GDPR Privacy Notice
Who are we?
We are Comer Group Ireland Limited of Leixlip Centre, Leixlip, Co. Kildare.
What do we do?
We are the managing and letting agent for your development. We have been appointed to manage your tenancy and as agent by the Owners Management Company to act on their behalf and provide services to the development.
What is our role under the General Data Protection Regulation (GDPR)?
We consider ourselves to be the Data Processor acting on behalf of the landlord and owner’s management company who are the Data Controller. Both the Data Controller and the Data Processor are subject to the Office of the Data Protection Commissioner, the Supervisory Authority.
Where did we get your data?
Originally your data was received through the Data Controller. Subsequently any data received by us was through the Data Controller or directly from you or another Data Processor for the purposes described below.What is the purpose of processing your data?Your property is subject to a lease to which you, the Data Subject, the landlord and the management company, who is the Data Controller are bound. We have been appointed by the landlord and management company to administer the covenants of that lease. This involves maintaining accounts, company and common area matters.
What is the lawful basis for this processing?
1. Processing is necessary for the performance of a contract to which the data subject is party [Article 6 GDPR (1) b].
2. Processing is necessary for compliance with a legal obligation to which the Data Controller is subject [Article 6 GDPR (1) c]. In respect of residential tenancies, the processing of data is required under the Residential Tenancies Act. Similarly, the management company is required by the Companies Act 2014 to maintain adequate accounting records. Further to this, under the Multi-Unit Developments Act 2011(Mud Act) a unit owner is under an obligation to furnish the management company with the below information. Failure to do so would constitute a breach of the MUD Act which could result in civil action.
• The unit owner(s) name.
• The unit owner(s) resident address.
• The names of the tenant(s) living in the unit.
• The details of any habitual occupiers of the unit other than tenants
. Any other contact details that the management company may reasonably request.
It can be suggested that contact details (phone numbers, email addresses) for the owner(s), tenant(s) and emergency contact(s) could be considered a reasonable request.What type of data do we keep?Name, address, email, phone, interested parties, key holder names, key holder email, key holder phone, tenant names, tenant email, tenant phone, other general contact information, payment comment, general notes, email, transaction details, bank details.
Where is this data stored?
This data is stored in a database called Blockman & Letman which is operated on Amazon Web Services located in Ireland. Data stored and transferred is encrypted. Data is also stored on office in office shared drive on local server. Access is only granted to administrators associated with our office. Communications about you between Comer Group Ireland Limited representatives may also be stored for a reasonable period on Microsoft Outlook Email. Personal access to these emails are only permitted by our individual representatives and their corresponding mailing address.
Who is this data shared with?
This data is shared only with similar Data Processors for the purpose described above. These Data Processors are:
Database Management SystemsAuditorsEmergency Service Operators Company RepresentativesThird Party Contractors instructed by Comer Group Ireland on behalf of the management company.
How long will the data be stored?Your data will be maintained by us for as long as the contract between the Data Controller and us (the Data Processor) exists or for as long as required by Statute.
What if you sell the property?
There is still an obligation on the Data Controller to main adequate accounting records, and a list of past and present members of the management company. However if you sell the property only your name, address and transaction details are necessary to satisfy this requirement. All other contact details are erased.
What are your rights?
You have a right to be informed.You may request a copy of your data stored.You may request correction to any erroneous data.You may request deletion of data, if not in violation of statutory or contractual requirements.You may lodge a complaint to the controller or object to processing.You may lodge a complaint to the Supervisory Authority.You may withdraw consent if processing originally required consent.
What happens in the event of a Data Breach?
In the case of a data breach, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority and Data Subject, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.
Changes to this Notice
This Policy may be subject to change and we will notify you of any changes.
Where can you find more information?
Further information is available here:
• GDPR Act 2016 (pdf):
• GDPR Act Easy Read
• Official GDPR Website
Published on: 13/06/2018 last updated: 13/06/2018