Privacy Policy

Thank you for visiting our website.

We are committed to protecting and respecting your privacy. This Privacy Policy sets out the basis on which we process any personal information we collect about you or that you provide to us. We may change this Privacy Policy from time to time, so please check back frequently.

General Information

Millstream Management Services Limited is the controller for the personal information we process, unless otherwise stated.
There are a number of ways that you can contact us;
Postal Address:  Data Protection Office, Millstream Management Services Limited, Churchill House, Parkside, Ringwood, Hampshire, BH24 3SG
By E-mail: gdpr@mmsl.co.uk

The type of personal information we collect

We currently collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example, name, contact details,  date of birth and gender)
  • Where Customers provide explicit consent we collect your health data (such as medical information for your careline service)
  • Financial data including bank account details
  • CCTV images at certain lodges and head office.
  • Online identifiers such as IP addresses and cookie identifiers
  • Employee data
  • Where Colleagues provide explicit consent we will collect criminal offence data (DBS checks) for certain roles 

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have made a general enquiry or information request to us;
  • You have requested our property management  or estate agency services;
  • You wish to attend, or have attended, an appointment or event;
  • You have provided your details to act as a contact for one of our Customers;
  • You have provided your details as you are a supplier or subcontractor that undertakes works for us;
  • You have made a complaint to us;
  • You have applied for a job or secondment with us;
  • You are a Colleague;
  • You are representing your organisation.

We also receive personal information indirectly, from the following sources in the following scenarios:

  • Customers provide your personal contact details, you may hold a power of attorney;
  • Colleagues of ours give your contact details as an emergency contact or referee;
  • You are named in a Whistleblowing report through our Speak Up process;
  • A complainant refers to you in their correspondence

If it is not disproportionate or prejudical, we’ll contact you to let you know we are processing your personal information.

Why we process personal data

We use the information that you have given us in order to;

  • To respond to enquiries
  • To perform a requested service and or enter into a contract
  • For marketing and events
  • To improve our services
  • To respond to complaints or other allegations
  • In recruitment and employment matters.

Legal basis for processing personal data

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information is through;
Managing agent or estate agency agreement - Performance of a contract with you or because you have asked us to take specific steps before entering into a contract

Employment matters - we have your consent or a legal obligation, details of which can be provided in the Colleague Privacy Policy.
Supplier or sub-contractor - Performance of a contract with you or because you have asked us to take specific steps before entering into a contract
Responding to general enquiries, complaints and other allegations – depending on the circumstances this may through the performance of a contract, legitimate interests and on occasions we may have a legal obligation to do so.

We can provide you further details on how we protect special category personal data and criminal offence data.

Sharing of personal data

We will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

In some circumstances we are legally obliged to share information, such as the processing of payroll and taxes.

We use insurance brokers to assist with sourcing and putting in place insurance policies for the buildings which we manage. Please refer to the short form Privacy Notice from Arthur J Gallagher (UK) Limited which can be obtained by emailing DPO@AJG.com for further information.
We will not send personal data out of the UK. Should we be required to do so in future, additional safeguards would be put in place.

How we store your personal information

Our retention schedule details the type of data we store, how it is stored, how long we kept it and how we dispose of it.  

Security of your data

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data.

The information that you provide to us will be held in our systems, which are located on our premises or those of an approved third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you. We believe that we do not currently conduct any processing outside the UK but, should we be aware that your data is to be transferred outside the UK, we will require that appropriate safeguards are in place.

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

We don’t currently rely on consent as a legal basis to process personal data. Should this be used in future, you should be aware of your right to withdraw consent at any time.

We do not use any automated decision processes.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please write to us at gdpr@crl.co.uk or Data Protection Office, Churchill Retirement Living Limited, Churchill House, Parkside, Ringwood, Hampshire BH24 3SG, if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at gdpr@crl.co.uk
You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk