PRIVACY POLICY

Welcome to G&L Property Management

Thank you for choosing G&L Property Management. We are committed to protecting the privacy and security of your personal information. This privacy policy outlines our practices regarding the collection, use, and disclosure of your information through our services and website located at www.gandlpropertymanagement.com. By using our services, you agree to the collection and use of information in accordance with this policy.

Introduction

As a property management and lettings agency operating in Scotland, G&L Property Management adheres to the highest standards of privacy and data protection. We understand the importance of your personal information and are committed to protecting it through compliance with applicable laws and regulations, including the General Data Protection Regulation (GDPR) and other relevant privacy laws.

This policy applies to information we collect:

On our website.

In email, text, and other electronic messages between you and our website.

Through mobile and desktop applications you download from our website, which provide dedicated non-browser-based interaction between you and our website.

When you interact with our advertising and applications on third-party websites and services if those applications or advertising include links to this policy.

It does not apply to information collected by:

Us offline or through any other means, including on any other website operated by G&L Property Management or any third party; or

Any third party, including through any application or content (including advertising) that may link to or be accessible from the website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it.

Section 1: Information We Collect

1.1 Types of Information Collected

G&L Property Management collects several types of information from and about users of our services, which includes:

Personal Information: Data by which you may be personally identified, such as name, postal address, email address, telephone number, and any other identifier by which you may be contacted online or offline. This includes information provided at the time of registering to use our website, subscribing to our service, posting material, or requesting further services.

Financial Information: Details of transactions you carry out through our website and the fulfilment of your orders such as bank account details, payment history, and credit details, necessary for processing payments and for fraud prevention.

Technical Information: Information about your internet connection, the equipment you use to access our website, and usage details. This includes IP addresses, operating system, browser type, and information collected through cookies, web beacons, and other tracking technologies.

1.2 How We Collect Information

Direct Interactions: You may give us your personal and financial information by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes information you provide when you:

Subscribe to our service.

Request services.

Enter a competition, promotion, or survey.

Give us feedback or contact us.

Automated Technologies or Interaction I : As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns. We collect this data by using cookies, server logs, and other similar technologies.

Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources such as analytics providers like Google based outside the EU, advertising networks, and search information providers.

1.3 Cookies and Other Tracking Technologies

Our use of cookies and other tracking technologies helps us to improve our website and deliver a better and more personalized service by enabling us to:

Estimate our audience size and usage patterns.

Store information about your preferences, allowing us to customize our website according to your individual interests.

Speed up your searches.

Recognize you when you return to our website.

For more detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy included in the Terms and Conditions.

Section 2: Use of Your Information

2.1 Purposes for Which We Use Your Information

At G&L Property Management, we use information held about you in the following ways:

To Provide and Manage Services: We use your information to carry out our obligations arising from any contracts entered into between you and us, including managing your account, providing property management services, processing payments, and communicating with you about these services.

To Personalize User Experience: We use information to understand how our users as a group use the services and resources provided on our website. This helps us to improve our service offerings and customize our website according to individual interests.

To Improve Our Website: We strive to improve our website offerings based on the information and feedback we receive from you. This includes troubleshooting, data analysis, testing, research, and for statistical and survey purposes.

To Provide Customer Support: Information you provide helps us respond to your customer service requests and support needs more efficiently.

To Communicate with You: We use your information to communicate with you about changes to our services, new services, and special offers we think you will find valuable, provided you have not opted out of receiving such communications.

For Marketing Purposes: Where you have consented, we may use your data to send you information about third-party goods and services that may be of interest to you.

To Ensure Website Security: We use your information to enhance the security of our website, prevent fraud, and monitor against theft.

Compliance and Legal Obligations: We use your information to comply with legal and regulatory obligations, including data protection and tax laws.

2.2 Legal Basis for Processing Your Information

The processing of your information is based on several legal grounds, including:

Consent: Where you have given consent to the processing of your personal data for one or more specific purposes.

Contract Performance: Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.

Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

2.3 Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Section 3: Disclosure of Your Information

3.1 Sharing Your Information

At G&L Property Management, we may share your personal information with selected third parties in accordance with this policy:

Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include processing payments (e.g., banks, online payment gateways), providing maintenance services (e.g., contractors), performing property management tasks, and assisting with marketing efforts. These third parties have access to personal information needed to perform their functions but are not permitted to use it for other purposes.

Business Transfers: As we continue to develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, or similar event, personal information may be part of the transferred assets.

