Privacy Policy

At MMR Projects Ltd, we are dedicated to protecting your privacy and ensuring the confidentiality and security of your personal information. This Privacy Policy outlines how we collect, use, store, and protect your personal data when you interact with our services, whether through our website, in person, or by other means. We are committed to complying with all relevant data protection laws, including the General Data Protection Regulation (GDPR).

Information We Collect

Personal Information: We collect personal information necessary to provide our services. This may include:

• Contact Information: Name, address, phone number, and email address.
• Identification Information: Passport details, driver’s license, or other forms of ID for verification purposes.
• Financial Information: Bank details, payment information, and credit history necessary for transactions, billing, and payments.
• Property Information: Details related to properties you own, are interested in purchasing, or are renting.

Website and Communication Data:
When you visit our website or communicate with us, we may collect:

• Cookies: Information on how you use our website to improve user experience and functionality.
• IP Address and Browser Information: For security and analytics purposes.
• Communication Records: Emails, messages, and call logs to ensure service quality and resolve disputes.

How We Use Your Information

Service Provision: We use your personal data to:

• Facilitate property purchases, sales, and management.
• Process transactions and payments.
• Provide updates and information related to your property investment or management services.

Communication: Your contact details are used to:

• Respond to inquiries and requests.
• Send service-related updates, newsletters, and promotional offers.
• Notify you of any changes to our services or policies.

Legal and Compliance: We may process your data to:

• Fulfil our legal obligations, including tax reporting and anti-money laundering regulations.
• Prevent and detect fraud or other unlawful activities.

Marketing: With your consent, we may use your data to:

• Send marketing communications about our services, offers, and new opportunities.
• Conduct surveys and gather feedback to improve our services.

Data Sharing and Third Parties

Service Providers: We may share your personal data with third-party service providers who assist in delivering our services, including:

• IT Services: For hosting, cloud storage, and data security.
• Legal and Financial Advisors: For property transactions and compliance.
• Property Management Firms: For maintenance, letting, and other property services.

These third parties are required to handle your data under strict confidentiality agreements and only for the purposes specified by us.

Legal Requirements: We may disclose your data if required by law, such as in response to legal proceedings, court orders, or government regulations.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity, with your privacy rights preserved.

Data Security

Security Measures: We employ a variety of security technologies and procedures to help protect your personal data from unauthorised access, use, or disclosure. These include:

• Encryption: Sensitive data is encrypted during transmission and storage.
• Access Controls: Only authorised personnel have access to your personal information.
• Regular Audits: We conduct regular security audits to identify and address potential vulnerabilities.

Data Retention: We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. When no longer needed, your data will be securely deleted or anonymised.

Your Rights

Access and Correction: You have the right to access the personal data we hold about you. If you believe any information is inaccurate or incomplete, you can request corrections.

Data Portability: You can request that we provide you with your personal data in a structured, commonly used, and machine-readable format.

Erasure: You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal obligations.

Objection to Processing: You can object to the processing of your personal data for direct marketing purposes or where processing is based on our legitimate interests.

Withdraw Consent: If we process your data based on your consent, you have the right to withdraw that consent at any time.

Complaints: If you have concerns about how we handle your data, you can contact us, or lodge a complaint with the relevant data protection authority.

Cookies and Tracking Technologies

Cookies: Our website uses cookies to enhance your browsing experience and gather information on how you use our site. You can control cookies through your browser settings, though disabling them may affect functionality.

Analytics: We use analytics tools to track website performance and user behaviour. This data is anonymised and used solely for improving our services.

International Data Transfers

If your data is transferred outside of the UK or European Economic Area (EEA), we ensure it is protected through mechanisms such as standard contractual clauses or other legally recognised safeguards.

Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on our website, and where appropriate, notified to you by email.

