1. Introduction
Welcome to the Ballymore privacy notice. At Ballymore we are committed to ensuring that your privacy is protected. This privacy notice explains how we will collect your personal data and how we use your personal data. This includes information that may identify you as a natural person or ‘data subject’ and therefore constitutes ‘personal data’ as defined by the General Data Protection Regulation ("GDPR").
Ballymore Development Management Ltd ("BDML") and its subsidiaries Ballymore Asset Management Ltd ("BAML") and Ballymore Construction Services Ltd ("BCSL"), members of the Ballymore group, will act as a data controller of your personal data. Throughout this privacy notice BDML, BAML and BCSL are referred to collectively as “Ballymore”, “we” or “us”.
Ballymore are committed to protecting the rights and privacy of individuals and complying with the GDPR. We consider your privacy to be of utmost importance and want you to be confident that your personal data is kept safely and securely and for you to understand how it is used. As such, this privacy notice sets out the following information:
2. Our role
2.1. As data controllers of any personal data collected Ballymore will determine the purposes and way in which such personal data are, or will be, processed.
2.2. Our full contact details are:
2.3. We have appointed a data protection team (DPT) who are responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPT at [email protected] or by writing to the address at 2.2 above marked for the attention of the Data Protection Team, Data Department.
3. Important information
3.1. This privacy notice was last amended on 23-11-21. It supersedes any earlier versions.
3.2. It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
3.3. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes. You can ask us to rectify or update your personal information at any time by contacting us [email protected].
4. What information do we hold?
4.1. The categories of personal data we hold and process (but are not limited to) the following:
4.2. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. This may be derived from your personal data but is not legally considered personal data as it does not directly or indirectly reveal your identity. For example, we may monitor access into leisure facilities or car park to track peak periods. If we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
4.3. Some of the data we collect is considered special categories of personal data (i.e. your height, your weight, information about your health, and biometrics data (for example, facial images), for the purposes of enabling you to use our gym facilities or to comply with health and safety or evacuation procedures on one of our managed developments or through security systems or CCTV.
4.4. Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. If this is the case, we will notify you at the time.
5. How do we obtain this information?
5.1. We use different methods to collect data from and about you including:
5.2. From you directly.
You may give us some personal data directly, including but not limited to, corresponding with us by post, phone, email, through our websites or applications or otherwise.
This includes personal data you provide when you:
5.2.1. Telephone, email us or visit us in person;
5.2.2. Create an account on one of our websites or other Ballymore applications where available or contact us through social media;
5.2.3 buy, sell, rent, let, lease, licence or reserve a property
5.2.4 arrange a viewing for a property or showroom;
5.2.5 request information about our properties, or related goods and services we may offer
5.2.6 subscribe to our any services or publications that we offer
5.2.7 Attend one of our social events;
5.2.8 enter a competition, promotion or survey; or
5.2.9 Provide feedback.
5.3. From third parties.
We may receive personal data about you for the following third parties and public sources:
5.3.1. Technical Data from analytics providers based outside the EU such as Google Tag Manager, Google Analytics, Google Adwords, Facebook Pixel, Twitter, DoubleClick, Addthis, BlueKai, Turn Inc., DataXu, AdGear, Weborara, Semasio, Yahoo Analytics, Visual Website Optimiser; and third party software providers which we use on our websites, based outside of the EU including Salesforce, Google Tag Manager, Lotame, Crimtan, DataXu and Response Tap.
5.3.2. Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Barclays Bank PLC based inside the EU.
5.3.3. Identity and Contact Data from publicly availably sources such as the Land Registry, Companies House, and the Electoral Register based inside the EU.
5.4 Automatically collected from or about you or your device.
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.
6. How do we use your information?
6.1. In the table below, we have summarised the ways that we plan to use your personal data and the purposes for which we will use it and the lawful basis for this. If we need to process your personal data for a different purpose that is not compatible with the original purpose, then we will let you know.
6.2. We may process your personal data for a different purpose than listed below and without your consent where it is necessary for us to comply with our legal obligations.
