This Privacy Notice may vary from time to time so please check it regularly. 

This Notice describes the types of information collected, how that information is used and disclosed, and how you can access, modify, or delete your information.

Land Securities Properties Limited (company number 961477) whose registered office is at 100 Victoria Street London SW1E 5JL (“we”, “us” or “our”) is the ‘data controller’ for the personal data we collect. We are registered with the Information Commissioner’s Office with registration number Z5806812. 

The only exception to the above is Bluewater. The data controller for this site is Blueco Limited (company number 03196199) of 100 Victoria Street, London, SW1E 5JL, ICO Registration No. Z7307866.

Wi-Fi

Providing a Wi-Fi service
We provide Wi-FI to our customers to use on a complimentary basis at our locations. Some of our locations have WiFi provided directly by us, and others are provided via third parties. In order to authenticate to the WIFI connection you will usually be asked to provide an email address. This is collected for the purpose of forming a contract with you for the WIFI service, and without this it could result in you not having access to the WIFI service.

Location tracking and profiling 
We use Wi-Fi within some of our centres that may communicate with your device to identify its location if the device has Wi-Fi enabled and is properly configured. This will operate irrespective of whether or not you have subscribed to the Wi-Fi service.

If you have have not subscribed to the service, the unique address of your device may be hidden but this varies depending on the make and model of the device, so please check with your device manufacturer. In addition, to minimize privacy impacts, we introduce a collision process into our analytics that results in the unique address of your device being combined with other devices to make it less identifiable. This personal data is processed as a legitimate interest for Landsec that are summarized below. To fully opt-out of this data collection, you would need to turn off your WIFI connection settings on your device - please consult with your manufacturer on how to do this.

If you have subscribed to the service, then it is important to know that your device’s address will reveal its unique identity and that this will be combined with your email. This will allow us to understand your device’s (and therefore your) movements through the centre.

Based on the types of retailers you visit, and the time and frequency of your visits, we will use this information to build a marketing profile, and will use this to send you targeted marketing. If you provide us with information about your age and postcode then this will also be used to build a more targeted profile.

You will have the ability to opt-in and out of this marketing and you will have the ability to view and delete this profile via this website: https://profile.skyfii.com/login

Legitimate interests of above:

• To build a marketing profile on our customers to provide us with insights into their behaviours (dwell times, repeat visits, frequently visited retailers), and so that we can also provide marketing to those customers based on their preferences; 
• To share insights with Landsec customers, such as our tenants, on the types of people visiting our centres and how they use the space. This information will only be shared on an anonymous basis and so will not identify you.
• To help Landsec understand how the centre is utilized in order to optimize the space. 

Your subscription to email marketing is based on your consent, and this can be withdrawn at anytime using https://profile.skyfii.com/login or by clicking the unsubscribe link in each email communication.

Data collected from other sources

We may use your post code to enrich your profile with data obtained from third parties who collect insights at a post code but not an individually identifiable level, such as https://acorn.caci.co.uk/what-is-acorn

Additionally, where Landsec operates a loyalty scheme, the transactional data from this may be used to also enrich your profile. 

There will be no use of CCTV to identify you in relation to the above Marketing and insight purposes. 

Data minimisation and retention

We will only collect the minimum amount of personal information necessary, and will only keep your information for as long as you remain engaged with our marketing campaigns. Where you have not engaged with our marketing material for over a year, we will take steps to remove your information from our marketing database. Where you unsubscribe from our marketing, we will add your email address to our suppression list and delete any additional information that we hold about you.
 

Other recipients of third-party data

• We may pass on or allow access to your information:
• to our suppliers, contractors and professional advisors where this is necessary for them to provide services and facilities to us, such as the provider of our customer database, our WIFI systems operator and marketing agencies used to generate content for our marketing campaigns;
• to our Joint Venture partners;
• to any purchaser of all or part of our business or any of our properties;
• to sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers;
• where we are required to do so by law, court order or other legal process;
• where, acting in good faith, we believe disclosure is necessary to assist in the investigation or reporting of suspected illegal or other wrongful activity.  This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
• to protect and defend our rights or property;
• to deal with any misuse of any of our Services; or
• in order to enforce or apply our terms and conditions and other agreements with third parties.
• to our group companies and affiliates or third-party data processers who may process data on our behalf to enable us to carry out our usual business practices.
• Landsec uses Microsoft Office 365 cloud technology for its operations. Its data centres are located within the EEA.
   

Children

Children under the age of 13 are not permitted to use Wi-Fi networks.

If you have reason to believe that a child under the age of 13 has provided personal information, please contact us and we will delete that information from our databases.

Protection of your information

We have in place administrative, technical and physical measures designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal information that we hold. We place similar obligations on our third parties and risk assess their security based on the sensitivity of the personal data that they hold. 

If we transfer your personal information outside of the UK, it will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators. 

Your rights

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

• Subject to certain conditions, request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. Your request may also not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
• Subject to certain conditions, request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.  You also have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details. This right only applies to your own personal data. When exercising this right, please be as specific as possible.
• Subject to certain conditions, request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.  We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.  You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). 
• Subject to certain conditions, object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.  
• Subject to certain conditions, request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. 
• Subject to certain conditions, request the transfer of your personal information to another party.  If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations.  This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal data that has been provided to us by you.
• Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time.   If you do decide to withdraw your consent we will stop processing your data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.  If you withdraw your consent, this will only take effect for future processing. 
• If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please email dataprotection@landsec.com

You will not have to pay a fee to access your personal information (or to exercise any of the other rights); however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
You can also contact the Information Commissioner's Office via https://ico.org.uk/  for information, advice or to make a complaint.
 

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
For more information, please contact the data protection officer on dataprotection@landsec.com

Changes to the privacy policy

This Privacy Notice was last updated on 28 April 2021. If it is necessary for us to alter the terms of the Privacy Notice, we will post the revised Privacy Notice here. We encourage you to frequently review the Privacy Notice for the latest information on our privacy practices.

How you can contact us

If you have any questions about this Privacy Notice, please contact the Data Protection Officer at dataprotection@landsec.com.