Irish Residential Properties REIT plc Privacy Statement
Effective January 2024
Who are we?
This notice relates to the privacy practices of Irish Residential Properties REIT plc (Company Registration #: 529737), or where you are dealing with one of our subsidiaries, IRES Residential Properties Limited (Company Registration #: 552768), IRES Residential Properties (Tara View) Limited (Company Registration #: 573945) or IRES Fund Management Limited (Company Registration #:539306) (in either case, “I-RES”, “we”, “our”, “us”) of South Dock House, Hanover Quay, Dublin 2, Ireland D02 XW94. I-RES, is responsible for protecting your personal data and rights in accordance with applicable data protection legislation, including with effect from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) and implementing legislation.
The controller of your personal information is Irish Residential Properties REIT plc, or where applicable, the I-RES entity with whom you have contracted. Regardless of the nature of your relationship with I-RES, you can contact your data controller at [email protected].
Personal data relating to past, present and prospective customers, employees, vendors and website users (including residential tenants, and as required, their respective spouses/occupants, guarantors/indemnifiers, guardians, property visitors or other authorised contact persons) are collected by or on behalf of I-RES.
We know your privacy is important to you
The purpose of this Privacy Notice is to inform you of the data relating to you that we may collect and use and the uses (including disclosures to third parties) we may make of such data.
We value your right to privacy and strive to protect your personal data in accordance with applicable legislation, including Regulation (EU) 2016/679 of the European Parliament and of Council of 27 April 2016 (the General Data Protection Regulation). We are committed to ensuring your data is processed in a manner which is lawful, fair and transparent. It will involve only data that are necessary and proportionate to achieve the specific task or purpose for which they were collected.
From time to time, we may need to update or change this Privacy Notice and the most recent version is available on our website www.iresreit.ie. We encourage you to periodically review this Privacy Notice.
Whose personal data do we control/process and in what capacity?
I-RES is the ‘Controller’ of the personal data of the data subjects related to its own operations, being:
- Past, present and prospective employees, officers, directors and members/shareholders;
- Past, present and prospective customers (including residential and commercial tenants, and as required, their respective spouses/occupants, guarantors/indemnifiers, guardians, property visitors or other authorised contact persons);
- Visitors and users of our website (or similar) e.g. www.iresreit.ie and microsite https://investorrelations.iresreit.ie/
See Cookie Notice - Past, present and prospective vendors/suppliers, consultants, contractors or advisers (and their authorised contacts) engaged by us; and
- Any other living individual in respect of whose personal data we are the independent or joint controller.
Tenant Data that we Collect and Process
- data collected directly from our tenants, for example when you submit information to us during lease signing and tenant onboarding or contact us to inquire about a leased property. Such information relating to tenants may include: full name and contact information, personal public service number (PPSN), rent amount and details, occupant names, emergency contacts, ownership of pets, proof of insurance, and vehicle related information.
- data collected from third parties such as co-tenants, entities from which we may acquire property, guarantors, business partners, or your nominated representatives your current and/or previous landlords.
- From our records regarding the properties you may lease from us, or how you use our properties and services, from closed circuit television (CCTV) that we may use around or in (common areas of) leased property.
Purposes of Processing Tenant Data
In the context of the tenancy agreement, the personal data of past, present and prospective customers, (including residential tenants, and as required, their respective spouses/occupants, guarantors/indemnifiers, guardians, property visitors or other authorised contact persons) are processed by us (and third party service providers acting on our behalf) for the following purposes:
- to assess your suitability to rent a property, including the performance of any independent background checks and financial analysis;
- to schedule property viewings;
- to reply to inquiries;
- to create a lease contract;
- in connection with the tenancy agreement or another agreement with you;
- to repay security deposits;
- to secure payment of rent;
- to collect debts;
- to arrange for maintenance or repair of the leased property;
- to confirm payment of all utility bills;
- to facilitate the set-up, switch-over or closing of utility accounts like gas and water and other relevant providers;
- to protect our assets, business, properties and occupants of these properties;
- in the context of an intended business transaction, such as a transfer of assets or shares or merger (for example, by making the personal data available to advisors or (potential) buyers);
- for business planning purposes, for example, to adjust our services and facilities to the occupants of a specific property;
- for internal control;
- for business continuity;
- for marketing purposes, such as our products and services or those of our third party partners e.g. utility or rent payment service providers;
- to comply with legal obligations (such as mandatory tenancy registration with the RTB and compliance with anti-money laundering legislation);
- to deal with disputes.
