Welcome to the Ballymore privacy notice. At Ballymore we are committed to ensuring that your privacy is protected. This privacy notice explains how we will collect your personal data and how we use your personal data. This means information that relates to you as an identifiable person or ‘data subject’ and therefore constitutes ‘personal data’ as defined by the General Data Protection Regulation (“GDPR”).
Ballymore Development Management Ltd (“BDML”), Ballymore Asset Management Ltd (“BAML”) and Ballymore Construction Services Ltd (“BCSL”), members of the Ballymore group, will act as a data controller of your personal data. Throughout this privacy notice BDML, BAML and BCSL are referred to collectively as “Ballymore”, “we” or “us”.
Ballymore are committed to protecting the rights and privacy of individuals and complying with the GDPR. We consider your privacy to be of utmost importance and want you to be confident that your personal data is kept safely and securely and for you to understand how it is used. As such, this privacy notice sets out the following information:
- What data we collect from you;
- Why we collect this data and what is the legal basis for processing it;
- Who we share your data with and why;
- How long we will keep your data; and
- What your rights are.
2. Our role
2.1. As data controllers of any personal data collected Ballymore will determine the purposes and way in which such personal data are, or will be, processed.
2.2. Our full contact details are:
- Ballymore Development Management Ltd, 4th Floor 161 Marsh Wall, London, England And Wales, United Kingdom, E14 9SJ. Our registered company number is 08874050.
We have appointed a data protection team (DPT) who are responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPT at email@example.com or by writing to the address at 2.2 above marked for the attention of the Data Protection Team, Data Department.
3. Important information
3.1. This privacy notice was last amended on 3 April 2023. It supersedes any earlier versions.
3.2. It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
3.3. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes. You can ask us to rectify or update your personal information at any time by contacting us at firstname.lastname@example.org.
4. What information do we hold?
4.1. We may hold and processing the following categories of personal data:
- Identity Data
- Contact Data
- Financial Data
- Transaction Data
- App Usage Data
- Technical Data
- Profile Data
- Marketing and Communications Data
- Health Data
- Security Systems Data
- Special Categories of Personal Data
See the glossary at the end of this policy for more details of each category.
4.2. We also collect, use and share aggregated data such as statistical or demographic data to help us manage services, for example to monitor access into leisure facilities or car park to track peak periods. This aggregated data may be derived from your personal data but is no longer personal data as it does not directly or indirectly reveal your identity.
5. How do we obtain this information?
We use different methods to collect data from and about you including:
5.1. From you directly.
This includes personal data you provide when you:
- 5.1.1. Telephone, email us or visit us in person;
- 5.1.2. Create an account on one of our websites or other Ballymore applications where available or contact us through social media;
- 5.1.3. buy, sell, rent, let, lease, licence or reserve a property
- 5.1.4. arrange a viewing for a property or showroom;
- 5.1.5. request information about our properties, or related goods and services we may offer
- 5.1.6. subscribe to our any services or publications that we offer
- 5.1.7. Attend one of our social events;
- 5.1.8. enter a competition, promotion or survey; or
- 5.1.9. Provide feedback.
5.2. From third parties.
We may receive personal data about you for the following third parties and public sources:
- 5.2.1. Technical Data from analytics providers such as Google Tag Manager, Google Analytics, Google Adwords, Facebook Pixel, Twitter, DoubleClick, Addthis, BlueKai, Turn Inc., DataXu, AdGear, Weborara, Semasio, Yahoo Analytics, Visual Website Optimiser; and from the providers of software which we use on our websites, including Salesforce, Google Tag Manager, Lotame, Crimtan, DataXu and Response Tap.
- 5.2.2. Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Barclays Bank PLC;
- 5.2.3. Identity and Contact Data from publicly availably sources such as the Land Registry, Companies House, and the Electoral Register.
5.3. Automatically collected from or about you or your device.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. If this is the case, we will notify you at the time.
6. How do we use your information?
6.1. In the table below, we have summarised the purposes for which we may use your personal data and the lawful basis for this. If we need to process your personal data for a different purpose that is not compatible with the original purpose, then we will let you know.
