This User Privacy Notice (“Privacy Notice” or “Notice”) was last updated on 13 June 2018. This Privacy Notice may vary from time to time so please check it regularly.
This Notice describes the types of information collected, how that information is used and disclosed, and how you can access, modify, or delete your information.
Land Securities Properties Limited (company number 961477) whose registered office is at 100 Victoria Street London SW1E 5JL (“we”, “us” or “our”) is the ‘data controller’ for the personal data we collect. We are registered with the Information Commissioner’s Office with registration number Z5806812.
The only exception to the above is Bluewater. The data controller for this site is Blueco Limited (company number 03196199) of 100 Victoria Street, London, SW1E 5JL, ICO Registration No. Z7307866.
Landsec uses Microsoft Office 365 cloud technology for its operations. Its data centres are located with the EEA.
If you use one of the Wi-Fi networks, we may collect personal information from you, such as your name, email address and postcode in order to log you on to the Wi-Fi network. Some of our sites have Wi-Fi provided directly by us, and others are provided via third parties. You will also be offered the opportunity to subscribe to email marketing.
Through our Wi-Fi service, we may also collect data which shows how often, how long and from which one of our centres you are accessing the Wi-Fi services, which will include recording the address of your device that connects to the Wi-Fi network.
We use Wi-Fi within some of our centres that may communicate with your mobile device to identify its location if the device has Wi-Fi enabled and is properly configured. This will operate irrespective of whether or not you have subscribed to the Wi-Fi service. When this location information is analysed it will be aggregated to prevent any identification of individuals.
To opt out of the collection of your MAC or Internet Protocol (IP) address and location, turn off your device’s Bluetooth and Wi-Fi capabilities.
For more information you may also visit http://www.smart-places.org.
The address of your device will be stored for as long as it connects to the internet, and will be stored to allow you to reconnect at a later date.
The personal information gathered through Wi-Fi for Landsec’s legitimate business interests, to:
- Tailor our online services to you so the content you see is relevant to you. For example, we may request your date of birth, gender and some basic interests (such as ‘shopping’ and ‘dining’) so that we can provide you with content that we think you will be interested in – “profiling”; and
- Collect data obtained through our interaction with customers for research, analysis, testing, monitoring, risk management and administrative purposes including the optimisation of service delivery at our properties and to improve the customer experience.
The legal basis is also to form a contract with you to provide the Wi-Fi Service.
You may also be asked to consent to email marketing. You can withdraw this consent at any time.
Children under the age of 13 are not permitted to use Wi-Fi networks.
If you have reason to believe that a child under the age of 13 has provided personal information, please contact us and we will delete that information from our databases.
Protection of your information
We have in place administrative, technical and physical measures designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal information that we hold. We place similar obligations on our third parties and risk assess their security based on the sensitivity of the personal data that they hold.
If we transfer your personal information outside of the EEA, it will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme).
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Subject to certain conditions, request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. Your request may also not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
- Subject to certain conditions, request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. You also have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details. This right only applies to your own personal data. When exercising this right, please be as specific as possible.
- Subject to certain conditions, request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Subject to certain conditions, object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Subject to certain conditions, request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Subject to certain conditions, request the transfer of your personal information to another party. If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal data that has been provided to us by you.
- Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. If you withdraw your consent, this will only take effect for future processing.
- If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please email email@example.com
You will not have to pay a fee to access your personal information (or to exercise any of the other rights); however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
You can also contact the Information Commissioner's Office via https://ico.org.uk/ for information, advice or to make a complaint.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
For more information, please contact the data protection officer on firstname.lastname@example.org
This Privacy Notice was last updated on 30 September 2020. If it is necessary for us to alter the terms of the Privacy Notice, we will post the revised Privacy Notice here. We encourage you to frequently review the Privacy Notice for the latest information on our privacy practices.
|25 May 2018||Updates relevant to GDPR|
|13 June 2018||Updated to combine Bluewater into update|
|24 July 2018||Inclusion of version control table|
|30 September 2020||Removal of Privacy Shield Reference|
How you can contact us
If you have any questions about this Privacy Notice, please contact the Data Protection Officer at email@example.com.