6.3. You may withdraw your consent at any time by contacting [email protected], at which point we will cease to process your personal data for the purposes to which the consent applies.
6.4. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us via the Data Protection Team ([email protected]) if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose / Activity | Type of Data | Lawful basis for processing including basis for legitimate interest |
| To contact you |
Identity Contact Financial Transaction |
Execution of responsibility as Managing Agent. Performance of a contract or potential contract with you. Necessary for our legitimate interests (for running our business, to keep our records updated, etc.). |
| To register you as a new customer |
Identity Contact Profile Marketing and Communications |
Performance of a contract or potential contract with you. Necessary for our legitimate interests (of our being able to keep records of our registered customers). |
| To facilitate the reservation, purchase, sale, renting, leasing, or licensing of a property. |
Identity Contact Financial Transaction Marketing and Communications |
Performance of a contract or potential contract with you Necessary for our legitimate interests |
| To facilitate the collection of service charge payments |
Identity Contact Financial Transaction |
Execution of responsibility as Managing Agent. Performance of a contract or potential contract with you. Necessary for our legitimate interests. |
| To verify your identity, verify your eligibility for certain services, conduct credit reference checks, prevent or detect fraud or money laundering. |
Identity Contact Financial Transaction |
Performance of a contract or potential contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interest (to prevent being defrauded). |
| To verify your identity in order to verify your eligibility for access to certain areas at Ballymore properties in order to prevent or detect unauthorised use (such as lease infringement). |
Identity Contact Profile Financial Transaction Security Systems Special Categories |
Execution of responsibility as Managing Agent. Performance of a contract or potential contract with you. Necessary for our legitimate interests (protection of property and security of estate). |
|
To manage our relationship with you, including: Asking you to leave a review or take a surveyor provide feedback on our services. Notifying you about changes to our terms or privacy notice. |
Identity Contact Usage Profile Marketing and Communications |
Performance of a contract or potential contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how customers use our websites/services). |
| To provide customer support such as Sales services, Concierge and Front of House services, Helpdesk services, Security services, facilities services, parking services, etc. |
Identity Contact Finantial Usage Profile Security Systems Special Categories |
Performance of a contract with you. Execution of responsibility as Managing Agent. |
| To provide our key authorisation service, allowing you to leave your keys with us for others to collect. |
Identity Contact Profile Security Systems |
Performance of a contract with you. |
| To enable you to partake in events, competitions and surveys |
Identity Contact Profile Usage Marketing and Communications |
Performance of a contract or potential contract with you. Necessary for our legitimate interests (to develop and grow our business). |
| To administer and protect our business and network security including websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). |
Identity Contact Profile Technical Usage Security Systems |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and unauthorised access). Necessary to comply with a legal obligation. |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. |
Identity Contact Profile Usage Marketing and Communications Technical |
Necessary for our legitimate interests (to study how customers use our website/services, to develop them, to grow our business and to inform our marketing strategy). |
| To use data analytics to improve our websites, products/services, marketing, customer relationships and experiences. | Technical Usage | Necessary for our legitimate interests (to define types of customers based on their age, gender and interests for our products and services, to keep our websites updated and relevant, to develop our business and to inform our marketing strategy). |
| To ensure that content from our websites and our applications are presented in the most effective manner for you and your device. |
Contact Financial Transaction Technical |
Necessary for our legitimate interests (to develop our products/services and grow our business and provision of administration and IT services). |
| To make suggestions, recommendations and provide information to you about goods or services that may be of interest to you |
Identity Contact Technical Usage Profile |
Necessary for our legitimate interests (to develop and grow our business) |
|
To permit selected third parties: · to provide you with information related to the delivery of services to residents (such as ground rent demands, energy billing, etc.) · to assist us in the improvement and optimisation of advertising, marketing material and content, our services and the websites / applications. |
Identity Contact Transaction Usage Technical |
Execution of responsibility as Managing Agent. Performance of a contract or potential contract with you. Necessary to comply with a legal obligation. Consent (in relation to SMS and email marketing communications and application notifications). Necessary for our legitimate interests (to deliver our services and to develop our business and improve our business). |
| To comply with requirements imposed by law or any court order. |
Identity Contact Financial & Transaction Employment Related Technical Usage Security Systems Special Categories |
Necessary to comply with our legal obligations |
6.5. Marketing and promotional offers
6.6. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which properties, services and offers may be relevant for you (we call this marketing).
