PRIVACYNOTICE FOR SHOPPERS
1. WHO ARE WE?
The Water Gardens ShoppingCentre, Harlow (the Shopping Centre) is owned by StandardLife Assurance Limited which hasappointed abrdnInvestment Management Limited as its asset manager.
References inthis notice to "us", "we" and "our" arereferences to abrdn Investment Management Limited or either party's affiliates,group companies, or subsidiaries.
2. WHAT IS THIS NOTICE?
We want to reach out to our customers and hear what they’re saying –whether it’s by giving us feedback or comments, completing a survey, or takingpart in competitions we’re running – we’re thrilled you’re joining theconversation. You can also join our mailing lists to receive our newsletter orother communications, so that we can tell you about things you may beinterested in or benefit from deals and discounts we're offering.
When you interact with us, you may give us Personal Data about you. Personal Data means data which can beused to identify an individual. The individual who can be identified from thePersonal Data is known as the DataSubject.
In respect of any such Personal Data, for the purpose of applicabledata protection legislation (including but not limited to the General DataProtection Regulation (Regulation (EU) 2016/679) (the GDPR) and the version of the GDPR in force in the UK by virtue ofsection 3 of the European Union (Withdrawal) Act 2018 (the UK GDPR), weare acting as a Controller (whichmeans we are the business responsible for making the decision to collect thePersonal Data in the first place, and deciding what to collect and how to useit). To help us to connect with ourcustomers and run some of our marketing activities, we use a marketing agency.Currently we use a company called Velocity Worldwide UK Limited (our Marketing Agent) to manage ourmarketing services for us on our behalf. We also work with other companies thatcarry out certain activities on our behalf, such as the wi-fi operator whichhelps us to provide our wi-fi service.
Your privacy is important to us, and we are committed to using yourPersonal Data in a fair and lawful way, and protecting your data rights.
This notice explains what we do with your Personal Data, includingwhat Personal Data we collect, how we collect it, how we use it, and how wecomply with our legal obligations to you. It provides information about yourdata rights, and information about how we use your Personal Data in the contextof our marketing activities (including via our Marketing Agent).
Please note that this notice applies to our use of the Personal Data ofShopping Centre customers. It also only applies to our activities – if you wantto know how other companies and organisations process Personal Data which youprovide to them, such as stores within the Shopping Centre, please read theirprivacy policies.
This notice may be updated from time to time, so please re-visit thispage if you want to stay up to date.
3. WHAT PERSONALDATA DO WE COLLECT AND STORE?
We may collect and process the following data about you:
i. INFORMATION WHICH YOU PROVIDE TO US WHEN YOU INTERACTWITH US: we may collect data directly from you, if,for example, you use our ShoppingCentre services (such as wi-fi and our wi-fi operator asks you to provideinformation on our behalf for marketing purposes), take part in campaigns whichwe might run from time to time, complete a survey, or join our mailing lists. This may include:
· your name,address and phone number
· where you comefrom
· your gender
· online contactinformation
· payment details(if you decide to take advantage of any discounted goods or services offered aspart of our campaigns)
· any opinions orpreferences which you express (including your likes and dislikes)
· details aboutyour location
ii. TRANSACTIONAL DATA: we might collect data about your transactions if you use a voucher, loyaltycard, discount code or take part in a promotion which we are running. This willhelp us to learn about:
· your shoppingpreferences, interests, hobbies and habits
· your health,well-being and lifestyle choices
iii. TRAFFIC DATA:we might collect information about which websites you access or offers youclick on when you’re using our wi-fi services. We may also collect your MACaddress (a unique identifier from your mobile device), but we will not combinethis information with any other information that may identify you.
