Please note: this is the data processing notice for our services for Owners’ Management Companies. To view the privacy notice for using this web site, please see: https://www.accessgreen.ie/website-privacy-policy/
“In brief, we are an Irish Company that helps communities with issues relating to shared spaces. We operate under Irish Law as a data processor for these communities. This means we provide services but we do not own the data. We can only use the data as agreed with the community, the data controller, to provide our stated services: access control, monitoring and education in relation to the common areas and shared facilities.”
Who are we?
ACCESSGREEN limited is an Irish company. Our registered address is: Jigginstown Commercial Centre, Newbridge Road Naas Co. Kildare Ireland. Company No: 590334.
What services do we offer?
Under the Multi-Unit Developments Act 2011 Section 18 (3) (1) an Owners’ Management Company charges is members for the provision of maintenance services including cleaning and “waste management services”. Furthermore , Household & Commercial Waste Bye Laws 2020, make Owners’ Management Companies responsible for the ongoing provision and security of a bin storage area within the development, ensuring it is “secure, accessible at all times by tenants and other occupiers and is not accessible by any other person other than an authorised waste collector.” The Owners’ Management Company is also responsible for providing written information to residents on this subject.
ACCESSGREEN offers access control, monitoring and education to residents to help the Owners’ Management Company control costs and comply with relevant legislation.
What is our role under the General Data Protection Regulation (GDPR)?
We consider ourselves to be the Data Processor acting on behalf of Owners Management Companies who are the Data Controllers for whom we act in Ireland under the authority of:
DATA PROTECTION COMMISSION
21 FITZWILLIAM SQUARE SOUTH
LoCall: 1890 25 22 31
“In brief, the contracts you signed to own or live in an Irish apartment block run by an Owners’ Management Company mean that the company has a right to up-to-date contact information for you and anyone who lives there. On behalf of the Owners’ Management Company, we provide a service for you to provide your contact details and access the shared facilities, like bin stores. which under Domestic Waste Bye Laws must be secure and accessible by current residents only.”
Where did we get your data?
We received your data directly from you or through the data controller and/or their agents.
What is the purpose of processing your data?
ACCESSGREEN provides user validation, authentication and communication services in relation to the efficient running of common areas and shared facilities in multi-unit developments, like apartment blocks. We have been appointed by your Owners Management Company who is the data controller.
What is the lawful basis for this processing?
Processing is necessary for the performance of a contract to which the data subject is party. For apartment blocks, this contract is usually between the data subject and the Owners’ Management Company directly or through their tenancy agreement. ACCESSGREEN has a data processing agreement to process this data on behalf of the Owners’ Management Company.
Under the Multi-Unit Developments Act 2011(Mud Act) Section 8 (3)(e) a unit owner is under an obligation to furnish the Owners’ Management Company with the names and “contact particulars of residents and owners that can reasonably be requested”. See: https://www.irishstatutebook.ie/eli/2011/act/2/enacted/en/print#sec8
From the point of view of a Owners’ Management Company, to ensure the smooth running of the shared facilities and common areas, the phone numbers, email addresses, registration plates of residents and habitual users are generally considered a reasonable request.
Local Authorities have recently published Bye Laws in relation to Household and Commercial waste. Provisions affecting Multi-user Buildings, Apartment Blocks, etc state that “Any place where waste is to be stored prior to collection is secure, accessible at all times by tenants and other occupiers and is not accessible by any other person other than an authorised waste collector.”
The Bye-Laws also state that the Owners’ Management Company must ensure that “written information is provided to each tenant or other occupier about the arrangements for waste separation, segregation, storage and presentation prior to collection”
In order to comply with these Bye Laws, the Owners’ Management Company requires up-to-date contact details for all users of the bin store and must be able to deny access to former tenants. To do so, ACCESSGREEN uses industry-standard access control systems for managing multi-user spaces.
What type of data do we keep?
Name, address, email, phone number, interested parties, key holder names, key holder email, key holder phone, tenant names, tenant email, tenant phone, car registration plates, other general contact information, general notes, email, transaction details.
ACCESSGREEN also acts as a CCTV data processor for some Owner Management Companies.
Who is this data shared with?