6.2. We may process your personal data for a different purpose than listed below and without your consent where it is necessary for us to comply with our legal obligations.
6.3. Where our processing of your data is based on your consent, you may withdraw your consent at any time by contacting email@example.com, at which point we will cease to process your personal data for the purposes to which the consent applies.
6.4. Note that we may process the lawful basis on which we rely to process your personal data may vary depending on the purpose for which we are using your data. Please contact us via the Data Protection Team (firstname.lastname@example.org) if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose / Activity||Type of Data||Lawful basis for processing including basis for legitimate interest|
|To communicate with you, handle queries and complaints, manage our relationship with you and administer our business.|| |
|Necessary for our legitimate interests in running our business, keeping our records updated and executing our responsibility as Managing Agent.|
|To register you as a new customer|| |
Marketing and Communications
|Necessary for our legitimate interests in keeping records of our customers.|
|To facilitate the reservation, purchase, sale, renting, leasing, or licensing of a property.|| |
Marketing and Communications
Performance of a contract or potential contract with you
Necessary for our legitimate interests
|To facilitate the collection of service charge payments and ground rent payments due under your contract, including collection by selected third parties.|| |
|Performance of a contract with you.|
|To verify your identity, verify your eligibility for certain services, conduct credit reference checks, prevent or detect fraud or money laundering.|| |
Necessary to comply with a legal obligation, where this processing is comply with anti-money laundering legislation.
Otherwise, we rely on the processing being necessary for our legitimate interest in assessing customers’ credit-worthiness and ensuring we are not defrauded.
|To verify your identity in order to verify your eligibility for access to certain services and Ballymore properties in order to prevent or detect unauthorised use (such as a lease infringement).|| |
|Necessary for our legitimate interests in protecting property and maintaining the security of our estate.|
To manage our relationship with you, including:
Asking you to leave a review or take a survey or provide feedback on our services.
Notifying you about changes to our terms or privacy notice.
Enabling you to participate in events, competitions and surveys.
Marketing and Communications
|Necessary for our legitimate interests: to keep our records updated, to study how customers use our websites/services, and to develop and grow our business.|
|To provide customer support such as Sales services, Concierge and Front of House services, Helpdesk services, Security services, facilities services, parking services, etc.|| |
|Provision of services which are necessary to perform our contract with you.|
|To provide our key authorisation service, allowing you to leave your keys with us for others to collect.|| |
|Performance of a contract with you.|
|To enable you to use our gym facilities||Special Categories – health information||Consent|
|To administer and protect our business and network security including websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).|| |
|Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and unauthorised access).|
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you to include permitting selected third parties to assist in improvement and optimisation of marketing material and content, our services and the websites / applications.|| |
Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our website/services, to develop them, to grow our business and to inform our marketing strategy).|
|To use data analytics to improve our websites, products/services, marketing, customer relationships and experiences.||Technical Usage||Necessary for our legitimate interests (to define types of customers based on their age, gender and interests for our products and services, to keep our websites updated and relevant, to develop our business and to inform our marketing strategy).|
|To ensure that content from our websites and our applications are presented in the most effective manner for you and your device.|| |
|Necessary for our legitimate interests (to develop our products/services and grow our business and provision of administration and IT services).|
|To make suggestions, recommendations and provide information to you about goods or services that may be of interest to you|| |
Necessary for our legitimate interests (to develop and grow our business) where these suggestions and recommendations are made by post.
Where these communications are electronic, we rely on your consent.
|To comply with requirements imposed by law or any court order.|| |
Financial & Transaction Employment Related Technical
|Necessary to comply with our legal obligations|
6.5. Marketing and promotional offers
6.6. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which properties, services and offers to send you (we call this marketing).
6.7. You will receive marketing communications from us via the channels you have selected (for example phone, email, SMS, push notifications) where you have opted in to receiving that marketing.
6.8. You can ask us to stop sending you marketing messages at any time by contacting the Data Protection Team or by following the opt-out links on any marketing message sent to you.
6.9. If you do withdraw your consent to marketing, this will result in us ceasing to directly market goods and services to you, but we will still process your personal data in order to fulfil our contract with you and in accordance with our legal, accountancy and regulatory obligations.