The legal grounds used for these processing activities are:
- in order to take steps at your request prior to entering into an agreement and/or the execution of the agreement that is entered into with you;
- compliance with legal and regulatory obligations for example when registering your tenancy;
- consent (in limited circumstances, where applicable e.g. for marketing); and
- that this is necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom we provide your personal data. For example, as a (potential) landlord, conducting our business in a responsible and commercially prudent manner (such as protecting and developing our business and properties by assessing the suitability of individuals that wish to lease our property), to business partners and/or possible acquirers of the company or its assets, or investors (and our and/or their advisors); preventing, investigating or detecting theft, fraud or other criminal activity, and pursuing our corporate and social responsibility objectives including the use of energy usage data from utility company meters. When deemed necessary for the purposes of our legitimate interests or those of a third party to whom we provide your personal data, we, and/or the third party will only process your personal data for this purpose where we are of the view that to do so would not constitute an unwarranted interference with your own interests or fundamental rights and freedoms.
Employee, Officer and Director Data that we Collect and Process
- data collected directly from you, for example when you apply for a job or enter into an employment agreement or directorship or otherwise provide us with any information;
- data collected from third parties, for example through our contracted third parties such as recruiters, HR consultants, or medical report providers that you provided your personal data to for application and hiring purposes;and
- otherwise, for example, we may collect certain personal data from you by means of the CCTV we use in and around our premises or other (monitoring) technologies.
Purposes of Processing Employee, Officer and Director Data
We, and third party service providers acting on our behalf, will use personal data relating to you for the purposes of:
- to assess job applicants and make hiring decisions;
- to facilitate (and assess feedback from) pre or intra-employment, workplace injury, or leave-related medical assessments with our third-party health provider;
- to enter into employment agreements or other related agreements;
- to administer the employment relationship, such as to keep and maintain a personnel record, for compensation, payroll, benefits, pension, trustee, insurance, taxation and salary administration, for holiday, sickness or other leave administration, to make selection decisions (such as promotion or on eligibility for bonuses or other awards), to optimise your work activities and also in the context of a termination of your employment;
- to contact individuals disclosed to us by the employees in the event of an emergency involving the employee or in case of an inability to locate or contact (abnormally or prolonged) absent employees;
- in the context of employee engagement and recognition and celebrating employee birthdays;
- to protect our business (interests), properties and employees as well as third parties interests, for example by means of access controls and restrictions, the use of data security alerts, use of CCTV, or by (randomly or on an individual basis) monitoring, intercepting, accessing, inspecting and recording email and internet use and initiating audits and investigations;
- to improve our services and the quality thereof;
- in the context of a (potential) business transaction (such as the sale of (parts of) of its assets or shares, or a merger, for example, by making employee personal data available to advisors or (potential) buyers;
- to deal with disputes;
- to enable trusted third party partners to validate employee eligibility for voluntary corporate discounts on memberships and other perks;
- to comply with legal obligations e.g. employment related laws, tax/revenue, social services, Companies Act, Market Abuse Regulations (Insider’s List);
- to conduct background checks and determine suitability for directorships, to comply with legal obligations regarding directorships, and to administer registries and payment to directors.
- During employment, we may use (or may instruct a third party to use) your personal data to create demographics about employed personnel for making company decisions regarding (among others) benefits plans and analysing HR metrics.
The legal grounds used for these processing activities are:
- in order to take steps at your request prior to entering into an agreement and/or the execution of the agreement that is entered into with you;
- compliance with legal and regulatory obligations for example compliance with tax requirements.
