This Policy sets out the obligations of Advanced Agents Limited trading as MoveWise registered in the United Kingdom under number 11479049 whose registered office is at 105, Victoria Street, London SW1E 6QT “the Company” regarding data protection under General Data Protection Regulation “GDPR”.
The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Policy sets the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.
The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
“Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
“Customer” means a company or individual who engage the services of MoveWise
“Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement.
“Data Subject” means the identified or identifiable person to whom Personal Data relates.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Personal Data” in relation to a Customer means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Customer Data. “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Controller” means the entity which receives the Personal Data
“Processor” means the entity which Processes Personal Data on behalf of the Controller.
PROCESSING OF PERSONAL DATA
Customer’s Processing of Personal Data. MoveWise shall Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, a Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. A Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which MoveWise acquires Personal Data.
MoveWise’s Processing of Personal Data. MoveWise shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with any Terms of Business(s); (ii) Processing initiated for the use of MoveWise’s services; and (iii) Processing to comply with other documented reasonable instructions provided by the Customer (e.g., via email) where such instructions are consistent with the terms of this policy.
Details of the Processing. The subject-matter of Processing of Personal Data by MoveWise is the performance of the services pursuant to Terms of Business. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 4 (Details of the Processing) to this DPA.
RIGHTS OF DATA SUBJECTS
MoveWise will, to the extent legally permitted, action a request from a Data Subject to access, correct or delete that person’s Personal Data or if a Data Subject objects to the Processing thereof (“Data Subject Request”).
MoveWise shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. MoveWise shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
MoveWise shall take commercially reasonable steps to ensure the reliability of any MoveWise personnel engaged in the Processing of Personal Data.
MoveWise shall ensure that MoveWise’s access to Personal Data is limited to those personnel performing services in accordance with any Terms of Business.
CUSTOMER DATA INCIDENT MANAGEMENT AND NOTIFICATION
MoveWise maintains security incident management policies and procedures and shall notify the Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data, including Personal Data, transmitted, stored or otherwise Processed by MoveWise.
“Personal Data Incident” – MoveWise shall make reasonable efforts to identify the cause of any Customer Data Incident and take those steps as MoveWise deems necessary and reasonable in order to remediate the cause of such a Personal Data Incident to the extent the remediation is within MoveWise’s reasonable control.
The Customer understands that MoveWise may be required to provide Personal Data to carefully selected suppliers for the purpose of performing services under any Terms of Business. A list of suppliers can be supplied on request.
MoveWise shall maintain appropriate technical and organisational measures for protection of the security (including protection against unauthorised or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorised disclosure of, or access to, Customer Data), confidentiality and integrity of any Personal Data. MoveWise regularly monitors compliance with these measures.
THIRD PARTY SERVICE PROVIDERS
We engage third-party service providers to perform a variety of business operations on our behalf. In so doing, we may share your personal information with them. We provide our service providers with only the personal information they need in order to perform the services we request, and we contractually require that they protect this information appropriately and not use it for any other purpose.
For example, we may rely on a 3rd party service provider to:
Fulfil your service requests and answer your questions.
Host our sites and deliver our email or other communications.
Analyse our data, sometimes combined with data from other sources, to send you communications.
Conduct research and analyse data to improve our products, services and sites.
Where services are provided to us by a third party and it is necessary or expedient for us to share information with such third parties.
Perform other services that we request.
RETURN AND DELETION OF CUSTOMER DATA
MoveWise shall return and/or delete Customer Data to the extent allowed by applicable law.
LIMITATION OF LIABILITY
With effect from 25 May 2018, MoveWise will control Personal Data in accordance with the GDPR requirements directly applicable to MoveWise’s provision of its services.
With effect from 25 May 2018, MoveWise shall have in place a Data Protection Impact Assessment related to its Processing of any Personal Data as required under the GDPR.
Sending data outside the EEA. We will only send your data outside of the European Economic Area (‘EEA’) to:
Follow your instructions.
Comply with a legal duty.
Work with our suppliers who help us to provide you a service.
If we do transfer your personal information outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA. We’ll use one of these safeguards:
Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
This Policy is only legally binding between a Customer and MoveWise.
Certification of Deletion. The parties agree that a certification of deletion of Personal Data may be provided at the Customer’s request.
DETAILS OF THE PROCESSING
MoveWise will Process Personal Data as necessary to perform the services pursuant to any Terms of Business, and as further instructed by a Customer in its use of the services.
The Customer may submit Personal Data to obtain the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
Prospects, customers, business partners and vendors of Customer (who are natural persons).
Employees or contact persons of Customer’s prospects, customers, business partners and vendors.
Employees, agents, advisors, freelancers of Customer (who are natural persons).
Customer’s Users authorised by Customer to use the Services.
Customer may submit Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
First and last name
Employer – Contact information (company, email, phone, physical business address)
Professional life data – Personal life data
Connection data – Localisation data
Financial Data – Bank Details
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data.
(b) ‘the Customer’ means the person who provides their Personal Data to MoveWise.
(c) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the Processing of Personal Data applicable to a data controller in the Member State in which the data exporter is established.
(d) ‘technical and organisational security measures’ means those measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of Processing.
Prospects, Customers, Customer’s customer data (landlord and tenants), business partners and vendors.
First and last name
Contact information (not limited to company, email, phone, physical business address)
Professional life data
Personal life data