Contact Us

If you have any questions or concerns about our Privacy Policy or how your data is handled, please contact us at:

• Email: info@mmrpmc.uk
• Address: 39-41 North Road, N7 9DP

MMR Projects Ltd is committed to protecting your privacy and ensuring the responsible use of your personal data. We value your trust and will continue to work diligently to safeguard your information.

Purpose:This policy outlines how MMR Projects Ltd protects personal data in compliance with GDPR and relevant data protection laws, ensuring privacy and security.

Scope: Applies to all employees, contractors, and third parties involved in processing personal data for MMR Projects Ltd.

Data Collection: We collect only the necessary personal data for business activities, including property management, client communication, and legal obligations. Data is obtained lawfully, with clear consent where required.

Lawful Basis for Processing: We ensure that all personal data processing activities are grounded in a lawful basis as defined by the GDPR. The primary lawful bases we rely on include:

• Consent: When individuals have given clear consent for us to process their personal data for a specific purpose.
• Contract: When the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
• Legal Obligation: When the processing is necessary for us to comply with the law (excluding contractual obligations).
• Legitimate Interests: When the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Data Usage: Personal data is used exclusively for the purposes it was collected for, including service delivery, compliance with legal obligations, and communication. Data is not shared with third parties without explicit consent unless required by law.

Data Storage and Security: We implement stringent security measures to safeguard personal data, including:

• Encryption: All sensitive data is encrypted during storage and transmission.
• Access Control: Access to personal data is restricted to authorised personnel only.
• Regular Audits: We conduct regular security audits and vulnerability assessments to ensure data protection measures are up to date.
• Data Backup: Regular backups are maintained to protect data against loss or corruption.

Data Retention: Personal data is retained only as long as necessary to fulfil its intended purpose and comply with legal requirements. When data is no longer needed, it is securely deleted or anonymised. We maintain a detailed data retention schedule to manage the lifecycle of data and ensure timely and secure disposal.

Rights of Data Subjects: Individuals have the following rights under GDPR:

• Right of Access: To obtain a copy of their personal data held by us.
• Right to Rectification: To request correction of inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): To request deletion of their personal data under certain circumstances.
• Right to Restrict Processing: To request the restriction of processing in certain situations.
• Right to Data Portability: To receive their data in a structured, commonly used format and transfer it to another data controller.
• Right to Object: To object to the processing of their data based on legitimate interests, or for direct marketing purposes.

We respond to data subject requests within one month and provide the necessary information or take appropriate actions. If requests are complex or numerous, we may extend this period by two months, with a notification to the data subject.

Data Breach Response: In the event of a data breach:

• Immediate Action: We take immediate steps to contain and mitigate the breach.
• Notification: We notify affected individuals and the relevant data protection authority (such as the Information Commissioner's Office in the UK) within 72 hours if the breach poses a risk to individuals' rights and freedoms.
• Remediation: We conduct a thorough investigation and implement corrective measures to prevent future breaches.

Training and Awareness: All employees and contractors involved in processing personal data receive regular training on data protection principles, GDPR compliance, and their responsibilities under this policy. Training is mandatory upon onboarding and is refreshed annually to ensure continued compliance.

Third-Party Data Processors: Where third-party data processors are engaged, we ensure they comply with GDPR and other relevant regulations through binding contracts. These contracts include data protection clauses, ensuring that third parties implement appropriate technical and organisational measures to protect the data they process on our behalf.

International Data Transfers: Where personal data is transferred outside of the UK or European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs): To ensure that data is protected in accordance with EU standards.
• Binding Corporate Rules (BCRs): For transfers within multinational organisations.

Data Protection Officer (DPO): MMR Projects Ltd appoints a Data Protection Officer (DPO) responsible for overseeing data protection strategy and implementation, ensuring compliance with GDPR, and acting as the point of contact for data protection queries.

Policy Review: This policy is reviewed and updated regularly to reflect changes in data protection laws and our business practices. Any updates will be communicated to all stakeholders, including employees, clients, and third-party partners.