GDPR Policy Statement (25th May 2018)

For all enquiries call
0800 690 6647

This GDPR policy statement details the obligations of Summers Property Inventories Limited (registered company number: 08560116) (hereafter referred to as ‘the company’) regarding personal data relating to an identified or identifiable natural person (hereafter referred to as ‘data subjects’) under the EU Regulation 2016/679 General Data Protection Regulation (hereafter referred to as ‘GDPR’) with effect from 25th May 2018.

This policy sets the obligations and standards regarding the collection, processing, transfer, storage and disposal of personal data. The procedures and principles detailed within are to be followed at all times by the company and the third-party companies used to enhance our services.

Summers Property Inventories Limited is registered with the ICO as a Data Processor and Data Controller.

1. Contact Details

  • Summers Property Inventories Limited (registered company number: 08560116)
  • Registered address: 10 Cotswold Gardens, Maidstone, Kent ME15 8TB
  • Telephone: 0800 690 6647
  • Email: hello@summersproperty.com
  • Website: www.summersproperty.com

2. Legitimate Interests

To use the services offered by the company, we must collect, store and use data from data subjects in a way that may be reasonably expected to be able to run the company. Such action does not materially impact on your rights, freedom or interests. Data subjects have the right to ‘opt out’ of the services provided by the company. See section ‘Erasure of Personal Data’.

The company does not share or sell your personal data with any third-party unless explicitly requested by government authorities, law enforcement agencies or for other legal obligations where your express consent is not required.

3. Client Data

The company obtains and stores the following client data within a password protected MySQL database stored on a secure server managed by a third-party company, ‘Kualo Ltd.’, in the United Kingdom. This data includes:

  • Contact name
  • Business type (landlord, tenant, letting agent, estate agent)
  • Business name
  • Business address
  • Telephone
  • Mobile
  • Email address
  • Unique account ID
  • IP address of the requesting computer
  • Last login date and time
  • Client area login email address
  • Client area login password (encrypted with BCrypt hashing)

This information is solely used to identify a data subject by the company and it is not shared with any third-parties. This data is stored for as long as is necessary to continuously provide uninterrupted services required by the data subject. The IP address and last login date/time is identifiable in order to protect against unauthorised or unlawful access.

The company shall not keep this data for a period of time longer than necessary with consideration of the purpose for which the data was originally collected, stored and processed. When the data is no longer required, all reasonable steps will be taken to securely erase the data. This data is audited annually by the company.

4. Declarations

Printed inspection declarations are stored in a folder in a key-locked drawer at the registered company address. Alternatively, a third-party representative for a property may request to store the paper-based declaration securely alongside other documentation for that property if they are the representative of the legal owner of the property. The company obtains the following declaration data within a password protected MySQL database stored on a secure server managed by a third-party company, ‘Kualo Ltd.’, in the United Kingdom. This data includes:

  • Inspection type
  • Date of inspection
  • Property address
  • Property type
  • Number of bedrooms
  • Business name
  • Passcode
  • Tenant(s) names
  • Tenant(s) signatures

This data, in particular tenant(s) names and tenant(s) signatures, are obtained for the following reasons:

  • To provide evidence that the company has inspected a property in order to receive payment by a client for the service(s) received;
  • To prevent any dispute with a third-party regarding the presence of the occupants of a property at the time of an inspection requested by a client;
  • If the occupant is not present, a ‘sorry we missed you’ card is left within the property in an obvious location with the contact details of the company should the data subject wish to view the data collected from the service(s) provided.

The company shall not keep this data for a period of time longer than 5 years with consideration of the purpose for which the data was originally collected, stored and processed. When the data is no longer required, all reasonable steps will be taken to securely destroy the data.

5. Inspection Reports

Inspection reports collect data in order to produce comprehensive digital and PDF based reports detailing the condition of properties, with photographs identifiable only to a property via the unique passcode, inspected on behalf of a client.

PDFs are uploaded to a secure server managed by a third-party company, ‘Kualo Ltd.’, in the United Kingdom in order to be downloaded by the end user with access to the passcode, downloaded by the client in their client area, and as a backup should the database become unavailable. A copy of the PDF is emailed to the client for their records and they are responsible for the storage and disposal of the personal data in line with their company policies and procedures.

