Combined Privacy Notice for Website Visitors and Tenants and Business Contacts

 

1. Purpose of this Privacy Notice

Welcome to the Fidum Property Management Ltd (“Fidum”) Privacy Notice.

‌We understand that you care about the privacy and security of your personal information and Fidum takes that seriously.

If you visit our website, become a tenant of a property that we manage, or otherwise interact with us on a business basis, we will collect, use and potentially share personal information about you. Our aim is to handle your personal information in a way that is open, transparent and secure.

This Privacy Notice tells you who Fidum is, what personal information we may collect about you, and how we use and protect it, both during and after our relationship is finished. It also explains your legal rights and choices relating to the personal information we handle that relates to you.

This Privacy Notice is provided in a layered format so you can click through to the specific areas you are interested in. Alternatively, you can view the full version of the Privacy Notice here

2. Who this Privacy Notice is for

This Privacy Notice is for visitors to our website, our commercial business clients and contacts (including clients, prospective clients, suppliers, agents, vendors etc.) and where applicable, tenants of property that we manage on behalf of our clients. It does not apply to employees of Fidum.

This Privacy Notice applies in addition to any other applicable terms and conditions, privacy principles, and policies that may also apply to you.  It also applies in addition to any other ad hoc Privacy Notice that Fidum may provide on specific occasions.

However, it does not form any contract of employment or other contract to provide services.

Children: Our website and services are not aimed at or intended for children and we do not knowingly collect data relating to children.

3. Information about us

 For the purposes of UK data protection legislation (UK General Data Protection Regulation (“UK GDPR”),  Data Protection Act 2019 (“DPA 2018”) and Data (Use and Access) Act 2025. (“DUAA”). Fidum is responsible for deciding why and how your personal information (“personal data”) is collected and used.  The legal term for this is “Controller”.

Fidum Property Management Limited is a limited company registered in England and Wales under number 11820543 and our registered office is at Station House, Station Approach, East Horsley, Surrey, KT24 6QX.

Fidum is registered with the Information Commissioner’s Office (“ICO”) as the Controller of your personal data. Its registration number is ZA531888.

4. Contact Us

We have appointed a data protection manager (“DPM”) who is happy to answer any questions about this Privacy Notice, your personal information or requests to exercise your legal rights. You can get in touch them using any of the contact details below.

Post:

The Data Protection Manager

Mr Simon Marshall, Director, Fidum Property Management Ltd,

Oaks House, West Street, Epsom, KT18 7RG

Telephone: 01932 860505                                                   Email:

 

5. Your Legal Rights in relation to Your Personal Data

You have a number of rights under UK data protection law in relation to your personal data. In most cases, it is free to exercise these rights and unless your request is complex we will usually have to respond within 1 calendar month. However, please be aware that some of these rights do not apply in all circumstances. Also, Fidum may be able to refuse or partially refuse your request in some circumstances, for example, where a legal exemption applies.

If you would like to exercise one or more of your legal rights, or would like more information about them, please contact our Data Protection Manager via any of the methods in the “Contact Us” section of this Privacy Notice.

You have the right to:

• Access your personal data: This right is sometimes referred to as the right of Subject Access.

You have the right to request a copy of the personal data we hold relating to you to check we are lawfully processing it. You are also entitled to other information relating to how we use it. There are exemptions to this right which means that in some cases, you may not receive some or all of your personal data if an exemption is applied. For example, if your personal data is mixed with other people’s personal data and providing you with your information would also reveal personal information relating to someone else.

• Erasure: At your request, we will delete your personal information when it is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data has been unlawfully processed, providing we do not have an overriding legitimate reason for retaining it.
• Accuracy: Our objective is to ensure that your personal data is accurate, current, and complete. Please contact us to let us know if this is not the case. You also have the legal right to ask us to rectify your personal data if it is inaccurate or incomplete.
• Objecting:  In certain circumstances, you have the right to object to processing of your personal data.
  • For example, where we are processing your personal data on the legal basis of our legitimate interests, and we have no compelling reason that we can demonstrate which overrides the impact of the processing to your interests, rights and freedoms.
  • You also have an absolute legal right to object to the processing of your personal data for purposes of direct marketing.
• Automated Decision Making: You have the right to object to decisions that we may make based solely on the basis of automated processing (including profiling) of your personal information where those decisions have a significant legal effect on you or similar effect. NB. Fidum confirms that you will not be subject to decisions based solely on automated processing (Automated Decision Making) including profiling, where those decisions have legal or significant effects on you. If this position changes we will notify you in advance and ensure that the processing complies with data protection law.
• Restriction of Processing: You have the right to ask us to restrict the processing of your personal data in certain circumstances, such as where you wish to suspend processing whilst we establish the accuracy or the legal reason for processing it.
• To withdraw your Consent to processing: If we are processing your personal data on the legal basis of consent, you have the legal right to withdraw your consent (either fully or partly). The withdrawal of your consent will not affect the lawfulness of our processing prior to the withdrawal of your consent.
• We make it quick and easy to withdraw your consent (or amend your preferences). Simply follow the “unsubscribe” facility on relevant emails or follow the instructions in our other correspondence or contact our Data Protection Manager using any of the contact details in the “Contact Us” section of this Privacy Notice. If you experience any difficulty, please contact our Data Protection Manager for help.
• Portability: In certain circumstances, you have the legal right to receive your personal information or have your personal information transmitted to another organisation in a structured, commonly used and machine readable format.

