Support Hayes Point

🛒 Shop via our Amazon link or QR Code and help improve Hayes Point!
As an Amazon Associate, we earn from qualifying purchases.
Privacy Policy

Privacy policy

1. Introduction

This Privacy Policy applies to the use and processing of personal information collected and used by Hayes Point RTM Company Limited, registered as Data Controller with the Information Commissioner’s Office (ICO). This Policy reflects our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting the privacy and rights of residents, leaseholders, visitors and staff at Hayes Point.

Personal information is information, or any combination of separate pieces of information, that could be used to identify you, such as name, telephone numbers, email addresses, postal address, IP address, bank details, photographs, CCTV, body-worn video footage and any HR details as appropriate. We may obtain personal information from other sources such as current or previous Freeholders and Management Companies.

By contacting Hayes Point RTM Company Limited, using our website, or otherwise providing your personal information to us, you agree to the collection, use and sharing of your information in accordance with this Policy. Queries should be directed to the Hayes Point RTM Company Limited Data Protection Officer at communications@hayespoint.co.uk.

2. Data protection principles

Hayes Point RTM Company Limited is regulated under the General Data Protection Regulation (GDPR) and is responsible as Controller of personal information for the purposes of those laws.

We will comply with the data protection principles when gathering and using personal information, as set out in our GDPR Data Protection policy HP-CC-010. The seven principles of UK GDPR are:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

3. How we use and process personal information

We process your personal information to manage Hayes Point in accordance with our legal duties, contractual responsibilities, and legitimate interests as a residential estate management company. Lawful bases may include: contractual necessity (e.g. fulfilling lease obligations), legal obligation (e.g. statutory reporting, health and safety), legitimate interest (e.g. ensuring estate security and effective management), and consent (e.g. for optional communications).

Examples include:

  • Contacting you about property management issues involving your Block or Estate
  • Answering your questions about management issues
  • Sending newsletters or communicating information
  • Organising sub-contractors to repair or inspect your property in relation to our property management services

4. Other services and data sharing

We may also offer other services that you have expressed consent to receive. We use or share your personal information when there is a lawful or legitimate interest to do so. Data sharing enables us to perform our services as a Management Company, and we will share personal information with law enforcement or other authorities if required by applicable law.

Examples include:

  • Approved contractors making or confirming appointments with you regarding repairs or maintenance
  • Processing payment for service charges, electricity consumption service charges, or other services
  • Instructing debt collectors or solicitors where needed
  • Protecting against or identifying possible fraudulent transactions
  • Enforcing our Terms and Conditions and managing the business in accordance with our Management Agreement

We engage third party service providers to perform a variety of business operations on our behalf and may share your personal information with them. Examples include delivering email or other communications, storing and managing our data, and conducting research and customer experience surveys.

5. Sharing information

We do not sell your personal information to marketers or companies outside of Hayes Point RTM Company Limited. We will only share your personal information for the legitimate or lawful reasons described in this Statement, including:

  • With approved contractors and service providers under written agreements (UK GDPR Article 28)
  • With insurers, solicitors, debt recovery agents, and regulators
  • With law enforcement authorities where legally required

Where we share your information as described in this Statement, we will only share the personal information required to perform the services we request, and we contractually require that the service provider protects this information appropriately and does not use it for any other purpose.

6. Where your personal information may be held

Information may be held at our offices at The Concierge Office, Hayes Point, Hayes Road, Sully, Penarth, CF64 5QG, and on secure UK-based cloud servers or third-party agencies, service providers, representatives and agents as described above.

7. Personal information retention period

We will retain personal information for the period necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.

  • Service charge and financial records: 6 years
  • Insurance and contracts: 6 years
  • Correspondence: 2 years
  • CCTV and body-worn video footage: 2 months (unless required longer for investigation/legal claims)
  • HR/employment records: as required by law

8. Your data rights

Under UK GDPR you have rights to:

  • Access your data
  • Rectify inaccuracies
  • Erase data (‘right to be forgotten’)
  • Restrict processing
  • Object to processing (including marketing)
  • Data portability
  • Not to be subject to automated decision-making or profiling

We will respond within one month to requests sent to admin@hayespoint.co.uk. For further information and a full list of your rights under GDPR, please refer to guidance from the UK Information Commissioner’s Office (ICO).

9. Body-worn video (BWV)

We use overt body-worn video cameras operated by concierge/security staff in communal and external areas of the residential development to protect residents, visitors and staff; deter and detect crime and anti-social behaviour; manage incidents and complaints; and assist law enforcement on request. Cameras are not used in private dwellings, bathrooms, changing areas or to look into homes through windows/doors. Recording is incident-led and wearers will announce when recording starts. We do not use live facial recognition or other biometric analysis.

Sharing

We may share relevant footage with the police and other competent authorities where necessary and proportionate for the prevention or detection of crime, or when required by law. We may also share with our insurers, legal advisers or the courts in connection with legal claims. All disclosures are recorded and reviewed. Our staff will not release footage to other third parties unless legally permitted.

Security

Footage is encrypted on devices and uploaded to a secure evidence system with access controls, audit logs and multi-factor authentication. Access is restricted to trained personnel on a need-to-know basis. We have measures in place to prevent unauthorised access, alteration or loss.

Your rights

You have rights of access, objection, restriction and erasure (where they apply). To make a subject access request for footage in which you appear, please contact admin@hayespoint.co.uk and tell us the date, time, location and description of the incident to help us locate the footage.

Governance & reviews

We carry out Data Protection Impact Assessments and regularly review camera positioning, retention periods and effectiveness to ensure BWV remains necessary and proportionate. Staff receive training on activation rules, privacy, and data handling. We publish a summary of reviews on request.

10. Withdrawing consent

Where processing relies on your consent (e.g. optional communications), you may withdraw at any time by emailing admin@hayespoint.co.uk or in person at the Concierge Office.

11. Complaints

If you consider that we have processed personal data in violation of applicable law, please contact us immediately at communications@hayespoint.co.uk.

Please provide sufficient information to identify you, including proof of identity and address, and full information to which your request relates including any account or reference numbers.

If you consider that we have failed to remedy such violation, you may also lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns.

12. Changes to this privacy policy

This Policy will be reviewed annually. Latest review: September 2025. Next review due: September 2026. We will publish updated versions digitally and make them available at the Concierge Office.

13. Policy revision history

  • V0.1 (07-Oct-24, SJ): Original document GDPR.PN.01 by KS migrated to new template format.
  • V0.2 (03-Sept-25, CM): Update to wording and inclusion of body-worn video. Changes to items 1.1.1, 2.1.2, 3.1.1, 6.1.1, 8.1.1, 8.1.2, 9 inclusive, 10.1.1, 12.1.1.

Registered in England and Wales: 7277138. Registered office: HPRTM, The Concierge Office, Hayes Point, Hayes Road, Sully, Penarth, CF64 5QG.

Scan to Shop with Amazon

Use your phone’s camera to scan this QR code and support Hayes Point with every purchase.

Amazon QR Code Large