PRIVACY NOTICE FOR SHOPPERS
1. WHO ARE WE?
Gallions Reach Shopping Park, London (the Shopping Park) is owned by Gallions Reach Limited Partnership who have appointed abrdn Investment Management Limited as its asset manager.
References in this notice to "us", "we" and "our" are references to abrdn Investment Management Limited or either party's affiliates, group companies, or subsidiaries.
2. WHAT IS THIS NOTICE?
We want to reach out to our customers and hear what they’re saying – whether it’s by giving us feedback or comments, completing a survey, or taking part in competitions we’re running – we’re thrilled you’re joining the conversation. You can also join our mailing lists to receive our newsletter or other communications, so that we can tell you about things you may be interested in or benefit from deals and discounts we're offering.
When you interact with us, you may give us Personal Data about you. Personal Data means data which can be used to identify an individual. The individual who can be identified from the Personal Data is known as the Data Subject.
In respect of any such Personal Data, for the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR) and the version of the GDPR in force in the UK by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the UK GDPR), we are acting as a Controller (which means we are the business responsible for making the decision to collect the Personal Data in the first place, and deciding what to collect and how to use it). To help us to connect with our customers and run some of our marketing activities, we use a marketing agency. Currently we use a company called Velocity Worldwide UK Limited (our Marketing Agent) to manage our marketing services for us on our behalf. We also work with other companies that carry out certain activities on our behalf, such as the wi-fi operator which helps us to provide our wi-fi service.
Your privacy is important to us, and we are committed to using your Personal Data in a fair and lawful way, and protecting your data rights.
This notice explains what we do with your Personal Data, including what Personal Data we collect, how we collect it, how we use it, and how we comply with our legal obligations to you. It provides information about your data rights, and information about how we use your Personal Data in the context of our marketing activities (including via our Marketing Agent).
Please note that this notice applies to our use of the Personal Data of Shopping Park customers. It also only applies to our activities – if you want to know how other companies and organisations process Personal Data which you provide to them, such as stores within the Shopping Park, please read their privacy policies.
This notice may be updated from time to time, so please re-visit this page if you want to stay up to date.
3. WHAT PERSONAL DATA DO WE COLLECT AND STORE?
We may collect and process the following data about you:
i. INFORMATION WHICH YOU PROVIDE TO US WHEN YOU INTERACT WITH US: we may collect data directly from you, if, for example, you use our Shopping Park services (such as wi-fi and our wi-fi operator asks you to provide information on our behalf for marketing purposes), take part in campaigns which we might run from time to time, complete a survey, or join our mailing lists. This may include:
· your name, address and phone number
· where you come from
· your gender
· online contact information
· payment details (if you decide to take advantage of any discounted goods or services offered as part of our campaigns)
· any opinions or preferences which you express (including your likes and dislikes)
· details about your location
ii. TRANSACTIONAL DATA: we might collect data about your transactions if you use a voucher, loyalty card, discount code or take part in a promotion which we are running. This will help us to learn about:
· your shopping preferences, interests, hobbies and habits
· your health, well-being and lifestyle choices
iii. TRAFFIC DATA: we might collect information about which websites you access or offers you click on when you’re using our wi-fi services. We may also collect your MAC address (a unique identifier from your mobile device), but we will not combine this information with any other information that may identify you.
4. HOW DO WE USE THE DATA WE COLLECT ABOUT YOU AND WHAT’S OUR LEGAL BASIS FOR DOING SO?
We may use the data we collect about you in the following ways:
(i) TO PROVIDE SERVICES: for example, if you have provided us with your details so that you can receive particular services from us (such as taking part in a campaign, benefiting from a discount or taking part in a competition or logging onto our wi-fi network), we will use your Personal Data in order to make that happen. For certain campaigns and competitions, this may include transferring Personal Data related to you to a third party providing the prize or whose goods or services are being promoted. If a transfer of this nature is required, we will publish the name of the third party recipient and let you know that the transfer is required before we do so. We will do this on the basis that such use of your Personal Data is required to provide you with the services you have requested. This may be necessary for the performance of a contract that you are entering or have entered into with us, if you provide your consent, or if it is in our legitimate interests to do so, for example, to facilitate the provision of services to you or your participation in a promotional competition. You may let us know at any time if you want to pull out of a competition or stop receiving our services by contacting us using the contact details set out at the end of this policy and we will promptly comply with your request.