Legal Requirements: We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

To Protect Rights and Property: We may disclose information about you if we believe that disclosure is necessary for the protection of our rights, property, or the safety of our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

3.2 International Transfers of Your Information

Due to the global nature of our operations, the information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfillment of your order, the processing of your payment details, and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

3.3 Security Measures

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed. We implement a variety of security measures, including encryption and authentication tools, to maintain the safety of your personal data.

3.4 Your Consent

By using our services, you agree to the transfer, storing, and processing of your information as outlined in this section. We will ensure that your privacy rights are protected by transferring personal information in compliance with applicable laws and regulations.

Section 4: Your Rights Over Your Information

4.1 Overview of Your Rights

As a data subject under data protection laws, particularly under the General Data Protection Regulation (GDPR), you have several rights concerning the personal information we hold about you. These rights include:

Right to Access: You have the right to request access to the personal information we hold about you and to obtain information about how we process it.

Right to Rectification: You have the right to request that we correct any inaccuracies in the personal information we hold about you.

Right to Erasure ("Right to be Forgotten"): You may ask us to delete or remove personal information when there is no good reason for us to continue processing it.

Right to Restriction of Processing: You have the right to request that we suspend the processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it.

Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

Right to Object: You have the right to object to the processing of your personal information based on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that it is necessary for the performance of a task carried out in the public interest or in the exercise of any official authority vested in us, or the purposes of the legitimate interests pursued by us or by a third party. If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Right to Withdraw Consent: Where the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time.

4.2 Exercising Your Rights

To exercise any of these rights, please contact us using the contact information provided at the end of this policy. We may request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

4.3 Response Timing and Format

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

4.4 Complaints

If you believe that our collection or use of your personal information is unfair, misleading, or inappropriate, you can make a complaint to a data protection authority. You also have the right to complain to the data protection regulator in your jurisdiction.

Section 5: Data Retention and Management

5.1 Data Retention Policy

At G&L Property Management, we only retain personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

5.2 Criteria for Determining Retention Periods

Contractual Necessities: The duration of your contract with us and a period thereafter to manage post-contractual matters such as final billing or handling any contractual claims or inquiries.

Legal Obligations: Any periods prescribed by law during which we must retain your personal information (e.g., retention of financial records for tax purposes).

Consent-Based Retention: If we process personal information based on your consent, such as marketing preferences, we will retain the information until you withdraw your consent.

5.3 Management of Information

Secure Storage: Your personal information is securely stored to prevent loss, misuse, unauthorized access, disclosure, alteration, or destruction.

Regular Audits: We conduct regular reviews and audits of our data storage and processing practices to ensure compliance with our policies and legal obligations.

Data Minimization: We ensure that we collect and process only the necessary amount of personal information required for the purposes set out in this policy.

5.4 Disposal of Information

When your personal information is no longer needed, we securely delete or anonymize it. Disposal methods are chosen based on the sensitivity of the information and may include physical destruction, degaussing, or secure digital deletion.

5.5 Special Considerations

For sensitive information, such as financial data or personally identifiable information, enhanced security measures are applied, and retention times are strictly limited to the period legally required or until the purpose for which the information was collected is achieved.

Section 6: Security Measures

6.1 Overview of Security Practices

At G&L Property Management, we take the security of your personal information very seriously. We implement a variety of administrative, technical, and physical security measures designed to protect your data from unauthorized access, use, alteration, and destruction.

6.2 Technical Security Measures

Encryption: We use industry-standard encryption technologies when transferring and receiving consumer data exchanged with our site to protect the confidentiality and integrity of personal information in our possession.

Firewalls and Network Security: Robust firewalls and other network security measures are in place to shield our internal networks and data repositories from unauthorized access and malicious attacks.

Access Controls: Access to personal information is strictly limited to personnel who need access to perform their job functions. We enforce strict password policies, regular access reviews, and user authentication mechanisms.

6.3 Physical Security Measures

Secure Facilities: Our physical facilities are secured with controlled access to ensure that only authorized personnel can enter areas where personal information is stored.

Data Center Security: We use secure data centers to host our services and data, which include environmental controls, backup power systems, and physical security measures.

Document Shredding: Sensitive documents are disposed of securely through shredding to prevent any possibility of unauthorized data reconstruction.

6.4 Organizational Measures

Training and Awareness: We conduct regular security training for our staff to ensure they are aware of our privacy and security policies and know how to handle personal information securely.

