GDPR Compliance

Our Approach

Future Estate Management Ltd processes personal data in accordance with the principles established by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Our approach to data protection is guided by the following principles:

• Data minimisation: We collect only the information necessary for specific, identified purposes
• Purpose limitation: Data is used only for the purposes for which it was collected
• Access control: Personal data is accessible only to those who require it for legitimate operational purposes
• Retention discipline: Information is retained only as long as necessary and reviewed periodically for deletion

Lawful Basis for Processing

We process personal data on the following lawful bases:

Legitimate Interest

Where you have submitted an enquiry about the framework, we process your information on the basis of legitimate interest. Our legitimate interest is to evaluate whether an operator's profile aligns with framework requirements and to respond to enquiries.

We have assessed that this processing does not override your rights and freedoms, given the limited nature of data collection and the context in which it is provided.

Consent

Where we process data beyond the scope of responding to enquiries, we will seek your explicit consent. Consent can be withdrawn at any time without affecting the lawfulness of processing conducted prior to withdrawal.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

These measures include:

• Encryption of data in transit and at rest
• Access controls limiting data visibility to authorised users
• Regular security assessments
• Secure deletion protocols for data no longer required

While we take data security seriously, no system is entirely immune to risk. We cannot guarantee absolute security.

Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access

You may request confirmation of whether we process your personal data, and if so, access to that data and information about how it is processed.

Right to Rectification

You may request correction of inaccurate or incomplete personal data.

Right to Erasure

You may request deletion of your personal data where there is no compelling reason for its continued processing, subject to legal obligations that may require retention.

Right to Restriction of Processing

You may request that we limit processing of your data in certain circumstances, such as while we verify its accuracy or assess whether we have legitimate grounds to process it.

Right to Object

Where we process your data on the basis of legitimate interest, you have the right to object. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request that we provide your data in a structured, commonly used, machine-readable format.

Exercising Your Rights

To exercise any of the above rights, contact us using the form available on this website.

We will respond to requests within one month. In some cases, this period may be extended by a further two months where requests are complex or numerous. You will be informed of any extension.

We may require proof of identity before fulfilling requests to ensure data is not disclosed to unauthorised parties.

Complaints

If you are dissatisfied with how we have handled your personal data, you may contact us to raise a complaint.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. The ICO can be contacted at ico.org.uk.

International Transfers

We do not routinely transfer personal data outside the United Kingdom. If such transfer becomes necessary, we will ensure appropriate safeguards are in place in accordance with GDPR requirements.

Updates to This Statement

This compliance statement may be updated periodically to reflect changes in our data processing practices or legal requirements. Updates will be reflected by the date at the top of this page.

Contact

For questions about data protection or to exercise your rights, use the contact form available on this website.