We at Calthorpe Estates Group (“we” or “our” or “us”) want to make sure all the personal information we have collected about you is safe and secure whether we collect it through our websites at www.calthorpe.co.uk, www.pebblemill.co.uk, www.newgardensquare.co.uk, www.edgbastonvillage.co.uk or www.emq.co.uk (“Sites”) or from other sources. This Policy set outs our commitments to you, in compliance with and beyond the General UK Data Protection Regulation (commonly known as the UK GDPR) and the Data Protection Act and explains how we collect, store and use your personal information.
We have appointed a Data Protection Officer to oversee our compliance with data protection laws at Edgbaston Estates Security Limited. If you have any questions about this Policy or what we do with your personal information which concerns them their contact details are set out in the “Contact” section below.
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws for the rest of the Calthorpe Estates Group as we not required to do so, but our Head of Legal and Governance has overall responsibility for data protection compliance in the rest of our Group. If you have any questions about this Policy or what we do with your personal information, their contact details are also set out in the “Contact” section below.
Privacy NOTICES
Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services or products you may request from us or in providing services or products to our customers and contacts, providing you with information you have requested or just managing our relationship with you, whoever you are.
When we hold or use your personal information as a data controller or controller (see below for a description of what this is) we will provide you with a privacy notice which sets out in detail what information we hold about you (such as your contact details, address, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights.
Where we collect personal information from you directly, we will provide this privacy notice at the time we collect the personal information from you. Where we receive your personal information indirectly, we will provide this privacy notice when we first contact you, first pass the data to someone else or within a month, whichever is the earlier. We usually provide privacy notices to you by providing you with a link to the relevant privacy notice.
We will only provide a relevant privacy notice to you once, generally at the start of our relationship with you. However, if the applicable privacy notice is updated substantially, then we may provide you with details of the updated version. You are encouraged to check back regularly for updates.
Copies of our current privacy notices can be found below:
- Property customer privacy notice – click here
- CCTV privacy notice – click here
- Privacy notice for everyone else external to our organisation – click here
- Cookies policy – click here
Please note that it is possible for you to be covered by more than one privacy notice, for example you may be a customer who comes onto our premises and is recorded on CCTV. In this example both our customer privacy notice and our CCTV privacy notice would apply to you, but for different categories of your personal information.
THE DIFFERENCE BETWEEN DATA CONTROLLERS/PROCESSORS
A data controller or controller is a person who controls how personal information is processed and used. Data controller or controller are two terms that mean the same thing. A data processor or processor is a person who processes and uses personal information in accordance with the instructions of a third party, i.e. the data controller or controller.
This distinction is important. You have certain rights in relation to your personal information, for example the right to be provided with the personal information held about you and details of its use and the right in certain circumstances to have certain of your personal information either erased or anonymised, commonly referred to as the right to be forgotten (see below to see what rights you have). These rights can generally only be exercised against a controller of your personal information.
In most cases we will be a controller of your personal information. In any case where we are not a controller this means that you cannot exercise these rights against us directly (i.e. where we only act as a data processor), but you can do so against the controller (i.e. the person who controls how we process the personal information). In these cases we will endeavour to inform you who is the controller of your personal information so that you can direct any such requests to them.
Also it is only a controller that will provide you with a privacy notice about your personal information, so where we process your personal information as a controller we will provide you with a privacy notice. Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy notice which will set out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf.
HOW DO WE USE YOUR PERSONAL INFORMATION?
Where we are a controller we will use your personal information as described in the privacy notice provided to you, but, for example, we may use your personal information to administer any contracts or account(s) you have with us or to send you information we think you might find useful, provided you have indicated that you are happy to be contacted for this latter purpose. To see how we use your personal information as a controller, please see our current privacy notices, which can be accessed from the links earlier in this privacy policy.
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
Details of who we may disclose your personal information to are set out in the relevant privacy notice provided to you, but generally it is where we need to do so in order to run our organisation (e.g. where other people process information for us). In such circumstances, we will put in place arrangements to protect your personal information. Outside of that we do not disclose your personal information unless we are permitted to do so by law.
If we as a controller transfer personal information about you outside the UK and European Economic Area (EEA), we will let you know and ensure that all reasonable security measures are taken and that any third party processers will be required to process the information in accordance with information protection laws and we will notify you in your privacy notice if we are the information controller.
We do not sell, trade or rent your personal information to others.
HOW LONG DO WE HOLD ON TO YOUR PERSONAL INFORMATION?