6.7. You will receive marketing communications from us via the channels you have selected (for example phone, email, SMS, push notifications) where you have opted in to receiving that marketing.
6.8. You can ask us to stop sending you marketing messages at any time by contacting Data Protection Team or by following the opt-out links on any marketing message sent to you.
6.9. If you do withdraw your consent, this will result in us ceasing to directly market goods and services to you, but we will still process your personal data in order to fulfil our contract with you and in accordance with our legal, accountancy and regulatory obligations.
6.10. We will get your express opt-in consent before we share your personal data with any company outside the Ballymore Group for their own marketing purposes. You have the right to withdraw consent for us to pass your information to third parties for marketing purposes. If you no longer wish to be contacted by third parties for marketing purposes, please follow the instructions in their marketing communications, or consult their privacy policies about how to unsubscribe.
6.11. Cookies and remarketing
6.12. We automatically collect data about how you use our applications and websites in order to help us improve future functionality. Additionally, we may pass your personal data to online advertising tools including Google Analytics, Google Adwords, Facebook Pixel, Lotame and Yahoo Analytics. We use tools such as these to carry out remarketing activities so that if you have already visited one of our websites, we can target advertisements at you by third party vendors.
These third-party vendors often use cookies to provide these advertisements based on your visits to our websites in the past.
6.13. You can opt out of third party vendor's use of cookies by visiting http://optout.networkadvertising.org/?c=1#!/. You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.
7. Who we share your data with
We work with a number of trusted partners, suppliers, contractors and businesses in order to deliver the range of services we provide in the execution of our roles. We may share your personal data with the parties set out below for the purposes outlined in the table in section 6.
7.1. Ballymore Group companies
As set out in this privacy notice, we are part of the Ballymore group. The ‘Ballymore’ brand is licensed to a range of companies who sell, market and manage Ballymore branded and co-branded property developments (which we refer to as ‘Ballymore Group’ companies). We share your personal data with such companies, which are based in the United Kingdom, Ireland and Jersey.
7.2. External Third Parties
We may also share your personal data with external third parties, such as:
7.2.1. Joint venture partners of Ballymore branded or co-branded property developments, who may be based outside of the EU.
7.2.2. Estate agents acting as processors, such as Savills, Johns & Co, Foxtons, CBRE, Knight Frank, JLL based both within and outside the EU who provide property marketing services.
7.2.3. Managing agents acting for us or the Ballymore Group company that you have a contract with, who provide management services to Ballymore branded or co-branded properties.
7.2.4. Property related businesses acting as processors for us, such as property managers and furniture providers such as Johns and Co and David Phillips based in the United Kingdom (subject to your consent).
7.2.5. Professional advisors acting as processors for us or the Ballymore Group that you have a contract with including lawyers, bankers, auditors and insurers based in the United Kingdom and Ireland who provide consultancy, banking, legal, insurance and accounting services.
7.2.6. Service providers acting as processors for us or the Ballymore Group company that you have a contract with who provide database, IT and system administration services, such as Salesforce and Egnyte which are based in the USA.
7.2.7. Freeholders of the properties in which you live, or own, or other companies within the property owning structure of your property.
7.2.8. Marketing, communication and survey providers / advisors acting as processors for us or the Ballymore Group company that you have a contract with, such as MailChimp based in the USA or In-House Research based in the United Kingdom.
