Data Protection and Privacy Statement
Data Protection and Privacy statement
Personal Data obtained by VMS is provided either directly to us by the Data Subject or by the Lender or its Agents acting on behalf of the Data Subject or the Clients. In this regard, VMS regards all such data as having been fairly obtained and accurate and that the Clients have their customer’s consent in providing their data. VMS has an Agreement in place with the Lenders which provides for this. Where Personal Data is obtained by VMS, directly from the Data Subject, VMS confirms that this is collected and processed within the terms of the Data Protection Acts and the GDPR 2018. Where we receive Personal Data directly from the Clients and/ or the professional Valuers, we are relying on them to have secured the data on a legal basis and to procure and provide the data in a true and accurate manner. All our contracts with the Clients and the independent Professional Valuers provide for the compliance with data protection obligations as set down by DPA, GDPR and within the Valuer’s own professional body and extends to any Agents or employees or sub-contractors. VMS has a separate agreement with the Clients and the Valuers which sets out the legal basis of processing data. The legal basis for VMS to process personal data shall be either (a) consent by the data subject or, (b) for the performance of our services and contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract or to complete the contract, or (c) to comply with a legal obligation to which we are subject. Depending on the arrangement with our Clients, and where the Client is the data controller, VMS may process Valuation Instructions and / or payments by email, by phone or via the Web site (or similar online facility). In such circumstances the Client shall instruct the Data Subject or their representative to directly provide VMS with their data to enable the completion of a contract or service in providing a Valuation Report. In such cases the Data Subject or their representative shall have voluntarily consented to the provision of such data and VMS is acting under the Agreement with the Data Controller.
Data Security and Storage.
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. Any and all Personal Data collected will be retained and stored in a commercially designed cloud environment, currently, this is with Microsoft Azure and is located within the Republic of Ireland. VMS has a separate and independent Agreement with Microsoft Azure for the support and management of the data storage which includes fail over, redundancy and disaster recovery. VMS will endeavour to ensure that the data storage provider will fully comply with all data protection codes and legislation. We use a number of mechanisms to protect the security and integrity of personal data. Unfortunately, no data transmission over the Internet can be guaranteed as completely secure. So while we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us and individuals do so at their own risk. Once any personal data comes into our possession, we will take reasonable steps to protect that information from misuse and loss and from unauthorised access, modification or disclosure. A username and password is essential for you to use the VMS System and where you have been authorised to use the VMSD system you are required to keep these confidential and to change your password regularly (as required). VMS has established appropriate security provisions to ensure that: - 1. Access to the VMS Systems is restricted to pre authorised persons and subject to two step authenticity and encryption process. 2. Access to the IT and Servers is restricted to VMS authorised staff. 3. The VMS’s systems are password protected. 4. VMS has comprehensive back up procedures in operation. 5. All waste papers, printouts, etc. with Personal Data are disposed of securely. 6. Back-up data is data held specifically for the purpose of recreating a file in the event of the current data being destroyed. In accordance with our security obligations under the DPA, VMS’s electronic case management system is regularly backed-up so as to avoid the loss or compromise of data. The rights of the Data Subject
The rights of the Data Subject
The Data Subject has rights which include; The right to be informed of what your data is being used for. The right to request a copy of the data stored. The right to request correction of any data held. The right to be forgotten, Subject to statutory or contractual requirements. The right to complain to the Controller or object to processing The right to complain to the Supervisory Authority. The right to withdraw consent where consent is being relied upon by the Controller. Access Rights for Data Subjects. Individuals may request details on the personal data held concerning themselves. Where an individual believes that there are inaccuracies, they may seek to have them corrected or erased. Where it is agreed to delete the data, VMS will remove any or all such data from the system. Where such data that has been embedded in PDFs or paper Reports of within historic files these may not be erased, however any deleted data will not appear on newly created Reports, PDFs, or communications. The individual may request a restriction on the use of their personal data, object to direct marketing, and/ or allow the portability of their data. Where it is agreed with the individual to send data or port the data to another party, this will be communicated via electronic format. All requests for data or changes to data will be dealt with and concluded within 4 weeks. Unless there are excessive cost incurred for large data sets relating to a bank client of the like, VMS will not charge for such requests. In some limited cases VMS may have to refuse certain requests but we will advise the reasons for such refusal at the time.
VMS will only seek the minimum amount of Personal data required to enable a property valuation. In some cases this may involve the name of the Data Subject and or their contact details as well as details of the value of their property. The types of data collected may include; Email address, Phone number, Name, Address, Market Value of property or rents. Or Contract price. This data is then sent to a professional Valuer to enable them carry out an inspection and /or a valuation of the subject property. Once the Valuation Report has been prepared and delivered to the Client, VMS has no further use of any personal data. Any such data is held in a database as a matter of record to satisfy and facilitate audit or compliance purposes. VMS does not process Personal Data for purposes other than in compliance with and in discharge of its services under the agreements with the Clients. VMS has a separate agreement with each Valuer which provides for data protection. In some cases, the data may be collected or processed via email, phone, use of the VMS system or use of the VMS website. By using any of these means of communications, you are consenting to providing us with your personal data which is to be used to complete the services as requested and in accordance with the uses laid down in this Data Statement. Where you object to any personal data being used in the way intended within this data statement document, we will not be able to provide our services.
