Privacy Policy

The Data Protection Act 2018 and the General Data Protection Regulation (“GDPR”) (together the “Data Protection Laws”) impose certain obligations on Carrey Issuer DAC the “Company”) as a data controller with respect to its processing of Personal Data. “Personal Data” is information about living individuals (Data Subjects), being information that relates to them or which identifies them directly or indirectly.

This Privacy Policy explains how the Company processes the Personal Data of individuals who are tenants or prospective tenants of a property owned by the Company. The residential properties at Newmarket Yards, Newmarket, Dublin 8 are managed by MDPM Limited (“MD Living”), who will have day to day responsibility for managing the property and the relevant tenancies and will process Personal Data for this purpose on behalf of the Company.

The Company Considers the Following Personal Data Relevant and Holds it on the Following Legal Bases:

1. Personal details including name, address, email address and phone number
To arrange a viewing of the property and deal with any queries; to complete your lease documents if you are accepted as tenant, to contact you relating to your lease and the management of the property and to the extent necessary to make statutory filings regarding the lease agreement.

Legal Basis
Necessary for the purpose of entering into and the performance of your lease agreement (Art. 6(1)(b) GDPR; and
Necessary for compliance with our legal obligations (under Art. 6(1)(c) GDPR); or
Necessary for the purposes of our legitimate interests or those of a third party under Art. 6(1)(f) GDPR (see below)

2. References
To ensure you are a suitable tenant for the property, are in a position to make the rental payments and to verify the references.

Legal Basis
Necessary for the purpose of entering into and the performance of your lease agreement (Art. 6(1)(b) GDPR; or
Necessary for the purposes of our legitimate interests or those of a third party under Art. 6(1)(f) GDPR (see below).

3. Bank / building society details;
For the purpose of making and receiving payments under the lease agreement

Legal Basis
Necessary for the purpose of entering into and the performance of your lease agreement (Art. 6(1)(b) GDPR
Necessary for compliance with our legal obligations (under Art. 6(1)(c) GDPR)

4. Government and other official identification documents, PPSN
To verify your identity for the purpose of protecting our rights under the lease agreement and to comply with our statutory obligations

Legal Basis
Necessary for the purpose of entering into and the performance of your lease agreement (Art. 6(1)(b) GDPR
Necessary for compliance with our legal obligations (under Art. 6(1)(c) GDPR)
Necessary for the purposes of our legitimate interests or those of a third party under Art. 6(1)(f) GDPR (see below).

5. Supplemental information from other sources
We and our service providers may supplement the Personal Data we collect with information obtained from other sources (for example, publicly available information from online social media services and other publicly available information resources, and to ensure your suitability as a tenant for the property. We may also from time to time receive information from third parties who raise concerns around the protection of the leased property and other tenants and this information will be used to ensure that you are in a position to comply or are complying with the provisions of the lease agreement

Legal Basis
Necessary for the purposes of our legitimate interests or those of a third party under Art. 6(1)(f) GDPR (see below).

 

Special Category Personal Data

Data relating to physical or mental health
We do not collect any special category personal data unless it is provided to us by you to us.

Legal Basis
Necessary for compliance with our legal obligations (under Art. 6(1)(c) GDPR)
Necessary for the purpose of establishing, exercising or defending a legal claim or prospective legal claim (or in the context of legal proceedings or prospective legal proceedings) Data Protection Act 2018 and Article 9(2)(f) GDPR.

Criminal Data
In the event that the Company receives data relating to the commission or alleged commission of any criminal offence by a tenant or visitor to the property, this will be processed where necessary for the purpose of protecting our rights in the property and to take steps to deal with any illegal activity that is reported (including making any reports to An Garda Siochána).

