Privacy Policy

PRIVACY NOTICE FOR SHOPPERS

 

  1. WHO ARE WE?

 

We are Standard Life Assurance Limited (we/us/our). We own The Atrium, Park Street, Camberley, GU15 3QL (the Shopping Centre).

 

  1. WHAT IS THIS NOTICE?

 

We want to reach out to our customers and hear what they’re saying – whether it’s by giving us feedback or comments, completing a survey, or taking part in competitions we’re running – we’re thrilled you’re joining the conversation. You can also join our mailing lists to receive our newsletter or other communications, so that we can tell you about things you may be interested in or benefit from deals and discounts we’re offering.

 

When you interact with us, you may give us Personal Data about you. Personal Data means data which can be used to identify an individual. The individual who can be identified from the Personal Data is known as the Data Subject.

 

In respect of any such Personal Data, for the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR), we are acting as a Controller (which means we are the business responsible for making the decision to collect the Personal Data in the first place, and deciding what to collect and how to use it).  To help us to connect with our customers and run some of our marketing activities, we use a marketing agency. Currently we use a company called Jones Lang LaSalle Limited (Bewonder) (our Marketing Agent) to manage our marketing services for us. This means that they may handle the Personal Data as a Processor (they are acting on our behalf and authorised to use the Personal Data in accordance with our instructions). We also work with other companies that carry out certain activities on our behalf, such as the wi-fi operator which helps us to provide our wi-fi service.

 

Your privacy is important to us, and we are committed to using your Personal Data in a fair and lawful way, and protecting your data rights.

 

This notice explains what we do with your Personal Data, including what Personal Data we collect, how we collect it, how we use it, and how we comply with our legal obligations to you. It provides information about your data rights, and information about how we use your Personal Data in the context of our marketing activities (including via our Marketing Agent).

 

Please note that this notice applies to our use of the Personal Data of Shopping Centre customers. It also only applies to our activities – if you want to know how other companies and organisations process Personal Data which you provide to them, such as stores within the Shopping Centre, please read their privacy policies.

 

This notice may be updated from time to time, so please re-visit this page if you want to stay up to date.

 

  1. WHAT PERSONAL DATA DO WE COLLECT AND STORE?

 

We may collect and process the following data about you:

 

  1. INFORMATION WHICH YOU PROVIDE TO US WHEN YOU INTERACT WITH US: we may collect data directly from you,  if, for example, you use our Shopping Centre services (such as wi-fi and our wi-fi operator asks you to provide information on our behalf for marketing purposes), take part in campaigns which we might run from time to time, complete a survey, or join our mailing lists. This may include:

 

 

 

 

 

 

 

 

  1. TRANSACTIONAL DATA: we might collect data about your transactions if you use a voucher, loyalty card, discount code or take part in a promotion which we are running. This will help us to learn about:

 

 

 

  1. HOW DO WE USE THE DATA WE COLLECT ABOUT YOU AND WHAT’S OUR LEGAL BASIS FOR DOING SO?

 

We may use the data we collect about you in the following ways:

 

 

 

TO CREATE A PROFILE ABOUT YOU TO INFORM OUR MARKETING DECISIONS: If you have opted in to receiving marketing communications from us, we might use an automated process to analyse your purchase habits and preferences to build a “profile” of you to get a better idea of your interests, likes and dislikes.  This helps us send you information which we think might be of interest to you, about campaigns we’re running and other events or discounts we’re offering (including surveys and information about goods and services which we think you’ll like and which seem to correspond with your interests). We undertake profiling where you have provided opt-in consent to receiving marketing communications from us. You may ask us to stop using your Personal Data for profiling at any time by contacting us using the contact details set out at the end of this policy and we will promptly comply.

 

 

 

  1. WILL PERSONAL DATA ABOUT YOU BE DISCLOSED TO ANYONE ELSE?

 

  1. We will not pass Personal Data about you to third parties for marketing purposes unless you have expressly consented to it.

 

  1. We may disclose your Personal Data to the following third parties for the following purposes:

 

 

 

 

 

If any of these third parties are based outside of the European Economic Area, we will only transfer data to such parties in accordance with applicable data protection legislation (i.e.  where there are appropriate safeguards in place to protect your Personal Data).

 

  1. WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?

 

 

 

 

 

(a)         if you are contacting us with a query or complaint, only ever give us your work details rather than your personal contact details;

(b)     if you are sending any financial details or sensitive information, consider sending it in separate emails or encrypted, password protected documents; and

(c)         make sure that you keep any passwords associated with any account that you hold with us secure.

 

  1. WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?

 

We only use servers in the EU (and the United Kingdom). Our current host servers are provided by Catalyst2.

 

  1. FOR HOW LONG DO WE STORE PERSONAL DATA ABOUT YOU?

 

We will only retain and use Personal Data which we collect for as long as necessary for the purposes for which it was collected. If we haven’t heard from you or had any meaningful interaction with you for over 2 years, we will contact you and ask you if you would like to be removed from our database. In some circumstances we may be required to keep your data for longer periods (for example, to comply with our obligations under applicable laws).

 

  1. WHAT RIGHTS DO YOU HAVE IN RESPECT OF ANY PERSONAL DATA WE HOLD ABOUT YOU?

 

9.1        You have the following rights in respect of Personal Data which we hold about you:

 

 

 

 

 

 

 

 

You may request to exercise any of these rights by contacting us using the contact details set out at the end of this policy. We may need to ask you for further information and identification to help us to comply with this request. We may also refuse your request where it is excessive, repetitive, or to comply with applicable laws.

 

  1. WHO DO YOU COMPLAIN TO IF YOU’RE NOT HAPPY WITH HOW WE PROCESS YOUR PERSONAL DATA?

 

If you have any questions or concerns about how we are using Personal Data about you or if you would otherwise like to contact our Data Protection Officer, please send an email to [email protected]

If you wish to make a complaint about how we have handled your Personal Data, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.

Last updated: 17-10-2019