• +44 7980 353220
  • cgw@clarewarnham.co.uk
  • KENT UK

Privacy policy

GDPR / Data Protection Policy

1. Purpose

Clare Warnham Ltd is committed to protecting personal data and handling it lawfully, fairly,securely, and transparently.


This policy explains how Clare Warnham Ltd collects, uses, stores, shares, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It also sets out the responsibilities of the company, its directors, employees, contractors, and anyone processing personal data on its behalf.

2. Scope

This policy applies to all personal data processed by Clare Warnham Ltd, whether in electronic form, paper records, email, cloud systems, mobile devices, websites, or verbal communications recorded in notes or files.

It applies to personal data relating to, where relevant:

  •  clients and prospective clients;
  •  residents, leaseholders, freeholders, tenants and occupiers;
  • suppliers and contractors;
  • employees, workers and job applicants;
  • professional contacts and business partners;
  • website users and enquirers.

3. Definitions

Personal data means any information relating to an identified or identifiable individual.

Processing means any use of personal data, including collecting, recording, storing, organising, retrieving, sharing, amending, or deleting it.

Special category data includes more sensitive personal data, such as health data, racial or ethnic origin, religious beliefs, sexual orientation, biometric data, and similar protected categories.

Controller means the organisation that decides why and how personal data is processed. Clare Warnham Ltd will usually act as a data controller for its own business activities. In some cases, it may act as a processor where it handles data strictly on a client’s documented instructions.

4. Data Protection Principles

Clare Warnham Ltd will comply with the seven core data protection principles. Personal data must be:

  1. processed lawfully, fairly, and transparently;
  2. collected for specified, explicit, and legitimate purposes;
  3. adequate, relevant, and limited to what is necessary;
  4. accurate and, where necessary, kept up to date;
  5. kept no longer than necessary;
  6. processed securely using appropriate technical and organisational measures; and
  7. handled in a way that demonstrates accountability.

5. Lawful Basis for Processing

Clare Warnham Ltd will identify and document an appropriate lawful basis before processing personal data. Depending on the circumstances, the lawful basis may include:

  • Contract – where processing is necessary to perform a contract or take steps before entering one;
  • Legal obligation – where processing is necessary to comply with a legal duty;
  • Legitimate interests – where processing is necessary for legitimate business or management purposes, provided those interests are not overridden by the individual’s rights;
  • Consent – where required, particularly for certain types of direct marketing or optional uses of data;
  • Vital interests – where necessary to protect someone’s life; or
  • Public task – where applicable, though this will be less common for a private company.

Where special category data is processed, Clare Warnham Ltd will identify both a lawful basis under Article 6 UK GDPR and an additional condition for processing under the relevant legal provisions.

6. Types of Personal Data We May Process

Depending on the services provided, Clare Warnham Ltd may process the following categories of personal data:

  • name, title, address, email address, telephone number;
  • property address and correspondence address;
  • financial and payment information;
  • tenancy, leasehold, freehold, or service charge records;
  • complaint and case history;
  • identification documents where required;
  • employment and recruitment information;
  • supplier and contractor contact details;
  • CCTV or access control information, where applicable;
  • website enquiry data and communications records.

Clare Warnham Ltd will only collect personal data that is relevant and necessary for the stated purpose.

7. How Personal Data Is Collected

Personal data may be collected directly from individuals or from third parties such as:

  • clients;
  • managing agents or residents’ management companies;
  • landlords, leaseholders, tenants or occupiers;
  • contractors and suppliers;
  • accountants, solicitors, insurers, and professional advisers;
  • recruitment agencies;
  • public registers or lawful background sources;
  • website forms, email, telephone calls, and written correspondence.

Where required, Clare Warnham Ltd will provide privacy information explaining how personal data will be used.

8. Use of Personal Data

Clare Warnham Ltd may use personal data for legitimate business purposes including:

  • delivering property management or related services;
  • responding to enquiries and administering client relationships;
  • maintaining accounting, invoicing, payment, and audit records;
  • managing contractors and suppliers;
  • complying with legal, regulatory, and professional obligations;
  • handling complaints, disputes, and insurance matters;
  • recruitment and employment administration;
  • maintaining building, estate, resident, or contractor records;
  • ensuring health and safety, security, and business continuity;
  • sending service communications and, where lawful, business updates or marketing.

 

9. Special Category Data

Clare Warnham Ltd will avoid processing special category data unless it is genuinely necessary and lawful to do so.

Where such data is processed, additional safeguards will be applied, including restricted access, secure storage, and clear justification for the processing.

10. Data Accuracy

Clare Warnham Ltd will take reasonable steps to ensure personal data is accurate and kept up to date. Individuals should notify the company promptly if their details change.