This data is obtained for the purpose of identifying any changes or damage that occurs during a tenancy agreement for use by third-parties whom are representatives for a particular property. The company obtains and stores the following inspection data within a password protected MySQL database stored on a secure server managed by a third-party company, ‘Kualo Ltd.’, in the United Kingdom. This data includes:

  • Inspection type
  • Date and time of inspection
  • Property address
  • Property type
  • Number of bedrooms
  • Furnished or unfurnished
  • Occupied or unoccupied
  • Business name
  • Passcode
  • Tenant(s) names
  • Tenant(s) forwarding address
  • Length of tenancy
  • Ingoing inventory report details
  • Room names
  • Items, descriptions and conditions per room
  • Date/passcode/unique image ID data stamp for each photograph for every item

The company shall not keep this data for a period of time longer than necessary with consideration of the purpose for which the data was originally collected, stored and processed. When the data is no longer required, all reasonable steps will be taken to securely erase the data. This data is audited annually by the company.

6. Passcodes

Each inspection report is given a unique six-digit passcode consisting of randomised and computer-generated numbers and letters. The reports and photographs are available to view online through a secure HTTPS connection on the ispipasscode.com domain to access the website. This information is shared with parties with a legitimate interest in gaining access to the report. No identifiable data or cookies are collected or stored by the data subject for any passcode used to access the ispipasscode.com website.

The company shall not keep this data for a period of time longer than necessary with consideration of the purpose for which the data was originally collected, stored and processed. When the data is no longer required, all reasonable steps will be taken to securely erase the data.

7. Gmail by Google Cloud (Emails)

The company uses a third-party company, ‘Gmail by G Suite’ (by ‘Google Cloud’), to send and receive emails using a secure HTTPS connection and a password protected email account. The data the service provider holds on behalf of the company includes:

  • Contact name
  • Business name
  • Email address
  • Emails sent and received

This data is not shared with any third-parties and is solely used internally by the company unless express permission is granted. ‘G Suite by Google Cloud’ is fully GDPR compliant and the GDPR privacy policy can be viewed here: https://cloud.google.com/security/gdpr/

8. Calendar by Google Cloud (Calendar)

The company uses a third-party company, ‘Calendar by G Suite’ (by ‘Google Cloud’), to monitor appointments daily using a secure HTTPS connection and a password protected account. The data the service provider holds on behalf of the company includes:

  • First line of the property address
  • Business name

This data is not shared with any third-parties and is solely used internally by the company. ‘G Suite by Google Cloud’ is fully GDPR compliant and the GDPR privacy policy can be viewed here: https://cloud.google.com/security/gdpr/

9. Debitoor (Invoices)

The company uses a third-party company, ‘Debitoor’, to manage client invoices and to log the date payments were received. For overdue payments, the company uses the service providers internal auto-email feature to send payment overdue reminders to clients only. The data the service provider holds on behalf of the company includes:

  • Business name
  • Business address
  • Email address
  • Telephone
  • VAT number
  • Payment terms
  • Invoices
  • Property addresses

This data is not shared with any third-parties and is solely used internally by the company. ‘Debitoor’ is fully GDPR compliant and the GDPR privacy policy can be viewed here: https://debitoor.com/privacy. Financial data is retained for a period of up to 7 years to meet the company’s legal obligations regarding the retention of financial records.

10. Website Access

A cookie is a text file stored on a device by a server when visiting a website to help personalise an online experience. A cookie is stored on your device when visiting the following domains:

  • summersproperty.com
  • ispiclient.com
  • ispipasscode.com
  • ispimember.com
  • ispireports.com

Cookies remember the login session (where a login feature is available) to ensure the data subject remains logged in for a short period of time to the service required. This cookie times out after a period of inactivity (around 30 minutes) and the data subject is required to log back in to the service securely where the cookie is renewed.

The summersproperty.com website uses a tracking code by ‘Google Analytics’, a service provided by ‘Google’ that collects and logs data from all visitors. These cookies are used to collect information about how visitors use the website. The company uses this information to compile reports to help improve the functionality and accessibility of the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited. ‘Google Analytics’ is fully GDPR compliant and the GDPR privacy policy can be viewed here: https://privacy.google.com/businesses/compliance/.

Disabling cookies will restrict the ability to use some of the services provided by the company. You can modify your browser settings to decline certain types or all cookies if you wish to do so. Helpful guides are available on the internet.

