GDPR Privacy Notice

Data Processor & Controller

Who are we?

We are Prime Property Management of Devonshire House 29/31 Elmfield Road Bromley BR1 1LT.

What do we do?

We have been appointed by your Management Company or Landlord to manage the common areas of your block of flats.

What is our role under the General Data Protection Regulation (GDPR)?

We consider ourselves to be the Data Processor & Controller. Both the Data Controller and the Data Processor are subject to the Office of the Information Commissioner, the Supervisory Authority.

Information Commissioner’s Office Wycliffe House
Water Lane

tel : 0303 123 1113

Where did we get your data?

Originally your data was received from either the previous managing agent, the directors of your Management Company or your solicitor on purchase (unless you provided it to us yourself). Subsequently any data received by us was through the Data Controller or directly from you or another Data Processor for the purposes described below.

What is the purpose of processing your data?

Your property is subject to a lease to which you, the Data Subject, and your Management Company or Landlord are party to. We have been appointed by your Management Company or Landlord to administer the covenants of that lease. This involves maintaining accounts, administration and common area matters.

What is the lawful basis for this processing?

  1. Processing is necessary for the performance of a contract to which the Data Subject is party [Article 6 GDPR (1)b].
  2. Processing is necessary for compliance with a legal obligation to which the Data Controller is subject [Article 6 GDPR (1)c]. In this instance the Management Company is required by the Companies Act 2006 to maintain adequate accounting records and a list of members past and present.
  3. Processing is necessary under a legitimate interest.

What type of data do we keep?

  • Names
  • Addresses
  • Email addresses
  • Phone number
  • Details of interested parties
  • Key holder names
  • Key holder email addresses
  • Key holder phone numbers
  • Tenant names
  • Tenant email addresses
  • Tenant phone numbers
  • Other general contact information
  • Payment comments/details
  • Transaction details

Where is this data stored?

This data is stored in a database called Blockman which is operated on Amazon Web Services located in the EU. Data stored and transferred is encrypted. Access is only granted to administrators associated with our office.

Who is this data shared with?

From time to time we may share your data with the following categories of persons for a specific purpose:

  • Accountants
  • Solicitors
  • Insurers, Insurance Brokers and Loss Adjusters
  • Contractors (including maintenance contractors)
  • Regulatory Authorities

How long will the data be stored?

Your data will be maintained by us for as long as our appointment exists or for as long as required by Statute or for as long as Lawfulness of Processing can be established without consent.

What if you sell the property?

Where the Lessor is a Company, there is still an obligation on the Data Controller to main adequate accounting records, and a list of past and present members. However if you sell the property only your name, address and transaction details are necessary to satisfy this requirement. All other contact details are erased.

What are your rights?

  • You have a right to be informed.
  • You may request a copy of your data stored.
  • You may request correction to any erroneous data.
  • You may request deletion of data, if not in violation of statutory or contractual requirements.
  • You may request a restriction on processing.
  • You may lodge a complaint to the controller or object to processing.
  • You may lodge a complaint to the Supervisory Authority.
  • You may withdraw consent if processing originally required consent.

What happens in the event of a Data Breach?

In the case of a data breach, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority and Data Subject, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

Changes to this Notice

This Policy may be subject to change and we will notify you of any changes.

Where can you find more information?

A copy of your data and this statement is available online at: Further information is available here: