Privacy Policy

This document outlines the General Data Protection Regulation (GDPR) compliance framework that Hidden House Project follows to ensure that personal data of our clients and employees is handled lawfully and with due diligence. This document is aimed at providing transparency about how we process personal data and outlines the rights that individuals have under GDPR.

Data Controller

Hidden House Project, is the data controller responsible for the processing of personal data. We are committed to ensuring the protection and privacy of personal data of our clients, employees, and any other individuals that we process data for. Our registered address is 17 City North Place, London, England, N4 3FU and our contact details are hello@hiddenhouseproject.com, +44 (0) 20 8050 7287

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our GDPR compliance. The DPO can be contacted at hello@hiddenhouseproject.com

Purpose of Data Processing

We process personal data for the following purposes:

  1. For the sale, purchase, and rental of properties

  2. To manage our client accounts and respond to enquiries

  3. To carry out background checks on prospective tenants, purchasers and sellers

  4. To manage our employees, including payroll and HR processes

  5. To comply with legal and regulatory obligations

Lawful Basis for Data Processing

We process personal data on the following lawful bases:

  1. Consent: Where an individual has given their consent for their personal data to be processed for a specific purpose

  2. Contract: Where the processing of personal data is necessary for the performance of a contract

  3. Legal obligation: Where we have a legal obligation to process personal data

  4. Legitimate interests: Where the processing of personal data is necessary for our legitimate interests, provided that the interests and fundamental rights of the individual are not overridden.

 Where we store your Personal Data

The data that we collect from you will be transferred to, and stored at, a destination within the European Economic Area (“EEA”) but may include storage in the cloud outside of the EEA.

It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the processing of your data and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing, including such transfer storing or processing in any cloud service. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Who We Share Your Information With

Hidden House Project  NEVER sells information to other organisations.

We may share your personal information with trusted third parties where it is necessary to implement our contract with you or to provide products or services you have requested from us or where they are contracted to develop or maintain our systems.

We monitor information security compliance and have written contracts which obligate our partners or third party providers to process your personal information only on our instructions and in accordance with applicable data protection and privacy laws.

Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including any legal or regulatory requirements. Personal data that is no longer necessary will be securely deleted or destroyed.


Data Subject Rights

Under GDPR, individuals have the following rights:

  1. Right to access: The right to request access to personal data that we hold about them

  2. Right to rectification: The right to request that we correct any inaccurate or incomplete personal data

  3. Right to erasure: The right to request that we erase personal data

  4. Right to restrict processing: The right to request that we restrict the processing of personal data

  5. Right to data portability: The right to request a copy of personal data in a machine-readable format

  6. Right to object: The right to object to the processing of personal data

We will respond to all requests within one month of receipt. If we are unable to fulfil a request, we will provide an explanation as to why.

Data Breach Notification

We have procedures in place to detect, report, and investigate any personal data breaches. In the event of a data breach, we will notify the relevant supervisory authority within 72 hours and notify affected individuals where necessary.

Conclusion

We take our GDPR obligations seriously and are committed to ensuring that personal data is processed lawfully, fairly, and transparently. This document outlines our compliance framework, and we will regularly review and update it as necessary.