Privacy Policy
Native Communities is a trading name of Native Residential Ltd. and explains how
Native protects and processes your personal information. ‘Your personal information’
means any information about you that you or third parties provide to us, or we
produce about our services offered or provided to you.
Our Privacy Policy relates to the following categories of individuals:
• residents and prospective residents
• customers and prospective customers
• guests and prospective guests
• our business clients and their personnel
• visitors to our websites
• applicants for job opportunities
Where we provide products or services under contract with an organisation (for
example your employer), that organisation controls the information processed by
Native on your behalf until they transfer it to us, upon which point Native assumes
responsibility for processing your data.
Your privacy is important to us, and so is being transparent about how we collect,
use, and share information about you. This policy is intended to help you
understand:
1. Native’s Privacy Principles
2. What information Native collects about you
3. Why Native collects this information and how we use it
4. How do we store and secure the information we collect
5. How long do we keep the information we collect
6. How Native shares information we collect
7. How Native transfers information we collect internationally
8. Your rights and other important privacy information
9. How you can access and control the information held by Native
Please read this privacy policy carefully as it sets out the basis on which we collect
any personal information from or about you, and how we use it in the operation of:
•
native-communities.com• Websites and operations for build-to-rent and private rental sector properties
operated by Native, such as corkfield.co.uk or angorfa.co.uk
• Online payment web pages used to collect payment
• Online web forms used to collect information for third-party referencing companies
• Corporate portals or web pages managed by Native on behalf of our corporate
clients
• Central or regional functions including asset management, direct, agent, partner,
corporate and key account client services, HR, operations, estates, finance,
business development, marketing and IT
By visiting any of our websites or by using any of these services, you acknowledge
the practices described in this privacy policy.
Native’s Privacy Principles
Native is committed to safeguarding the privacy and security of your information.
• We will only collect and use your information where we have lawful legitimate
business reasons to do so
• We will not ask for more information than we need for the purposes for which we
are collecting it
• We will update our records when you inform us that your details have changed
• We have implemented and adhere to information retention policies relating to your
information
• We will ensure that your information is securely disposed of at the end of the
appropriate retention period
• We observe the rights granted to you under applicable privacy and data protection
laws
• We will ensure that queries relating to privacy issues are promptly and courteously
dealt with
• Our staff are trained on their privacy obligations
• We will ensure there are appropriate measures in place to protect your information
regardless of where it’s held and ensure that safeguards are in place before
transferring your information to other companies or countries
What information Native collects about you:
The personal information we collect depends on the products and services you have,
how you use them, how you made contact, enquired or booked and through whichchannel, partner or third party this was done. Depending on these factors, Native
could hold any of the below personal information about you:
• Personal contact details such as a person’s name, title, home address, email
address(es), telephone number(s)
• Other personal details such as a person’s gender, age, date of birth, place of birth,
nationality, country of origin, marital status, child status, rental budget, property
preferences, move-in date, lease term, price and any information which you
volunteer in relation to the above (as applicable) and vehicle registration numbers
• Work contact details such as employer name, work address, job title, email
address(es), telephone number(s)
• Other work-related details such as personnel ID, work grade, employment history,
salary, references, length of service, sickness and absence records, disciplinary and
grievance records, remuneration and benefits, pension and insurance enrolment
information, education and training records, visa and right to work information,
PAYE/NI numbers and records, information on familiar, dependents and next of kin.
