This User Privacy Notice (“Privacy Notice” or “Notice”) was last updated on 11 May 2018. This Privacy Notice may vary from time to time so please check it regularly.

This Notice describes the types of information collected, how that information is used and disclosed, and how you can access, modify, or delete your information.

Land Securities Group PLC (company number 04369054) whose registered office is at 100 Victoria Street London SW1E 5JL (“we”, “us” or “our”) is the ‘data controller’ for the personal data we collect. We are registered with the Information Commissioner’s Office with registration number Z7135626.

Shareholder information

The following information is processed in relation to our shareholders:

Name, address, bank sort code and account number; email address; no. of shares; date of death; Corporate Action election options; phone number; and voting instructions.

The information is processed to comply for legal obligations as a UK listed company for the following purposes:

• Register share maintenance i.e. Change of address, bank mandate details, name change, Notification of death, registration of death, legal document processing. Lost certificate notifications, reissue of certificate. Market & Non-Share transfers, CREST processing;
• Dividend distribution; and
• Meeting management - notice of meeting data, proxy form completion, and companies’ annual report accounts. Returned proxy forms detailing instructions on the company’s meeting resolutions are data capture.

Our data processor for the above processing is Equiniti Group plc (EQN) with a registered address of Sutherland House, Russell Way, Crawley RH10 1UH and our ICO registration number is: ZA299187. Detailed information on onward transfers from Equiniti can be viewed on Equiniti’s Privacy Notice.  

Personal data will not be retained for longer than necessary for us to achieve the purpose for which we obtained your personal data. We will then either securely delete it or anonymise it so that it cannot be linked back to you. We review our retention periods for personal data on a regular basis.

We will retain personal data for the duration of your entry on the Register of Members for a period of up to 12 years following your last entry on the Register or completion of service e.g. payment of unclaimed dividends, for the reasons noted below:

• To respond to enquiries and complaints;
• To demonstrate that your instructions were carried out properly; and
• To maintain records to meet rules and regulatory requirements that are applicable to the administration of the Register.
• We can keep your data for longer than 12 years if we cannot delete it for legal, regulatory or technical reasons. We can also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes

Protection of your information

Our processor safeguards your personal data across all our computer systems, networks, websites and offices as much as possible through appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) and their Information Security policies are aligned to ISO27001, which is an internationally recognised security standard.

Personal data will be shared with members of the Equiniti Group outside of the UK, including Equiniti India Private Limited which is based in India, for the purposes described in this Privacy Notice. For these transfers we utilise Model Clauses recognised by the European Commission.

Other recipients and third-party transfers not detailed previously 

• to our suppliers, contractors and professional advisors where this is necessary for them to provide services and facilities to us.
• to our Joint Venture partners;
• to any purchaser of all or part of our business or any of our;
• to sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers;
• where we are required to do so by law, court order or other legal process;
• where, acting in good faith, we believe disclosure is necessary to assist in the investigation or reporting of suspected illegal or other wrongful activity.  This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
• to protect and defend our rights or property;
• to deal with any misuse of any of our Services; or
• in order to enforce or apply our terms and conditions and other agreements with third parties.
• to our group companies and affiliates or third-party data processers who may process data on our behalf to enable us to carry out our usual business practices.
• personal data relating to an insurance claim, including sensitive data, may be transferred to our reinsurance business based within the Land Securities Group (Land Securities Insurance Limited (registered in Guernsey as a Data Controller (ref 11453)). 

Your rights

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

• Subject to certain conditions, request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. Your request may also not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
• Subject to certain conditions, request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. You also have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details. This right only applies to your own personal data. When exercising this right, please be as specific as possible.
• Subject to certain conditions, request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Subject to certain conditions, object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Subject to certain conditions, request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Subject to certain conditions, request the transfer of your personal information to another party. If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal data that has been provided to us by you.
• Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time.

If you do decide to withdraw your consent we will stop processing your data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. If you withdraw your consent, this will only take effect for future processing.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please email dataprotection@landsec.com.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights); however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

You can also contact the Information Commissioner's Office via https://ico.org.uk/ for information, advice or to make a complaint.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

For more information, please contact the data protection officer on dataprotection@landsec.com.

Changes to the privacy policy

This Privacy Notice was last updated on 29 January 20021. If it is necessary for us to alter the terms of the Privacy Notice, we will post the revised Privacy Notice here. We encourage you to frequently review the Privacy Notice for the latest information on our privacy practices.

How you can contact us

If you have any questions about this Privacy Notice, please contact the Data Protection Officer at dataprotection@landsec.com.