Incident Response Plan: We have established a formal incident response plan to handle any suspected data security breaches. This allows us to act quickly to minimize the impact and notify affected individuals and regulators where legally required.

6.5 Continuous Improvement

Our security policies and practices are regularly reviewed and updated to adapt to new challenges and changes in the regulatory environment. We engage with security experts and use new tools and techniques to enhance our data protection capabilities.

6.6 Commitment to Data Protection

G&L Property Management is committed to protecting the data of our clients and adheres to applicable data protection laws. Our security measures are aligned with industry best practices and regulatory requirements to ensure the highest level of data protection.

Section 7: Data Breach Notification Procedures

7.1 Overview of Data Breach Response

G&L Property Management has established comprehensive procedures to respond to data breaches effectively. Our goal is to mitigate any potential harm to individuals and to comply with applicable data protection laws.

7.2 Identification and Assessment

Detection and Reporting: We have implemented detection systems to quickly identify potential security breaches. All staff are trained to recognize and report any suspicious activities that may indicate a data breach.

Assessment: Upon identification of a potential breach, a preliminary assessment is conducted to determine the scope and impact of the incident. This assessment helps in defining the scale of the breach and the data subjects potentially affected.

7.3 Containment and Eradication

Immediate Action: Once a breach is confirmed, we take immediate steps to contain it. This may involve disabling affected systems, revoking access, or other measures to prevent further unauthorized data access or loss.

Root Cause Analysis: We investigate to determine the root cause of the breach and take steps to eliminate the underlying vulnerability. This may include software patches, changes in security protocols, or personnel actions.

7.4 Notification

Regulatory Notification: If the breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant data protection authorities within 72 hours of becoming aware of the breach, as required by the GDPR.

Individual Notification: Affected individuals are notified without undue delay, particularly if the breach could result in a high risk to their personal rights and freedoms. Notifications include details of the breach, the possible consequences, and the measures taken or proposed to be taken by us to address the breach.

7.5 Recovery and Review

System Restoration: Systems and services affected by the breach are restored and secured before being brought back online to ensure no latent threats remain.

Post-Incident Review: After managing a data breach, we conduct a thorough review to assess how the breach occurred and how our response was handled. This review helps us improve our security posture and breach response procedures for future incidents.

7.6 Preventative Measures

Post-incident, we implement lessons learned from the breach to improve our security measures. This includes enhancing our monitoring and detection capabilities, revising our incident response plan, and providing additional training to our staff.

Section 8: Contact Information and How to Reach Us

8.1 Contact Us for Data Concerns

If you have any questions, concerns, or complaints about our privacy practices or your personal information, please do not hesitate to contact us. We are committed to resolving any issues concerning your privacy and the handling of your data.

8.2 How to Contact Us

By Email: The fastest and most direct way to reach us is via email at info@gandlpropertymanagement.com.

By Mail: You can also write to us at the following address:

G&L Property Management

21 Newhouse Avenue

Dunbar, EH42 1NE

Scotland

By Phone: For immediate assistance, you may contact us by phone at 07545517533

8.3 Availability

Our team is available during regular business hours, Monday through Friday, to address any inquiries you might have. We strive to respond to all queries within 48 hours.

8.4 Feedback and Suggestions

We welcome your feedback and suggestions about our privacy practices. If you have recommendations on how we can improve, please contact us using any of the methods listed above.

8.5 Further Information

If you require further information about our privacy practices or need additional assistance with any privacy-related issues, please contact us. We are here to ensure that your information is handled respectfully and in compliance with applicable laws.

Closing Section

Thank You for Trusting G&L Property Management

We value the trust you place in us to manage your property needs and to handle your personal information with the highest standards of confidentiality and security. Our commitment to your privacy and data protection is paramount, and we strive to ensure that all data collected is handled responsibly and in compliance with applicable laws.

Updates to Our Privacy Policy

Please note that we may update this Privacy Policy periodically to reflect changes in our practices or in legal and regulatory requirements. We will provide notice of any significant changes on our website and update the "Last Updated" date at the top of this Privacy Policy.

Continued Engagement

We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting the personal information we collect. Your continued use of our services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

Contact Information

For any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

Email: info@gandlpropertymanagement.com

Phone: 07545517533

Mail: G&L Property Management, 21 Newhouse Avenue, Dunbar, EH42 1NE, Scotland

Thank you for choosing G&L Property Management. We look forward to continuing to serve you with integrity and excellence.