top of page

YOUR DATA IS IMPORTANT TO US

At NJS Estates, we value your data and understand its importance. This policy explains how we manage and process your information in compliance with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR). We are dedicated to transparency, ensuring you are aware of how your data is used.

Our Commitment

NJS Estates is committed to protecting the personal data of students, professionals, landlords, employees, suppliers, and any individuals whose information we may hold. Our team adheres to the GDPR and the Privacy of Electronic Communications Regulations, ensuring responsible handling of all data.

All employees, volunteers, and contractors involved in data management are responsible for its appropriate use, as outlined in this policy. Any deliberate breach may lead to criminal prosecution and personal liability.

Compliance

The GDPR grants individuals specific rights regarding their personal data. NJS Estates employees engaged in data processing activities must document how these rights are upheld. Our data protection and information security handbook details these rights and our standardized processes for compliance.

NJS Estates processes data lawfully. When a lawful basis is identified, we record the justification in our privacy notice. Procedures for documenting lawful processing are outlined in the data protection handbook.

Data Retention

NJS Estates will retain personal data only for as long as is necessary for the purposes for which it was collected, in accordance with legal, regulatory, and operational requirements. Specific retention periods are as follows:

  • Tenants: Data will be retained for 6 years after the tenancy ends to cover potential legal disputes.

  • Landlords and Contractors: Data will be kept for 6 years following the end of the business relationship, in line with tax and regulatory requirements.

  • Guarantors: Information will be retained for 6 years after the tenancy ends for financial or legal claims.

  • Employee Data: Retained for 6 years after employment ends for tax or legal obligations.

  • Marketing Data: Held until consent is withdrawn, after which data will be deleted immediately.

Data no longer needed will be securely deleted or anonymized.

Data Breaches

NJS Estates has established processes to detect data breaches through audits and other measures. Employees must report any data breaches to the Data Protection Officer within 24 hours. If there's a risk to individuals' rights and freedoms, the Information Commissioner’s Office (ICO) will be notified within 72 hours. In cases of high risk, affected individuals will also be informed directly.

Data Protection by Design

Employees must adopt a privacy-by-design approach to data collection and processing. During data collection assessments, consideration must be given to privacy impacts, using the Data Collection Assessment Template and, where necessary, a Privacy Impact Assessment and Legitimate Interest Assessment.

Information Security

Data Storage

  • Electronically stored personal data must be encrypted or password-protected to prevent unauthorized access.

  • Physical data, such as paper forms, must be kept in a locked unit. Unused e-copies should be deleted, and paper copies must be securely destroyed.

  • Vital records must be protected from loss or destruction in compliance with statutory, regulatory, and policy requirements.

Data Security Procedures

  • Access Control: Access to personal data will be limited to authorized personnel who need it for specific tasks. Regular audits will ensure only necessary access is maintained.

  • Training: Employees will receive regular training on data protection, privacy, and information security best practices.

  • Data Disposal: Digital equipment will be securely wiped, and paper records shredded when no longer needed.

Third Party Contracts

NJS Estates may transfer data to third parties in accordance with our data protection and information security handbook. Contracts must ensure compliance with relevant legislation, overseen by the Data Protection Officer.

IT Systems

Employees must use strong passwords and should not share account credentials without authorization. Digital equipment containing personal information must be secured against theft and loss. When no longer required, equipment and media must be disposed of securely, as outlined in our data protection handbook.

What Data Do We Process?

NJS Estates processes data from four groups: students, professionals, landlords, guarantors, and suppliers/contractors. We commit to respecting your personal data and ensuring its safety. Understanding our members through their data helps us make informed decisions and improve our services.

Data Collection

We collect data through various means:

  • Student and Professional Data: Application forms, tenant web inquiries, third-party organizations, social media, and publicly available information.

  • When Renting a Property: At registration, we collect essential information (e.g., name, address, email) to process your tenancy.

Personal Data Collected

We may collect:

  • Date of Birth: For legal compliance.

  • Gender or Preferred Name

  • Bank Details: For payments.

  • Contact Details: Email, phone, postal address.

  • Student Registration Number: For council tax exemption.

  • Employment and Landlord References

  • Guarantor Details

  • Identification

  • Next of Kin Details

Data Usage

We use your data for:

  • Legal Documents: Tenancy agreements, right-to-rent checks.

  • Maintaining Records

  • Rental Payment Management

  • Contacting for Repairs and Inspections

  • Security Deposit Registration

  • Service Improvement

  • Ensuring Right to Rent in the UK

Data Safety and Access

Personal data may be shared with:

  • Employees and Contractors

  • Utility Companies

  • Local Authorities

  • Guarantors Access is controlled to ensure it is only available to trained staff and contractors. We do not sell or share your data with other organizations. Access may be granted to police or regulatory bodies when required by law.

Your Rights

You have the right to:

  • Stop Processing: Request us to stop processing your personal data when it’s not necessary.

  • Access Information: Request a copy of the information we hold about you.

  • Correct Discrepancies: Correct any discrepancies in your information.

  • Withdraw Consent: At any time (if applicable).

For any concerns, contact us at nick@njsestates.co.uk.

Changes to This Statement

We may update this Privacy Statement periodically. Significant changes will be communicated on our website or directly. For questions or comments, contact our Data Protection Officer at nick@njsestates.co.uk.

Legal Basis for Processing Data

  • Contract: You may have a contract with us, enabling us to fulfill our obligations.

  • Consent: We may seek your consent for processing data, particularly for marketing purposes. You can withdraw this consent at any time.

  • Legal Obligation: We are obligated by laws (e.g., Contracts Act, employment law) to process certain data.

Marketing Preferences

NJS Estates carefully curates marketing communications relevant to you. We ensure essential information is sent based on legitimate interest. We provide opt-out options in our communications and never sell your data.

Cookie Policy

If our website uses cookies or similar technologies, we will provide a separate cookie policy detailing how we use them and how you can manage your preferences.

More Information

To understand your data rights better, visit the ICO Website for more information.

bottom of page