Use and Disclosure
We only use personal data in ways set out in this policy statement. We use your personal data that we collect to provide you and where applicable, your mortgage lender with valuation services. In this regard we share the personal data with your mortgage lender and the Valuer, all of which have signed a contract to protect your personal data. We will only use your data for the following purposes; To inform the Valuer of the property to be valued and the name of the contact person who has keys and facilitate access. To enable your mortgage lender receive a property Valuation Report. To store this Data for audit and reporting purposes. This is to demonstrate to the Clients and to the Data Subject that the Valuation took place. The Valuation Report is the output of the Valuer’s work in which he/she provides details of the property together with an opinion of the current market value. Reports and supporting data are retained by either parties only for a period necessary under contract or as required for legal or professional reasons. In some circumstances VMS may collect and analyse data in relation to macro and micro information on generic property profiles and house price value movements. Such data is collected from various public and private data bases and is integrated with our own data base of anonymised general data. VMS does not keep any Personal Data within these databases. The aggregate and anonymised data is used to support general information on property profiles and their values. All property details which are aggregated into a property price index shall not be considered to be personal data.
We do not use personal data for;
Marketing purposes, Data Research, product development, or any other purpose, except for the purposes agreed and set out within this privacy statement. Sharing with any third party except where that third party is a necessary party to completing the services or contract requested by the Data Subject. The Personal Data collected may be shared with similar Data Processors for the purposes described above. These Data Processors are; The allocated Valuer appointed by VMS to provide a valuation of the subject property. The Lender or their appointed representatives to enable them complete the loan processing. The Storage System suppliers such as Microsoft, Google, Drop Box, email systems and the like. An Auditor or other such professional engaged by VMS or the Clients to check the validity of the Valuations Reports. Other third parties, from time to time, and only for the purposes as set out under this statement. Where we do transfer any personal data outside of the EU, we shall only do so where the recipients have adequate data protection policies in place that at least are to the standards as we are legally required to apply.
Where the Data Subject is paying fees by Debit / Credit card over the phone or via the VMS Website, no personal data collected shall be retained by VMS. Information relating to payment cards and account details are collected using a third party Payment Gateway System such as Opayo Payments or other such reputable company. The information collected includes the individual’s debit or credit card information and their name and address. Once entered and verified the data is automatically deleted and VMS no longer has access to such data The data is only used to enable an online payment and no information is stored or used by VMS. In this regard VMS complies and follows the PCI Security standards
The data is held for a period relative to its purpose. Where no policy has been declared by VMS then we shall retain the data for as long as deemed necessary under contract or for legal reasons.
Reporting Data Breaches
VMS has procedures in place to detect , report and investigate personal data breach. Unless they were anonymised or encrypted all breaches will be reported to the appropriate data controller of the DPC within 72 hours. Where it is deemed that that data is in breach of confidentiality or identity theft, VMS will notify the individual affected.
How we handle email and ‘Request a Valuation’ messages
We may preserve the content of any email or “Request a valuation” or other electronic message that we receive. Any personal data contained in those messages will only be used or disclosed in ways set out in this Data Protection Statement. The message content may be monitored by our service providers or our employees for purposes including compliance auditing and maintenance or where email abuse is suspected.
The VMS System and the VMS Website may, from time to time, contain links to the websites of other organisations which may be of interest to you or to support the Clients and Valuers with their valuations. Linked websites are responsible for their own privacy practices and you should check those websites for their respective privacy statements.
Contact details and Complaints:
Please contact us using the details set out below if you wish to: ask any questions or provide feedback about this Website Privacy Statement; make a request for access to any personal data that we may hold about you; or make a complaint about the way in which we have handled your personal data. Any information that we provide in response may be limited to the extent permitted by any applicable law.
1-2 Windsor Terrace
Dun Laoghaire Co Dublin.
Telephone : +353 1 2300 133.
Email : firstname.lastname@example.org
Web : www.vmsireland.com
The Data Protection Commissioner,
Your acceptance of these terms
By using our Web Site, or the VMS System or email communications or contacting and speaking to us over the phone you signify your acceptance of the VMS data protection policy. If you do not agree to this policy, please do not use or communicate with us or our Web Site. Your continued use of the VMS System and the Web Site following the posting of changes or updates to this policy will be deemed your acceptance of those changes.
Glossary Personal Data:
The DPA applies only to Personal Data as defined in Section 1 of the DPA: Personal Data: means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. The DPA applies to Personal Data held in a computerised or manual (paper) form. Sensitive Personal Data: There is a second sub-category of Personal Data referred to as Sensitive Personal Data. Sensitive Personal Data: means Personal Data as to: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical/mental health; sexual life; commission or alleged commission of offences; or criminal convictions/proceedings. Data Subject: A Data Subject is the individual who is the subject of the Personal Data. Only a Data Subject is entitled to make a Data Subject Access Request. Data Subject Access Request: Processing: Processing is extremely broadly defined and includes practically all imaginable acts of collection, access, use, storage and deletion of data. Data controller: Data controller means a person who, either alone or with others, controls the contents and use of personal data. Data Processor: Data processor means a person who processes personal data on behalf of a data controller but does not include an employee of a data controller who processes such data in the course of his employment.
We update our Web site and VMS Systems as often as is practicable, but information can change and VMS does not guarantee its accuracy at any time. We are not liable for any loss incurred from relying on this site, including data corruption on download. Information on our site is not financial advice or property valuation advice– you should obtain your advice before making any decision based on information on this site. By accessing this site you agree to all the terms contained herein and acknowledge reading them. We do not take responsibility for sites of other organisations, whether or not linked, or any device used to access or view, our site. Nothing in this site or within the Valuer’s Report offers advice or an opinion of property values or condition
This document was last updated in October 2020