Back to Home

Privacy Policy

Last updated: February 2026

1. Who We Are

Marine Wharf East Tenants Association ("we", "us", "our") is a residents' association for the Marine Wharf East estate in London. We operate this website to facilitate communication between residents and to support our Right to Manage initiative.

2. Information We Collect

Registration data: When you register as a member, we collect:

  • Email address (required for account access)
  • Building and flat number (to verify eligibility)
  • Your role (owner, resident, shared ownership)
  • Phone number (optional, for committee contact)
  • Whether you consent to appear in the member directory, and which contact details to display (email, phone, both, or neither)

Activity data: We collect information when you:

  • Report estate issues (description, location, optional photos)
  • Submit service charge queries
  • Participate in RTM voting
  • Use the contact form

Canvassing and recruitment data: If you participate in recruitment activities:

  • Door knocking records (which flats visited, outcomes, notes)
  • Referral information (who you invited to join)
  • QR code scan analytics (anonymised, tracks which codes are most effective)
  • Canvasser statistics (opt-in leaderboard participation)

Email and communication preferences: If you opt in to our newsletter or manage your email preferences:

  • Newsletter subscription status and preferences
  • Email address (shared with our email service providers for delivery)

Contact form data: When you use our contact form, we collect your email address to send a verification code (delivered via our email service provider) and the content of your message.

Technical data: We automatically collect minimal technical data necessary for the website to function, including authentication tokens stored in cookies.

3. How We Use Your Information

We use your information to:

  • Verify your eligibility for membership (flat ownership/residency)
  • Communicate association news, updates, and important notices
  • Track progress toward Right to Manage qualification
  • Process and respond to issue reports and service charge queries
  • Display your information in the member directory (only with your explicit consent)
  • Coordinate canvassing efforts to avoid duplicate visits to neighbours
  • Send account-related emails (verification, password reset, registration approval)
  • Send newsletter updates and community announcements (only if you opt in)
  • Verify your identity when using the contact form (via email verification code)

4. Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

  • Consent: For displaying your details in the member directory, sending newsletter emails, and optional features like leaderboard participation
  • Legitimate interests: For operating the association, coordinating RTM activities, and communicating with members about estate matters
  • Contract: For providing membership services you have signed up for

5. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

  • Member directory: With other verified members (only if you opt-in)
  • RTM process: With legal advisors (anonymised statistics only, unless you sign the RTM notice which requires your name)
  • Canvassing coordination: Other canvassers can see which flats have been visited (not personal details of residents)
  • Email service providers: Your email address is shared with our transactional email provider (Resend) to deliver account-related emails, and with our newsletter provider (Mailchimp) if you opt in to the newsletter
  • Legal requirements: Where required by law or court order

External links: Our portal includes links to external WhatsApp community groups. If you choose to join these groups, your data is handled by WhatsApp (Meta Platforms) under their own privacy policy. We do not control or process any data shared within WhatsApp groups.

6. Service Providers

We use the following third-party services to operate this website:

  • Supabase (database and authentication) - stores your account data securely with encryption. Privacy policy: supabase.com/privacy
  • Vercel (website hosting) - serves the website. Privacy policy: vercel.com/legal/privacy-policy
  • Resend (transactional email) - delivers account-related emails such as registration confirmations, approval notifications, password resets, referral invitations, and contact form verification codes. Your email address is shared with Resend to deliver these messages. Privacy policy: resend.com/legal/privacy-policy
  • Mailchimp (newsletter) - manages our newsletter mailing list. If you opt in to the newsletter, your email address is shared with Mailchimp (operated by Intuit Inc.) for delivery. We use double opt-in to ensure GDPR compliance. You can unsubscribe at any time from your account settings or via the link in any newsletter email. Privacy policy: intuit.com/privacy/statement

These services may process data in the United States. All providers comply with appropriate data protection standards and have data processing agreements in place.

7. Data Storage and Security

Your data is stored securely using Supabase, which provides:

  • Encryption at rest and in transit (TLS/SSL)
  • Row-level security policies to protect your data
  • Secure authentication with password hashing
  • Regular security updates and monitoring

Only committee members have access to aggregated statistics and administrative functions. Individual member data is only visible to:

  • You (your own data)
  • Committee members (for membership verification and issue resolution)
  • Other members (only your directory listing, if you opted in)

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectification - correct inaccurate data
  • Erasure - request deletion of your data
  • Withdraw consent for directory listing or newsletter subscription at any time
  • Data portability - request a copy of your data
  • Object to processing based on legitimate interests

To exercise these rights, please contact us using the details below. We will respond within one month.

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint

9. Cookies

We use essential cookies only for authentication purposes. These are strictly necessary for the website to function and cannot be disabled.

  • Authentication cookies: Keep you logged in securely
  • Session cookies: Maintain your session state

We do not use tracking, analytics, or advertising cookies.

10. Data Retention

We retain your data for as long as you remain a member. Specific retention periods:

  • Account data: Until you request deletion or leave the estate
  • Issue reports: Retained for estate records and historical reference
  • Canvassing records: Retained for coordination during RTM campaign
  • RTM participation: Retained as required for legal RTM documentation
  • Newsletter subscription: Until you unsubscribe or request removal from the mailing list

If you request account deletion, your personal data will be removed within 30 days. Anonymised data (such as aggregated statistics) may be retained for historical records.

11. Contact Us

For any privacy-related questions or to exercise your rights, please contact us:

The data controller is the Marine Wharf East Tenants Association committee.

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "last updated" date. Significant changes will be communicated to members via email.