This Notice describes the types of information collected, how that information is used and disclosed, and how you can access, modify, or delete your information.
Land Securities Properties Limited (company number 961477) whose registered office is at 100 Victoria Street London SW1E 5JL (“we”, “us” or “our”) is the ‘data controller’ for the personal data we collect.
How do we collect information about you and for what purpose?
When you are invited to engage with Landsec as a potential supplier we collect relevant information about you through a third-party supplier onboarding portal (Proactis) in order to enter into a contract with you or your organisation for the provision of goods and services. This data will include your name, contact details and the name of the organisation that you represent. In the event you contract with us as an individual we will also require your personal address, VAT number and bank account details in order to make payment to you. We may require your National Insurance details as required by CIS to comply with HMRC rules.
For our legitimate interests to make our invoice payment processing efficient, we use a Data Processor (Rossum Ltd.) to provide invoice matching services (this is the process by which a scanned invoice is matched to details in our accounts system so that the data can be posted and paid automatically). As a Data Controller, Rossum Ltd. (not operating as our Data Processor), also use the information provided to them to enhance their algorithm to improve its accuracy. For more information, please see Rossum’s Privacy statement here.
Supplier payment files, including bank details and amounts, are created within our accounting system and then uploaded to a secure banking platform to execute payment.
Where you are involved with any activity that entails Health and Security risk, such as construction, we will obtain information about your skills and experience as part of our due diligence assessment for the purposes of entering into a contract.
We will also authorize you to perform work on our sites through a permit creation portal. This data will include your name and the name of the organisation which you work for, your contact details (which may be personal where you are not incorporated) and information about your professional skills and experience. We may also collect your vehicle information to allow you access to the property.
The information is collected to ensure that the work is conducted in accordance with professional standards to comply with legal requirements and to pursue our legitimate interests.
Data minimisation and retention
We will only collect the minimum amount of personal information necessary and will only keep your information for as long as needed for the performance of the contract and for keeping appropriate accounting records, and to comply with health and safety legislation.
Protection of your information
Landsec has in place administrative, technical and physical measures designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal information that Landsec holds. We place similar obligations on our third parties and risk assess their security based on the sensitivity of the personal data that they hold.
If we transfer your personal information outside of the UK, it will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators.
Other recipients and third-party transfers not detailed previously
We may pass on or allow access to your information
- to our suppliers, contractors and professional advisors where this is necessary for them to provide services and facilities to us.
- to our Joint Venture partners;
- to any purchaser of all or part of our business or any of our;
- to sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers;
- where we are required to do so by law, court order or other legal process;
- where, acting in good faith, we believe disclosure is necessary to assist in the investigation or reporting of suspected illegal or other wrongful activity. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- to protect and defend our rights or property;
- to deal with any misuse of any of our Services; or
- in order to enforce or apply our terms and conditions and other agreements with third parties.
- to our group companies and affiliates or third-party data processers who may process data on our behalf to enable us to carry out our usual business practices.
- personal data relating to an insurance claim, including sensitive data, may be transferred to our reinsurance business based within the Land Securities Group (Land Securities Insurance Limited (registered in Guernsey as a Data Controller (ref 11453)).
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Subject to certain conditions, request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. Your request may also not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
- Subject to certain conditions, request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. You also have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to notify us of any changes regarding your personal data as soon as they occur, including changes to your contact details. This right only applies to your own personal data. When exercising this right, please be as specific as possible.
- Subject to certain conditions, request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Subject to certain conditions, object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Subject to certain conditions, request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Subject to certain conditions, request the transfer of your personal information to another party. If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal data that has been provided to us by you.
- Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time.
If you do decide to withdraw your consent we will stop processing your data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. If you withdraw your consent, this will only take effect for future processing.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please email email@example.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights); however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
You can also contact the Information Commissioner's Office via https://ico.org.uk/ for information, advice or to make a complaint.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
For more information, please contact the data protection officer on firstname.lastname@example.org.
This privacy notice was last updated on 29 January 2021.
|11 May 2018||Updates relevant to GDPR|
|23 August 2019||Further details on third party disclosures|
|31 March 2020||Update to reflect new invoice processing process|
|30 September 2020||Removal of Privacy Shield|
|29 January 2021||Brexit update|
|30 June 2021||CIS update|