1. Purpose of this notice
This privacy notice describes how we collect and process personal information about you, in accordance with the General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (“Data Protection Legislation”).
2. About Us
Real Estate Management (UK) Ltd (“REM”, “we”, “us”, “our” and “ours”) provides property development and asset management services across London’s finest real estate. We are registered in England and Wales under company number 07870825 and our registered office is at 51 Grosvenor Street, London, W1K 3HH.
For the purpose of the Data Protection Legislation and this notice, we are the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice
3. Personal information we collect and hold about you
We will collect personal information about you from a variety of sources, including information we collect from you directly (e.g. when you contact us) and information we collect about you from other sources described below.
Note that we may be required by law to collect certain personal information about you or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of our obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.
3.1 Information we collect directly from you
a) We will collect and process information about you when you contact us by email, telephone, post or social media. The information we hold about you may include the following:
a. your personal details (such as your name, address and other contact details);
b. details of our correspondence and communications with you; and
c. information about any complaints and enquiries you may have submitted to us.
b) When we send emails to you we may review whether these have been opened and whether you clicked on any links within these.
c) When you visit our websites the web server collects some basic information such as your browser type, MAC or IP address, internet service provider’s domain name, which pages you accessed on the site and when. Details of cookies that we use on our websites can be found in our Cookie Notice.
d) Where you sign up for a newsletter, fill out a feedback form, complete a “contact us” form or enter a competition or promotion we collect personal information such as your email address, name, contact number, postcode and date of birth. Not all fields are mandatory and provision of the information is optional but if you provide less information this may limit your use of our online services.
3.2 Information we collect from other sources:
a) We use social media such as Facebook, either ourselves or through third party advertising agencies, to carry out digital advertising on the profiles of users who we think may be interested in our advertising campaigns based on events of ours that they have attended, what marketing communications they have subscribed to and which parts of our website they have visited or users who are in a similar demographic to such persons. Information on how advertising is shown to you should be available from your own social media provider.
4. How we use your personal information and the basis on which we use it
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
a) to fulfil our contractual obligations to you, for example to fulfil the terms of a competition or promotion that you have entered or to provide you with information you have requested;
b) to comply with our legal obligations to you, for example health and safety obligations while you are on our premises or to a third party (e.g. the police); and
c) to meet our legitimate interests, for example to understand how you use our services and our buildings and to enable us to derive knowledge from that which in turn enables us to develop new services and further tailor our buildings to appeal to a wide variety of persons. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Please note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.
Situations in which we will use your personal data
We may use your personal information to:
a) deal with your enquiries and requests;
b) provide and personalise our services;
c) carry out our obligations arising from any agreements entered into between you or your employer or other relevant organisation and us (which will most usually be our engagement for the provision of our services or your services, as applicable);
d) notify you about any changes to our services;
e) comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies;
f) contact you with marketing and offers relating to products and services offered by us and / or other members of our group (unless you have opted out of marketing or we are otherwise prevented by law from doing so);
g) personalise the marketing messages and offers we send you to make them more relevant and interesting;
h) contact you for research purposes, where you have consented to us doing so, in order to understand what you think of our sites and how we can improve them;
i) maintain the quality of our websites and to analyse the use of our websites in order to help guide improvements; and
j) better design and optimise our properties to improve the experience of our customers.
In some circumstances we may anonymise or pseudonymise the personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal information without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
Change of Purpose
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal information where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
5. Your rights in respect of your personal information
You have certain rights regarding your personal information, subject to local law. These include the following rights to:
a) Request access to your personal information. This enables you to receive details of the personal information we hold about you and to check that we are processing it lawfully.
b) Request correction of the personal information that we hold about you.
c) Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
d) Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
e) Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
f) Request the transfer of your personal information to another party.
If you would like to discuss or exercise such rights, please contact us using the details below.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
6. Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us); you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using the details below.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
7. Information sharing
We may share your personal information with certain third parties in the following circumstances:
• Services providers and business partners. We may share your personal information with our services providers and business partners that perform various business operations for us. For example, we may partner with other companies to: process secure payments, fulfil orders, optimise our services, send newsletters and marketing emails, support email and messaging services and analyse information.
• Law enforcement agencies, courts, regulators, government authorities, insurance providers or other third parties. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party or to put in place insurance for any of the buildings which we own or for which we provide property management services.
We contract with third parties which, in certain circumstances, will be controllers of your personal data and responsible for managing it properly and, in others, will be processors who deal with your personal data in accordance with our instructions. Whether a third party supplier (who is not us) is a processor or controller of your personal data depends on the facts and where we appoint a third party processor of your personal data depends on the facts. Where we appoint a third party processor of your personal data we will put a framework around what we expect them to do with it and how they manage it, for example:
• Where we do not own a building but we provide property management services for the building owner and / or we provide access control system services for the building owner we capture personal data within the access control system. This comprises personal data of people who work in a building and those who visit it and includes name, occupation, employer and contact details. The data controller in these situations will be the building owner or the tenants of the building owner and we are a data processor.
• Where we provide property management services for a third party landlord, we can be provided with personal data on tenants and their employees where this is necessary for us to carry out these services. We are not the data controller in these circumstances and are a data processor for the third party landlord.
What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business.
We may share non-personally identifiable information with third parties such as partners, customers, tenants and suppliers for example to show trends on the use of our buildings.
8. Information security and storage
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We evaluate these measures on a regular basis to ensure the security of our data processing.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
a) the requirements of our business and the services provided;
b) the purposes for which we originally collected the personal data;
c) the lawful grounds on which we based our processing;
d) the types of personal data we have collected;
e) the amount and categories of your personal data; and
f) whether the purpose of the processing could reasonably be fulfilled by other means.
9. Transferring information outside of the European Economic Area (“EEA”)
Your personal information may be transferred to, stored and processed in a country outside of the EEA that is not regarded as ensuring an adequate level of protection for personal information under European Union law/by the European Commission. Where this is the case we have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us using the details below.
10. Changes to our Privacy Notice
We review our privacy notice on a frequent basis to check that it accurately reflects how we deal with your personal information and may amend it if necessary. Any changes we may make to our privacy notice in the future will be posted on this webpage. You should check this page regularly to see the most up to date information.
This privacy notice was last updated on 19 June 2018.
11. Contact us
We welcome questions, comments and requests regarding this privacy notice which can be sent to: firstname.lastname@example.org.
You also have the right to make a complaint to the Information Commissioner's Office (ICO: www.ico.org.uk), the UK supervisory authority for data protection issues, at any time.