As of the 25th of May 2018 all companies (large or small) will have to conform to the General Data Protection Regulation (GDPR).
GDPR aims to protect individuals from data breaches and is particularly relevant to property agents because the nature of your business involves collecting large amounts of private information from clients.
If you fail to process, manage, store and protect customer data in accordance with the new legislation there is the potential for your agency to be fined (up to 4% of your turnover).
General Data Protection Regulation – TouchRight and Your Data
We promise that we’ll always tell you how we use your data and we’ll make sure we collect and store your data securely.
You can review your user name, email address and company details in TouchRight at any time. If the information we have is wrong, you can correct it yourself, or let us know and we’ll correct it for you. If you are the account owner you also have full control to add new users and edit/disable/delete users.
Data Access and Portability
We can provide a copy of the data we hold for you as an individual/account in TouchRight. Please email email@example.com and the information will be provided free of charge within 30 days.
Secure TouchRight System
- App and dashboard – our systems can only be accessed with a password, which is encrypted. It’s in your interest to make sure that your passwords are secure. You can change your password at any time by logging into the dashboard and going to My Account/User Profile.
- Data storage – we use Amazon Web Services (AWS) to host our software and applications, providing best-in-class security measures.
Your personal privacy is important and we take it very seriously. We fully comply with the General Data Protection Regulation (GDPR) and promise to collect, process, store and share your data safely and securely.
Our subcontractors can access your data, but only where it is required to assist with technical and support issues. We only use subcontractors that we trust. We use appropriate contractual safeguards, which we monitor to ensure the required standards are maintained, including non-disclosure agreements.
Security of Your Property, Tenant and Landlord Information
You can add information (property address details, landlord and tenant data) into your TouchRight account in a variety of ways. Either directly as you go, gathered together in one batch (CSV or excel format) or via transfer from your back office provider using our API integrations.
It is really important that you request permission from your landlords and/or tenants to allow their data (name, email, telephone and address) to be processed in TouchRight, and we are in the process of adding specific checkboxes for you to confirm that permission has been given. From 25th May, you will need to use these checkboxes before any appointment or report data can be sent to a landlord or tenant via TouchRight.
Any information provided has a specified, explicit and legitimate purpose. Therefore we will not process this data for any other purpose other than for use within TouchRight, and it will not be passed to any third parties. You can access this data at any time, and can delete specific information as required.
If you end your TouchRight subscription, your account will be disabled following a 30 day notice period. If the account is reactivated, we will store the account data (reports, photographs, property addresses, landlord and tenant details) securely for a period of 12 months and then delete the data permanently from our servers. This is in case you decide to reactivate your account within that period, and want to access your property and report history.
If you decide to delete your data in your TouchRight account, the deletion policy is:
- Deleted landlord/tenant details – name/email/address/phone number – stored for 3 months, then fully deleted
- Deleted trial account details – stored for 3 months, then fully deleted (including related photographs)
- Deleted users – stored for 3 months, then fully deleted
- Deleted properties – stored for 12 months, then fully deleted
- Deleted reports – stored for 12 months, then fully deleted (including related photographs)
TouchRight has effective processes in place to identify, report, manage and resolve any personal data breaches. If a breach does occur, we will inform you immediately. The ICO will be notified within 72 hours.
To help with security and account access, Account Owners should be mindful of updating user profiles of employees who have ceased employment with their business.
We hope this provides reassurance regarding how we handle the data you supply to us. We have also completed a set of 12 industry-recognised software supplier questions which can be found here.
If you need further information please don’t hesitate to Contact Us.