TOLA Privacy Statement
On 25th May, 2018, new legislation, commonly known as the General Data Protection Regulations (‘GDPR’), becomes effective, placing significant responsibilities on organisations with respect to the handling and processing of personal data. Because TOLA holds a limited amount of personal data of its members, and also because it oversees CCTV coverage across the TOLA footprint, TOLA is registered with the Information Commissioner’s Office (‘ICO’) under Registration Reference ZA154682. This registration is renewed annually.
What information does TOLA handle?
TOLA collects and holds ONLY data that is necessary to carry out its functions as the representative resident body within the Estate Management Scheme (‘EMS’) and this is limited to the following resident information:
This data qualifies as ‘personally available information’, under the terms of GDPR and, therefore, in order to comply with the new regulation, it is necessary for TOLA to receive your permission to store and use this data. TOLA undertakes to delete all data that is no longer needed.
What is your information used for?
The above information may be used by TOLA in one of the following ways:
Why should I give TOLA permission to use your information?
Under the GDPR regulations, it is necessary for you to give TOLA permission to use your personal information, even though the amount of data that we hold is limited and notwithstanding that TOLA only uses this information in the context of its role in the EMS.
In the event that we do not receive your permission, TOLA will have to delete your email data from our records and in future all correspondence will be sent to you by post. This is cumbersome and expensive and so your help in making TOLA as efficient as possible is greatly appreciated.
What about CCTV data?
TOLA operates a network of CCTV cameras across the footprint solely for security purposes. Access to CCTV is strictly limited and is usually made available only to the police following a security incident. All CCTV data is erased automatically after 30 days.
How does TOLA protect your information?
Your personal information is held on a computer, used by TOLA’s accountant, John Googe, who uses a variety of standard security measures to maintain its safety.
How can you find out about your information that TOLA holds?
Should you send us a Subject Access Request, TOLA is obliged to provide you with what personally identifiable information we hold. For the purposes of GDPR, we have a month, after receiving your request, to provide this information to you.
What about potential data breaches?
The GDPR places a duty on all organisations to report specific types of data breach to the ICO, and in some cases, to individuals. We have to notify the ICO of a data breach, where it is likely to result in a risk to the rights and freedoms of individuals.
Does TOLA disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your information. We may release your information when we believe release is appropriate to comply with the law, or protect our or others rights, property, or safety.
How can you contact TOLA to ask about GDPR?
2nd May 2018