- consent (in limited circumstances, where applicable e.g. for marketing); and
- that this is necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom we provide your personal data. For example, as an employer, conducting our business in a responsible and commercially prudent manner (such as protecting and developing our business and properties by assessing the suitability of job applicants and the management of the ongoing employee/employer relationship), to business partners and/or possible acquirers of the company or its assets, or investors (and our and/or their advisors); preventing, investigating or detecting theft, fraud or other criminal activity, and pursuing our corporate and social responsibility objective. When deemed necessary for the purposes of our legitimate interests or those of a third party to whom we provide your personal data, we, and/or the third party will only process your personal data for this purpose where we are of the view that to do so would not constitute an unwarranted interference with your own interests or fundamental rights and freedoms.
Vendor Data that we Collect and Process
We, and third party service providers acting on our behalf, will collect and use personal data relating to past, present and prospective vendors/suppliers, consultants, contractors or advisers (and their authorised contacts) engaged by us for the following purposes
- name and contact details, including your address, phone number and email address;
- business occupation;
- bank account details, including your account number and sort code;
- tax details;
- insurance details and documentation;
- authorised contacts/employee contact details;
- any other personal data you have provided directly to us.
Purposes of Processing Vendor Data
The legal bases on which we collect, process and transfer your or your authorised contacts’ personal data are:
- selecting you as a vendor;
- providing you with a quote or tender;
- monitoring compliance with the terms of our agreement;
- administering the payment of invoices;
- health and safety, security, or other due diligence;
- establishing, exercising or defending legal claims;
- anti-money laundering, fraud prevention, investigation and detection;
- complying with any obligations imposed on the Company by applicable law.
The legal grounds used for these processing activities are:
- in order to take steps at your request prior to engaging you for your services;
- compliance with a legal and regulatory obligations;
- that this is necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom we provide your personal data. For example, as a (potential) landlord, conducting our business in a responsible and commercially prudent manner (such as protecting and developing our business and properties by assessing the suitability of our vendors and their compliance with legal regulations), to business partners and/or possible acquirers of the company or its assets, or investors (and our and/or their advisors); or preventing, investigating or detecting theft, fraud or other criminal activity, and pursuing our corporate and social responsibility objectives. When deemed necessary for the purposes of our legitimate interests or those of a third party to whom we provide your personal data, we, and/or the third party will only process your personal data for this purpose where we are of the view that to do so would not constitute an unwarranted interference with your own interests or fundamental rights and freedoms.
Members/ Shareholders Data that we Collect and Process
- We collect information directly from you or from third parties such as our stock transfer company that provides corporate trust, stock transfer, employee share plan and other shareholder services.
- We, and third party service providers acting on our behalf, will collect and use personal data relating to past, present and prospective members/ shareholders for the following purposes:
- name, title and contact details, including your address, phone number and email address;
- shareholding details;
- bank account details, including your account number and sort code;
- tax details;
- any other personal data you have provided directly to us.
Purposes of Processing Members/ Shareholders Data
- maintaining and administering the Company’s registers of members and beneficial ownership;
- filing annual returns and associated financial Notices with the Companies Registration Office (CRO);
- analysing beneficial and legal shareholdings for tax and jurisdictional purposes and/or to facilitate shareholder consultations or proxy solicitations;
- offering shareholder and investor services;
- contacting you in order to give you notice of company meetings, issue documents, solicit voting proxies, arrange meetings and invite you to investor conferences, or gauge your interest in certain equity offerings;
- processing transactions e.g. change of address, deceased shareholders, change of mandate and/or merging shareholdings, processing share purchases, sales, transfers, and paying dividends, interest etc.;
- facilitating or implementing a business re-organisation or a transfer/sale of all or part of our assets or business of the company or a general investment;
- routine correspondence with Euronext Dublin, regulators, and the Registrar of Companies and handling shareholders’ or their agent’s enquiries;
- establishing, exercising or defending legal claims, and complying with all applicable legal obligations e.g. Market Abuse.
