Date these terms and conditions were revised: 1st July 2019
We are committed to protecting your privacy and aim to be clear when we collect your information and use it only as you would reasonably expect.
How we use personal information
We will not use your personal information unless we have first told you how we will use it, or it is obvious how we will use it.
As a membership organisation we need to collect and use your personal information for:
- Processing membership applications
- Membership administration including but not limited to: payment, renewals, providing event information, delivery of continuous professional development and accreditation, campaigning, keeping a record of our relationship with a member
- Keeping a record of if you have opted-out of receiving marketing emails
- Keeping a record of individuals and or organisations who have booked or registered to attend an NLA conference, event, meeting or course and administering their attendance at these. This includes members and non-members of the organisation
- Keeping a record of individuals and or organisations whose membership may have been suspended or terminated by us or cancelled or lapsed by you, including but not limited to: name, address, email address, telephone number, date that said membership was suspended, terminated, cancelled or lapsed and relevant notes
- Delivering our member magazine and other relevant communications
- Providing services and/or fulfilling orders for products
- Membership benefit administration is by post, telephone, and electronic means
- Representation of the whole membership, a workplace, group or individual
- Elections and appointments of directors and committees
- Event applications, registrations, administration and informing people about our events
- Carrying out our own surveys and forwarding surveys and consultations run by other organisations with whom we collaborate or are funding
- Evidencing that you are a member of the NLA and/or an accredited landlord.
- Providing additional member benefits for example and not limited to tax investigation insurance provided automatically as part of our membership offer
- Facilitating the registration process, discounts and or cashback with our partners (where applicable) should a member use their products & services offered via their website
- Understanding the use of our website including details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access
- Monitoring use of, and satisfaction with, member benefits, services and communications
- Applicant, employee and contractor administration
Our legal basis for processing personal information
The purposes that we process personal information are for the performance of our contract with you to provide membership services, facilitate bookings, for our legitimate interests in informing members of the activities of the NLA or news in the sector we serve and via consent to provide you with targeted offers and marketing from us or our partners. We also process personal information for the purposes of our legitimate interests as an employer.
The law allows us to collect and use personal data if it is necessary for our legitimate business interest and so long as its use is fair, balanced and does not unduly impact your rights. In many situations, the best approach is to process personal data because of our contract with you and our legitimate interests as a trade association, rather than consent. However, we will ask for your consent to send you marketing emails and text messages. You can withdraw consent for this at any time.
We do not expect to receive or process sensitive personal data. In extreme situations, we may share your personal details with the emergency services if we believe it is in your ‘vital interests’ to do so, for example, if someone is taken ill during one of our events.
We may also share your personal information where we are compelled by law to do so.
We process employee personal information to meet our legal obligations as an employer.
How we collect personal information
We collect personal information from you directly through our website, over the phone, through surveys and sometimes paper forms.
Local Authorities, third-party intermediaries, and our representatives may provide us with your personal information when they register you for membership with us.
We may collect information about the software on your computer or device (your browser version etc.) and your IP address (your connection with the internet) to improve your interaction with our website and for our records. This may happen automatically without your being aware of it.
The personal information that we collect
The type and quantity of information we collect and how we use it depends on why you are providing it. The following are a more detailed explanation of what personal information we collect in each circumstance:
For membership applications, administration and renewals we may collect:
- Your name
- Your contact details including email address, postal address and telephone numbers
- Social media identification
- Your membership number and password to enable you to access our website and use our services
- Further information including organisation name, details of any employees who will access our website or additional members who will access the website (for business and family customers only)
- The number, type and location of your rental properties, number and type of your tenancies and how long you have been acting as a landlord and if you use a letting agent
- Your date of birth
- Your mailing preferences
- Your bank or credit card details (this information is only securely passed to our third-party payments processing services and not stored by the NLA)
For giving advice and guidance we collect:
- Your name and contact information
- A recording or record of any communication between us and you (but excluding any payment information)
- A written record of the summary of the call and the advice provided
For event applications, registrations and administration we may also collect:
- Name and contact details of the person or organisation making the booking
- Name and contact details of the person attending the event (if different to the person making the booking)
- Source of referral
- Payment information
- Specific information such as relevant dietary and access requirements to facilitate event attendance, if given to us by you
For informing people about our events we may also collect:
- Names and contact details of non-members
For managing applications for products and services with our partners we may also collect:
- When you log in to partner sites when referred from our website
- What products and services were purchased or used by you on those sites, including transaction details (date of transaction, cost and product or service purchased)
For administration of complaints and feedback
- A written summary of your complaint or feedback about our products or services or those of relevant partners
- A written summary regarding an alleged breach of the code of practice by you, received by us from a third party
- A written record of any relevant actions, decisions and correspondence we may have taken
For conducting our role as an employer
- Your name, address and contact details
- Copies of your application and any correspondence you provide us as part of any job application process
Where we store your personal information
The data that you provide us with will typically be stored and processed within the European Economic Area ("EEA"). However, some of the services we use will mean that your data may be transferred to and stored at, a destination outside the EEA. In these cases, we ensure that the provider is able to operate under the EU Binding Corporate Rules arrangement. Binding Corporate Rules (“BCRs”) are company-wide data protection policies approved by European data protection authorities to facilitate intra-group transfers of personal data from the European Economic Area (“EEA”) to countries outside the EEA. BCRs are based on strict privacy principles established by European Union data protection authorities and require intensive consultation with those authorities.
