PRIVACY POLICY FOR RENTALS
Lendlease Residential Asset Management Services Limited Privacy Policy – 25 October 2019
We treat personal data provided to us with respect and integrity. Respect and integrity form part of our core values, which are the foundation for the conduct of our business in all parts of the globe. We are committed to protecting your privacy and it is important that you understand how we look after your personal data and how we make sure that we meet our legal obligations to you under applicable data protection rules (including associated guidance) (the “Data Protection Laws“). This Privacy Policy outlines how we will use, store and share your personal data and supplements any fair processing notice provided to you.
This Privacy Policy applies to Lendlease Residential Asset Management Services Limited, a company registered in England and Wales under registration number 11065569, with a registered address at Level 9, 5 Merchant Square, London, W2 1BQ, United Kingdom
, and a wholly owned subsidiary of Lendlease Corporation Limited ABN 32 000 226 228 a company registered in Australia with a registered office at Level 14, Tower Three, International Towers Sydney, Exchange Place, 300 Barangaroo Avenue, Barangaroo NSW 2000, Australia. This Privacy Policy applies to all companies related to Lendlease Corporation (the ‘Lendlease Group’, ‘we’, ‘our’ or ‘us’) and applies to the personal data we collect online through your use of our websites www.LendleaseLiving.com and www.LivingByLendlease.com, including all country-specific websites and any other website operated by any member of the Lendlease Group, (“website”), online systems or offline through your interactions with us. As a global organisation the Lendlease Group regularly handles and transfers “personal data” (being information which is capable of identifying an individual) between Lendlease Group companies, including between Lendlease Group companies operating in different countries. Many of our developments are delivered by the Lendlease Group companies working together, sometimes through a joint venture vehicle such as a limited liability partnership. In such cases, personal data submitted to or otherwise collected by a website which is related to those developments may be collected by other Lendlease Group companies working together. Each of these organisations is a data controller in respect of the use it makes of this information and each has agreed to comply with this Privacy Policy.. In this Privacy Policy, Lendlease Residential Asset Management Services Limited is the data controller primarily responsible for your personal information and the information being provided as set out below.
| Information Collected | Who from? | How and why we use this? | Who is it shared with? |
|
Your contact details, such as your name, address, email address, phone number, fax number, and overall correspondence with us such as your initial enquiry
|
You (i.e. the data subject) | Your general enquiry – in our legitimate interests to process the information to respond to your enquiry appropriately and action accordingly | The Lendlease Group, LRIP E&C H4 GP Limited, LRIP E&C H4 Limited (“LRIP”) (and related bodies corporate of LRIP) |
| Your contact details, such as your name, address, email address, phone number, fax number, and overall correspondence with us such as interest in a particular unit or leasing agreement |
You (i.e. the data subject), Portals [e.g. Zoopla, etc], Agents [e.g. relocation agent], individuals who have provided you a reference such as previous landlords or guarantors, referencing agencies who carry out pre-tenancy checks
|
To register your interest in a residential property unit, or book a tour, or apply [to rent] a particular unit – i.e. to take steps at your request to enter into a contract(s) with you and identify to the degree you are a customer within our rental portfolio (e.g. applicant vs resident a lease holder and tenant/resident) | The Lendlease Group, LRIP E&C H4 GP Limited, LRIP E&C H4 Limited (“LRIP”) (and related bodies corporate of LRIP, our CRM platform and property management platform (Yardi Systems Inc) to help deliver content to you at relevant points within your customer journey experience with us |
| Financial information including credit card information, references and background checks |
You (i.e. the data subject), Yardi Systems Inc. (our financial and background service as well as our lease and property management provider) and other application property management or CRM software
|
When you reserve a unit and request to rent that unit – for the performance of our contract(s) with you | The Lendlease Group and its legal, financial and rental advisors, LRIP E&C H4 GP Limited, LRIP E&C H4 Limited (“LRIP”) (and related bodies corporate of LRIP, Yardi Systems Inc. property management and our CRM platforms, as well as DocuSign for occasional contract management. [Organisation who will do background checks – Home Let], [Rental deposit agency], [card payment providers]. |
| Your contact details, such as your name, address, email address, phone number, fax number, and your marketing preferences | You (i.e. the data subject) |
To sign-up to our newsletter or other marketing from us or shopping centre Wi-Fi – this is in our legitimate interests, but to comply with marketing rules and regulations, we will ask you for your consent to electronic marketing. We practice appropriate email volume and work to maintain a consistent but manageable amount to your inbox.
