Land Securities Properties Limited (“Landsec”, “we” or “us”) will record your name and contact details on our management database as a record of the lease of the property, which is the basis of our contractual agreement.
Landsec uses third parties to manage these properties on our behalf and often these organisations will manage the processes of finding new tenants, onboarding them and collecting payments as well as providing security, front of house/guest services and dealing with any issues that you experience as a resident.
In these instances, where these third parties are Data Controllers for the information they collect and use they will provide you with their own privacy notices. In some circumstances, Landsec may also be a Joint Controller for this personal data and/or the third party may be operating as a data processor for Landsec. If the management company is Savills or Allsop then for more information about the Joint Controller relationship can be obtained using the contact details below.
Personal details from Residents are generally processed for the following purposes:
- Providing property and facility management services – contact details (name, address, telephone no. email) may be used to register facility issues and report back resolutions in connection with contracted services under the lease;
- Billing – contact details may be used to invoice residents in accordance with the terms of the lease and to chase outstanding debt as part of a legitimate interest to manage default risk;
- Access Control –contact details may be used to provide secure access to the building in accordance with terms of the lease;
- Accident and Injury investigation - contact details and potentially health data relating to an accident or incident may be collected as a legitimate interest to investigate and ensure resolution of an incident, or to discharge a legal obligation or defend a legal claim.
- Tenant Safety - we may use your health information where it’s needed for ensuring that you remain safe during an emergency situation, such as your ability to use the stairs as an evacuation method. This is collected as a legitimate interest with your consent or as a vital interest. During a pandemic or other health related emergency, we may also collect information about your health to implement appropriate measures to ensure the safety of our residents and the safety of others who visit or occupy the building. This will be processed in accordance with our legitimate interest and as part of public health, vital interests or health and social care legal bases;
- Onboarding new tenants -
i) we may request credit checks using information such as your previous addresses, name and DoB for our legitimate interests to reduce our exposure to default; and
ii) We may need proof of right to reside by viewing and storing your passport or immigration documents to comply with our legal obligations.
- Parking services - we may collect license plate, payment details and/or contact details to enter into a contract with you for car parking services.
- Customer insights – we may use your contact details to Invite you to participate in surveys or market research for our legitimate interests to improve our service offerings.
The data above is held as long as required to perform these functions.
1. Security systems
As part of our security services within common areas, our service partners may collect personal images through CCTV, Body Mounted Video or through ANPR technology (Automatic Number Plate Recognition), and signs will be displayed notifying you of these arrangements. This is collected to discharge our contractual obligations, and also to pursue our legitimate interests to protect the property in question, to protect the safety and vital interests of our visitors and tenants and to assist with the prevention and detection of crime.
Landsec has retention policies which govern how long this information should be kept, generally for no longer than 31 days unless an incident has been logged.
Security information may be shared with the Police or with local crime reduction initiatives for the purposes of our legitimate interests and the prevention of crime.
We may also share the information with insurance companies where they request data relating to insurance claims to support their legitimate interests, or those of their clients, or to defend legal claims.
2. Access control and visitor management
Landsec may provide an access control system that allows secure entry to the building, and/or details of visitors to your premises. We deliver these services pursuant to leasing agreements, as well as to prevent and identify crime. These systems hold personal data – typically an individual’s name and access data as they enter various parts of the building.
To ensure compliance with data protection laws, Landsec will review personal data within any access control and visitor systems, and any personal data relating to access cards that haven’t been used for a period of 12 months will be permanently deleted. If you require any accounts to be subject to alternate treatment please provide written instructions to the general manager at the property.
3. Protection of your data
Landsec has in place administrative, technical and physical measures on our systems and internally which are designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal information that it holds. We place similar obligations on our service partners and undertakes risk assessments on their security measures.
From time to time Landsec may transfer your personal information to its group companies, suppliers or service providers based outside the UK. If we do so your personal information will continue to be subject to one or more appropriate safeguards as required by law. These might include the use of model contractual clauses, or having suppliers sign up to an independent privacy scheme approved by regulators.
Landsec will ensure that where information is transferred outside the UK, Landsec and the receiving party will comply with all relevant laws governing such transfers.
4. Other recipients and third-party transfers not detailed previously
We may pass on or allow access to your information:
- Other Service Providers: we may share information we collect about you with third parties who provide services on our behalf to help with our business activities, such as third parties providing valuation services for our portfolio;
- Insurers for our properties;
- External Auditors;
- Tenancy deposit schemes;
- Debt collection agencies;
- Credit reference agencies;
- Suppliers who need your details to contact you in relation to fixing an issue with the property;
- to our Joint Venture partners or other companies in our group;
- to any purchaser of all or part of our business or any of our properties;
- to sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers;
- where we are required to do so by law, court order or other legal process;
- where, acting in good faith, we believe disclosure is necessary to assist in the investigation or reporting of suspected illegal or other wrongful activity. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and
- to protect and defend our rights or property.
- Third parties who support us in obtaining insights into how our customers use our products. For example, to conduct market research on our behalf.
- Landsec uses Microsoft Office 365 cloud technology for its operations. Its data centres are located within the EU which is subject to an adequacy decision by the UK.
5. Your rights
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the following rights:
- Subject to certain conditions, request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. Disclosure maynot impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
- Subject to certain conditions, request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. You also have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details. This right only applies to your own personal data. When exercising this right, please be as specific as possible.
- Subject to certain conditions, request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Subject to certain conditions, object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Subject to certain conditions, request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Subject to certain conditions, request the transfer of your personal information to another party. If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal data that has been provided to us by you.
- Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. If you withdraw your consent, this will only take effect for future processing.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please email firstname.lastname@example.org.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights); however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
You can also contact the Information Commissioner's Office via https://ico.org.uk/ for information, advice or to make a complaint.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
For more information, please contact the data protection officer on email@example.com.
Where Landsec is the Data Controller in respect of personal data processing, our details are as follows: Land Securities Properties Limited (company number 961477) whose registered office is at 100 Victoria Street London SW1E 5JL.
Landsec are registered with the Information Commissioner’s Office with registration number Z5806812.
This Privacy Notice was last updated in September 2020.
Changes to the privacy and cookies policy
This Privacy Notice was last updated in January 2021. If it is necessary for us to alter the terms of the Privacy Notice, we will post the revised Privacy Notice here. We encourage you to frequently review the Privacy Notice for the latest information on our privacy practices.
|December 2018||Update to list of recipients of personal data to provide greater transparency.|
|June 2019||Updated list of third party disclosures; inclusion of car park personal processing|
|April 2020||Updated to include addition of joint-controller relationships for properties and health data collection in relation to a pandemic.|
|September 2020||Removal of Privacy Shield|
|January 2021||Brexit update|
If you have any questions about this Privacy Notice, please contact the Data Protection Officer at firstname.lastname@example.org.