• Government-issued identifiers such as passport, national insurance number,
driver’s licence, visas, right to rent status
• Financial details such as bank account details, payment card details, credit scores,
account debt [deposit information, payment history, guarantor information]
• Online identifiers such as Cookies (see Native Cookie Policy ), IP Address(es) [chat
bot conversations]
• Sensitive personal data such as health conditions, but only when required to plan
appropriately to enable the delivery of appropriate, safe and respectful levels of
service and procedures, professional and trade union membership and racial and
ethnic origin
• Criminal offence data if and when supplied by third parties such as referencing
agencies or directly by the person themselves, required for anti-fraud measures or
the prevention of other unlawful acts as appropriate
• Social media content if provided by you in accordance with and acceptance of this
policy such as reviews, blogs
• User account details such as username, password (encrypted), security questions,
security answers
• Contact and marketing preferences such as whether you have provided or
withdrawn consent / subscribed or unsubscribed to contact methods (e.g. email,
telephone), marketing campaigns, news, competitions or engaged with campaigns
and promotions• Job applicant details such as CVs, cover letters and any supporting documents
• Photos, video files (such as CCTV coverage) or documents that relate to any of the
above points or are required to manage our properties or business processes
• Telephone call data such as voice data for calls recorded for quality or training
purposes or messages left on answering machines
• SMS / IM messages received by apps we use for sales or operational purposes
Why Native collects this information and how we use it:
Why we collect personal information and how we use the information we collect
depends in part on which services you enquire about, order or use, how you use
them, and any preferences you have communicated to us. Below are the for which
we use the information we collect about you [as well as the lawful basis for
processing for each].
• To respond to enquiries about our company or services from you [Legitimate
interests]
• To provide products and services to you
• and services and to run credit checks [Legitimate interests]
• To communicate with you about the services [Legitimate interests]
• To market, promote and drive engagement with existing or potential services to
existing or potential customers who have provided consent [Consent]
• To personalise and customise your experience [Legitimate interests]
• To provide customer support to you [Legitimate interests]
• To provide account management to you or your employer [Legitimate interests]
• To identify you and ensure the safety and security of your data [Legal obligation,
Legitimate interests]
• To comply with client or third-party contracted requirements [Contract, Legitimate
interests]
• To engage with or procure services with third-party providers for services relevant
to your enquiry, order or service [Legitimate interests]
• To protect our legitimate business interests and legal rights [Legitimate interests]
• To report on and analyse the performance of our portfolio [Legitimate interests]
• To develop our business and build a better understanding of what our customers
want [Legitimate interests]• For research and development purposes [Legitimate interests]
• To help protect you against fraud or other criminal activity [Legitimate interests]
• To comply with any legal or regulatory obligations [Legal obligation, Legitimate
interests]
• To respond to any law enforcement agencies[Legal obligation, Legitimate interests]
• To respond to any data access requests from you [Legal obligation]
• Any other reason that complies with our obligations that we can justify as a
legitimate business reason [Legitimate interests]
How do we store and secure the information we collect:
• Native uses a multi-data centre infrastructure hosting service in the United Kingdom
for all personal information we collect, whether on our file network, websites or apps.
This infrastructure is ISO 27001 certified and provides enterprise-class resilience
and security.
• Access to our network and apps is controlled by an enterprise level 2 Factor
Authentication solution
• Our websites have up-to-date SSL certificates that provide robust authentication
and encryption, to reassure you that your data and transactions are secure.
• We restrict access to personal information so that only controllers and processors
of the data that need it for legitimate business purposes have access to it.
• We also have data use policies and training in place to ensure all our staff are
responsible for your data and understand their obligation to protect it.
• How long do we keep information
• How long we keep the information we collect about you depends on the type of
information and the type of interaction you have had with Native, as specified by the
retention periods below. Prior to or at the point of the retention period being met, we
will either delete or anonymise your information as applicable. Where more than one
of the below categories applies to a piece of data, the longest retention period shall
be enforced
Sign-ups for news offers or marketing campaigns – If you have provided your contact
details and confirmed that you have provided consent to receive news, offers or
marketing campaigns, we will retain your personal information for no longer than 5
years from the point you last expressed an interest/opened a communication without
unsubscribing/provided consent/contacted us/subscribed or unsubscribed. We retain
information derived from cookies and other tracking technologies.Personal Information related to Enquiries and Orders – If you have made an enquiry
about or order for products or services or a third party has done so on your behalf,
we will retain your information for no longer than 7 years from the point of your last
enquiry or order.
Billing – If you have been billed by Native for any products or services, we will retain
your information for no longer than 7 years from the point of billing of your last
invoice.
Account Information – We retain your account information for as long as your
account is active and a reasonable period thereafter in case you decide to
re-activate the Services. We also retain some of your information as necessary to
comply with our legal obligations, resolve disputes, enforce our agreements, support
business operations, and continue to develop and improve our products and
services.
