Last update: 9/10/2020
这是资本和区域的188竞猜比分隐私政策。它本身ts out how we collect and process your personal data, what we use it for, and gives you important information on how you can amend information we hold on you such as amending or removing consent for marketing communications or updating your personal details. If you have any queries about this policy or how we handle any personal data you provide to us, please contact us using the details provided at the bottom of this document.
Who is Capital & Regional?
Capital & Regional plc owns and operates a number of shopping centres in the UK. Capital & Regional is listed on the main market of the London Stock Exchange and has a secondary listing on the Johannesburg Stock Exchange.
Our Purpose for Collecting and Processing Personal Data
We collect and process data in order to: Understand who our shareholders and stakeholders are and to send them appropriate and relevant information; to carry out marketing for both Capital & Regional and our Shopping centres; and in order to manage the operations of our business such as contracts with businesses operating in our centres. In some cases we are also required to hold certain information for legal compliance, law enforcement or contractual purposes.
Data protection laws set out a number of valid reasons for the collection and processing of personal data. These include: Consent, such as ticking a box to opt-in to receive marketing emails from us; legitimate Interest; compliance with the law; and, to fulfil contractual obligations.
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we collect and keep a limited record of staff, customers and visitors who come onto our office premises for the purpose of contact tracing.
Covid-19 Track & Trace
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our office premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
As a customer/visitor of our office premises you will be asked to provide some basic information and contact details. The following information will be collected:
The venue/establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
此外,如果你只与一个成员互动of staff during your visit, the name of the assigned staff member will be recorded alongside your information.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.
We may require you to pre-book appointments for visits or to complete a form on arrival.
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit.
Your information will always be stored and used in compliance with the relevant data protection legislation.
第6（1）（c）条的通用数据保护条例涵盖了您的信息的使用 - 我们作为场地/机构所遵守的法律义务。The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of corona virus.
By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.
- You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).
- You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.
- You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).
If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.
If you are still not satisfied, you can complain to the Information Commissioner’s Office. Their website address is www.ico.org.uk.
Use of personal Data for Marketing Communications
We only send post, email, text messages and mobile notifications to you about news and services that we consider may be of interest to you only if you have given us permission to do so.
Electronic notifications may be sent to you via your internet browser if you have given consent for us to do so. If you subsequently wish to remove consent for these you can do so following the instructions provided by your internet browser software.
Who Controls or Has Access to the Data?
Personal data is accessed and processed by staff at the support office of Capital & Regional. The use of personal data will remain under the control of Capital & Regional at all times operating as the Data Controller. Capital & Regional do not sell your data to other companies.
We use selected third parties, called Data Processors, to help operate our services which include, for example, email system or database providers. When employing Data Processors, we ensure that they comply with data protection laws including ensuring that data is held securely and that only the information required to complete the work is supplied to them. If we stop using a particular Data Processor’s services we require that personal data held by them is securely deleted or anonymised. Third parties involved with our database and email systems are Tiger Systems and Nunki, and website data can be processed by Innovation Digital. Some customer data required to fulfil retailer and commercial partner requests and to fulfil contractual obligations, is stored within Salesforce.
In compliance with the law we may be obligated to disclose Data about you to a law enforcement agency or by a court order.
Personal Data is held and processed only within the EU.
Data subjects have various rights in relation to accessing and amending the data companies hold on them under GDPR. More information on how to do this can be found later in this document.
Retention Period & Criteria
We only keep personal data for as long as necessary for the purpose for which it was collected or to comply with legal, contractual or law enforcement purposes. At the end of this period data is either deleted or anonymised so that it can be used for statistical and analytical purposes in a non-identifiable way.
Data Subject’s Rights
How do I access or amend my data?
Please contact us firstname.lastname@example.org. In line with GDPR access requests are free and will be responded to within a month.
Each email we send contains an unsubscribe link and a link to the customer profile tool.
Opting out of marketing communications will be honoured unless a later opt-in is received for the same contact details.
Changes to this Privacy Statement
Identity and Contact Details
Data Controller: Capital & Regional, 22 Chapter Street, London, SW1P 4NP.