The legal grounds used for these processing activities are:
- in order to take steps at your request prior to entering into an agreement and/or the execution of the agreement that is entered into with you;
- compliance with a legal and regulatory obligations;
- consent (in limited circumstances, where applicable); and
- that this is necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom we provide your personal data. For example, as an Issuer, conducting our business in a responsible and commercially prudent manner (such as protecting and developing our business and properties by assessing the suitability of individuals that wish to invest in our company), to business partners and/or possible acquirers of the company or its assets, or investors (and our and/or their advisors); preventing, investigating or detecting theft, fraud or other criminal activity, and pursuing our corporate and social responsibility objectives. When deemed necessary for the purposes of our legitimate interests or those of a third party to whom we provide your personal data, we, and/or the third party will only process your personal data for this purpose where we are of the view that to do so would not constitute an unwarranted interference with your own interests or fundamental rights and freedoms.
Website user Data that we Collect and Process
- Website user data is collected and processed in line with our Cookie statement.
- A cookie is a small file consisting of letters and numbers that is placed on your computer or other internet enabled device by websites in order to add functionality. Cookies enable our systems to recognise your device. Such recognition helps the efficient operation of our Website.
- Our Cookie Statement can be found at found at https://www.iresreit.ie/cookies-policy.
Purposes of Processing Website User Data
- We use temporary “session” cookies which enable a visitor’s web browser to remember which pages on our Website have already been visited. This information may be used to help us to improve, administer and diagnose problems with our Website and server.
- Our Website also uses other technical methods to track visitor usage, including web beacons. Web beacons” are small pieces of data that are embedded in images on the pages of a website.
- We also use these technical methods to analyse the traffic patterns on our Website, such as the frequency with which our users visit various parts of our Website. These technical methods may involve the transmission of information directly to us.
- Our Website uses Google Analytics a web analytics service provided by Google, Inc. (“Google”) to collect anonymous traffic data to our Website to help us analyse how users use it and providing other services relating to website activity and internet usage.
- Information about collection and processing is communicated in a separate Cookie Statement located on our website www.iresreit.ie.
The legal grounds used for these processing activities are:
- in order to take steps at your request prior to entering into an agreement and/or the execution of the agreement that is entered into with you;
- compliance with a legal and regulatory obligations;
- consent (in limited circumstances, where applicable e.g. for marketing); and
- that this is necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom we provide your personal data. When deemed necessary for the purposes of our legitimate interests or those of a third party to whom we provide your personal data, we, and/or the third party will only process your personal data for this purpose where we are of the view that to do so would not constitute an unwarranted interference with your own interests or fundamental rights and freedoms.
Profiling and automated decision-making
Data subject profiles, such as (prospective) tenant or employee records held are compiled from data collected as per this Notice or manually by our staff. Profiling and business decisions are made using human intervention. We do not currently conduct any solely automated decision-making.
We may also use (or may instruct a third party to use) your de-identified personal data to create demographics related to our properties, such as rent amount, the number of tenants in the leased property, net/gross income, age or age range and occupation of the tenant(s) to understand our customers better, improve our services and make business decisions.
Recipients of Data
We may disclose your personal data to third party recipients in connection with the above purposes, including:
- to third parties who we engage to provide services to us, such as professional advisers, auditors, insurance companies and outsourced service providers or Processors , software and applications providers and consultants, maintenance companies, Owner’s Management Companies (OMC), third party brokers, lawyers and debt-collection agencies;
- to our share registrar and its service providers, our depositary and its service providers, our sponsor, broker and financial advisors;
- to other members of our corporate group;
- to financial intermediaries and lenders;
- to business partners and/or possible acquirers of the company or its assets, or investors (and our and/or their advisors); or
- to competent regulatory authorities and bodies as requested or required by law (e.g. Revenue, Social Welfare, the RTB, the CRO, etc.).
- Upon termination of your tenancy, when necessary, we may be required to help facilitate or confirm the set-up, switch-over or closing of utility accounts like gas, heat, electricity, water and providers thereof. This may involve disclosing your personal data and other details and submitting relevant forms to those providers.
- In relation to marketing, tenant contact information may be disclosed to third party partners if the tenant has consented to tI-RES, doing so. See Appendix A: Third Party Disclosure List (below).
- For job application and employment purposes, we may share required personal data with contracted HR consultants, trustees, recruiters, payroll providers, pension and benefit providers, medical assessors and insurance providers, and competent authorities.
- Data may be shared if required with business partners and/or possible acquirers of the company or investors (and/or our or their advisors).
