This privacy notice explains how we may collect and use your personal information if you visit one of Land Securities Properties Limited’s retail centres or interact with us online. 

What information do we collect?

We may collect personal information including the following:  

• Contact details and interests: for example if you enter one of our competitions, enrol for an event or sign-up for a loyalty card or promotion, either online or through a paper physical form. 
• Feedback on our services and contact details: for example if you complete an online survey or provide feedback by emailing any comments, complaints or suggestions to us.
• Website usage: we may collect information about your use of online services, such as the time and duration of your visit, the referring URL, your Internet Protocol (IP) or MAC address, the type of device you use and its operating system. 
• Shipment and payment details: for example if you buy a gift card online or at one of our centres. You may also be asked to consent to receiving marketing information if you purchase a gift card. 
• Photographs or video images: for example if you agree to be photographed when you attend one of our events. The images may be used for promotional purposes on our website and social media. 
• Social media posts, comments, pages, profiles, images and other user generated content if you choose to share this content with us. 
• Car parking: if you park at one of our centres, we may collect your license plate to administer our car parking fees, and your credit card details to make any payments. We will collect your contact details if you join a frequent visitor or staff parking scheme.
• Loan or hire equipment: we will collect your personal details so that we loan or hire equipment such as a push chair or mobility aid to you. 
• CCTV analytics: we may use our CCTV systems to record and analyse information such as age approximation and gender or to find out how many people are in a particular area and for how long. We do not conduct our analytics on a personally identifiable basis. 
• If you consent to marketing, we may use third party marketing agencies to develop email marketing campaigns and social media, to provide customer insight through the analysis of data and to collect personal data on our behalf.

How we use your personal information

We may use your personal information:

• To tailor our online services to you so the content you see is relevant to you. For example, we may request your date of birth, gender and some basic interests (such as ‘shopping’ and ‘dining’) so that we can provide you with content that we think you will be interested in.
• For research, analysis, testing, monitoring, risk management and administrative purposes, including the optimisation of service delivery at our properties and to improve the customer experience. 
• To bring you offers and promotions that are likely to be relevant to you, we may combine the personal information that we collect directly from you with information that we obtain from third parties with the appropriate consent. 
• We may also use personal information to monitor and improve the products and services we offer.
• If you want to know more about the personal information we collect and what we use it for, please contact us using the details below. 

Security at our centres.

We have a duty to keep our centres and those visiting them safe and secure. 

• We collect images of visitors and customers to our properties using CCTV, Body Mounted Video and Automatic Number Plate Recognition systems. Our CCTV may be able to detect the presence of a person in the building after it is closed or in an inaccessible area, for example. We also collect personal information from our access control systems.
• The information we collect for security purposes may be shared with the police, tenants, local authorities, other sites or local crime reduction partnerships and initiatives. We may also share information with insurance companies where this necessary to manage an insurance claim. 
• Security Analytics: The alerts are reviewed by a security operative to determine the appropriate response. The technology provides Landsec with support in keeping its premises secure and its occupants safe as a legitimate interest, and does not involve facial recognition processing, or any processing for the purpose of unique identification through biometrics.

Accident and incident reporting 

Unfortunately, there is a possibility that an accident or incident may occur in one of our premises. When an incident does occur, we are required to document the particulars of the incident. This may include witness statements, CCTV footage, photographs and written reports. 

The data may be shared with third parties such as insurance providers or legal advisors in order to defend a claim. We may also share personal information with the relevant official organisations – such as the police or the Health and Safety Executive – so that any incident can be investigated and dealt with.  

This information is collected so we can comply with our legal responsibilities in relation to Health and Safety or to prevent and detect crime, or to protect public safety. 

What is our legal basis for collecting your personal information?

Contract: if you sign-up for our gift card, loyalty programmes, clubs, events, car parking, postal service, hiring services, wi-fi, competitions or promotions. 

Legitimate interests: for example to respond to customer queries or complaints, to gain insight into customer perception of our offerings, to run promotions, competitions and events. It is also in our legitimate interests to collect personal information where this is necessary for security purposes.

Consent: we are most likely to ask for your consent so we can send direct marketing material to you. 

We may have other legal bases for collecting personal information – please contact us using the details below if you want to know more about this. 

Do we share your personal information with anyone else? 

We may share your personal information with organisations including:

• our suppliers, contractors and professional advisors where this is necessary for them to provide services and facilities to us, such as to provide car parking services; 
• other companies and organisations for the purposes of fraud protection and credit risk reduction where we believe disclosure is necessary to assist in the investigation or reporting of suspected illegal or other wrongful activity. 
• our group companies and affiliates or third-party data processers who may process data on our behalf to enable us to conduct our usual business practices.
• Insurance companies where this is necessary for the management of a claim.

International transfers of your personal information

In some cases we may transfer your personal information outside the UK. If we do this, we always make sure that the information will be subject to appropriate security and will only be used for the purpose it was collected for originally. 

The security of your personal information

Landsec has technical and organisational measures in place to make sure your personal information is subject to suitable security and is not shared or used inappropriately. 

If we share personal information with a third party, we always require them to maintain appropriate technical and organisational measures to protect it.

How long do we keep your personal information for?

We retain your personal information for as long as we need it for the purpose it was collected for. In some cases we are required by law to retain certain information for a particular period, but usually our retention periods are set according to business need. 

We generally retain customer feedback responses for 15 months to allow year on year comparisons. For our VIP events run in our outlets, personal information is generally deleted after 12 months.

We generally retain CCTV and Body Mounted Video footage for up to 31 days, unless an incident or suspected incident has occurred. ANPR data is kept for as long as is contractually required.

Access Control System data are deleted on request from our occupiers. Access cards that have not been used for three months are deactivated. Any passes which have remained inactive for twelve months will have all data relating to the card permanently deleted. All visitor management systems data is deleted if a visitor has not returned to the site within six months.

In some cases we keep personal information for longer than usual, for example to manage a complaint or in the context of litigation.

In some cases we will anonymise your personal information for research or statistical purposes. We may hold anonymised information indefinitely. 

Your personal information rights.

You have the right to:

• Obtain a copy of your personal information.
• Require Landsec to rectify any inaccurate personal information or to add any information that you think is missing.
• Have personal information about you erased.
• Restrict the processing of your personal information – i.e. to stop Landsec using it.
• Object to the processing of your personal information, for example for direct marketing purposes.
• Have your personal information transferred to another organisation.
• If applicable, not to be subject to an automated decision-making process.

There may be some exemptions from, and limitations to, the rights above, depending on the circumstances. However, it is Landsec’s policy to comply with all information rights requests as fully as we can.

If you want to exercise any of your information rights, please contact us using the details below and we will be in touch to request any further information we need, including proof of ID.

Our Contact Details

If you have any questions about this Privacy Notice, want to know more about how we handle your personal information or want to complain about our use of it, please contact us at:

Land Securities Properties Limited

Address: 100 Victoria Street, London, SW1E 5JL
Email address: datagovernance-compliance@landsec.com

If you are not happy with any aspect of way Landsec collects and uses your personal information, you can complain to the Information Commissioner's Office, the UK regulator for data protection issues. Please see www.ico.org.uk. Please contact us first though and we will always try to resolve any issues you have.

This Privacy Notice was last updated on 02/24