This data is shared only with similar Data Processors for the purpose described above. ACCESSGREEN’s operational model is to limit the amount of data shared with 3rd parties to a minimum needed for enforcement and authorisation activities.
Where is the data stored?
The data is stored within the EU.
How long will the data be stored?
Your data will be maintained by us for as long as the contract between the Data Controller and us ( the Data Processor ) exists or for as long as required by legislation.
What if your tenancy ends?
There is still an obligation on the Data Controller to maintain adequate accounting records. See above.
Classes of Processors:
Access control specialists, CCTV Maintainers and Suppliers, Property Management Companies.
“In brief, a balance must be maintained between monitoring a shared facility to ensure it is kept clean, clear and safe to use and the rights of an individual to privacy when going about their daily life. In addition to standard Data Protection measures, ACCESSGREEN does not monitor the bin store live, nor do we use facial recognition or any automatic decision-making software. We review CCTV footage only in response to reports of misuse and at standard intervals. It is not our business model to make money from fines. Rather we try to reduce costs and improve services through ongoing education and the removal of obstacles that stop the smooth running of the facility.”
The CCTV Policy is in place to enable the “Service Provider” to run and operate the CCTV system which is integrated with the access control system and your personal data.
The CCTV policy is relevant to all users of the facilities. Moreover, it relates directly to the
location and use of CCTV, and the monitoring, recording and subsequent use of such recorded material.
Risk assessment & Legitimate Interest assessment
A risk assessment in relation to the use of CCTV in common areas of apartment blocks, and a Legitimate Interests Assessment, specifically to cover the security and health issues related to communal bin storage areas in order to prevent fly tipping, illegal dumping, and misuse of the facilities by residents in accordance with the house rules of the management company has been carried out.
It is an ACCESSGREEN policy not to use facial recognition technology or any other automated decision-making (decisions made by computer with no human input) or profiling processes.
The documents “ ACCESSGREEN – CCTV Statement” and “ ACCESSGREEN – Legitimate Interests Assessment” can be requested by writing to The Secretary of the Management Company and provide proof of identity and proof of address.
It is the Service provider’s view that the use of CCTV and data processing associated with it in these circumstances are beneficial to the development as a whole and the necessary steps to ensure the least impact on freedoms and rights of individuals have been taken. Therefore, ACCESSGREEN ‘s CCTV cameras will be used solely to monitor and enforce the house rules relating to disposal of waste in the bin store, to monitor disposal of waste by non-owners/non-occupiers of apartments, and to monitor and enforce the terms and conditions of using the access control system including the sharing footage with Litter Warden where accessgreen believe there to a breach of the The Litter Pollution Act 1997 (as amended in 2017), and for no other purpose, whilst complying with any legal obligations to provide footage to the Gardai.
Data Protection, Storage and Retention
The data captured from the CCTV cameras is securely stored locally as electronic data. Typically this data is recorded on a loop and overwritten automatically after a set period of time defined in the scope of services section. Data can also be accessed securely by a remote connection and stored for no longer than the same specified period of time. However, data may be retained for longer periods where the events captured give rise to possible legal proceedings or show an activity breaking the house rules. Footage may only be viewed by ACCESSGREEN staff and appointed third party contractors and people on the Authorised Viewers List.
Any person whose image has been captured has a right to be given a copy of the information recorded provided that such an image/recording exists (i.e. that it has not been deleted) and provided that an exemption /prohibition does not apply to the release. To exercise that right, a person must make an application in writing to The Secretary of the Management Company and provide proof of identity, proof of address and giving a reasonable indication of the time period sought and the reason why the image/recording is sought.
What are your rights?
Request access to your data
Ask for your data to be corrected
Ask for your data to be erased
Ask for your data to be restricted
Object to your data being processed
Right to receive the data held in a form which allows it you to transfer it to another person
Withdraw consent if consent is the basis for your personal data being processed
Lodge a complaint
What happens in the event of a Data Breach?
In the case of a data breach, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority and Data Subject, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.
Changes to this Notice
This Policy may be subject to change the latest version will always be on our website.
You can find more information here:
GDPR Act Easy Read: https://www.dataprotection.ie/en/organisations/data-protection-basics
The Data Commission Website: https://www.dataprotection.ie/
Published on: 29/08/2019
Last updated: 21/01/2022