Privacy Policy

New Fountainbridge Limited (“the Owner”) is the owner of the residential development known as New Fountainbridge, Freer Street, Edinburgh (“the Property”).
Native Residential Limited t/a Native Communities (“the Manager”) manages the Property.

The Owner and the Manager of the Property work together to ensure that all activities related to the development and management are carried out as effectively and efficiently as possible. This includes, where appropriate, the sharing of your personal information between the Owner and the Manager to coordinate and deliver services, respond to queries, and manage resident-related processes.

For the purposes of data protection laws, the Owner and the Manager are “joint controllers” of the processing of your personal information described in this Privacy Policy. This means that both companies work together to decide why and how your personal information is processed. It also means that we share responsibility to you for that processing.

This Privacy Policy explains how the Owner and Manager (“we”) protect and process your personal information and describes the relationship between the Owner and the Manager. ‘Personal information’ means any information relating to an identified or identifiable natural person.

For more information on the personal information processed by the Owner in its capacity of an independent controller, please visit its privacy notice . For more information on the personal information processed by the Manager in their capacity of an independent controller, please consult its privacy notice.

This Privacy Policy relates to the following categories of individuals:

• residents and prospective residents of the Property and their guarantors (if any)
• commercial tenants or prospective commercial tenants of the Property and their personnel
• visitors to the website: newfountainbridge.com
• visitors to the Property and other guests of residents and commercial tenants at the Property

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:

1. Our privacy principles
2. What information we collect about you
3. Why we collect this information and how we use it
4. How we store and secure the information we collect
5. How long we keep the information we collect
6. How we share information we collect
7. How we transfer information outside the UK and EEA
8. Automated decision making
9. Your rights and other important privacy information
10. How you can access and control the information held by us

 

1. Our privacy principles

 

We are committed to safeguarding the privacy and security of your information

• We will only collect and use your information where we have lawful legitimate business reasons to do so
• We will not ask for more information than we need for the purposes for which we are collecting it
• We will update our records when you inform us that your details have changed
• We have implemented and adhere to information retention policies relating to your information
• We will ensure that your information is securely disposed of at the end of the appropriate retention period
• We observe the rights granted to you under applicable privacy and data protection laws
• We will ensure that queries relating to privacy issues are promptly and courteously dealt with
• Our staff are trained on their privacy obligations
• We will ensure there are appropriate measures in place to protect your information regardless of where it’s held and ensure that safeguards are in place before transferring your information to other companies or countries

 

2. What information we collect about you

 

We obtain personal information about you either from you, from third parties, or that we produce about our services offered or provided to you.

The personal information we collect depends on the services provided to you by us, how you use them, how you made contact, enquired or booked and through which channel, partner or third party this was done. Depending on these factors, we may hold any of the below personal information about you:

• Personal contact details such as a person’s name, title, home address, email address(es), telephone number(s)
• Other personal details such as a person’s gender, age, date of birth, place of birth, nationality, country of origin, marital status, child status, rental budget, property preferences, move-in date, lease term, price and any information which you volunteer in relation to the above (as applicable) and vehicle registration numbers
• Work contact details such as employer name, work address, job title, email address(es), telephone number(s)
• Other work-related details such as personnel ID, employment history, salary, references, length of service, visa information
• Government-issued identifiers such as passport, national insurance number, driver’s licence, visas, right to rent status
• Financial details such as bank account details, payment card details, credit scores, account debt, deposit information, payment history, guarantor information
• Online identifiers such as Cookies (see our Cookie Policy ), IP Address(es)
• Sensitive personal data such as health conditions and disabilities, but only when required to plan appropriately to enable the delivery of appropriate, safe and respectful levels of service and procedures to you
• Criminal offence data if and when supplied by third parties, such as referencing agencies or directly by you, required for anti-fraud measures or the prevention of other unlawful acts as appropriate
• Social media content if provided by you in accordance with and acceptance of this policy such as reviews, blogs
• User account details such as username, password (encrypted), security questions, security answers
• Contact and marketing preferences such as whether you have provided or withdrawn consent / subscribed or unsubscribed to contact methods (e.g. email, telephone), marketing campaigns, news, competitions or engaged with campaigns and promotions
• Photos, video files (such as CCTV coverage) or documents that relate to any of the above points or are required to manage the Property or our business processes
• SMS / IM messages received via apps we use for sales or operational purposes

 

3. Why we collect this information and how we use it

 

Why we collect personal information and how we use the information we collect depends in part on which services you enquire about, order or use, how you use them, and any preferences you have communicated to us. Below are the purposes for which we use the information we collect about you as well as the lawful basis for processing for each, shown in brackets.

