Dalham Management Limited is committed to respecting and protecting your privacy. This policy (together with our terms of use and any other documents referred to in it as may be in place from time to time) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read this privacy policy carefully as it contains important information. It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
This privacy policy applies to Dalham Management Limited, a company registered in England and Wales (“Dalham“). Dalham is the controller and is responsible for your personal data. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us (see ‘How to contact us’ below).
This privacy policy is set out as follows:
The key terms used in this privacy policy are as follows:
| “We”, “us”, “our” | Dalham |
| “Personal data” | Any information about an individual from which that person can be identified |
| “Special category personal data” | Certain sensitive personal data, including:
· data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership; · genetic data; · biometric data (where used for identification purposes); or · data concerning health, sex life or sexual orientation. |
| “Data subject” | The individual who the personal data relates to |
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The types of data we collect can be split into broad categories, including identity data, contact data, financial data, transactional data, technical data, usage data, marketing and communications data and service data. We may collect and use the following personal data about you depending on our relationship with you:
• Identity and contact data: including your name and contact information, including personal email address and telephone number, if provided to us. We may also hold copies of identification documentation for you if provided to us.
• Technical and usage data: including:
• location data, if you choose to give this to us;
• information about how you use our website, IT, communication and other systems;
• retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes; and
• internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
• Marketing and communications data: including your preferences in receiving marketing from us and our third parties and your communication preferences.
• Financial data: including your billing information, transaction and payment card information, bank account, financial accounts and other relevant information.
• Transactional data: including details about payments to and from you and other details of services you have purchased from us.
• Service data: including, but not limited to, details of utility bills and payments and documentation related to such, user account details, log-in details and passwords in relation to utility accounts, details and documentation relating to ownership of property such as title documents, details and documentation of other payments received or made in relation to a property. In each case, these will be as provided to us by you.
We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below. If you do not provide personal data we ask for, it may delay or prevent us from being able to engage with you.
We use different methods to collect data from and about you including through:
• Direct interactions: You may give us Identity, Contact, Financial and Service Data by filling in forms or by corresponding with us by post, phone, WhatsApp (or other messaging platform), text, email or otherwise. This includes personal data you provide when you:
• use our services;
• request marketing to be sent to you; or
• give us feedback or contact us.
• Automated technologies or interactions: As you interact with our website, we will automatically collect Technical and Transactional Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
• Third parties or publicly available sources: We may receive personal data about you from various third parties as set out below:
• Technical Data from analytics providers such as Google based outside the UK;
• Contact, Financial and Transactional Data from providers of technical, payment and delivery services; and
• Identity, Contact or Service Data from publicly available sources such as Companies House or the Land Registry based inside the UK.
Under data protection law, we can only use your personal data if we have a proper reason. These reasons include:
• where you have given consent;
• to comply with our legal and regulatory obligations;
• for the performance of a contract with you or to take steps at your request before entering into a contract; or
• for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We carry out assessments when relying on legitimate interests to balance our interests against your own.
The list below explains what we use your personal data for and why for the various purposes which may apply.
Purpose/Activity
To register you as a new customer
Type of data
(a) Identity
(b) Contact
(c) Service
Lawful basis for processing including basis of legitimate interest
Performance of a contract with you
Purpose/Activity
To process and deliver services to you including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us or to third parties, such as utility companies
(c) Contacting you regarding arranging, managing and updating on the performance of our services
Type of data
(a) Identity
(b) Contact
(c) Financial
(d) Transactional
(e) Marketing and Communications
(f) Service
Lawful basis for processing including basis of legitimate interest
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
Purpose/Activity
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey
Type of data
(a) Identity
(b) Contact
(c) Marketing and Communications
Lawful basis for processing including basis of legitimate interest
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)
Purpose/Activity
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
Type of data
(a) Identity
(b) Contact
(c) Technical
Lawful basis for processing including basis of legitimate interest
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
Purpose/Activity
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
Type of data
(a) Identity
(b) Contact
(c) Usage
(d) Marketing and Communications
(f) Technical
Lawful basis for processing including basis of legitimate interest
Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)
Purpose/Activity
To make suggestions and recommendations to you about goods or services that may be of interest to you
Type of data
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Marketing and Communications
Lawful basis for processing including basis of legitimate interest
Necessary for our legitimate interests (to develop our services and grow our business)
Purpose/Activity
Preventing and detecting fraud against you or us
Type of data
(a) Technical
Lawful basis for processing including basis of legitimate interest
For our legitimate interest, i.e. to minimise fraud that could be damaging for you and/or us
Purpose/Activity
To enforce legal rights or defend or undertake legal proceedings
Type of data
(a) Identity
(b) Contact
(c) Technical
Lawful basis for processing including basis of legitimate interest
Depending on the circumstances:
(a) to comply with our legal and regulatory obligations
(b) in other cases, for our legitimate interests, i.e. to protect our business, interests and rights
Purpose/Activity
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies
Type of data
(a) Identity
(b) Technical
Lawful basis for processing including basis of legitimate interest
To comply with our legal and regulatory obligations
Purpose/Activity
Conducting checks to identify our customers and verify their identity
Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety law or rules issued by regulators
Type of data
(a) Identity
(b) Contact
Lawful basis for processing including basis of legitimate interest
Depending on the circumstances:
(a) to comply with our legal and regulatory obligations
(b) for our legitimate interests
Purpose/Activity
Updating and enhancing customer records
Type of data
(a) Identity
(b) Contact
Lawful basis for processing including basis of legitimate interest
Depending on the circumstances:
(a) to perform our contract with you or to take steps at your request before entering into a contract
(b) to comply with our legal and regulatory obligations
(c) for our legitimate interests, e.g. making sure that we can keep in touch with our customers about existing orders and new services
We do not generally collect any special category personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) unless these are disclosed to us by you as being relevant to a particular matter. Nor do we collect any information about criminal convictions and offences unless these are disclosed to us by you.
