Better Block← Back to Home

GDPR Policy

Last updated: January 2026

1. Introduction and Commitment

Better Block is committed to protecting the privacy and security of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines our approach to data protection and our commitment to GDPR compliance.

This policy applies to all personal data processed by Better Block, whether in electronic or paper format.

2. Data Controller Information

Better Block is the data controller for personal data collected and processed in connection with our block management services. As data controller, we determine the purposes and means of processing personal data.

Data Controller: Better Block

Email: hello@betterblock.co.uk

3. Data Protection Principles

We adhere to the seven key principles of the UK GDPR. Personal data shall be:

  • Processed lawfully, fairly, and transparently: We only collect and process data where we have a lawful basis, and we are transparent about how we use it.
  • Collected for specified, explicit, and legitimate purposes: We only collect data for clearly defined purposes and do not use it in ways incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary: We only collect data that is required for the stated purposes.
  • Accurate and kept up to date: We take reasonable steps to ensure data is accurate and rectify inaccuracies promptly.
  • Kept for no longer than necessary: We retain data only for as long as required for the purposes for which it was collected.
  • Processed securely: We implement appropriate technical and organisational measures to protect personal data.
  • Accountability: We demonstrate compliance with these principles and maintain appropriate records.

4. Lawful Bases for Processing

We process personal data under the following lawful bases as defined by UK GDPR Article 6:

4.1 Contract

Processing necessary for the performance of a contract to which the data subject is party, or to take steps at their request prior to entering into a contract. This includes providing our block management services.

4.2 Legal Obligation

Processing necessary for compliance with a legal obligation to which we are subject, such as maintaining financial records, complying with anti-money laundering regulations, or responding to lawful requests from authorities.

4.3 Legitimate Interests

Processing necessary for the purposes of our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our legitimate interests include:

  • Administering and managing our business
  • Improving our services
  • Marketing our services to existing and potential clients
  • Protecting our business and legal rights

4.4 Consent

Where we rely on consent, data subjects have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Categories of Personal Data

We may process the following categories of personal data:

  • Identity Data: Name, title, date of birth
  • Contact Data: Address, email address, telephone numbers
  • Financial Data: Bank account details, payment history
  • Property Data: Details of properties owned or managed
  • Transaction Data: Service charges, payments, and financial transactions
  • Technical Data: IP address, browser type, device information (website visitors)
  • Communication Data: Correspondence and communication preferences

6. Data Subject Rights

Under UK GDPR, individuals have the following rights regarding their personal data:

6.1 Right to be Informed (Articles 13-14)

You have the right to be informed about how we collect and use your personal data. This policy and our Privacy Policy fulfil this requirement.

6.2 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to access that data. We will respond to valid Subject Access Requests within one month.

6.3 Right to Rectification (Article 16)

You have the right to have inaccurate personal data rectified and incomplete data completed.

6.4 Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected.

6.5 Right to Restrict Processing (Article 18)

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data.

6.6 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format where processing is based on consent or contract.

6.7 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

6.8 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.

To exercise any of these rights, please contact us at hello@betterblock.co.uk. We will respond to requests within one month, though this may be extended by a further two months for complex requests.

7. Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Secure access controls and authentication
  • Regular security assessments and updates
  • Staff training on data protection and security
  • Secure disposal of data no longer required
  • Regular backups and disaster recovery procedures
  • Physical security measures for paper records

8. Data Processors and Third Parties

We may share personal data with third-party service providers (data processors) who process data on our behalf. All data processors are required to:

  • Process data only on our documented instructions
  • Ensure confidentiality of personnel processing the data
  • Implement appropriate security measures
  • Assist us in complying with data subject rights requests
  • Delete or return data at the end of the service
  • Allow for and contribute to audits

We maintain a register of our data processors and ensure appropriate contracts are in place.

9. International Data Transfers

We primarily store and process data within the United Kingdom. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including:

  • Transfers to countries with UK adequacy decisions
  • Use of UK International Data Transfer Agreement (IDTA) or Addendum
  • Binding Corporate Rules where applicable

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are determined by:

  • Legal and regulatory requirements (e.g., financial records retained for 7 years)
  • Contractual obligations
  • Business operational needs
  • Limitation periods for potential legal claims

We maintain a data retention schedule and regularly review stored data to ensure it is not kept longer than necessary.

11. Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach:

  • We will assess the risk to individuals' rights and freedoms
  • Where required, we will notify the Information Commissioner's Office (ICO) within 72 hours
  • Where there is a high risk to individuals, we will notify affected data subjects without undue delay
  • We will document all breaches, including those not reported, along with remedial actions taken

12. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms. This includes:

  • Systematic evaluation or scoring of individuals
  • Large-scale processing of sensitive data
  • Systematic monitoring of public areas
  • Use of new technologies

13. Records of Processing Activities

We maintain records of our processing activities as required by Article 30 of UK GDPR, including:

  • Categories of data subjects and personal data
  • Purposes of processing
  • Categories of recipients
  • International transfers and safeguards
  • Retention periods
  • Security measures

14. Staff Training and Awareness

All staff receive appropriate training on data protection and GDPR compliance. This includes:

  • Understanding data protection principles
  • Recognising and handling personal data
  • Understanding data subject rights
  • Identifying and reporting data breaches
  • Security best practices

15. Supervisory Authority

The supervisory authority for data protection in the UK is the Information Commissioner's Office (ICO). If you have concerns about our processing of your personal data, you have the right to lodge a complaint with the ICO:

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire SK9 5AF

Website: www.ico.org.uk

Helpline: 0303 123 1113

We would encourage you to contact us first so that we can address your concerns directly.

16. Policy Review

This policy is reviewed regularly to ensure it remains accurate and compliant with current legislation. We will update this policy as necessary and communicate significant changes to relevant stakeholders.

17. Contact Us

For any questions about this GDPR Policy or our data protection practices, please contact us:

Better Block

Email: hello@betterblock.co.uk