Further details of how long we hold onto your personal information for are set out in the relevant privacy notice provided to you, but we will only hold your information for as long as is necessary or where you ask us to delete records we may delete it earlier.
The duration for which we retain your personal information will differ depending on the type of information and the reason why it was collected. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained for at least six years in accordance with usual commercial practice and regulatory requirements. However, if it relates to a property that you occupy it will probably be for a much longer period, eg until the end of the lease plus 12 years.
what are Your rights?
Full details of your rights set out in the relevant privacy notice provided to you, but you are entitled by law to ask for a copy of your personal information at any time. You are also entitled to ask us to correct, delete or update your personal information, to send your personal information to you or another organisation, to object to automated decision making and to cease carrying out any marketing to you. Where you have given us your consent to use your personal information in a particular manner, you also have the right to withdraw this consent at any time.
You should note that some of your rights may not apply as they have specific requirements and exemptions which apply to them and they may not also apply to personal information recorded and stored by us. However, your right to copies of your personal information, withdraw consent or object to processing for direct marketing are absolute rights.
To exercise any of your rights, or if you have any questions relating to your rights, please contact us by using the details set out in the “Contact” section below. You can also unsubscribe from any electronic direct marketing by clicking on the unsubscribe link in any electronic marketing messages we send to you.
We are here to help and would encourage you to contact us first to resolve any complaint or issue you may have with our use of your personal information, but if you are still unhappy with the way we are using your personal information you can complain to the UK Information Commissioner’s Office or your local data protection regulator. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
linking with third party sites
Our Sites may, from time to time, contain links to and from the websites of third parties, eg our commercial partners such as customers and websites involved in promoting some or all aspects of Edgbaston. If you follow a link to or from any of these websites, please note that these websites have their own privacy policies and they will be a data controller of your personal information. We do not accept any responsibility or liability for these websites and you should check their privacy policies before you submit any personal information to these websites.
In addition, if follow a link to or from any of these websites, we cannot be responsible for the policies and practices of the owners or operators of that third-party website and recommend that you check the policy of any such third party website and contact its owner or operator if you have any concerns or questions.
SECURITY
We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, or use, or disclosure of your personal information. Unfortunately, no information transmission over the Internet is guaranteed 100% secure nor is any storage of information always 100% secure, but we do take all appropriate steps to protect the security of your personal information.
Cookies
Certain parts of our Sites use “cookies” to store your website preferences, keep track of your visit and to help you navigate between parts of a website. A cookie is a small data file that certain websites store on your computer’s hard-drive when you visit the relevant websites. Cookies can contain information such as your user ID and the pages you have visited. The only personal information a cookie contains is information that you have personally supplied.
We use cookies on our Sites to enable us to store your website preferences, deliver content that is specific to your interests and gives us an idea of which parts of the Site you are visiting and to recognise you when you return to the Sites. Cookies does not give us access to other information on your computer’s hard-drive and our Sites will not read cookies created by other websites that you have visited.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. If, however, you select this setting you may be unable to access certain parts of the Sites. Unless you have adjusted your browser settings so that it will refuse cookies, our Sites will ask for your consent to non-essential cookies when you visit the relevant Site.
Please note providers of third party content and websites may also use cookies over which we have no control. For our full cookie policy and detailed information on the cookies we use and the purposes for which we use them see our separate cookie policy at COOKIEPOLICY.
LOG FILES
In common with most websites, our Sites logs various information about visitors, including internet protocol (IP) addresses, browser type, internet service provider (ISP) information, referring / exit pages and date / time stamp.
We may use this information to analyse trends, administer the Sites, track your movement around the Site and gather broad demographic information.
Changes to this policy
Any changes we may make to this Policy in the future will be posted on our Sites and, where appropriate, notified to you by e-mail. When we change this Policy in a material way, we will update the version date at the bottom of this page. Please check back frequently to see any updates or changes to this Policy and should you object to any alteration, please contact us as set out in the “Contact” section below.
Contact
In the event of any query or complaint in connection with the personal information that Edgbaston Estates Security Limited holds about you, please email the Data Protection Officer at dataprotection@calthorpe.co.uk or write to the Data Protection Officer, Calthorpe Estates, 76 Hagley Road, Edgbaston B16 8LU.
In the event of any query or complaint in connection with the personal information any other part of the Calthorpe Estates Group holds about you, please email our Head of Legal at dataprotection@calthorpe.co.uk or write to us at Head of Legal and Governance, Calthorpe Estates, 76 Hagley Road Edgbaston B16 8LU.
Whilst this privacy policy sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found in our relevant privacy notice (see the “Privacy Notices” section above) or on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.