home.ly is a trading name of ATOZ Serviced Apartments LTD. This policy explains how home.ly protects and processes your personal information. This policy is effective from 22nd February 2020.
‘Your personal information’ means any information about you that you or third parties provide to us, or we produce in relation to our services offered or provided to you.
Where we provide products or services under contract with an organisation (for example your employer), that organisation controls the information processed by home.ly on your behalf until they transfer it to us, upon which point home.ly assumes responsibility to process your data.
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:
The personal information we collect depends on the products and services you have, how you use them, how you made contact, enquired or booked and through which channel, partner or third party this was done. Depending on these factors, home.ly could hold any of the below personal information about you:
Why we collect personal information and how we use the information we collect depends in part on which services you enquire about, order or use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
home.ly will implement and maintain technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. The Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of home.ly’s systems and services; to help restore timely access to personal data following an incident; and for regular testing of effectiveness. home.ly may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service.
Home.ly will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and subprocessors to the extent applicable to their scope of performance, including ensuring that all persons authorized to process your Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
In addition to the Security Measures, Home.ly will make the Additional Security Controls available to: (a) allow You to take steps to secure your Personal Data; and (b) provide You with information about securing, accessing and using your Personal Data.
Data incidents means a breach of home.ly’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data on systems managed by or otherwise controlled by home.ly. Data Incidents will not include unsuccessful attempts or activities that do not compromise the security of your Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
If home.ly becomes aware of a Data Incident, home.ly will: (a) notify You of the Data Incident promptly and without undue delay after becoming aware of the Data Incident; and (b) promptly take reasonable steps to minimize harm and secure your Personal Data.
Notification(s) of any Data Incident(s) will be delivered to the Account Info Email Address. You are solely responsible for ensuring that the Account Info Email Address is current and valid.
home.ly will not assess the contents of your Personal Data to identify information subject to any specific legal requirements. You are solely responsible for complying with incident notification laws applicable to You and fulfilling any third party notification obligations related to any Data Incident(s).
home.ly’s notification of or response to a Data Incident under this Section 4 (Data Incidents) will not be construed as an acknowledgement by home.ly of any fault or liability with respect to the Data Incident.
Our websites have up to date SSL certificates that provide robust authentication and encryption, to reassure you that your data and transactions are secure.
We restrict access to personal information so that only controllers and processors of the data that need it for legitimate business purposes have access to it.
We also have data use policies and training in place to ensure all our staff are responsible with your data and understand their obligation to protect it.
How long we keep information we collect about you depends on the type of information and the type of interaction you have had with Home.ly, as specified by the retention periods below. Prior to or at the point of the retention period being met, we will either delete or anonymise your information as applicable. Where more than one of the below categories applies to a piece of data, the longest retention period shall be enforced.
Sign-ups for news, offers or marketing campaigns – If you have provided your contact details and confirmed that you have provided consent to receive news, offers or marketing campaigns, we will retain your personal information for no longer than 5 years from the point you last expressed an interest/opened a communication without unsubscribing/provided consent/contacted us/subscribed or unsubscribed. We retain information derived from cookies and other tracking technologies for no longer than 5 years.
Personal Information related to Enquiries and Orders – If you have made an enquiry about or order for products or services or a third party has done so on your behalf, we will retain your information for no longer than 7 years from the point of your last enquiry or order.
Billing – If you have been billed by Home.ly for any products or services, we will retain your information for no longer than 7 years from the point of billing of your last invoice.
Account Information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our products and services.
Client contracts – If you’re an employee of a corporate client that specifies in our contract that data must be retained for reporting purposes on their behalf for a particular period, we will comply with that length of time where possible and where they have confirmed their responsibility as data controller in that regards.
Job Applicant details – CVs, covering letters, application forms and interview notes for unsuccessful candidates will be retained for no longer than 1 year. Successful candidates will have these files transferred to their personnel file, for which our retention period will not be covered by this document.
Other files and emails – We retain active, undeleted electronic files and emails for a period of no longer than 7 years, unless they have been identified as business critical and set to not be deleted.
Complaints – We retain complaints and responses to them for no longer than 6 years from closure.
Telephone call and SMS / IM data – We retain recorded calls and messages no longer than is required for quality, training or legal reasons or will retain no longer than 1 year, whichever is greater.
In other cases, we’ll store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed. And sometimes we’ll keep it for longer if we need to by law. Otherwise we delete it.
We only share your personal information where it is necessary for us to do so for legitimate business purposes, or if that is not the case, when you have provided consent for us to do so. We will only share personal information with other companies in our supply chain that we have verified are handling your details securely.
We do use third party service providers to process personal information on our behalf for the kinds of purposes set out below:
Where we use another organisation, we still control your personal information.
If there’s a change (or expected change) in who owns us or any of our assets, we might share personal information to the new (or prospective) owner. If we do, they’ll have to keep it confidential.
home.ly is committed to compliance with Data Processing Laws and respecting your privacy. “Data Processing Laws” means (a) the Data Protection Act 1998 and any laws or regulations implementing Directive 95/46/EC; and/or (b) the General Data Protection Regulation (GDPR); and/or any corresponding or equivalent national laws or regulations; and any applicable laws replacing, amending, extending, re-enacting or consolidating any of the above DP Laws from time to time; For the purposes of the Data Processing Laws Home.ly is the data controller.
GDPR provides you with 8 rights concerning the processing of your personal data. These are listed below:
To find out more information about these rights and our obligations, please visit the Information Commissioner’s Office website https://ico.org.uk
If you have any questions or require details related to the personal information, we hold about you, get in touch with our Data Protection Officer by
Or write to us at:
Data Protection Officer
Welwyn Garden City
England, AL8 6AP
If you are requesting access to your information, by law you will need to provide the below in your communication for us to be able to legally issue a full response to your request to access information, which we will do within one calendar month, free of charge.
If you want to make a complaint on how we have handled your personal information, please contact our data protection officer who will investigate the matter and report back to you.
If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner’s Office – https://ico.org.uk.