The GDPR is designed to bring new levels of protection for personal data. The new European directive GDPR comes into effect on 25th May 2018 and After Build is GDPR compliant.
Personal data means any information that relates to a natural person through which they may be identified e.g. an email address such as: email@example.com
After Build provide an aftercare service to new home developers, contractors and housing associations. The delivery of such service involves communication with homeowners, occupants and tenants (the ‘data subject’). This means that we will seek, store and process the following:
Usually this information is largely provided by the developer or housing association.
The use of the personal data enables After Build to communicate with the data subject when dealing with reported building defects. This is the purpose of the service provided. After Build’s outbound communication may take the form of an Email, a telephone call, an SMS message or a letter.
The developer (who most likely provided it in the first instance) and the contractor. After Build will liaise with the relevant trade contractor to organise an appointment when work needs to be conducted. Personal data is captured in a formal Job Instruction which is raised by After Build and issued to the contractor. Usually this is limited to the data subject’s name, postal address and nature of the reported building defect; however there may be occasions when the data subject may request that we also provide a telephone contact.
The quickest way for the data subject to report a defect is via the After Build Occupant Portal (the web address is: www.defects.uk.com). This is a secure platform that can be accessed using any web enabled smart phone, tablet or PC. The data subject needs to register the first time they visit the Occupant Portal; this provides the opportunity to set their own password and at this stage will be asked to give their consent for After Build to use their personal data (tick box). Any data subject receiving After Build’s service prior to 25th May 2018 will be contacted by After Build to seek their consent; this will take the form of a tick-box return form.
All personal data is stored electronically, not in hard copy.
After Build will archive the information on the Microsoft Cloud server.
Yes certainly – either at the outset or later on. After Build should point out however that it would be impossible to provide the service without their consent.
The data subject reserves the right to lodge a complaint with a supervisory authority.
Yes they can. After Build will provide a copy of all personal data held on the system, within 72 hours and at no expense, subject to identity verification. Further copies may incur a small administrative expense.
After Build will take the same procedural precautions when storing and processing this personal data however it is presumed that consent is implied to the extent that the contractual relationship between the contractor and developer or housing association, and the developer or housing association with After Build, requires the use of such personal data to fulfil contractual obligations. The basis for this is ‘Legitimate Interest’.
Any questions, queries or complaints should be directed to After Build’s Data Controller:
Head of Operations
After Build Limited
Units 1&2 Woodfield Farm Offices
Isaacs Lane, Burgess Hill
West Sussex RH15 8RA
The Data Controller shall implement appropriate technical and organisational measures to ensure and demonstrate that processing is performed in accordance with GDPR. Those measures shall be reviewed and updated as necessary. The Data Controller shall also implement appropriate technical and organisational measures to ensure that, by default, only personal data which are necessary for each specific purpose of the service are processed.
After Build shall keep records of the data categories processed and the purpose of the processing. These records shall include details of the recipients to whom the personal data has been disclosed.
The Data Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the case of a personal data breach, the Data Controller shall without delay (not later than 72 hours of becoming aware of it) notify the Authorities, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the personal data breach to the data subject.
After Build is registered at the Information Commissioners Office. Registration No.:Z9846642.
Units 1 & 2 Woodfield Farm Offices, Isaacs Lane,
West Sussex RH15 8RA