6.10. We will get your express opt-in consent before we share your personal data with any company outside the Ballymore Group for their own marketing purposes. You have the right to withdraw consent for us to pass your information to third parties for marketing purposes. If you no longer wish to be contacted by third parties for marketing purposes, please follow the instructions in their marketing communications, or consult their privacy policies about how to unsubscribe
6.11. Cookies and remarketing
7. Who we share your data with
We work with a number of trusted partners, suppliers, contractors and businesses in order to deliver the range of services we provide. We may share your personal data with the parties set out below for the purposes outlined in the table in section 6.
7.1. Ballymore Group companies
As set out in this privacy notice, we are part of the Ballymore group. The ‘Ballymore’ brand is licensed to a range of companies within the Ballymore Group who sell, market and manage Ballymore branded and co-branded property developments (which we refer to as ‘Ballymore Group’ companies). We share your personal data with such companies, which are based in the United Kingdom, Ireland and Jersey.
7.2. External Third Parties
We may also share your personal data with external third parties, such as:
- 7.2.1. Joint venture partners of Ballymore branded or co-branded property developments, who may be based outside of the UK and EU.
- 7.2.2. Estate agents acting as processors, such as Savills, Johns & Co, Foxtons, CBRE, Knight Frank, JLL based both within and outside the UK and EU who provide property marketing services.
- 7.2.3. Managing agents acting for us or the Ballymore Group company that you have a contract with, who provide management services to Ballymore branded or co-branded properties.
- 7.2.4. Property related businesses acting as processors for us, such as property managers and furniture providers such as Johns and Co and David Phillips based in the United Kingdom (subject to your consent).
- 7.2.5. Professional advisors acting as processors for us or the Ballymore Group company that you have a contract with including lawyers, bankers, auditors and insurers based in the United Kingdom and Ireland who provide consultancy, banking, legal, insurance and accounting services.
- 7.2.6. Service providers acting as processors for us or the Ballymore Group company that you have a contract with who provide database, IT and system administration services, such as Salesforce and Egnyte which are based in the USA.
- 7.2.7. Freeholders (and other legal entities within the property owning structure) of the developments in which the property you own or rent is located.
- 7.2.8. Marketing, communication and survey providers / advisors acting as processors for us or the Ballymore Group company that you have a contract with, such as MailChimp based in the USA or In-House Research based in the United Kingdom.
- 7.2.9. HM Revenue & Customs, National Crime Agency, the National House-Building Council, local authorities, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
- 7.2.10. Banks and payment processing companies who complete financial transfers and transactions.
- 7.2.11. Anti-money laundering agencies, which may be based outside of the UK and EU.
- 7.2.12. Human resources consultants who provide advice and support to Ballymore and its employees relating to matters of employment law.
- 7.2.13. Maintenance contractors and service providers who undertake a range of activities for us or the Ballymore Group company that you have a contract with, such as maintenance on building services and systems, security services, billing services, etc.
- 7.2.14. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
7.3. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
8. International Transfer of your data
8.1. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- 8.1.1. The destination country has been deemed to provide an adequate level of protection for that personal data by the United Kingdom Government. For further details, please visit the Information Commissioner’s Office website at: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit.
- 8.1.2. The transfer is protected by an appropriate safeguard. For certain service providers, we may use specific model contracts approved by the United Kingdom Government, which give personal data the same protection it has in the UK. For further details, see the Information Commissioner’s Office website at: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit.
8.2. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK. Please be aware that there may be circumstances where we are able to rely on a legal derogation from the requirement to implement an appropriate safeguard when making a transfer.
9. How we keep your data safe and secure
Once we have received your personal data we will use reasonable and necessary procedures and security features to prevent unauthorised access. For example, we limit who can access your personal data to those individuals and third parties who need to know it and who are subject to a duty of confidentiality.
If we become aware of a data breach we will notify the Information Commissioner’s Office. If we believe that the data breach is serious, we may notify you in accordance with our legal obligations.