• Your legal right to Complain

If you are unhappy with the way we have handled your personal information, you have the legal right to make a complaint to us as the Controller of your personal data. To make a complaint please write to us using our contact details in the “Contact Us” section, explaining the reasons for your complaint. We will acknowledge your complaint within 30 days of its receipt by us and let you know the outcome of our investigation without undue delay.

You also have the legal right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). The ICO’s contact details are:

Information Commissioner’s House

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

www.ico.org.uk

• You have the legal right to a judicial remedy to enforce your legal rights via the courts.

6. How Long we Retain your Personal Data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. This means that the retention period for your personal data will vary depending on the circumstances.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data (See Section 5 of this Privacy Notice for further information.)

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

7. Keeping your Personal Data Secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. International Transfers of Personal Data

Generally, your personal data is primarily stored and processed here in the UK. However, we use some service providers to help us deliver our services who are based outside the UK, and they sometimes need access to your personal information in order to provide those services to us. For example, IT suppliers that provide us with software and software support or cloud services that are based in the EEA and elsewhere.

In these circumstances, there may be occasion when we need to transfer your information to other countries.

Some of these destination countries may have different laws and data protection compliance requirements to the UK, with some providing more or less protection than others. When your personal information is transferred outside the UK, we take appropriate steps to ensure that in all cases, it is handled and protected as described in this  Privacy Notice and UK data protection law.

Where possible we transfer personal data to a country that the UK has officially deemed to adequately protect personal information pursuant to determinations made by the UK Government. (Adequacy Determination.)  For example, the UK has officially determined that the EEA provides adequate protection for personal data and Fidum uses service providers that are based in the EEA.

Where our service provider is based in the U.S, providing  the  service provider is a signatory to the UK Extension to the EU-US Data Privacy Framework, this mechanism meets the required legal standard in relation to the transfer of your personal data outside the UK under UK GDPR and is equivalent to an adequacy determination by the UK Government.

Where your personal data is transferred to countries that do not have a UK adequacy determination, we ensure that your personal data is adequately protected by implementing other appropriate safeguards designated under UK GDPR such as using approved data protection contract clauses to regulate the transfer.

If you would like more information about the safeguards we rely on when we transfer your personal information outside the UK, please contact our Data Protection Manager using the contact details in our “Contact Us” section.

9. Links to Other Websites

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Notice of every website you visit.

10. Cookies and Similar technology

In addition to the personal information described in this Privacy Notice, we also collect certain information about your use of our website through the use of cookies.

A cookie is a small file of letters and numbers that is transferred from the Fidum website to the hard drive of your computer when you visit our website. We use cookies to ensure that when you visit our website, it functions efficiently and effectively. This helps us to provide you with a good experience when you browse our website.

Strictly Necessary Cookies: The  cookies we use are essential to make our website operate . These are known as Strictly Necessary Cookies. They include for example, cookies that allow you to utilise various website features, move around our website and complete editable features across multiple pages of our website. Whilst others are there to help improve your experience by providing us with insights into how our website is being used.

You can disable strictly necessary cookies by changing your browser settings. To find out more including how to do this please visit our cookie policy here https://www.fidumpm.com/cookie-policy/

If you do choose to disable cookies on our website, you may not be able to access or utilise all aspects of our website or tenant portal.

11. Direct Marketing

We may process your personal data for the purposes of promoting our business via email, post and telephone.

Where we do this you will always have the absolute right to quickly and easily stop direct marketing communications from us, either via the unsubscribe facility within a direct marketing email or by contacting our Data Protection Manager. If you do ask us to stop sending you direct marketing messages, we may need to retain a small amount of personal information relating to you on our marketing database to ensure that we don’t send you marketing again in the future.

If we are using your personal information on the basis of your consent and you decide to withdraw that consent, this won’t mean that our use of your information was unlawful before you withdrew your consent.

12. Changes to this Privacy Notice and your Duty to Inform us of Changes to Your Personal Information

We keep this Privacy Notice under regular review so please check back here for updates.  This version was last updated in June 2025.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example if you change your contact details please update us.

13. The Personal Data We Collect about You, Our Legal Reason for Processing it, How we Use it, Who we Share it With

The types of personal data we collect about you, how we use it, our legal reason for processing it and who we may share it with will vary depending on our relationship. If you want more detail please select from the options below that best describes you or our relationship.

Detailed Privacy Information for Visitors to Fidum’s Website 

Detailed Privacy Information for Fidum’s Business Contacts, Clients and Suppliers

Detailed Privacy Information for Tenants of Property Managed by Fidum