This policy covers the use of personal data collected and processed through the leaseholder portal operated by Nine Sutton Managing Agent Limited.
1. Data Controller
Company Name: Nine Sutton Managing Agent Limited
Registered Address: 1 Park Road, Hampton Wick, Kingston Upon Thames, Surrey, England, KT1 4AS
2. Categories of Personal Data Collected
- Account Information: Full name, email address, telephone number, correspondence address
- Lease and Property Details: Property address, lease information
- Usage and Technical Data: Login timestamps, IP addresses, device/browser metadata, activity logs
- Communications Data: Email content, timestamps, and correspondence records
3. Purposes of Processing
- Account Management: To register you as a leaseholder/tenant, set up your account, verify your identity, and manage your access.
- Property Management Duties: To carry out obligations under your lease, including building management and communications.
- Support and Communications: To handle enquiries, support tickets, and service requests.
- Building Updates and Announcements: To send important updates about the property.
- Security and Technical Monitoring: To protect the portal and monitor system integrity.
4. Data Processors and Third-Party Services
- Supabase: Database and authentication services for managing user accounts.
- SendGrid: Delivery of transactional emails, such as OTP codes and building notifications.
- Vercel: Hosting and delivery of the portal application and assets, processing minimal technical data (e.g., IP addresses, access logs).
5. International Data Transfers
Some of our service providers (such as SendGrid and Vercel) are based outside the UK or EEA or may store data in those locations. We ensure that any transfers are protected by Standard Contractual Clauses (SCCs) and maintain equivalent data protection standards. Our database provider (Supabase) is hosted in London to keep core account data within the UK.
6. Data Retention
We retain your personal data only as long as necessary to fulfil the purposes outlined or to comply with legal obligations. Property management records (including leaseholder/tenant details and correspondence) are retained to meet operational and regulatory requirements. Support tickets and usage logs are retained for security and auditing purposes. Data no longer needed is securely deleted or anonymised.
7. Your Rights
- Access: Request a copy of your personal data.
- Rectification: Request corrections to inaccurate data.
- Erasure: Request deletion where appropriate.
- Restriction: Request a restriction on how we process your data.
- Objection: Object to processing based on legitimate interests.
- Data Portability: Request to move your data to another service provider.
To exercise any of these rights, contact us at support@ninesutton.co.uk . You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Security Measures
- Data encryption in transit and at rest.
- Restricted access to authorised personnel only.
- Secure authentication processes and monitoring of system access.
- Regular security reviews and updates to protect personal data.
9. Data Breach Notification
In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours where required and inform affected individuals if there is a high risk to their rights and freedoms.
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. Significant changes will be notified by email or via a notice on the portal. The \"Last updated\" date at the top of this policy will indicate when it was last revised.