Legal Basis
Necessary for the purposes of the legitimate interests pursued by the Company or a third party under Art. 6(1)(f) GDPR (see below).
Necessary for compliance with our legal obligations (under Art. 6(1)(c) GDPR)
Necessary for the purpose of establishing, exercising or defending legal rights (Article 10 GDPR and Section 55 Data Protection Act)

Purposes for which Data is Held

Personal Data is collected primarily for the purposes of (all of which constitute our legitimate interests as referred to above)

  1. Managing our assets and property leases and general project management;
  2. To communicate with you and other individuals;
  3. pursuit of our commercial activities and objectives (e.g. sending marketing communications (subject to any preferences expressed to us);
  4. manage our business operations, in line with our internal policies and procedures, including those relating to finance and accounting; billing and collections; IT systems operation; data and website hosting; data analytics; business continuity; records management; document management; and auditing;
  5. maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, sales, reorganisations or disposals of assets and integration with purchaser.
  6. manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to Personal Data;
  7. comply with applicable laws and regulatory obligations, comply with legal process and court orders; and respond to requests from public and government authorities; and
  8. establish and defend legal rights to protect our business operations, and those of our business partners, and secure our rights, privacy, safety or property, and that of our business partners, you, or other individuals or third parties; to enforce our terms and conditions; and pursue available remedies or limit our damages; and
  9. complying with legal and other requirements, record-keeping and reporting obligations, physical access policies, conducting audits, management and resolution of health and safety matters, such as accident and insurance claims, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as summons or warrants, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures.

Disclosure of Personal Data
We may disclose Personal Data to our service providers, such as property managers, security professionals, accountants, auditors, experts, lawyers and other professional advisors; IT system providers, support and hosting service providers; banks and financial institutions that service our accounts; document and records management providers; and other third party vendors and outsourced service providers and group companies that assist us in carrying out business activities.

We may also share Personal Data with: (a) government or other public authorities (including, but not limited to, courts, regulatory bodies, law enforcement agencies, tax authorities and criminal investigations agencies); and (b) third party participants in legal proceedings and their accountants, auditors, lawyers, and other advisors and representatives, as we believe to be necessary or appropriate.

Data Transfers outside the European Economic Area
Where any such transfer is necessary or where it occurs through our third party service providers’ data hosting or other commercial arrangements, such transfer will be subject to appropriate safeguards in accordance with the Data Protection Laws. Further details may be obtained from MD Living below.

Accuracy of Personal Data
In order to ensure the Company’s files are accurate and up to date, please notify the Company as soon as possible following any change in your relevant Personal Data.

Retention Periods
The Company will keep Personal Data for as long as is necessary for the purposes for which we collect it.  Where the Company holds Personal Data to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.

Where we hold Personal Data in the context of a contractual relationship, we will keep the information for at least as long as that contractual relationship, and for a number of years thereafter.  The number of years varies depending on the nature of the contractual relationship (usually 7 years post termination of the relationship) and will be retained for a longer period in the event of legal or prospective legal proceedings.

For further information about the period of time for which we retain your Personal Data, please contact us using the details below.

Security of Personal Data
When the Company engages a third party to collect or process Personal Data on our behalf, the third party will be required to use appropriate security measures to protect the confidentiality and security of Personal Data and will assume certain responsibilities under the Data Protection Laws for looking after the Personal Data that they receive from us.

Data Subject Rights
The Data Protection Laws provide the following rights in favour of Data Subjects, several of which only apply in limited circumstances and which are subject to restrictions pursuant to Data Protection Laws:

  1. the right to receive information on the processing (which is provided through this Privacy Policy or any other forms or notices provided to you);
  2. the right of access to your Personal Data;
  3. the right to rectify or erase Personal Data (right to be forgotten);
  4. the right to restrict processing;
  5. the right to data portability to another provider;
  6. the right of objection to processing on the basis of our legitimate interests on grounds that are personal to you; and
  7. the right to complain to the Data Protection Commission in the event you have a complaint or believe your rights have been infringed (in such cases we would request that you bring the matter to our attention in the first instance via MD Living so that we may discuss it with you).

Who to Contact about your Personal Data
For more information, please contact MD Living at nmy@mdpm or by mail to Newmarket Yards, Newmarket, Dublin 8.

This Privacy Policy was last updated in January 2024.