7.2.9. HM Revenue & Customs, National Crime Agency, the National House-Building Council, local authorities, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
7.2.10. Banks and payment processing companies who complete financial transfers and transactions.
7.2.11. Anti-money laundering agencies, which may be based outside of the EU.
7.2.12. Human resources consultants who provide advice and support to Ballymore and its employees relating to matters of employment law.
7.2.13. Maintenance contractors and service providers who undertake a range of activities for us or the Ballymore Group company that you have a contract with, such as maintenance on building services and systems, security services, billing services, etc.
7.2.14. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
7.3. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
8. International Transfer of your data
8.1. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
8.1.1. The destination country has been deemed to provide an adequate level of protection for that personal data by the United Kingdom Government. For further details, please visit the Information Commissioner’s Office website at: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit.
8.1.2. The transfer is protected by an appropriate safeguard. For certain service providers, we may use specific model contracts approved by the United Kingdom Government, which give personal data the same protection it has in the UK. For further details, see the Information Commissioner’s Office website at: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit.
8.2. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK. Please be aware that there may be circumstances where we are able to rely on a legal derogation from the requirement to implement an appropriate safeguard when making a transfer.
9. How we keep your data safe and secure
Once we have received your personal data we will use reasonable and necessary procedures and security features to try and prevent unauthorised access. For example, we limit who can access your personal data to those individuals and third parties who need to know it and who are subject to a duty of confidentiality.
If we become aware of a data breach we will notify the Information Commissioner's Office. If we believe that the data breach is serious, we may notify you in accordance with our legal requirements.
10. How long we keep your data
10.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
10.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
10.3. Please contact us if you would like a copy of our Data Retention Policy.
10.4. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
10.5. In some circumstances, you can ask us to delete your data: Please contact us for further information.
11. What are your rights
11.1. Under data protection laws you have the right to protect and look after your personal data. You have the right to:
11.1.1. ask us for the personal data that we hold and process about you (this is often referred to as a data subject access request). You have rights to the following information:
11.1.2. the purpose(s) for which we are processing your information;
11.1.3. the categories of personal information we hold about you;
11.1.4. the recipients or categories of recipient to whom the personal data have been or will be disclosed;
11.1.5. the period for which we will store your information, or the criteria used to determine that period;
11.1.6. prevent the use of your personal data for marketing purposes by using any of the steps at 7.8;
11.1.7. ask that any inaccurate information we hold about you is corrected;
11.1.8. ask that we delete the personal data we hold about you in certain situations;
11.1.9. ask that we stop using your personal data for certain purposes;
11.1.10. ask that we do not make decisions about you using completely automated means; and/or
11.1.11 ask that personal data we hold about you is given to you, or where technically feasible a third party chosen by you, in a commonly used, machine-readable format;
11.1.12 complain to the Information Commissioner’s Office (the UK’s data protection supervisory authority), if you have any complaints or concerns about the way in which your personal data is processed. We would suggest contacting Ballymore first, however, you do have the right to contact the supervisory authority directly.
11.2. If you wish to exercise any of the rights set out above, please contact us at [email protected]. The rights listed above may apply only in certain circumstances, and so we may not always be able to comply with your request to exercise these rights.
11.3. We will usually respond to a request from you to exercise your rights within 1 month of receipt, but it might take longer if your request is particularly complex or if you have made a number of requests. Please be aware that we may need to process your personal data and/or request specific information from you to help us comply with your request. You will not usually have to pay a fee to exercise these rights, but we reserve the right to if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request.
12. Our responsibilities and how you can contact us about your data
As detailed in Section 1, Ballymore will act as data controller in relation to personal data. This means that we have responsibilities in relation to that personal data. You can find out more and you can exercise the rights set out above by contacting us. In order to ensure that any such enquiry is dealt with promptly and efficiently, we recommend that in the first instance you contact our Data Protection Team at [email protected] and tell us what your enquiry relates to in the subject.
Should you feel that your personal data has not been processed in accordance with this privacy notice or should you feel that your data protection rights have been infringed, you can complain directly to the Information Commissioner’s Office who is the UK supervisory authority for data protection issues.