Privacy Policy
Introduction
Cain, together with our subsidiaries, (“we”, “our”, “us”) are committed to protecting and respecting your privacy.
This Notice sets out the basis on which we will process any data we collect from you, or that you provide to us, in connection with your use of our website at www.cainint.com (the “Website”), when you engage with us at events or share your data with our personnel in the context of pursuing business, or when you have applied for a job with us.
Please read this Notice carefully so that you understand your rights in relation to your data, and how we will collect, use and process your data. If you do not understand anything explained in this notice, please contact us by email at [email protected].
If you do not agree with this Privacy Notice in general or in part, you should not access the Website or submit any data to us.
Data Controller
If you are in the EU, then for the purposes of the General Data Protection Regulation (“GDPR”), and if you are in the UK, then for the purposes of the UK GDPR and the Data Protection Act 2018, Cain is the controller of your data collected and used in the context of you visiting our Website. We are established in the United Kingdom with a registered office at 72 Welbeck Street, London, W1G 0AY.
Who does this Privacy Notice apply to?
This notice applies to:
- users of our website, our social media, online content and features;
- job applicants;
- our clients;
- our leaseholders including residents of residential properties we own and manage;
- our suppliers and business partners including our property management agents and asset managers; and
- anyone else who interacts with us, if you call, email, send us an online message or otherwise engage with us online or offline.
This notice applies to you if you act in your personal capacity, and if you act in your professional capacity, for example, as an employee or our client.
What types of personal data do we process?
“Personal data” means any information that identifies you or relates to you.
This may include your contact details, information about your engagement with us, online behavioral data, and other information as set out in the “categories of personal data” section below.
Data Accuracy
We will trust that your personal data is accurate, complete and up-to-date. We ask that you keep us informed of any changes.
How is your personal data collected
We may collect your personal data as follows:
- From you, when you contact us, complete a form on our Website, visit our offices, or otherwise deal with us.
- From third parties, such as your employer who may provide your professional details, social media platforms, your referees, recruitment agencies and other third parties.
- From your online user interactions with our Website, service, content, and features and when users make choices we need to remember.
- From the public domain, such as information on social media, the internet or other public record.
If you provide information about others, please ensure you have their consent to do so (where required by law) or let us know if you do not.
Why do we process your personal data?
In this section we explain why we process your personal data. We include general purposes and provide examples of the various processing activities. For more information about the specific categories of personal data processed, please see the “categories of personal data” section below. We keep our processes and data collection under review and will update this notice should any personal data no longer be necessary for the given purpose.
The lawful basis column explains how we comply with a technical legal justification for processing under EU and UK data protection laws.
If you have any questions, please contact us.
| Purpose | Personal data | Lawful basis of processing (EU and UK individuals) |
| To assist with your enquiry | general information contact information | Necessary for our legitimate interest in responding to enquiries and complying with best practice or, as the case may be, necessary for taking steps prior to entering into a contract or the performance of our contract with you. |
| To provide our online services including our website, content and features to you and the general public which may remember your preferences or include personalised content and services. | technical information usage information profile information | Necessary for our legitimate interest in providing our website and information to our supporters and the public and complying with best practice, and compliance with our legal obligations. Where required by law, we rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services. |
| To send you service communications about matters relevant to your involvement with the business and your engagement with us, and other feedback requests, etc. | general information contact information | Where you have given us your consent to contact you, where it is necessary for the performance of our contract with you and our legitimate interest in understanding how our website is used, views about our business and keeping our users informed. |
| To onboard you as our client which involves carrying out checks, including KYC and anti-money laundering. | general information contact information profile information public information special categories of personal data your background information | Necessary for our legitimate interest in administering our business and preventing fraud and financial crime. |
| To manage our professional relationship with our clients and leaseholders, using our record management systems and engagement tools, identifying opportunities and contacting you by phone, email and other means. | general information contact information profile information | Necessary for our legitimate interest in winning business, understanding and maintaining our business relationship and administering our business. |
| To assess your job application and for business administration purposes. We may use automated processes and decision-making to assess your application. For example, if you apply for a job, we will review your CV, publicly available information about you, information from your previous employers and professional references. | general information contact information profile information public information special categories of personal data your background information | Necessary for our legitimate interest in considering applications, responding to queries and, as the case may be, necessary for taking steps prior to entering into a contract. Special categories data may be processed as is necessary in the context of employment and social security laws. |
