DiFRANCO COMMERCIAL REAL ESTATE, LLC
We understand that our clients trust us to deal with their affairs and with their confidential information, so we take privacy and the protection of client data very seriously.
When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant United States, UK and EU legislation and our professional duty of confidentiality.
We will collect and process personal data about you, in paper and/or electronic form. This will include basic information such as your name and contact details and further information about you and/or your business. Most of this information will have been provided by you (or by someone on your behalf), or created by us in the course of our services for you.
Accordingly, the nature of the personal data we may collect is likely to depend on why you have instructed us and may include financial details about you and/or your business insofar as these are relevant to the work we do for you.
This personal data is required to enable us to provide our services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing appropriate services to you.
We collect most of this information from you direct. However, we may also collect information:
• from publicly accessible sources, e.g. Companies House;
• from a third party with your consent, e.g.:
• your financial or legal advisor; and
• consultants and other professionals we may engage in relation to your matter.
Under data protection law, we can only use your personal data if we have a proper reason for doing so. This would include:
• to comply with any applicable legal and regulatory obligations (for example, to verify your identity as our client);
• for the performance of our contract with you or to take steps at your request before entering into a contract;
• for our legitimate interests or those of a third party; or
• where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. Examples of this would be where we wish to ensure that appropriate business policies (for example those covering security and internet use) are being adhered to – this is to make sure we are following our own internal procedures so we can deliver the best service to you and protect the interests of our business and our clients, generally. We may also use information for internal statistical analysis to help us manage our business in the most effective way and to facilitate delivery of the best service for our clients at the best price.
However, the above does not apply to special category personal data (that is, personal data revealing: racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership; genetic and biometric data; data concerning health, sex life or sexual orientation) which we will only process with your explicit consent.
We only allow third party service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. Where appropriate, we will impose contractual obligations on third party service providers to ensure they can only use your personal data to provide services to us and to you and that appropriate confidentiality obligations are in place.
We may use your personal data to send you updates (by email, text message, telephone or post) about developments that might be of interest to you and/or information about our services.
We have a legitimate interest in processing your personal data for promotional purposes (see above). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the upmost respect and do not trade personal information for commercial purposes.
You have the right to opt out of receiving promotional communications at any time by:
• contacting us; or
• using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
RETENTION OF YOUR PERSONAL DATA
We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons: • to respond to any questions, complaints or claims made by you or on your behalf;
• to show that we treated you fairly;
• to keep records required by law.
We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data.
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
You have certain legal rights to control what we do with your information. This includes a right to get access to your personal information; to request us to correct or update incorrect information; to object to or request that we will restrict processing your information in certain circumstances; to object to direct marketing; and to receive the personal information you have provided in a portable format.
For more information about your rights, including how to exercise them and the circumstances in which they apply, please contact us. It is important to understand that, in some cases, exercising your rights may mean that we are no longer able to provide you with services.
CONFIDENTIALITY AND SECURITY
We are committed to ensuring that your information is secure with us and with third parties who act on our behalf.
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. We will seek to ensure that those processing your information will do so only in an authorised manner and, if appropriate, are subject to a duty of confidentiality.
We impose strict standards of confidentiality on our directors and employees and emphasise to them the importance of protecting client data.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information.
GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
If you wish to contact us, please address your query to:
The Managing Member
DiFranco Commercial Real Estate, LLC
3733 Park East Drive Suite 210
Beachwood, Ohio 44122