Where inaccurate or outdated data is identified, it will be corrected or deleted without undue delay.

11. Data Retention

Personal data will not be kept for longer than necessary. Clare Warnham Ltd will maintain retention practices appropriate to the type of data and the purpose for which it is processed, taking into account legal, accounting, regulatory, contractual, and insurance requirements. Storage limitation is one of the core UK GDPR principles.

As a general guide:

  • client and property management records: retained for as long as needed for the instruction and a reasonable period afterwards;
  • financial and tax records: retained in line with statutory requirements;
  • employment records: retained in line with employment law requirements;
  • unsuccessful recruitment records: retained only for a limited period unless consent for longer retention is obtained;
  • routine correspondence: retained only as long as operationally necessary.

When retention periods expire, personal data will be securely deleted, destroyed, or anonymised.

12. Data Security

Clare Warnham Ltd will implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. UK GDPR requires security measures appropriate to the risk.

These measures may include:

  • password protection and multi-factor authentication where available;
  • access controls based on business need;
  • secure cloud storage and device security;
  • antivirus, software updates, and patch management;
  • encrypted transmission or storage where appropriate;
  • secure disposal of paper and electronic records;
  • confidentiality obligations for staff and contractors;
  • appropriate backup and recovery arrangements.

 

13. Data Sharing

Clare Warnham Ltd may share personal data where necessary and lawful with:

  • clients and their authorised representatives;
  • contractors and suppliers;
  • accountants, solicitors, insurers, and other professional advisers;
  • software providers and IT support services;
  • regulators, public authorities, courts, or law enforcement where legally required;
  • banks and payment service providers.

Where third parties process personal data on behalf of Clare Warnham Ltd, the company will seek to ensure appropriate written arrangements and safeguards are in place.

14. International Transfers

Clare Warnham Ltd will not transfer personal data outside the UK unless it is lawful to do so and appropriate safeguards are in place.

Where third-party software or service providers are used, Clare Warnham Ltd will take reasonable steps to understand whether personal data is processed outside the UK and ensure appropriate protection is in place.

15. Individual Rights

Individuals have rights under the UK GDPR, including the right to:

  • be informed about how their data is used;
  • access their personal data;
  • have inaccurate data corrected;
  • request erasure in certain circumstances;
  • restrict processing in certain circumstances;
  • object to processing in certain circumstances;
  • request data portability in certain circumstances; and
  • rights relating to automated decision-making where applicable.

Requests relating to these rights should be made in writing to:

Data Protection Contact: [insert name]
Email: [insert email]
Postal address: [insert registered office / correspondence address]

 

Clare Warnham Ltd will respond in accordance with legal timescales and may request proof of identity before acting on a request.

15. Individual Rights

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

All actual or suspected personal data breaches must be reported internally without delay to the person responsible for data protection compliance.

Clare Warnham Ltd will assess each breach promptly and decide:

  • what immediate containment steps are needed;
  • whether affected individuals are at risk;
  • whether the breach must be reported to the ICO; and
  • whether affected individuals must be informed.

The ICO requires certain personal data breaches to be reported when they present a risk to people’s rights and freedoms.

17. Staff Responsibilities

Anyone working for or on behalf of Clare Warnham Ltd who handles personal data must:

  • comply with this policy and any related procedures;
  • only access personal data where necessary for their role;
  • keep personal data secure and confidential;
  • not disclose personal data improperly;
  • report suspected breaches immediately;
  • follow retention and deletion requirements;
  • complete any required training or guidance.

Failure to comply with this policy may result in disciplinary action or termination of engagement where applicable.

18. Accountability and Records

Clare Warnham Ltd will take responsibility for its data protection compliance and will aim to demonstrate this through proportionate governance measures, which may include:

  • maintaining privacy notices;
  • recording lawful bases for processing;
  • keeping data retention practices under review;
  • using contracts with processors where needed;
  • training staff and contractors as appropriate;
  • reviewing security controls and breach procedures.

 

19. Complaints

Any person who is concerned about how Clare Warnham Ltd has handled their personal data should contact the company first so the matter can be investigated.

Individuals also have the right to complain to the Information Commissioner’s Office (ICO) if they believe their data has been handled unlawfully or unfairly. ICO guidance explains individuals’ rights and organisations’ responsibilities under the UK GDPR.

20. Policy Owner and Review

This policy is owned by Clare Warnham Ltd and will be reviewed regularly, and at least annually, or sooner if there is a change in law, guidance, business operations, or data processing activities.

Professional Residential Block & Estate Management across London & the South East.

Contact

📞 +44 7980 353220
✉️ cgw@clarewarnham.co.uk

Accreditations

© 2026 Clare Warnham Ltd. All Rights Reserved.

Scroll to Top