Privacy Policy

1. Who We Are

Marine Wharf East Tenants Association ("we", "us", "our") is a residents' association for the Marine Wharf East estate in London. We operate this website to facilitate communication between residents and to support our Right to Manage initiative.

2. Information We Collect

Registration data: When you register as a member, we collect:

• Email address (required for account access)
• Building and flat number (to verify eligibility)
• Your role (owner, resident, shared ownership)
• Phone number (optional, for committee contact)
• Whether you consent to appear in the member directory

Activity data: We collect information when you:

• Report estate issues (description, location, optional photos)
• Submit service charge queries
• Participate in RTM voting
• Use the contact form

Canvassing and recruitment data: If you participate in recruitment activities:

• Door knocking records (which flats visited, outcomes, notes)
• Referral information (who you invited to join)
• QR code scan analytics (anonymised, tracks which codes are most effective)
• Canvasser statistics (opt-in leaderboard participation)

Technical data: We automatically collect minimal technical data necessary for the website to function, including authentication tokens stored in cookies.

3. How We Use Your Information

We use your information to:

• Verify your eligibility for membership (flat ownership/residency)
• Communicate association news, updates, and important notices
• Track progress toward Right to Manage qualification
• Process and respond to issue reports and service charge queries
• Display your information in the member directory (only with your explicit consent)
• Coordinate canvassing efforts to avoid duplicate visits to neighbours
• Send account-related emails (verification, password reset)

4. Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

• Consent: For displaying your details in the member directory and optional features like leaderboard participation
• Legitimate interests: For operating the association, coordinating RTM activities, and communicating with members about estate matters
• Contract: For providing membership services you have signed up for

5. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

• Member directory: With other verified members (only if you opt-in)
• RTM process: With legal advisors (anonymised statistics only, unless you sign the RTM notice which requires your name)
• Canvassing coordination: Other canvassers can see which flats have been visited (not personal details of residents)
• Legal requirements: Where required by law or court order

6. Service Providers

We use the following third-party services to operate this website:

• Supabase (database and authentication) - stores your account data securely with encryption. Privacy policy: supabase.com/privacy
• Vercel (website hosting) - serves the website. Privacy policy: vercel.com/legal/privacy-policy

These services may process data in the United States. Both providers comply with appropriate data protection standards and have data processing agreements in place.

7. Data Storage and Security

Your data is stored securely using Supabase, which provides:

• Encryption at rest and in transit (TLS/SSL)
• Row-level security policies to protect your data
• Secure authentication with password hashing
• Regular security updates and monitoring

Only committee members have access to aggregated statistics and administrative functions. Individual member data is only visible to:

• You (your own data)
• Committee members (for membership verification and issue resolution)
• Other members (only your directory listing, if you opted in)

8. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectification - correct inaccurate data
• Erasure - request deletion of your data
• Withdraw consent for directory listing at any time
• Data portability - request a copy of your data
• Object to processing based on legitimate interests

To exercise these rights, please contact us using the details below. We will respond within one month.

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint

9. Cookies

We use essential cookies only for authentication purposes. These are strictly necessary for the website to function and cannot be disabled.

• Authentication cookies: Keep you logged in securely
• Session cookies: Maintain your session state

We do not use tracking, analytics, or advertising cookies.

10. Data Retention

We retain your data for as long as you remain a member. Specific retention periods:

• Account data: Until you request deletion or leave the estate
• Issue reports: Retained for estate records and historical reference
• Canvassing records: Retained for coordination during RTM campaign
• RTM participation: Retained as required for legal RTM documentation

If you request account deletion, your personal data will be removed within 30 days. Anonymised data (such as aggregated statistics) may be retained for historical records.

11. Contact Us

For any privacy-related questions or to exercise your rights, please contact us:

• Email: mwe.residents@gmail.com
• Contact form: mwe-tenants-association.vercel.app/contact

The data controller is the Marine Wharf East Tenants Association committee.

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "last updated" date. Significant changes will be communicated to members via email.