|
The Lendlease Group, LRIP E&C H4 GP Limited, LRIP E&C H4 Limited (“LRIP”) (and related bodies corporate of LRIP |
|
Your contact details (name, address, email address, phone number, fax number, contract, account information, maintenance notification(s), correspondence about a particular issue or service, appropriate times of entry, permission to enter, special assistance requirements)
|
You (i.e. the data subject), contractors/ sub-contractors where maintenance/ support is provided and a third party is required |
To manage your rental unit/ our contractual relationship – for the performance of our contract(s) with you | Contractors/ sub-contractors to remedy service requests, the Lendlease Group, our Customer Relationship Management system providers (Yardi Systems Inc.), LRIP E&C H4 GP Limited, LRIP E&C H4 Limited (“LRIP”) (and related bodies corporate of LRIP, Digital contract management provides such as DocuSign, [Utility providers], Tenancy Deposit Scheme |
| Call recording | Our phone system | For training and monitoring purposes – for our legitimate business interests |
The Lendlease Group, LRIP E&C H4 GP Limited, LRIP E&C H4 Limited (“LRIP”) (and related bodies corporate of LRIP, our telecommunication and broad band providers [who is this?]
|
| CCTV images | Our CCTV cameras | For crime prevention and public safety, including our residents – for our legitimate business interests and safety |
The Lendlease Group and its property and security managers and law enforcement agencies, LRIP E&C H4 GP Limited, LRIP E&C H4 Limited (“LRIP”) (and related bodies corporate of LRIP), Elephant Park Estate Management Limited
|
|
Job applications (Lendlease or Lendlease Residential Asset Management Services), CV information, contact details (name, address, phone number, email address), references, correspondence) and other applicable HR-related functions such as appraisals, grievances, etc.
|
Workday (external website), you (i.e. the data subject) | The Lendlease Group, recruitment contractors | |
| Cookies and IP addresses |
We collect certain information by automated means such as cookies and web beacons whenever you visit our website. This could include IP address, browser type, operating system, referring URLs. Please see our cookies policy. |
Please see our cookies policy | Please see our cookies policy |
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
| Circumstances in which personal data was provided | How long do we keep it? |
| When you enquire with us to find or learn about a property, whether through our website(s) or by phone, social media, email or walking in to one of our properties and filling out an enquiry form. | 24 months from each enquiry you might make |
| When you request to view a property or unit (aka “book a tour”) When you register with us to receive our marketing information (marketing signup/opt in) When you visit our website When we engage you to provide us with your goods or services Until you ask to be removed or we refresh our database by requesting another opt in every 2 years 12 months 7 years after termination or expiry of our contract If you’ve not used your account after the relevant retention period, it will be flagged as inactive and we’ll contact you to ask whether you want to keep it open. Unless you reply to say ‘yes’, we’ll close the account and delete or anonymise the personal data associated with it. Where we say above that we collect your information on the basis of our legitimate business interests, we are required to carry out a balancing test of these interests against your interests and rights under the Data Protection Laws. As a result of our balancing test, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal data in accordance with the Data Protection Laws on the basis that we have a legitimate business interest. |
24 months |
| Legitimate interest | We have a legitimate interest in processing your information as: We need the information to appropriately and efficiently respond to your enquiries; We need the information to send you information; We would be unable to provide our services without processing your information; We would be unable to process your job application without processing your information; We need call recordings for evidential purposes and to help us perform our applications/contract(s) with you; and/or CCTV is there for safety reasons and for the prevention/ detection of crime. |
| Necessity | We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as we process your personal data only so far as is necessary for such purpose. |
| Impact of processing | We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as it can be reasonably expected for us to process your personal information in this way for the purposes set out above. In nearly all cases, the information is being processed for your benefit and not ours alone. |
We may collect sensitive (or “special category”) personal information relating to your health, for example whether or not you have a disability to determine whether certain of our properties may be suitable for you and for complying with health and safety requirements. We will only use this information with your consent and if this is required by law. In this case, you have the right to withdraw your consent to this processing at any time.
In some circumstances, we may have another lawful reason to collect such special categories of personal data, in which case we will inform you of this prior to the processing taking place.
We use cookies on our websites. For more information about how we use cookies on the website please read the full version of our Cookie Policy.
We may disclose your personal information to any member of the Lendlease Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (“Lendlease Group”).
We will disclose your personal information to third parties, as set out above and:
- to our professional advisors (including without limitation tax, legal or other corporate advisors who provide professional services to the Lendlease Group)
- to other third-party suppliers for business administration or IT purposes;
- in the event, or in connection with, a merger or sale involving all or part of the Lendlease Group or as part of a corporate reorganisation or share sale or other change in corporate control to any prospective sellers or buyers of such business or assets;
- in the event of any insolvency situation (e.g. the administration or liquidation) of Lendlease Corporation Limited or any of its group entities;
- if we, or any member of the Lendlease Group, or substantially all of its assets, are acquired by a third party, in which case personal data held by us about our customers and/or employees may be one of the transferred assets; in order to enforce or apply our website terms of use;
- to protect the rights, property, or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations (including without limitation the local police or other local law enforcement agencies or regulatory bodies) for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction; and/or
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
We may transfer personal information to countries other than the country in which the data was originally collected. These countries may not have the same data protection laws as the country in which you initially provided the information and may not provide the same level of protection.
