Britannia Crescent

Britannia Crescent

Privacy Policy

Britannia Crescent Resident Authority

Privacy Policy

Last updated: March 2026 · UK GDPR compliant

1. Who we are

Britannia Crescent Residents Co‑operative is the data controller for personal data collected through the Resident Authority service (“the service”). We are registered in England and Wales.

For any data protection queries please contact us via the Support page.

2. What personal data we collect

When you use the service we may collect and process the following categories of personal data:

  • Identity data: full name(s) of the shareholder(s) signing the mandate.
  • Property data: your property address and property code.
  • Signature data: your electronic signature as a drawn or typed image.
  • Contact data: email address provided for confirmation purposes.
  • Technical data: IP address, browser type, and timestamp at the time of submission, collected automatically for security and audit purposes.
  • Communications data: any information you submit via the Support form.

We do not collect payment information, government identification numbers, or special category data.

3. How we use your personal data

We use your personal data for the following purposes:

  • Processing your mandate: to verify your identity against property records, generate a signed authority PDF, and record the completed mandate.
  • Sending confirmation: to email you a copy of your completed mandate and a PDF receipt.
  • Administration and audit: to maintain an accurate record of signed mandates for governance and legal purposes.
  • Security and fraud prevention: to detect and prevent unauthorised access or fraudulent submissions.
  • Support: to respond to enquiries submitted via the Support form.

4. Legal basis for processing

We rely on the following legal bases under the UK General Data Protection Regulation (UK GDPR):

  • Article 6(1)(b) – Performance of a contract: processing your mandate and sending you a confirmation is necessary to perform the shareholder authority service you have requested.
  • Article 6(1)(f) – Legitimate interests: maintaining audit records and preventing fraud are in our legitimate interests as a co‑operative managing shareholder governance.
  • Article 6(1)(c) – Legal obligation: we may be required to retain mandate records to comply with company law obligations.

5. Data retention

Completed mandate records, including signed PDFs and associated personal data, are retained for the duration of the relevant shareholding and for a further period of no less than six years after the mandate expires or is superseded, in line with standard company document retention guidance.

Support enquiry data is retained for as long as necessary to resolve the enquiry and for a reasonable period thereafter for audit purposes.

Technical data (IP addresses and timestamps) is retained for 12 months for security purposes.

6. Who we share your data with

We do not sell your personal data. We may share data with the following categories of recipient solely to operate the service:

  • Email delivery provider: to send mandate confirmation emails. The provider processes email content strictly on our instructions.
  • Hosting provider: your data is stored on servers located in the United Kingdom or European Economic Area.
  • Professional advisers: solicitors, accountants, or auditors where required for legal or governance purposes, under obligations of confidentiality.

We will disclose your data to law enforcement or regulatory bodies where required to do so by law.

7. Your rights

Under the UK GDPR you have the following rights in relation to your personal data:

  • Right of access (Article 15): you may request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): you may ask us to correct inaccurate data.
  • Right to erasure (Article 17): you may ask us to delete your data where there is no legitimate reason to continue processing it.
  • Right to restriction of processing (Article 18): you may ask us to restrict processing in certain circumstances.
  • Right to data portability (Article 20): you may request your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object (Article 21): you may object to processing based on legitimate interests.

To exercise any of these rights, please contact us via the Support page. We will respond within 30 days.

If you are unsatisfied with how we handle your data or your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

8. Cookies and tracking

The service uses a session cookie to maintain your signing session and a preference cookie to remember your light/dark theme choice. No third‑party advertising or analytics cookies are set. You can manage cookie preferences through the cookie consent notice presented on your first visit.

9. Changes to this policy

We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. We encourage you to review this policy periodically.

10. Contact

For data protection enquiries, requests to exercise your rights, or any concerns about this policy, please contact us via the Support page.