Client contracts – If you’re an employee of a corporate client that specifies in our
contract that data must be retained for reporting purposes on their behalf for a
particular period, we will comply with that length of time where possible and where
they have confirmed their responsibility as data controller in that regards.
Job Applicant details – CVs, cover letters, application forms and interview notes for
unsuccessful candidates will be retained for no longer than 1 year. Successful
candidates will have these files transferred to their personnel file, for which our
retention period will not be covered by this document.
Other files and emails – We retain active, undeleted electronic files and emails for a
period of no longer than 7 years unless they have been identified as business critical
and set to not be deleted.
Complaints – We retain complaints and responses to them for no longer than 6 years
from closure.
Telephone call and SMS / IM data – We retain recorded calls and messages no
longer than is required for quality, training or legal reasons or will retain them no
longer than 1 year, whichever is greater.
In other cases, we’ll store personal information for the periods needed for the
purposes for which the information was collected or for which it is to be further
processed. And sometimes we’ll keep it for longer if we need to by law. Otherwise,
we delete it.
How Native shares information we collect:
We only share your personal information where it is necessary for us to do so for
legitimate business purposes, or if that is not the case, when you have providedconsent for us to do so. We will only share personal information with that we have
verified and are handling your details securely.
We do use third-party service providers to process personal information on our
behalf for the kinds of purposes set out below:
• Process payment or refund transactions
• Provide customer service, marketing, infrastructure, financial, audit, operational or
technology services
• Personalise our service and make it work better
• Carry out tenancy-related services such as referencing or deposit protection
• Carry out fraud and credit checks and collect debts
• Analyse and improve the information we hold (including about your interactions with
our service)
• Run surveys
• To comply with legal, regulatory or law enforcement requirements
• For quality and training purposes
Where we use another organisation, we still control your personal information.
If there’s a change (or expected change) in who owns us or any of our assets, we
might share personal information with the new (or prospective) owner. If we do,
they’ll have to keep it confidential.
How Native transfers information we collect internationally.
Native does not currently share personal data outside the EU for data related to
residential accommodation and tenants, however, we are a growing company with
plans for expansion outside of the UK. Wherever possible we will minimise sharing
data internationally, however, it’s possible that we will have legitimate business
reasons to do so. If that’s the case we reserve the right to share personal data
internationally and will update our Privacy Policy if that becomes the case to reflect
this. As with all our providers, we will have strict controls in place to make sure it’s
properly protected.
Your rights and other important privacy information.
Native is committed to compliance with Data Processing Laws and respecting your
privacy. “Data Processing Laws” means (a) the Data Protection Act 2018 (DPA 2018)
and/or any laws or regulations implementing the General Data Protection Regulation
(UK GDPR); and/or any corresponding or equivalent national laws or regulations;
and any applicable laws replacing, amending, extending, re-enacting orconsolidating any of the above DP Laws from time to time; For the purposes of the
Data Processing Laws Native is the data controller.
GDPR provides you with the below concerning the processing of your personal data.
These are listed below:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object, and
• Rights related to automated decision-making and profiling
In addition, the Data Processing Laws provide you with the right to withdraw consent
for the processing of your data for data upon which the basis for processing is
consent, which you can do via the process mentioned below.
To find out more information about these rights and our obligations, please visit the
Information Commissioner’s Office website ico.org.uk
How you can access and control your information held by Native
If you have any questions or require details related to the personal information we
hold about you or wish to exercise any of your rights outlined in this policy, get in
touch with our Data Protection Officer by
Emailing: dataprotection@native-communities.com Or write to us at:
Data Protection Officer
Native Communties
United House
9 Pembridge Road
London
W11 3JY
If you are requesting access to your information, by law you will need to provide the
below in your communication for us to be able to legally issue a full response to your
request to access information, which we will do within one calendar month, free of
charge.• Full name
• Email address
• Telephone number
• Proof of ID (certified copy of passport, driving licence or government-issued ID)
If you want to make a complaint on how we have handled your personal information,
please contact our data protection officer who will investigate the matter and report
back to you.
If you are still not satisfied after our response or believe we are not using your
personal information in line with the law, you also have the right to complain to the
data protection regulator in the country where you live or work. For the UK, that’s the
Information Commissioner’s Office –