| To develop and improve our information, website, content and features and organisation including measurement of engagement and activity, analytics, development of our tools, services and algorithms and development of our internal processes. | anonymised usage, profile and technical information | Necessary for our legitimate interest in service and process development and keeping our offering relevant. Where required by law, we rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services. |
| To ensure the proper administration of our business, including to: keep appropriate records;resolve complaints;enforce our terms;debt collection; andsimilar purposes. | all personal data as is necessary and proportionate | Necessary for compliance with our legal obligations,to establish, exercise or defend legal claims and necessary for our legitimate interest in the proper administration of our business and protecting our reputation. |
| To ensure information security ofour information systems, premises, properties we own or manage; meetings and communications. | general information security information your background information | Necessary for our legitimate interest in ensuring the security of people, our organisations and assets and compliance with our contractual obligations, and as necessary for compliance with our legal obligations. |
| To ensure your health and safety at our premises or to make reasonable adjustments on account of your disability. | general information special categories of personal data | Necessary for our legitimate interest in ensuring health and safety and good accessibility at our premises in the substantial public interest and complying with our legal obligations. |
| To engage our third-party service providers including our property management agents and asset managers, and professional advisors who may process your personal data on our behalf or otherwise to facilitate the provision of our business services and the fulfilment of essential service functions including cloud storage, telecommunications, information security, professional advice and other services. | all personal data as is necessary and proportionate | Necessary for our legitimate interest in providing our services and running our business. |
| Processing and sharing your personal data in connection with legal claims, law enforcement including the prevention and detection of crimes including fraud and regulatory requests. | all personal data as is necessary and proportionate | Necessary for compliance with our legal obligations, to establish, exercise or defend legal claims or for our legitimate interest in complying with best practice. |
| To share data with another organisation in accordance with the law for the purposes of a sale of one of our assets, joint venture, collaboration, merger or acquisition. | all information as is lawful, necessary and proportionate | Necessary for our legitimate interest in engaging in activities to promote our business and complying with our legal obligations. |
We may process your personal data for other purposes which are compatible with the existing ones. However, we will obtain your prior consent for any new purpose where required by law.
How do we share your data?
We do not sell, rent, or lease your information to others except as described in this Privacy Notice. We share your information with third parties to the extent they provide us with services which involve the processing of data.
We may share your personal data with the following third parties:
- Our group companies
- Service providers which assist us with our Website, including website development, hosting and data analysis
- IT service providers that provide us with storage and hosting, SaaS services, and other software
- Your employer, who may need information about your interactions with us
- Recruitment agent, your former employer or other person providing a reference about you
- Third party companies that assist us with our client onboarding process
- Our suppliers and business partners, including our property management agents and asset managers
- Our professional advisors, including our legal advisers and our accountants
- The public if you interact with us on social media
- External auditors or inspectors
- Tax, law enforcement and other authorities where required by law or best practice
- Third parties where ordered by the court or necessary in establishing, exercising or defending legal claims
- Other third parties where you have provided consent, or as otherwise disclosed at the time of collection.
Cookies and Digital Analytics
We may work with third parties, such as Google Analytics, that collect data about your use of our websites and apps and other sites or apps over time for non-advertising purposes. Specifically, we may use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Website. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our Website. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
How do we secure your personal data?
We have put in place appropriate organisational and technical measures designed to safeguard your personal data that we keep on our premise and on our systems. Access to your personal data is restricted on a “need to know” basis.
We seek to ensure our third-party services providers do the same. We appoint service providers only under an appropriate contract who provide sufficient guarantees about data security in accordance with applicable law.
No system is completely secure, and we cannot fully guarantee the security of your personal data. We will deal with any personal data breach in accordance with our incident response procedures and will notify you and the regulatory where we are legally required to do so.
Where we store your personal data
Generally, your personal data will be held in the UK and USA.
We may also use or make available tools which require the transfer of your personal data outside the UK. For example, this could occur if our servers are located in a country outside of the UK, one of our group companies providing centralised administrative or processing services, or one of our service providers is situated in a country outside the UK. However, we will only transfer your personal data where we are satisfied that your data protection rights are adequately protected by appropriate technical, organisational and contractual safeguards in accordance with data protection laws before any such transfer. These safeguards may include the standard contractual clauses.
