Enabling Place Ltd control and process personal data about their customers, employees, workers, suppliers, contractors, contacts and board members or any other data subject.

Data protection in the UK is governed by the Data Protection Act 2018 (the ‘DPA), the UK retained version of the EU’s General Data Protection Regulation (’UK GDPR’) and any other regulations that govern the processing of personal data from time to time (‘Data Protection Laws’).

All individuals have rights in relation to the handling of their personal data. During the course of its activities, Enabling Place will collect, store and process personal data. Enabling Place recognises the need to treat all such personal data in an appropriate and lawful manner.

Employees, workers, contractors, agency workers, directors, officers, board members and consultants of Enabling Place Ltd and others (together, ‘Enabling Place Personnel’) also have obligations in relation to the processing of personal data whilst working for or on behalf of Enabling Place and are expected to comply with this policy.

This policy sets out what Enabling Place Ltd will do to comply with the Data Protection Laws (primarily, the DPA and UK GDPR).

This Data Protection Laws require that data ‘controllers’ process personal data in accordance with the following principles, which require that  personal data should be:

• processed lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency);

• collected for specified, explicit and legitimate purposes (purpose limitation);

• adequate, relevant and limited to what is necessary for purposes for which it is processed (data minimisation);

• accurate and, where necessary, kept up to date (accuracy);

• kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which it is processed (storage limitation);

• processed in a manner which ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (security, integrity and confidentiality);

• not transferred to another country without appropriate safeguards in place (transfer limitation); and

• made available to data subjects, and allow data subjects to exercise certain rights in relation to their personal data (data subject's rights and requests).

Enabling Place Ltd is responsible for and must be able to demonstrate compliance with the principles listed above (accountability).

Enabling Place Ltd acknowledges that all individuals have the right to expect that appropriate safeguards will be operated to protect the confidentiality and integrity of their personal data or information.

Enabling Place Ltd acknowledges and understands that the consequences of failing to comply with the requirements of the Data Protection Laws may include:

• Personal accountability and liability;

• Organisational accountability and liability;

• Criminal and civil action;

• Enforcement powers and fines being issued by the Information Commissioner’s office (ICO);

• Loss of confidence in the integrity of our systems and procedures;

• Significant reputational impact and damage;

• Loss of trust by our tenants, employees and other stakeholders.

This policy has been developed to ensure Enabling Place Ltd complies with current legislation, regulatory expectations and good practice, and will be subject to ongoing review.