• To respond to enquiries about our companies or services from you [Legitimate interests]
• To provide products and services to you (including renting a unit to you at the Property) and to run credit checks [Legitimate interests, necessary for a contract with you, explicit consent, equality of treatment]
• To communicate with you about the products and services we provide [Legitimate interests]
• To market, promote and drive engagement with existing or potential services to existing or potential customers who have provided consent [Consent]
• To personalise and customise your experience [Legitimate interests, equality of treatment]
• To provide customer support and account management to you or your employer [Legitimate interests, necessary for a contract with you, explicit consent]
• To identify you and ensure the safety and security of your data [Legal obligation, Legitimate interests, fraud prevention]
• To comply with customer or third-party contracted requirements [Necessary for a contract with you, Legitimate interests]
• To engage with or procure services with third-party providers for services relevant to your enquiry, order or service [Legitimate interests]
• To protect our legitimate business interests and legal rights [Legitimate interests, establish, exercise or defend legal claims, preventing or detecting unlawful acts]
• To report on and analyse the performance of our portfolio [Legitimate interests]
• To develop our business and build a better understanding of what our customers want [Legitimate interests]
• For research and development purposes [Legitimate interests]
• To help protect you and us against fraud or other criminal activity [Legitimate interests, legal obligation, establish, exercise or defend legal claims, fraud prevention, preventing or detecting unlawful acts]
• To help protect the security and safety of the Property and those living and working within the Property [Legitimate interests, preventing or detecting unlawful acts]
• To comply with any legal or regulatory obligations [Legal obligation, Legitimate interests, establish, exercise or defend legal claims, fraud prevention]
• To respond to any law enforcement agencies [Legal obligation, Legitimate interests]
• To respond to any data subject requests from you [Legal obligation, data you manifestly made public]
• Any other reason that complies with our obligations that we can justify as a legitimate business reason [Legitimate interests]

 

4. How do we store and secure the information we collect:

 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we restrict access to personal information so that only individuals within our organisation, and third-party controllers and processors of the data that need it for legitimate business purposes have access to it. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We also have data use policies and training in place to ensure all our staff are responsible for your data and understand their obligation to protect it.

 

5. How long do we keep information?

 

How long we keep the information we collect about you depends on the type of information and the type of interaction you have had with us, as specified by the retention periods below. Prior to or at the point of the retention period being met, we will either delete or anonymise your information. Where more than one of the below categories applies to a piece of data, the longest retention period shall be enforced.

Sign-ups for news offers or marketing campaigns – If you have provided your contact details and confirmed that you have provided consent to receive news, offers or marketing campaigns, we will retain your personal information for no longer than 7 years from the point you last expressed an interest/opened a communication without unsubscribing/provided consent/contacted us/subscribed or unsubscribed. We retain information derived from cookies and other tracking technologies.
Personal information related to tenant enquiries– If you have made an enquiry about renting a unit at the Property or a third party has done so on your behalf, we will retain your information for no longer than 7 years from the point of your last enquiry.

Billing – If you have been billed by us for any products or services, we will retain your information for no longer than 7 years from the point of billing of your last invoice.

Tenant information – We will retain information relating to your tenancy at the Property throughout the period of your tenancy and for up to 7 years after it ends.
Account information – Where you have signed up for an account with us, we retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the services provided to you by us. We also retain some of your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, support business operations, and continue to develop and improve our products and services.

Client contracts – If you’re an employee of a corporate client that specifies in our contract that data must be retained for reporting purposes on their behalf for a particular period, we will comply with that length of time where possible and where they have confirmed their responsibility as data controller in that regard.
Other files and emails – We retain active, undeleted electronic files and emails for a period of no longer than 7 years unless they have been identified as business critical and set to not be deleted.

Complaints – We retain complaints and responses to them for no longer than 7 years from closure or resolution.