You may request further information on the measures used for international transfers or access to your personal data.
How long do we store your data?
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
After the retention period, your personal data will either be securely deleted or anonymised, and it may be used for analytical purposes.
Even if we delete your personal data, it may persist on backup or archival media for legal, tax or regulatory purposes.
For further information about how long we hold your data, please contact us.
Your rights
If you are located in the UK or the European Union then under data protection law, you have certain rights with respect to the data we process about you. The rights available to you depend on our reason for processing your information and may be limited in certain circumstances, for example, where fulfilling your request would adversely affect other individuals, where there are overriding public interest reasons or where we are required by law to retain your data.
Your right to information about matters set out in this Notice. You may contact us for further details.
Your right to rectification. You have the right to ask us to correct your data where it is inaccurate or incomplete and we will endeavour to do so without undue delay.
Your right to know about personal data collected, used, disclosure or sold or right to make an access request to receive a copy of your personal data held by us, subject to certain exemptions.
Your right to erasure. In certain circumstances, you have the right to ask us to delete the data we hold about you:
- where you believe that it is no longer necessary for us to hold your data (for example, if you decide that you no longer wish to submit a job application to us.).
- Where we are processing your data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; or
where you believe the data we hold about you is being unlawfully processed by us.
Your right to restrict processing. In certain circumstances, you have the right to ask us to restrict (stop any active)
processing of your data. You may choose to restrict processing:
- while we are considering: (i) a challenge you have made to the accuracy of your data; or (ii) an objection you have made to the use of your data.
- where we want to erase your data, as the processing is unlawful, but you want us to continue to store it; or
- where we no longer need your data for the purposes of our processing, but you require us to retain the data for the establishment, exercise or defence of legal claims.
Your right to opt-out or object to our processing of personal data based on our legitimate interests.
Your right to object to the processing of personal data for direct marketing purposes where you wish to no longer receive our direct marketing.
Your right to data portability from one organization to another, where applicable.
Your right to withdraw consent previously provided.
Your right to human intervention in respect of any automated decision-making without human involvement that significantly affected you.
To exercise any of these rights above, please contact us at [email protected]. We require appropriate proof of your identity. Your data rights are not absolute and are subject to exemptions and limitations, as shown above. If we cannot process your request within this period, we shall explain why and process it as soon as possible.
Please note that we will not discriminate against you for exercising any of your rights.
In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority. The address is Wycliffe House, Water Lane, Wilmslow, Chesire, SK9 5AF. The Helpline number is 0303 123 113.
The security of your data
We cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your data against loss, theft and unauthorised use, access or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy notices, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites. Please note some of them may use your personal data for business administration or product development purposes.
Complaints
In the event that you wish to make a complaint about how we process your data, please contact us in the first instance at [email protected] and we will endeavour to deal with your request. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
Categories of Personal Data
We process the following categories of personal data about you:
| Contact information | including your home or business address, telephone, email and similar information. |
| General information | including your name, job function, education status, age bracket, details of your enquiry or communication and similar information. |
| Profile information | including your demographic information from our analytics and advertising partners, your preferences and interests known, observed or inferred by using analytics, advertising or other tools and sources including notes of your past interactions with us. |
| Public information | from public registers, databases, social media, the Internet and similar sources. |
| Security information | including CCTV footage, logs, network monitoring and logging data, antivirus scan and similar information. |
| Special categories of personal data | including your race, ethnic origin, religious or philosophical beliefs, sexual orientation, political or trade union affiliation, information about your health and information relating to criminal convictions and offences. |
| Technical information | including online identifiers, internet protocol (IP) address, details of operating system, referring website, browser type, language, time zone setting, location, date and time of access, local storage data and similar information obtained from your device, browser, an APIor similar source. |
| Usage information | about how you navigate and engage with our online services and newsletters, features including online activity data such as downloads, clickstream data with URLs visited previously, page interaction, such as scrolling, clicks, and mouse-overs, methods used to browse away from our websites, information in security logs and similar information |
| Your background information | including your personal, professional, tax payer and financial information obtained from you, public sources and third parties such as former employers, colleagues and similar information. |
Changes
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Contact
Questions, comments and requests regarding this policy are welcomed and should be addressed to [email protected].