Version 2.0 - May 2018
Lets Delight Ltd is registered in accordance with
To protect the privacy of individuals whose personal and confidential data is held by Lets Delight Ltd, whilst ensuring that Lets Delight Ltd has the necessary data to maintain contact with those that they work within the investing community, its employees and its potential and existing tenants.
All Directors and employers of Lets Delight Ltd are aware of this policy and adhere to all data protection procedures relevant to obtaining, using, storing, disclosing and disposal in accordance with the Regulations and reporting and recording any losses of information or breaches of security.
What this Policy Covers
Lets Delight is committed to doing the right thing when it comes to how we collect, use and protect your personal data.
Personal Data held and usage
Lets Delight Ltd collects some personal data which allows potential tenants to register, in the form of a name and email address. This is then stored on our CRM system. This is for us to maintain contact and to let them know when our services are available to them. For existing and past tenants we do get sent tenancy agreements; this has their names and addresses. We attach these electrically to our CRM system; they are held for future referencing requests from next landlord, employers or legal organisations.
We don’t hold full information on our tenants as we employ a letting agency that would deal with any additional data compulsory to their business such as referencing and right to rent.
Lets Delight Ltd also keeps contact details of associates in the property industry and other business owners that we connect with at networking events. This information is obtained either by self subscription on the website or by them handing us business cards or other contact information which are then given to our Personal Assistant to put in our CRM system.
We make first contact with a ‘Nice to meet you' email. On this email is a link for consent to contact them and for them to see what information is held by Lets Delight Ltd about them. This gives them the opportunity to ratify their personal data or unsubscribe from any further contact. To maintain a good working relationship, on occasion we may send them a newsletter about the journey of the company and its directors, which they are welcome to unsubscribe from at any time they wish.
We will never sell details on or make it available to third party suppliers.
Information security, storage & disposal
All personal information is stored securely in one place; on our CRM system. The security of which is commensurate with the nature of the data that is held. Our CRM system is secured by double password protection, backed by random token authentication and is held in the United Kingdom, which means our hosting provider has to adhere to the same data protection laws as Lets Delight Ltd.
We access the personal data with the following hardware:
Emails are password protected and only the individual user has access to their own email account.
We are mainly paperless but any paperwork with personal data on; such as tenancy agreements and business cards, are stored in a locked filing cabinet in the locked Lets Delight Ltd office. They are then scanned and electronically attached to our CRM system. Once this information is checked to be successfully attached, we dispose of it by shredding on the premises. The shreddings are placed in compost bins where they are patrolled by Felix the security cockerel.
We only authorise access to employees who need it to carry out their job responsibilities.
Transparency and choice
People have different privacy concerns. Our goal is to be clear about what information we collect, so that they can make meaningful choices about how it is used. We aim to provide them with the access to their own personal information that we hold. This gives them the opportunity to rectify any data that is incorrect and they can choose what they would like us to hold on them. We strive to give them ways to update it quickly or to put in a delete request – unless we have to keep that information for legitimate business or legal purposes.
Breach Management Strategy
If we are unfortunate to experience a breach of personal information, a full investigation will start as soon as it is discovered and put measures in place to sever that source immediately. We will establish what information was breached, so we can inform the people and organisations involved, so they can take steps to protect themselves. If identified as a serious breach, we will notify the Information Commissioner’s Office, include a description of how and when the breach occurred and what data was involved. Finally we will review why this happened and put in place steps of improvement to make sure this is not repeated.
This Data Protection Policy replaces all previous versions.