10. How long we keep your data
10.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
10.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
10.3. Please contact us if you would like a copy of our Data Retention Policy.
10.4. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
10.5. In some circumstances, you can ask us to delete your data: Please contact us for further information.
11. What are your rights
11.1. Under data protection laws you have the right to protect and look after your personal data. You have the right to:
- 11.1.1. ask us for the personal data that we hold and process about you (this is often referred to as a data subject access request)
- 11.1.2. object to the use of your personal data for marketing purposes;
- 11.1.3. ask that any inaccurate information we hold about you is corrected;
- 11.1.4. ask that we delete the personal data we hold about you in certain situations;
- 11.1.5. ask that we stop using your personal data for certain purposes;
- 11.1.6. ask that we do not make decisions about you using completely automated means; and/or
- 11.1.7. ask that personal data we hold about you is given to you, or where technically feasible a third party chosen by you, in a commonly used, machine-readable format;
- 11.1.8. complain to the Data Department at Ballymore email@example.com if you have any complaints or concerns about the way in which your personal data is processed. You can escalate your complaint to the Information Commissioner’s Office (the UK’s data protection supervisory authority) or the Data Protection Commission (the Irish data protection supervisory authority) if you are not satisfied with the company’s response.
11.2. If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org. The rights listed above may apply only in certain circumstances, and so we may not always be able to comply with your request to exercise these rights.
11.3. We will usually respond to a request from you to exercise your rights within 1 month of receipt, but it might take longer if your request is particularly complex or if you have made a number of requests. Please be aware that we may need to process your personal data and/or request specific information from you to help us comply with your request. You will not usually have to pay a fee to exercise these rights, but we reserve the right to charge a fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request.
12. Our responsibilities and how you can contact us about your data
As detailed in Section 1, Ballymore will act as data controller in relation to personal data. This means that we have responsibilities in relation to that personal data. You can find out more and exercise the rights set out above by contacting us. In order to ensure that any such enquiry is dealt with promptly and efficiently, we recommend that in the first instance you contact our Data Protection Team at email@example.com and tell us what your enquiry relates to in the subject line.
Should you feel that your personal data has not been processed in accordance with this privacy notice or that your data protection rights have been infringed, you can complain directly to the Information Commissioner’s Office who is the UK supervisory authority for data protection issues.
13. Glossary of Data Categories
- Full name;
- Marital status;
- Age / date of birth;
- username or similar identifier.
- Property address;
- Alternative address;
- Contact numbers and email address;
- Place of employment;
- Payment card details,
- information contained within bank statements and bills and other information provided for anti money laundering checks;
- Financial information (service charge demands, payments, arrears records, etc.);
- Bank details;
- Transaction history including details about payments to and from you and other details of properties, goods or services you have purchased or rented from us or the Ballymore Group;
- Conveyancing information;
App Usage Data
- Information about how you use Ballymore websites and applications;
- When you use Ballymore websites and applications (including date and time);
- Download errors; Lengths of visits to certain pages;
- Page interaction information;
- Methods to browse away from our websites;
- Information relating to behaviour and routine;
- Information relating to activities and bookings;
- Records from residents clubs and forums;
- Vehicle details;
- Data on energy usage;
- Incident, Accident and Near Miss Reports;
- Communications and complaints records
- Internet Protocol (IP) address;
- Log-in data;
- Browser type ad version;
- Time zone setting;
- Location data;
- Device cookie and identification;
- Browser plug-in types and versions;
- Operating system and platform;
- Other identifying information required for your device to communicate with our websites.
- Application or website usernames and passwords;
- Purchases, orders or requests made by you;
- Profession, age, gender;
- Interests and preferences;
- Feedback and survey responses.
Marketing and Communications Data
- Preferences in whether you wish to receive marketing from us;
- Communication preferences.
- Personal Metrics e.g. height/weight data
- Medical Conditions;
- Emergency Contacts.
Security Systems Data
- CCTV images and recorded CCTV footage;
- Audio recordings;
- Access control registration details and access logs;
- Vehicle database (ANPR).
Special Categories of Personal Data
- Biometric data (for example, facial images or dactyloscopic data);
- Data concerning health or special circumstances;
- Health and fitness information;
- Sexuality and marital status;
- Criminal history or records of police communications.