BMS LTD

Privacy Policy

At Buckingham Holdings Limited, Buckingham Management Services Limited, Coventry Business Estates Limited, and Iliffe Properties Limited, we are committed to protecting and respecting your privacy.

This Policy explains when and why we collect personal information and how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time.  You should review this page occasionally to ensure that you are happy with any changes we have made. 

Any questions regarding this Policy and our privacy practices should be sent by email to GDPR@BMSLTD.NET. Alternatively, you can telephone 0207-839-2347.

Introduction

Buckingham Holdings Limited and subsidiaries (“BHG”, “we”, “us”, or “our”) is strongly committed to protecting personal data.  This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights.  It applies to personal data provided to us, both by you or by others.  We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

16 or Under

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under, please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Personal Data

Personal data is any information relating to an identified or identifiable living person.  BHG processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data.  We collect a variety of personal data in order to provide our services. We hold on our files in paper form some or all of the following: your full name, address, date of birth, age, nationality and gender, a record of our contact history with you and comments, views or references from third parties. We advise you not to provide information which may be deemed sensitive as we will retain any documents that you have provided for at least as long as our relationship with you, unless a longer retention period is required by applicable law or regulation. In addition to information provided by you, we may gather information from LinkedIn, Google, Company websites, press and periodicals and other publicly available sources as well as third parties such as bankers, lawyers, property managers or letting agents.

Our identified lawful basis to collect information about you and/or your Company is to fulfil our legal contractual obligations.

Article 6(1)(b) gives a lawful basis for processing personal/Company information where: 

“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract” 

Use and Processing of Personal Data

By choosing to provide Buckingham Holdings Limited and its subsidiaries with your personal information you indicate your willingness to share and have your information stored by Buckingham Holdings Limited and its subsidiaries.

We hold on our computer system copies of emails and attached documents which have been sent by you to ourselves, or vice versa, again for the purposes of being able to provide you with our services. 

In order to comply with Anti Money Laundering and Combatting the Financing of Terrorism Laws we may share the data collected with the relevant government authorities.

We may process the data collected where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others

What we do with your data

The collected data is retained either in paper files or on computers held at the offices of this firm in rooms that are secure.

The collected Data held on computers are subject to password controls and where those computers are connected to an internet service there are appropriate firewalls and protection against unauthorised access.  In the event that we become aware that those protections have been breached we will inform you as soon as possible.

Non-sensitive details (your email address etc.) are usually transmitted over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. 

With whom do we share your personal data?

We work with a number of external suppliers who support our business. This includes organisations which are critical to us fulfilling our obligations such as credit or identity reference agencies and tenancy deposit protection.

In some cases, they will be acting as a data controller of your information and therefore we advise you to read their Privacy Policy. These third party product providers will share your information with us which we will use in accordance with this Privacy Policy.

Where third parties process your personal data and we are the controller of that data, we shall ensure that there are appropriate contractual provisions in place to govern the extent and nature of the processing and to require the processor to comply with the UK Data Protection Act 2018.

CCTV

We employ CCTV on our premises in order to:

  • prevent, deter and detect crime
  • apprehend and prosecute offenders, and provide evidence to take civil action in the courts
  • help provide a safer environment for our staff
  • protect public safety
  • help to provide improved customer service, for example by enabling staff to see customers requiring assistance
  • monitor operational and safety related incidents
  • assist with the verification of claims

You have the right to make a Subject Access Request for CCTV images of yourself and to ask for a copy of them. We are entitled by law to charge a reasonable administrative fee for this and you will need to complete an application form provided by us in order for us to establish your identity as the person in the pictures and assist us in finding the images in our system.

Such requests should be directed to  GDPR@BMSLTD.NET or alternatively by post to 18 Pall Mall, London, SW1Y 5LU. Your correspondence should be marked ‘Subject Access Request – CCTV’.

We reserve the right to withhold information where permissible by the Data Protection Act and we will only retain CCTV images for a reasonable period or as long as is required by law. In certain circumstances we may need to disclose CCTV images for legal reasons. When this is done there is a requirement for the organisation that has received the images to adhere to the Data Protection Act.

Retention of the data collected

We will retain the collected data for no longer than is permitted by the legislation that may apply to the data in question.

We may retain the collected data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

The personal information you provide to us will be retained only for as long as necessary to ​fulfil the purposes for which the information was collected or as required by law. Appropriate technical measures are used to destroy printed data. All reasonable steps are taken to ensure your data is held securely and you will be contacted by us in the event we identify that there has been any loss or exposure of the data we hold on your behalf.

The duration for which we may retain data will depend upon the data and the purpose for which it is collected. For example, data related to tax matters must be kept for a minimum of six years, whereas identity documents collected for identity verification/anti-money laundering may have to be retained for five years after the end of our commercial relationship

Your rights

You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the receipt of appropriate evidence of your identity 

We may withhold personal information that you request to the extent permitted by law.

Your principal rights under data protection law are:

(a) the right to access;

(b) the right to rectification;

(c) the right to restrict processing;

(d) the right to erasure (subject to any overriding legal obligation requiring us to retain the data);

(e) the right to object to processing;

(f) the right to data portability; and

(g) the right to complain to a supervisory authority;

If you are concerned that we have breached a privacy law or code binding on us, please send an email to GDPR@BMSLTD.NET. We aim to respond in a reasonable time (normally 30 days). Our Nominated Officer will manage your complaint and will give you additional information about how it will be handled. You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO please see their website www.ico.org.uk or call them on 0303 123 1113

Your choices

The accuracy of your information is important to us. We are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address or any of the other information we hold is inaccurate or out of date, please email us at: GDPR@BMSLTD.NET

You have the right to ask for a copy of the information we hold about you (we may charge a reasonable fee for information requests) to cover our costs in providing you with details of the information we hold about you.

Transferring your information outside of Europe

The information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you are agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy and to the same standard as is required of us by the Data Protection Act 2018.

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Amendments

We may change this Policy from time to time.  You should review this policy occasionally to ensure that you are happy with any changes we have made. 

This policy was last updated in March 2022.