All information you provide to us is stored on our, or our partners’ secure servers. Any payment transactions are encrypted and the NLA do not store any payment information. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask that you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How we may share personal information
We may share some of your personal information with organisations that carry out processing operations on our behalf, such as web services companies and mailing organisations. We carry out checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information that we give to them.
We will share the information that you are an accredited landlord with anyone that has your membership number and name unless you choose not to share this.
We do not sell or share personal information with third parties for the purposes of marketing. But, if we run an event in partnership with another named organisation, your details may need to be shared with them. We will be very clear what will happen to your personal information if you register for such an event.
We will not sell personal information other than as part of a sale of a substantial part of our assets. We may disclose it to a prospective purchaser, but only for use in connection with that sale. We may, however, need to disclose your details if required to the police, regulatory bodies or legal advisors. We also may need to make available our member details on request for Tax Investigation Insurance service. We will only ever share your data in other circumstances if we have your explicit and informed consent.
We reserve the right to publish the names of individuals and or businesses on our website whose membership has been suspended or terminated by us, including the date that the suspension or termination came into effect.
How we protect personal information
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.
We provide guidance and regular data protection training to our staff.
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our computer network and servers are protected and routinely monitored.
We store all personal information that you supply us with on secured servers or in secured paper files. For your protection, any payment details that you provide us with will be encrypted using SSL (Secure Sockets Layers) technology.
Unfortunately, the transmission of information over the internet can never be completely secure. Although we will do our best to ensure that your personal information is protected, we cannot guarantee the security of your data transmitted to the website. Any transmission of your personal information by you is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.
How long we keep personal information
We will only keep personal information for as long as we have a valid reason for keeping it. After that, we delete or dispose of the information securely.
We keep personal information about:
- Our membership so that we can administer and prove membership. Non-core information (e.g. personal details not relevant to prove membership at any point in time) about members is destroyed five years after membership has lapsed.
- Advice we have provided for two years irrespective of whether the membership has lapsed
- Complaints and feedback for two years
- Tax Investigation insurance claims for three years after a settlement has been made to maintain a record that a claim was made and of the results.
- Event applications, registrations and administration for two years until after the event has taken place.
- Surveys of members for three years after the survey so that data can be referenced for statistical analysis.
- Analytics information from Google for three years and two months.
- Job applications for three months.
- Employees for the duration of their employment and six years after employment ceases in accordance with the law.
You have a right to know what personal data we hold, who we acquired it from, how we process it, the logic involved in any automatic processing, and who we disclose it to.
You have a right to ask us not to process your personal data for direct marketing purposes unrelated to NLA membership.
You have a right to ask us not to make decisions based solely on the automatic processing of your personal information.
You have a right to ask us not to process your personal information in a way that is likely to cause unwarranted and substantial damage or distress.
You have the right to request access to any of your personal data we hold, information about how and why it is processed, and to whom it may be disclosed.
You have a right to ask us to erase your personal information.
These statutory rights are qualified by exceptions and exemptions. To exercise any of these rights, please contact us using the address below.
You can find out more about your rights from the Information Commissioner, who regulates data protection and privacy.
Changes to this policy