4. HOW DO WEUSE THE DATA WE COLLECT ABOUT YOU AND WHAT’S OUR LEGAL BASIS FOR DOING SO?
We may usethe data we collect about you in the following ways:
(i) TO PROVIDE SERVICES: for example, if you have provided us with your details so that you canreceive particular services from us (such as taking part in a campaign,benefiting from a discount or taking part in a competition or logging onto ourwi-fi network), we will use your Personal Data in order to make that happen.For certain campaigns and competitions, this may include transferring PersonalData related to you to a third party providing the prize or whose goods orservices are being promoted. If a transfer of this nature is required, we willpublish the name of the third party recipient and let you know that the transferis required before we do so. We will dothis on the basis that such use of your Personal Data is required to provideyou with the services you have requested. This may be necessary for theperformance of a contract that you are entering or have entered into with us, ifyou provide your consent, or if it is in our legitimate interests to do so, forexample, to facilitate the provision of services to you or your participationin a promotional competition. You maylet us know at any time if you want to pull out of a competition or stopreceiving our services by contacting us using the contact details set out atthe end of this policy and we will promptly comply with your request.
(ii) TO SEND YOU MARKETING COMMUNICATIONS: We might contact you by email, SMS, push notificationsin our app, social media, and potentially by other communication channels whichmay become available in the future, to provide you with information about competitions,deals, products and events. We will sendyou such communications where you have provided opt-in consent either to us orto a third party acting on our behalf, e.g. our wi-fi operator in the contextof our wi-fi service. You are entitled to withdraw your consent to allmarketing or marketing via particular channels at any time and we will promptlycomply with your request. You will be able to withdraw your consent bycontactingus using the contact details set out at the end of this policy or clicking theunsubscribe link in electronic marketing communications we send to you.
TO CREATE APROFILE ABOUT YOU TO INFORM OUR MARKETING DECISIONS: If you have opted in to receiving marketingcommunications from us, we might use an automated process to analyse yourpurchase habits and preferences to build a "profile" of you to get abetter idea of your interests, likes and dislikes. This helps us send you information which wethink might be of interest to you, about campaigns we’re running and otherevents or discounts we’re offering (including surveys and information aboutgoods and services which we think you’ll like and which seem to correspond withyour interests). We undertake profiling whereyou have provided opt-in consent to receiving marketing communications from us.You may ask us to stop using your Personal Data for profiling at any time by contactingus using the contact details set out at the end of this policy and we willpromptly comply.
(iii) INTERNAL BUSINESS REQUIREMENTS: we may use your Personal Data in accordance with ourinternal business requirements. For example, we may need to create back-upcopies of data to make sure we have adequate safeguards in place to preventloss of the data we hold; or we may need to use your data to help us establish,exercise or defend legal claims. Any copies of the data held will be heldsecurely and no further use shall be made of such data save as set out herein.We will carry out these activities where it is in our legitimate interests todo so, namely to ensure that our business runs smoothly and to seek and receivelegal advice should we need it and to protect ourselves in the context oflitigation and other disputes. We believe that such use would be generallyanticipated by Data Subjects and is highly unlikely to cause any damage to orbe considered by Data Subjects to be invasive of their privacy.
(iv) STATISTICAL ANALYSIS: we (or third party service providersacting on our behalf) may collect and use aggregate data, for internal marketresearch, statistical analysis and data mining purposes, and we may transferthis data at will to third parties (for example, to help us analyse howvisitors travel through the shopping centre). This data will be anonymised andyou will not be identifiable from it (meaning it is no longer Personal Data).
5. WILL PERSONAL DATA ABOUT YOU BE DISCLOSED TO ANYONEELSE?
i. We will not pass Personal Data about you to thirdparties for marketing purposes unless you have expressly consented to it.
ii. We may disclose yourPersonal Data to the following third parties for the following purposes:
· To enable our licensors, employees and third parties provideservices to help us to carry out our business. Any employees and/or service providers (including ourMarketing Agent) contracted by us will be subject to strict contractualrequirements only to use your Personal Data in accordance with our instructions.
· To any of our group companies where necessary for internal business purposes.
· If we sell any business or assets to another companyor if we merge with or are acquired by another company, or if we are inmeaningful discussions about such a possibility, we may share your PersonalData with the prospective new owners of the business or asset. We will never sell Personal Data as a sole asset.
iii. We may discloseaggregate data to third parties for analysis and market research purposes. Anydata so disclosed will not contain Personal Data.
If anyof these third parties are based outside of the European Economic Area, we willonly transfer data to such parties in accordance with applicable dataprotection legislation (i.e. where thereare appropriate safeguards in place to protect your Personal Data).
6. WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?
6.1 It is our policyto ensure that all Personal Data held by us (or any service providers that weuse) is handled correctly and appropriately according to the nature of theinformation, the risk associated with mishandling the data, including thedamage that could be caused to an individual as a result of loss, corruptionand/or accidental disclosure of any such data, and in accordance with anyapplicable legal requirements.
6.2 We undertakeregular security and risk reviews and we monitor all of the controls that wehave in place to ensure the security, accuracy and integrity of the PersonalData we hold. We also endeavour to ensure that such data is only accessed byauthorised personnel for a legitimate purpose (in accordance with our privacynotice).
6.3 We have aset of formal procedures that must be adhered to within our organisation toensure that security standards are maintained and that data privacy isrespected.
6.4 Our MarketingAgent, (which is responsible for protecting data we transfer to it formarketing purposes) is ISO27001 accredited by the BSI.
6.5 There are some steps you can take tohelp make sure that your data is protected. For example:
(a) ifyou are contacting us with a query or complaint, only ever give us your workdetails rather than your personal contact details;
(b) if you are sending any financial detailsor sensitive information, consider sending it in separate emails or encrypted,password protected documents; and
(c) makesure that you keep any passwords associated with any account that you hold withus secure.
7. WHERE DO WESTORE THE PERSONAL DATA WE COLLECT?
We only use servers in the EU (and the United Kingdom). Our currenthost servers are provided by Catalyst2.
8. FOR HOW LONG DO WE STORE PERSONAL DATA ABOUT YOU?
We will only retain and use Personal Data which we collect foras long as necessary for the purposes for which it was collected. If we haven'theard from you or had any meaningful interaction with you for over 2 years, wewill contact you and ask you if you would like to be removed from our database.In some circumstances we may be required to keep your data for longer periods(for example, to comply with our obligations under applicable laws).
9. WHATRIGHTS DO YOU HAVE IN RESPECT OF ANY PERSONAL DATA WE HOLD ABOUT YOU?
You have the following rights in respect of Personal Datawhich we hold about you:
(a) Right to be informed: the right to be informed about whatPersonal Data we collect and store about you and how it’s used.
(b) Right of access: the right to request a copy of thePersonal Data we hold about you, as well as confirmation of:
(i) the purposesof the processing;
(ii) thecategories of Personal Data concerned;
(iii) therecipients to whom the Personal Data has/will be disclosed;
(iv) for howlong it will be stored; and
(v) if datawasn’t collected directly from the you, information about the source.
(c) Right of rectification: the right to require us to correctany Personal Data held about you which is inaccurate or incomplete.
(d) Right to be forgotten: in certain circumstances, the rightto have any Personal Data held about you erased from our records.
(e) Right to restriction of processing: the right to request us to restrictthe processing carried out in respect of your Personal Data. You might want todo this, for instance, if you think the data held by us is inaccurate and youwould like to restrict processing until the data has been reviewed and updatedif necessary.
(f) Right of portability: the right to have your Personal Datatransferred to another organisation, to the extent it was provided in astructured, commonly used and machine-readable format.
(g) Right to object to direct marketing: the right to object where processingis carried out for direct marketing purposes (including profiling in connectionwith that purpose).
(h) Right to object to automatedprocessing: theright not to be subject to a decision based solely on automated processing(including profiling) which produces legal effects (or other similarsignificant effects) on you.
You may request to exercise any of these rights by contacting us usingthe contact details set out at the end of this policy. We may need to ask youfor further information and identification to help us to comply with thisrequest. We may also refuse your request where it is excessive, repetitive, orto comply with applicable laws.
10. WHODO YOU COMPLAIN TO IF YOU’RE NOT HAPPY WITH HOW WE PROCESS YOUR PERSONAL DATA?
If you have any questions or concerns about how we areusing Personal Data about you or if you would otherwise like to contact ourData Protection Officer, please send an email to email@example.com.
If you wish to make a complaint about how we havehandled your Personal Data, you may lodge a complaint with the InformationCommissioner’s Office by following this link: https://ico.org.uk/concerns/.
Lastupdated: July 2023