Processing of personal data in relation to the property that you occupy Land Securities Properties Limited (“Landsec”, “we” or “us”) will record your name and contact details on our management database as a record of the lease of the property, which is the basis of our contractual agreement. This information will be held for as long as we both are parties to the lease. We may use your data to bill you for any charges relating to your property in accordance with the terms of the lease.
Landsec uses service partners to provide security, front of house/concierge/guest services, billing as well as facilities management at its properties. It also uses third party system providers for access control and visitor management systems, and also to find new tenants for our properties. These third parties may have access to your personal data, and use it for the following purposes:
- Providing property and facility management services – we may take personal details to register facility issues and report back resolutions in connection with services under the lease;
- billing – to invoice you in accordance with the terms of the lease;
- providing secure access to the building in accordance with terms of the lease;
- reporting any injuries or potential insurance claims – these may include special categories of personal data – to discharge our legal obligations or defend a claim;
- provide emergency broadcasts to alert occupiers to risks to protect your vital interests; and
- (where locating new occupiers) undertaking credit checks and right to reside checks – to minimize our exposure to default, and to comply with our legal obligations.
- We may may collect your license plate, payment details and/or contact details to enter into a contract with you for car parking services.
The data above is held is long as required to perform these functions. Billing and lease personal data will only be stored for 7 years following the end of the lease.
1. Security systems
As part of our security services within common areas, our service partners may collect personal images through CCTV, Body Mounted Video or through ANPR technology (Automatic Number Plate Recognition), and signs will be displayed notifying you of these arrangements. This is collected to discharge our contractual obligations, and also to pursue our legitimate interests to protect the property in question, to protect the safety and vital interests of our visitors and tenants and to assist with the prevention and detection of crime.
Landsec has retention policies which govern how long this information should be kept, generally for no longer than 31 days unless an incident has been logged.
Security information may be shared with the Police or with local crime reduction initiatives for the purposes of our legitimate interests and the prevention of crime.
We may also share the information with insurance companies where they request data relating to insurance claims to support their legitimate interests, or those of their clients, or to defend legal claims.
2. Access control and visitor management
Landsec may provide an access control system that allows secure entry to the building, and/or details of visitors to your premises. We deliver these services pursuant to leasing agreements, as well as to prevent and identify crime. These systems hold personal data – typically an individual’s name and access data as they enter various parts of the building.
To ensure compliance with data protection laws, Landsec will review personal data within any access control and visitor systems, and any personal data relating to access cards that haven’t been used for a period of 12 months will be permanently deleted. If you require any accounts to be subject to alternate treatment please provide written instructions to the general manager at the property.
3. Protection of your data
Landsec has in place administrative, technical and physical measures on our systems and internally which are designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal information that it holds. We place similar obligations on our service partners and undertakes risk assessments on their security measures.
From time to time Landsec may transfer your personal information to its group companies, suppliers or service providers based outside the EEA. If we do so your personal information will continue to be subject to one or more appropriate safeguards as required by law. These might include the use of model contractual clauses, or having suppliers sign up to an independent privacy scheme approved by regulators (such as ‘Privacy Shield’).
Landsec will ensure that where information is transferred outside EEA, Landsec and the receiving party will comply with all relevant laws governing such transfers.
4. Other third-party transfers not detailed previously
We may pass on or allow access to your information:
- to Other Service Providers: we may share information we collect about you with third parties who provide services on our behalf to help with our business activities, such as third parties providing valuation services for our portfolio;
- to external auditors;
- to our Joint Venture partners or other companies in our group;
- to any purchaser of all or part of our business or any of our properties;
- to sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers;
- where we are required to do so by law, court order or other legal process;
- where, acting in good faith, we believe disclosure is necessary to assist in the investigation or reporting of suspected illegal or other wrongful activity. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and
- to protect and defend our rights or property.
- Third parties who support us in obtaining insights into how our customers use our products. For example, to conduct market research on our behalf.
5. Your rights
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the following rights:
- Subject to certain conditions, request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. Disclosure maynot impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
- Subject to certain conditions, request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. You also have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details. This right only applies to your own personal data. When exercising this right, please be as specific as possible.
- Subject to certain conditions, request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Subject to certain conditions, object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Subject to certain conditions, request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Subject to certain conditions, request the transfer of your personal information to another party. If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal data that has been provided to us by you.
- Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. If you withdraw your consent, this will only take effect for future processing.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please email firstname.lastname@example.org.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights); however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
You can also contact the Information Commissioner's Office via https://ico.org.uk/ for information, advice or to make a complaint.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
For more information, please contact the data protection officer on email@example.com.
Where Landsec is the Data Controller in respect of personal data processing, our details are as follows: Land Securities Properties Limited (company number 961477) whose registered office is at 100 Victoria Street London SW1E 5JL.
Landsec are registered with the Information Commissioner’s Office with registration number Z5806812.
This Privacy Notice was last updated on 20 June 2019.
Changes to the privacy and cookies policy
If it is necessary for us to alter the terms of the Privacy Notice, we will post the revised Privacy Notice here. We encourage you to frequently review the Privacy Notice for the latest information on our privacy practices.
|November 2018||Update to list of recipients of personal data to provide greater transparency.|
|June 2019||Updated list of third party disclosures; inclusion of car park personal processing|
If you have any questions about this Privacy Notice, please contact the Data Protection Officer at firstname.lastname@example.org.