Summersproperty.com, ispiclient.com, ispipasscode.com, ispimember.com and ispireports.com is accessed through a secure SSL certified HTTPS connection using an RSA encryption algorithm signed by ‘Digital Signature Trust Co.’ and is renewed annually to ensure all the data transmitted to the company is secure and encrypted.

11. Data Storage and Security

All data obtained by the company is stored on a secure server managed by a third-party company, ‘Kualo Ltd.’, in the United Kingdom, a password protected computer in Haydon Wick, Swindon within a locked and alarmed property, and a password protected and encrypted external hard drive in Haydon Wick, Swindon within a locked and alarmed property. The property is protected with CCTV to protect against unauthorised or unlawful access and to provide evidence if the hardware is removed from the secure location.

All data, but excluding photographs, is backed up daily by a third-party company, ‘CodeGuard Inc.’, located in Atlanta, Georgia USA and operates outside the European Economic Area (EEA), and therefore abides by the laws governing the collection, processing, transfer, storage and disposal of personal data under the jurisdiction of the United States of America.

12. Marketing

The company does not use any of the personal data held for marketing purposes and the data obtained is not stored for marketing purposes. The company does not share or sell personal data with any third-party for marketing purposes.

13. Accuracy of Data and Keeping Data Up-to-Date

The company shall ensure that all personal data collected, processed and stored is kept up-to-date. This includes, but is not limited to, the rectification of personal data at the request of a data subject. The accuracy of personal data shall be checked when it is collected. If any personal data is found to be inaccurate or out-of-date, all reasonable steps will be taken to amend or erase the data.

Data subjects whom require rectification of personal data must email hello@summersproperty.com with the subject line “Rectification of Personal Data Request”. The company will respond within 30 days of receipt; however, this may be extended by up to 60 days if the request is complex. If additional time to rectify the data is required, the data subject will be informed immediately.

14. Data Subject Access

Data subjects may make subject access requests (‘SARs’) at any time to obtain further information about the personal data which the company holds about them, what the company does with the data and why. Data subjects whom require SARs must email hello@summersproperty.com with the subject line “Subject Access Request”.

SARs are responded to within 30 days of receipt; however, this may be extended by up to 60 days if the request is complex and/or multiple requests are made. If additional time to gather the data is required, the data subject will be informed immediately.

The company does not charge a fee for the handing of SARs. The company does reserve the right to charge a reasonable fee for additional copies of information that has already been supplied to the data subject.

15. Erasure of Personal Data

Data subjects have the right to request that the company erase the personal data it holds about them in the following circumstances:

  • It is not necessary for the company to hold the personal data with respect to the original purposes for which the data was collected and processed;
  • The data subject wishes to withdraw their consent for the company to collect, process and store their personal data;
  • The personal data has been processed unlawfully;
  • The personal data needs to be erased in order for the company to comply with any enforced legal obligations.

Unless the company has reasonable grounds to refuse the erasing of personal data, all request for erasure shall be completed within 72 hours of receipt of the data subjects request.

Personal data erasure requests must be email to hello@summersproperty.com with the subject line “Personal Data Erasure Request”. The company will respond within 72 hours of receipt and the erasure process will commence with no opportunity available to reverse the process or restore the erased data. If additional time to erase the data is required, the data subject will be informed immediately.

16. Restriction of Personal Data Processing

Data subjects may request the company to cease processing the personal data it holds about them. If such a request is received, the company shall retain only the amount of personal data concerning the data subject that is necessary to ensure that the personal data in question is not processed further.

Restriction of personal data processing requests must be emailed to hello@summersproperty.com with the subject line “Stop Personal Data Processing Request”. The company will respond within 72 hours of receipt and the personal data processing will cease to commence for the data subject.

17. Objections to Personal Data Processing

Data subjects have the right to object to the company from processing their data based on legitimate interests. The company shall cease such processing immediately, unless it can be demonstrated that the company’s legitimate grounds for processing override the data subject’s interests, rights and freedoms, or that processing is necessary for the conduct of legal claims.

Objections of personal data processing requests must be emailed to hello@summersproperty.com with the subject line “Objection to Personal Data Processing Request”. The company will respond within 72 hours of receipt and the personal data processing will cease to commence for the data subject.

The company reserves the right to update this GDPR Policy Statement at any time without notification.

A PDF copy of our GDPR Privacy Statement can be downloaded here.