(ii) TO SEND YOU MARKETING COMMUNICATIONS: We might contact you by email, SMS, push notifications in our app, social media, and potentially by other communication channels which may become available in the future, to provide you with information about competitions, deals, products and events. We will send you such communications where you have provided opt-in consent either to us or to a third party acting on our behalf, e.g. our wi-fi operator in the context of our wi-fi service. You are entitled to withdraw your consent to all marketing or marketing via particular channels at any time and we will promptly comply with your request. You will be able to withdraw your consent by contacting us using the contact details set out at the end of this policy or clicking the unsubscribe link in electronic marketing communications we send to you.
TO CREATE A PROFILE ABOUT YOU TO INFORM OUR MARKETING DECISIONS: If you have opted in to receiving marketing communications from us, we might use an automated process to analyse your purchase habits and preferences to build a "profile" of you to get a better idea of your interests, likes and dislikes. This helps us send you information which we think might be of interest to you, about campaigns we’re running and other events or discounts we’re offering (including surveys and information about goods and services which we think you’ll like and which seem to correspond with your interests). We undertake profiling where you have provided opt-in consent to receiving marketing communications from us. You may ask us to stop using your Personal Data for profiling at any time by contacting us using the contact details set out at the end of this policy and we will promptly comply.
(iii) INTERNAL BUSINESS REQUIREMENTS: we may use your Personal Data in accordance with our internal business requirements. For example, we may need to create back-up copies of data to make sure we have adequate safeguards in place to prevent loss of the data we hold; or we may need to use your data to help us establish, exercise or defend legal claims. Any copies of the data held will be held securely and no further use shall be made of such data save as set out herein. We will carry out these activities where it is in our legitimate interests to do so, namely to ensure that our business runs smoothly and to seek and receive legal advice should we need it and to protect ourselves in the context of litigation and other disputes. We believe that such use would be generally anticipated by Data Subjects and is highly unlikely to cause any damage to or be considered by Data Subjects to be invasive of their privacy.
(iv) STATISTICAL ANALYSIS: we (or third party service providers acting on our behalf) may collect and use aggregate data, for internal market research, statistical analysis and data mining purposes, and we may transfer this data at will to third parties (for example, to help us analyse how visitors travel through the Shopping Park). This data will be anonymised and you will not be identifiable from it (meaning it is no longer Personal Data).
5. WILL PERSONAL DATA ABOUT YOU BE DISCLOSED TO ANYONE ELSE?
i. We will not pass Personal Data about you to third parties for marketing purposes unless you have expressly consented to it.
ii. We may disclose your Personal Data to the following third parties for the following purposes:
· To enable our licensors, employees and third parties provide services to help us to carry out our business. Any employees and/or service providers (including our Marketing Agent) contracted by us will be subject to strict contractual requirements only to use your Personal Data in accordance with our instructions.
· If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements or to protect the operation of our business, or the rights, property, or safety of us, our customers, or others.
· To any of our group companies where necessary for internal business purposes.
· If we sell any business or assets to another company or if we merge with or are acquired by another company, or if we are in meaningful discussions about such a possibility, we may share your Personal Data with the prospective new owners of the business or asset. We will never sell Personal Data as a sole asset.
iii. We may disclose aggregate data to third parties for analysis and market research purposes. Any data so disclosed will not contain Personal Data.
If any of these third parties are based outside of the European Economic Area, we will only transfer data to such parties in accordance with applicable data protection legislation (i.e. where there are appropriate safeguards in place to protect your Personal Data).
6. WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?
6.1 It is our policy to ensure that all Personal Data held by us (or any service providers that we use) is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling the data, including the damage that could be caused to an individual as a result of loss, corruption and/or accidental disclosure of any such data, and in accordance with any applicable legal requirements.
6.2 We undertake regular security and risk reviews and we monitor all of the controls that we have in place to ensure the security, accuracy and integrity of the Personal Data we hold. We also endeavour to ensure that such data is only accessed by authorised personnel for a legitimate purpose (in accordance with our privacy notice).
6.3 We have a set of formal procedures that must be adhered to within our organisation to ensure that security standards are maintained and that data privacy is respected.
6.4 Our Marketing Agent, (which is responsible for protecting data we transfer to it for marketing purposes) is ISO27001 accredited by the BSI.
6.5 There are some steps you can take to help make sure that your data is protected. For example:
(a) if you are contacting us with a query or complaint, only ever give us your work details rather than your personal contact details;
(b) if you are sending any financial details or sensitive information, consider sending it in separate emails or encrypted, password protected documents; and
(c) make sure that you keep any passwords associated with any account that you hold with us secure.
7. WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?
We only use servers in the EU (and the United Kingdom). Our current host servers are provided by https://ico.org.uk/concerns/.
Last updated: July 2023