Where your information is processed by or shared between the Lendlease Group, your information is likely to be transferred to or from Australia, the United Kingdom, Greater China, Japan, Malaysia, Singapore, Hong Kong, the United States and Italy for the purposes set out above.
Where your information is transferred to a third party (for example our Customer Relationship Management system provider) this is also likely to be transferred to a third country, namely the United States.
Where your personal data is collected within the European Economic Area (“EEA”), it will only be transferred outside of the EEA where an adequate level of protection for your rights as a data subject can be ensured, and where the transfer is otherwise in accordance with relevant data protection laws, including by incorporating standard clauses approved by the European Commission in our agreements. A copy of these can be found at: http://eur-lex.europa.eu/
Search = CELEX:32010D0087
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features, including industry-leading technology software, to try to prevent unauthorised access.
We, and our external service providers, take reasonable steps to protect personal data from misuse, interference or loss and unauthorised access, modification and disclosure with appropriate safeguards and security measures and restrict access to those who have a legitimate business purpose and reason for accessing it. We store most data about you in computer systems and databases operated by either us or our robust external service providers. However, safeguards and security measures apply to personal data in both electronic and hard copy form.
Personal data is only retained for as long as it is necessary for the identified purposes, to the extent necessary for purposes reasonably related to those identified purposes (for example, resolving disputes) or as required by law, in accordance with the periods set out above.
You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below. You may contact us using the details set out below to exercise any of these rights. We will respond to your request within one month.
In some instances, we may be unable to carry out your request, in which case we will write to you (again, within one month) to explain why.
1. You have the right to request access to your personal data
You have the right to request confirmation that your personal data is being processed, to request access to your personal data (through us providing a copy) and to be provided with other information about how we process your personal data.
2. You have the right to ask us to rectify your personal data
You have the right to request that we rectify your personal data if it is not accurate or not complete.
3. You have the right to ask us to erase your personal data
You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data. This right would apply if we no longer need to use your personal data to provide services to you, where you withdraw your consent for us to process special categories of your personal data, or where you object to the way we process your personal data (see right 6 below).
4. You have the right to ask us to restrict or block the processing of your personal data
You have the right to ask us to restrict or block the processing of your personal data that we hold about you. This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we don’t need to use your personal data for the purpose we collected it for but may require it to establish, exercise or defend legal claims.
5. You have the right to port your personal data
You have the right to obtain your personal data from us and use it for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.
6. You have the right to object to our processing of your personal data
You have the right to object to our processing of your personal data where we process your data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.
7. You have the right not to be subject to automated decisions
You have the right to object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.
8. You have the right to withdraw your consent
You have the right to withdraw your consent to our processing of personal data, if consent was the mechanism we used to collect it.
If you have any enquiries regarding this Privacy Policy, wish to exercise your rights in respect of your personal data or wish to make a complaint in relation to how the Lendlease Group has handled your personal data, you should contact us at:
ATTN: Data Protection Manager
Lendlease Residential Asset Management Services Limited
Level 9 Merchants Square
London W2 1BQ
United Kingdom
We aim to resolve all enquiries promptly and in accordance with Data Protection Laws.
We will always aim to address your concerns if you have any and would encourage you to contact us at the address above. You can also contact the relevant data protection/ supervisory authority in your jurisdiction. For the purposes of the Data Protection Laws, our lead supervisory authority is the Information Commissioner’s Office, who can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or at www.ico.org.uk or by telephone 0303 123 1113.
sole traders, partnerships and businesses
Where we are engaged with you as a sole trader, partnership or business that you represent or are employed/ contracted by and this involves the collection and use of your personal data by us, this will be done in accordance with the relevant parts of this Privacy Policy.
other websites
Our website may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or your use of those websites. Additionally, we do not transfer your data to these third parties without proper security protocol and credentials.
A list of Lendlease Group entities can be found here.
From time to time, we may change our policy on how we deal with personal data or the types of personal data which we hold. We will take all measures necessary to communicate any changes to this Privacy Policy to you and any updated version of this Privacy Policy will be published on this page. You may obtain a copy of our current policy from our website or by contacting us at the contact details above.
In the event of any conflict between the English language version of this Privacy Policy and other language versions, the English language version will prevail.