The General Data Protection Regulation (GDPR) came into force in May 2016 (universally adopted 25th May 2018). It builds on existing data protection laws and will strengthen the rights and controls that individuals have over how their personal data is used, processed or disposed of. Goodman Nash Ltd is compliant with the Data Protection Act 2018 and UK GDPR.
For the purpose of these Regulations Goodman Nash Ltd is the Data Controller, 7/8 Prince Maurice Court, Hambleton Avenue, Devizes Wiltshire SN10 2RT, and we can be contacted by e-mail at: firstname.lastname@example.org or by phone 01380 739112. We are registered with the Information Commissioners Office Ref Z9628601.
Goodman Nash Limited may change this policy from time to time by updating this page. You should check this page periodically to ensure that you are happy with any changes.
Obtaining personal data
We may obtain personal data either from information given by you or from information made available by third parties or from other sources in the public domain. We will only use information from third parties where it is permitted in law and where it can be demonstrated that consent has been given to release such information.
You may provide us personal data in conversation, in writing or electronically via e-mail, our website or in social media. Personal information we hold may include by way of example the following matters:
- Contact information including name, job title, email address and contact telephone numbers
- Information about business rates to include rateable values, rate account number, trading names, property addresses, liabilities and payments, account start and end dates, receipt of reliefs and exemptions
- Information about ownership, purchase, lease or licence details, rents paid, review patterns, service charges, VAT and utility payments, including account details and suppliers.
- Banking details to process refunds
- Marketing and communications data
- Information about your use of our website. For more information, see our Cookies Policy
Why and how we use personal data
Goodman Nash Ltd provides property audit services to its customers and information is requested and held so we can efficiently undertake and provide those services in order to recover overpaid amounts or reduce costs moving forward in time. Data collected assists us in bringing opportunities to commercial businesses to recover identified overpayments and/or achieve costs reductions. We undertake to take reasonable steps to protect your personal data, including any financial details we hold, in line with the requirements of data protection legislation.
Legal basis for processing personal information
The legal basis for processing your data means identifying what (or who) gives us the right to process your data. Without at least one of these rights being present, we would have no legal right to do so. We rely on two different legal bases to process your data.
- Your consent – We will ask for your consent to process your data when our legitimate interests are not appropriate. You may withdraw your consent at any point, however we may still be able to process your data lawfully using the additional legal base below.
- Legitimate interests – Processing is necessary for the purpose of our own legitimate interests, except where this is overridden by your own interests, rights or freedoms. There will be times when we will want to process your data for our own interests, rather than yours. There are more details on what this really means below, but we will never use this basis where your own interests, rights or freedoms are more compelling.
We may process your personal information for our legitimate business interests.
“Legitimate interests” mean the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. For example, we have a legitimate interest in processing your data to identify opportunities that are of value and relevant before approaching you.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative) and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Whom we share personal information with
We may share your personal information with:
- Goodman Nash employees who require it to perform their jobs
- Organisations that support the products or services we provide to you
- Anyone you give us permission to share it with
- Official bodies to detect and prevent criminal activity e.g. money laundering, theft, fraud, terrorism, cybercrime
Your personal data is not sold or rented to third parties unless we have your permission or are required by law to do so.
Protecting your data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, and other third parties who have a business need to know. Processors we appoint will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Cookies are text files that are stored on your computer or device when you visit the Goodman Nash website, to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data retention periods
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any current legal, statutory, or regulatory obligations. In doing so, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Banking and payment card details are never stored and are destroyed once payments have been processed.
Access and control of your personal data
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at email@example.com.
You may request details of personal information which we hold about you via a Subject Access Report (SAR). We will respond to these requests within one month of receipt. Our response will include details of the personal data that we hold about you, including the sources we gathered the data from and the purposes the data is processed for. If you would like a copy of the information held on you please email firstname.lastname@example.org, or write to: Data Protection Administrator, Unit 7/8 Prince Maurice Court, Hambleton Ave, Devizes, Wiltshire, SN10 2RT.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
You can ask us to erase your personal data. We will not erase your personal data if it is still required for the purpose for which it was collected or if we are legally obliged to continue processing your personal data. It is important to note if you exercise this right we will keep a copy or a record of your request as it is our legitimate interest to show that you have exercised this right.
The Supervisory Authority in the UK is the Information Commissioner’s Office (ICO) and you can complain to them if you are not happy with any aspects in relation to us processing your personal data. Their website is www.ico.org.uk
We pride ourselves on our transparency. Should you have any issues, please do not hesitate to contact us in order that we may try and resolve any issue you may have.