Personal data protection policy for external property administrators
Newsec Property Asset Management takes the protection of personal data seriously, which is why we have formulated this personal data protection policy.
In connection with administration of property, associations and companies, property projects etc., we focus strongly on our services including gathering and processing data on identified or identifiable data subjects, i.e. personal data. We look at such aspects as the character and scope of personal data, categories of data subjects, the actual processing of personal data and the purpose of doing so, and how best the Act on Processing of Personal Data should be complied with.
We therefore only gather and process personal data that are sufficient, relevant and restricted to that necessary in relation to a legally-defined purpose, and we prioritise minimising the amount of personal data. However, we can be obliged in accordance with Danish law to gather and process certain personal data.
Our gathering and processing of personal data is strictly in accordance with a contract, consent, a legal obligation or arising from other legitimate interests, and in the course of gathering such data, we inform the data subjects accordingly, including the character and scope of the personal data we gather and the purpose of processing them. We check that the personal data we process are not incorrect or misleading, and that they are regularly updated.
In some instances, we may need to obtain and compare personal data from third parties, such as public authorities and private bodies. In such instances, we provide details and obtain consent, unless the data subjects are already aware of how we gather and process, or their interest in being informed is subjugated by overwhelming public or private interests or the enforcement of civil rights etc.
We have implemented technical and organisational measures concerning confidentiality and data security that protect personal data against destruction, loss, modification, unauthorised publication and unauthorised access or disclosure. This includes access to data being physically and systematically restricted to the personnel who need access to them in the course of their work, and who have received training and instruction in processing of personal data. Personal data in physical format or on portable data media shall be kept locked up when not in use, whilst personal data in digital format shall be protected by access control, personal access codes, backup-system, updated firewalls and anti virus software. We also have a process for dealing with breaches of security, and informing our customers, data subjects and Danish Data Protection Agency accordingly.
If we disclose personal data to customers, associates and others, we provide details and obtain consent when it is mandatory to do so. Our sub-data processes shall observe our security requirements, and cannot use personal data they receive from us for any other purpose. If we use other businesses for processing of personal data, we enter into data processing agreements with them which govern the processing of personal data they perform on our behalf.
We do not transfer personal data for processing outside the EU and EEA or to an international organisation, unless there are legal grounds for doing so, and in such instances details will be provided in advance.
If we need to use personal data for any other purpose than that they were originally gathered for, we will inform the data subjects and obtain consent if mandatory to do so. In this context, we also consider whether such use of personal data for a new purpose can have negative consequences for the data subjects.
We delete personal data when no longer necessary in relation to the purpose on which they were gathered and processed. The storage period can therefore vary depending on the relevant purpose and the criteria for deletion include how long we will use the personal data for that fulfil the contractual undertakings, and whether we are subject to a duty to retain the data for a certain period in accordance with Danish law. We can also include personal data in our standard backup-procedure.
For more details on the rules for processing of personal data, please refer to the Act on Processing of Personal Data and the Danish Data Protection Agency's website, plus:
- Newsec Property Asset Management’s Personal Data Protection Policy for customers
- Newsec Property Asset Management’s Personal Data Protection Policy for tenants
- Newsec Property Asset Management’s Personal Data Protection Policy for external property administrators
- Newsec Property Asset Management’s policy concerning the rights of registered data subjects
The rapid development of the use of personal data means that changes in our processing of personal data can become necessary. We therefore reserve the right to revise this policy.
You can contact Newsec Property Asset Management concerning our gathering and processing of personal data by writing to email@example.com.