CCTV images – We retain CCTV images for no longer than 30 days except where required to do so for legal reasons.

In other cases, we’ll store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed (where that’s for a compatible purpose or otherwise permitted by law). And sometimes we’ll keep it for longer if we need to by law. Otherwise, we delete it.

 

6. How we share information we collect

 

We only share your personal information where we have a lawful basis to do so, including when it is necessary for us to do so for legitimate business purposes, or if that is not the case, when you have provided consent for us to do so. We will only share personal information with third-parties that we have verified and are handling your details securely.

We do use third-party service providers to process personal information on our behalf for the kinds of purposes set out below:

• Process payment and refund transactions
• Provide customer service, marketing, infrastructure, financial, audit, operational and/or technology services
• Personalise and improve our services
• Carry out tenancy-related services such as referencing and/or deposit protection
• Carry out fraud and credit checks and collect debts
• Analyse and improve the information we hold (including about your interactions with our service)
• Run surveys
• For quality and training purposes

Where we use another organisation to process data for the above purposes, we still act as data controller of your personal information.

We may also share your personal information with government agencies to comply with legal, regulatory or law enforcement requirements.

We may also share your personal information with our group companies where those group companies carry out services or administrative functions on our behalf, and also for the purposes of financial reporting and audit, and as may otherwise be required by law.

We may share your personal information with third parties who may act as data controller in relation to that information, where relevant to your tenancy at the Property and / or the services being provided to you. This may include, for example, local authorities, utility suppliers and insurers.

If there’s a change (or expected change) in who owns us or any of our properties, we might share personal information with the new (or prospective) owner. If we do, they will be required to keep it confidential.

 

7. How we transfer information outside the UK

 

Your personal information may be transferred outside the UK from time to time where we use third-party service providers located outside the UK.

If your personal information is transferred outside the UK, we will put suitable safeguards in place to ensure that such transfers are carried out in compliance with the applicable data protection laws. These include, for instance, relying on an UK adequacy decisions, or UK’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs) as approved for use in the UK, together with binding and enforceable commitments by the recipient.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

 

8. Automated decision making

 

We do not envisage that any decisions that have a legal or similarly significant effect on you will be taken about you using purely automated means, however we will update this Privacy Policy and inform you if this position changes.

 

9. Your rights and other important privacy information.

 

We are committed to compliance with Data Protection Laws and respecting your privacy. “Data Protection Laws” means (a) the Data Protection Act 2018 (DPA 2018) and/or any laws or regulations implementing the UK General Data Protection Regulation (UK GDPR); and/or any corresponding or equivalent national laws or regulations; and any applicable laws replacing, amending, extending, re-enacting or consolidating any of the above laws from time to time.

Under the Data Protection Laws, individuals have the rights listed below concerning the processing of their personal data, some of which may only apply in certain circumstances. Although the Manager and the Owner are joint controllers of your data, the Manager is responsible for handling all data subject requests:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object, and
• Rights related to automated decision-making and profiling

In addition, the Data Protection Laws provide you with the rig0-ht to withdraw consent at any time without affecting previous lawfulness of processing, for the processing of your data which the basis for processing is consent, which you can do via the process mentioned below.

To find out more information about these rights and our obligations, please visit the Information Commissioner’s Office website ico.org.uk

 

10. Who to contact about your data rights

 

The Manager is responsible for handling all data subject requests, including access, correction, deletion, and complaints.

If you have any questions or require details related to the personal information we hold about you or wish to exercise any of your rights outlined in this Privacy Policy, get in touch as follows:

Email: dataprotection@native-communities.com

Or write to us at:
Data Protection Officer
Native Communities
United House
9 Pembridge Road
London
W11 3JY

If you are requesting access to your information, by law you will need to provide the details below in your communication for us to be able to legally issue a full response to your request to access information, which we usually will do within one calendar month, free of charge. In the case of more complex requests we may need longer than one month to respond but we will let you know if that is the case.

• Full name
• Email address
• Telephone number
• Proof of ID (certified copy of passport, driving licence or government-issued ID).

If you want to make a complaint on how we have handled your personal information, please contact the Manager’s data protection officer who will investigate the matter and report back to you.

If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner’s Office – ico.org.uk.

Date last updated: 02 October 2025

Book a Viewing!