to 公司’数据保留政策。

25岁   数据安全-个人数据的使用
The Company shall ensure that the following measures are taken with respect to the use of 个人资料:
25.1   不得非正式地共享个人数据,并且如果代表公司工作的员工,代理商,分包商或其他方要求访问他们尚无法访问的任何个人数据,则应正式向Ajaye要求进行此类访问Gopal,ajayegopal @ edenharper.com或020 3514 4056未经董事Ajaye Gopal的授权,不得将个人数据传输给任何员工,代理商,承包商或其他方,无论这些方是否代表公司工作。个人数据必须始终谨慎处理,任何时候都不应无人看管或留给未经授权的员工,代理商,分包商或其他方查看;
25.2    If 个人资料 is being viewed on a computer screen 和 the computer in question is to be left unattended for any period of time, the user must lock the computer 和 screen before leaving it; 和
25.3    Where 个人资料 held by 公司 is used for marketing purposes, it shall be the responsibility of a company director to ensure that the appropriate consent is obtained 和 that no 数据主体s have opted out, whether directly or via a third-party service such as the TPS.

26   数据安全-IT安全
公司应确保在IT和信息安全方面采取以下措施:
26.1    All passwords used to protect 个人资料 should be changed regularly 和 should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase 和 lowercase letters, numbers, 和 symbols. All software used by 公司 is designed to require such passwords.;
26.2    Under no circumstances should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of 公司, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method. IT staff do not have access to passwords;
26.3   所有软件(包括但不限于应用程序和操作系统)均应保持最新。公司’IT人员应负责在合理可行的范围内尽快安装所有与安全相关的更新
26.4   未经主管Ajaye Gopal事先批准,不得在任何公司拥有的计算机或设备上安装软件。

27。   组织措施
The Company shall ensure that the following measures are taken with respect to the collection, holding, 和 processing of 个人资料:
27.1    All employees, agents, contractors, or other parties working on behalf of 公司 shall be made fully aware of both their individual responsibilities 和 公司’根据GDPR和本政策承担的责任,并应随附本政策的副本;
27.2    Only employees, agents, sub-contractors, or other parties working on behalf of 公司 that need access to, 和 use of, 个人资料 in order to carry out their assigned duties correctly shall have access to 个人资料 held by 公司;
27.3    All employees, agents, contractors, or other parties working on behalf of 公司 handling 个人资料 will be appropriately trained to do so;
27.4    All employees, agents, contractors, or other parties working on behalf of 公司 handling 个人资料 will be appropriately supervised;
27.5    All employees, agents, contractors, or other parties working on behalf of 公司 handling 个人资料 shall be required 和 encouraged to exercise care, caution, 和 discretion when discussing work-related matters that relate to 个人资料, whether in the workplace or otherwise;
27.6    Methods of collecting, holding, 和 processing 个人资料 shall be regularly evaluated 和 reviewed;
27.7    All 个人资料 held by 公司 shall be reviewed periodically, as set out in 公司’数据保留政策;
27.8    The performance of those employees, agents, contractors, or other parties working on behalf of 公司 handling 个人资料 shall be regularly evaluated 和 reviewed;
27.9    All employees, agents, contractors, or other parties working on behalf of 公司 handling 个人资料 will be bound to do so in accordance with the principles of the GDPR 和 this Policy by contract;
27.10    All agents, contractors, or other parties working on behalf of 公司 handling 个人资料 must ensure that any 和 all of their employees who are involved in the processing of 个人资料 are held to the same conditions as those relevant employees of 公司 arising out of this Policy 和 the GDPR; 和
27.11    Where any agent, contractor or other party working on behalf of 公司 handling 个人资料 fails in their obligations under this Policy that party shall indemnify 和 hold harmless 公司 against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.

28。    Transferring Personal Data to a Country Outside the 欧洲经济区
28.1   本公司可能会不时转让(‘transfer’ includes making available remotely) 个人资料 to countries outside of the 欧洲经济区.
28.2    The 转让 of 个人资料 to a country outside of the 欧洲经济区 shall take place only if one or more of the following applies:
28.2.1    The 转让 is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for 个人资料;
28.2.2   转移到一个国家(或国际组织),以公共当局或机构之间具有法律约束力的协议的形式提供适当的保障;具有约束力的公司规则;欧盟委员会通过的标准数据保护条款;遵守监管机构(例如信息专员)批准的批准的行为准则’的办公室);根据批准的认证机制进行的认证(根据GDPR的规定);主管当局同意并授权的合同条款;或在主管当局授权的公共当局或机构之间插入行政安排的规定;
28.2.3    The 转让 is made with the informed consent of the relevant 数据主体(s);
28.2.4    The 转让 is necessary for the performance of a contract between the 数据主体 和 公司 (or for pre-contractual steps taken at the request of the 数据主体);
28.2.5    The 转让 is necessary for important public interest reasons;
28.2.6    The 转让 is necessary for the conduct of legal claims;
28.2.7    The 转让 is necessary to protect the vital interests of the 数据主体 or other individuals where the 数据主体 is physically or legally unable to give their consent; or
28.2.8   转移是根据注册簿进行的,根据英国或欧盟法律,该注册簿旨在向公众提供信息,并且向公众开放,一般而言,或者向能够对注册簿表现出合法利益的人开放。

29。   数据泄露通知
29.1    All 个人资料 breaches must be reported immediately to 公司’数据保护官。
29.2    If a 个人资料 breach occurs 和 that breach is likely to result in a risk to the rights 和 freedoms of 数据主体s (e.g. financial loss, breach of 机密ity, discrimination, reputational damage, or other significant social or economic damage), the Data Protection Officer must ensure that the Information Commissioner’s办事处会在知道后立即在72小时内立即将违规情况告知我们。
29.3    In the event that a 个人资料 breach is likely to result in a high risk (that is, a higher risk than that described under Part 29。2) to the rights 和 freedoms of 数据主体s, the Data Protection Officer must ensure that all affected 数据主体s are informed of the breach directly 和 without undue delay.
29.4   数据泄露通知应包括以下信息:
29.4.1    The categories 和 approximate number of 数据主体s concerned;
29.4.2    The categories 和 approximate number of 个人资料 records concerned;
29.4.3    The name 和 contact details of 公司’数据保护官(或其他可以获得更多信息的联络点);
29.4.4   违反的可能后果;
29.4.5    Details of the measures taken, or proposed to be taken, by 公司 to address the breach including, where appropriate, measures to mitigate its possible adverse effects.

30岁   政策执行
本政策自2018年5月25日起生效。本政策的任何部分均不具有追溯效力,因此仅适用于该日期或之后发生的事项。

本政策已获得以下机构的批准和授权:
Name:    Ajaye Gopal
Position:    Director
Date:    18th May 2018
Due for Review by:    17th May 2019

伦敦地区进入第4层之后,我们的前台人员和物业管理部门现在将在家工作。面对面的约会将受到严格限制,最初应通过电子邮件联系。请进入相关办公室/部门的联系页面。

所有参加预定约会的人员都必须戴口罩并遵守社会疏离措施。我们要求这样做有助于保护自己和我们的员工。


如果发生物业管理紧急情况,请致电我们的巴特西办事处020 7720 1116,我们的一名物业经理将为您提供帮助,或者通过电话应答消息为您提供紧急承包商的详细信息。

Covid 19信息 隐藏