In the limited circumstances where we process special category personal data, we will also ensure we are permitted to do so under data protection laws, e.g:
• we have your explicit consent (and where you have voluntarily provided such information to us);
• the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
• the processing is necessary to establish, exercise or defend legal claims.
See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.
We may use your personal data to send you updates (including by email, telephone or post) about our services.
We have a legitimate interest in using your personal data for marketing purposes and to contact you to ask you to offer services via our platform (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you these kinds of communications. If we change our approach in the future so that consent is needed, we will ask for this separately and clearly.
You do, however, have the right to ‘opt in’ and ‘opt out’ of receiving marketing and other communications at any time by:
• contacting us (see ‘How to contact us’ below); or
• using the ‘unsubscribe’ link in emails.
We may ask you to confirm or update your contact preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never share it with other organisations for marketing purposes unless we have your consent to do so.
We routinely share personal data with:
• third parties we use to help deliver our services to you, including banks, utility companies, solicitors and other professional advisors, property management companies, contractors and debt collection agencies; and
• other third parties we use to help us run our business, e.g. marketing agencies, consultants or website hosts.
Specific third parties to which we transfer data include:
• Microsoft Azure – you can read more about their privacy management here; and
• Re-Leased – you can read more about their privacy management here.
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We or the third parties mentioned above occasionally may also share personal data with:
• our external accountants and auditors, e.g. in relation to the preparation and audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations
• our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations
• law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations
• other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. Usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
Personal data may be held on our servers in the United Kingdom and those of our service providers, representatives and agents as described above (see above: ‘Who we share your personal data with’).
Some of these third parties may be based outside the UK/EEA and/or have servers outside the UK/EEA. For more information, including on how we safeguard your personal data when this happens, see below: ‘Transferring your personal data out of the UK and EEA’.
We will not keep your personal data for longer than we need it for the purpose for which it is used.
Different retention periods apply for different types of personal data. Further details on this are available on request.
In general and in line with usual limitation periods, if we are no longer providing or procuring goods or services to or from you, or our relationship has otherwise ended, we will usually delete or anonymise your account data after seven years.
It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.
Whilst we do not personally store or use data outside of the UK, when we transfer data to or store data with third parties they may be based outside the UK/EEA and/or have servers outside the UK/EEA.
Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:
• there is an adequacy decision;
• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
• a specific exception applies under relevant data protection law.
Where we or our processors transfer your personal data outside the UK or EEA, we ensure that this is done in line with applicable data protection laws.
Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to this privacy policy’ below.
You may have the following rights in respect of your personal data:
• Access (also known as a subject access request): the right to be provided with a copy of your personal data;
• Rectification: the right to require us to correct any mistakes in the personal data that we hold on you;
• Erasure (also known as the right to be forgotten): the right to require us to delete your personal data in certain situations where there is no good reason for us continuing to process it. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
• Restriction of processing: the right to require us to suspend processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data or if the use of the data is unlawful but you do not want us to erase it;
• Data portability: the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party. This will only apply to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
• To object: the right to object, at any time to your personal data being processed. This can apply either for direct marketing (including profiling) or in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims;
• Not to be subject to automated individual decision making: the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you; and
• To withdraw consent: the right to withdraw consent to use your personal data if you have provided us with such consent, easily and at any time. You may withdraw consent by contacting us (see ‘How to contact us’ below). Withdrawing consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.
If you would like to exercise any of those rights, please email us — see below: ‘How to contact us’; and:
• provide enough information to identify yourself (e.g. your full name and address) and any additional identity information we may reasonably request from you; and
• let us know what right you want to exercise and the information to which your request relates.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We have appropriate security measures to prevent personal data from being lost accidentally or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’)We hope we will be able to resolve any issues you may have.
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO“), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Please contact us if you would like further information.
We keep our privacy policy under regular review. This privacy policy was published on 15th February 2024 and last updated on 7th February 2024.
We reserve the right to change this privacy policy as our discretion from time to time — when we do we will inform you via our website or other means of contact such as email.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways:
Email address: [email protected]
Postal address: Dalham Management Limited, 22 Chancery Lane, London, United Kingdom, WC2A 1LS
This policy is prepared in accordance with the laws of England and Wales and shall be governed and construed accordingly.