How long will we retain your personal data?
Your personal data is stored for the time necessary in relation to the purposes for which the personal data was collected and processed (as described above) and in accordance with our data retention policy and corresponding schedule.
For example, an application for tenancy by a prospective tenant will be securely destroyed if the application is rejected, unless we have reasonable ground to retain that information longer, for example in the event that a dispute arises on the rejection of your application. Personal data of a job applicant that is not employed by us will typically be destroyed shortly after the end of the application procedure, unless we have reasonable ground to retain that information longer, for example if you request us to contact you in the event of another vacancy in the future.
We will retain your personal data for the duration of any contract you may have with us and for such a period of time after termination of your contract, as is necessary to comply with our obligations under applicable laws, and if relevant, to deal with any claim or dispute that might arise in connection with your contract.
Your personal data will not be stored for longer than is necessary in relation to the purposes for which they are collected and processed by or on behalf of I-RES (please refer to the purposes as provided for above) and if necessary to retain the personal data longer, the personal data will be retained in accordance with I-RES’ data retention schedule. For more information in this respect, please contact our Privacy Officer [email protected].
How do we protect your personal data?
We implement physical, technical and organisational measures to ensure a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
We seek to ensure that we keep your personal data accurate and up to date. However, you are responsible for assisting in this regard and we kindly request that you inform us of any changes to your personal data (such as a change in your contact details).
Transfers Abroad
The parties to whom we provide your data and that we engage to process your personal data may be located in countries outside the European Economic Area (EEA), including in jurisdictions which are not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union via an adequacy decision. If we transfer your personal data to a jurisdiction that is covered by an adequacy decision by the European Commission, then we will ensure that the transfer is within the scope of the adequacy decision. If and to the extent that we transfer your data to any third country that is not covered by an adequacy decision, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include entering into a contract governing the transfer which contains the ‘standard contractual clauses’ approved for this purpose by the European Commission. For more information in this respect, please contact us at [email protected].
Requirement to Provide Data
In most circumstances you are not under a statutory or contractual obligation to provide us with any personal data unless we enter into an agreement together e.g. your PPSN is an example of a piece of personal data required for payroll processing or registering your tenancy with the Residential Tenancies Board (RTB), and your tax information and bank account details are personal data required for tax purposes and issuing payments. When you make inquiries or submit applications, we will do our best to use the information you provide, however, in cases where we do not receive suitable relevant information for decision-making or investigating, the application may be rejected or the inquiry unfulfilled.
You are in control of your personal data and are responsible for deciding which method you are comfortable using to provide it to us (in-person, electronic by email or web form, phone, etc.) and to not provide us with additional personal data not required for the transaction.
If you do not wish to transmit your personal data electronically to us, you may visit the I-RES office which requested your documents in person and submit the required personal data and documents in a sealed envelope addressed to your assigned Letting, HR or Administrative representative, marked “Confidential”, with the current date, and subject referenced on the envelope. If you are unsure which office this is, please contact [email protected] for clarification.
Your Rights
You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:
- the right to access your personal data;
- the right to request the rectification and/or erasure of your personal data;
- the right to restrict the use of your personal data;
- the right to object to the processing of your personal data;
- where we are processing personal data based on this being necessary for the performance of a contract with you, the right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format or to require us to transmit that data to another controller;
- If unsatisfied with a response from us, you have the right to lodge a complaint to the Irish Data Protection Commission relating to the processing of your personal data by or on behalf of I-RES by emailing [email protected].
We are committed to ensuring your data is processed in a manner which is lawful, fair and transparent. It will involve only data that are necessary and proportionate to achieve the specific task or purpose for which they were collected.
If you have any further questions with respect to this Privacy Notice or the processing of your personal data by or on behalf of I-RES, wish to exercise your rights, or unsubscribe from marketing communications, please contact our Privacy Officer: South Dock House, Hanover Quay, Dublin 2, Ireland D02 XW94 or [email protected].
Customer Service
Please continue to place emergency calls, work orders and requests through your normal channels such as the site management office. Should you feel a need to escalate your concerns, please contact I-RES at [email protected]