Privacy Policy



Ballymore Privacy Notice

1. Introduction

Welcome to the Ballymore privacy notice. At Ballymore we are committed to ensuring that your privacy is protected. This privacy notice explains how we will collect your personal data and how we use your personal data. This includes information that may identify you as a natural person or ‘data subject’ and therefore constitutes ‘personal data’ as defined by the General Data Protection Regulation (”GDPR”).

Ballymore Development Management Ltd (”BDML”) and its subsidiaries Ballymore Asset Management Ltd (”BAML”) and Ballymore Construction Services Ltd (”BCSL”), members of the Ballymore group, will act as a data controller of your personal data. Throughout this privacy notice BDML, BAML and BCSL are referred to collectively as “Ballymore”, “we” or “us”.

Ballymore are committed to protecting the rights and privacy of individuals and complying with the GDPR. We consider your privacy to be of utmost importance and want you to be confident that your personal data is kept safely and securely and for you to understand how it is used. As such, this privacy notice sets out the following information:

  • What data we collect from you;
  • Why we collect this data and what is the legal basis for processing it;
  • Who we share your data with and why;
  • How long we will keep your data; and
  • What your rights are.

2. Our role

2.1. As data controllers of any personal data collected Ballymore will determine the purposes and way in which such personal data are, or will be, processed.

2.2. Our full contact details are:

  • Ballymore Development Management Ltd, 4th Floor 161 Marsh Wall, London, England And Wales, United Kingdom, E14 9SJ. Our registered company number is 08874050.

2.3. We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO at datadepartment@ballymoregroup.com or by writing to the address at 2.2 above marked for the attention of the Data Protection Officer, Data Department.

3. Important information

3.1. This privacy notice was last amended on 18-02-20. It supersedes any earlier versions.

3.2. It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

3.3. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes. You can ask us to rectify or update your personal information at any time by contacting us datadepartment@ballymoregroup.com.

4. What information do we hold?

4.1. The categories of personal data we hold and process (but are not limited to) the following:

  • Identity Data;
    • Full name;
    • Title;
    • Marital status;
    • Age / date of birth;
    • Gender;
    • username or similar identifier.

  • Contact data:
    • Property address;
    • Alternative address;
    • Contact numbers and email address;
    • Place of employment;

  • Financial Data;
    • Payment card details,
    • information contained within bank statements and bills and other information provided for anti money laundering checks;
    • Financial information (service charge demands, payments, arrears records, etc.);
    • Bank details;

  • Transaction Data;
    • Transaction history including details about payments to and from you and other details of properties, goods or services you have purchased or rented from us or the Ballymore Group;
    • Conveyancing information;

  • App Usage Data;
    • Information about how you use Ballymore websites and applications;
    • When you use Ballymore websites and applications (including date and time);
    • Download errors;
    • Lengths of visits to certain pages;
    • Page interaction information;

  • Technical Data;
    • Internet Protocol (IP) address;
    • Log-in data;
    • Browser type ad version;
    • Time zone setting;
    • Location data;
    • Device cookie and identification;
    • Browser plug-in types and versions;
    • Operating system and platform;
    • Other identifying information required for your device to communicate with our websites;

  • Profile Data;
    • App username and passwords;
    • Purchases, orders or requests made by you;
    • Profession, age, gender;
    • Interests and preferences;
    • Feedback and survey responses;

  • Marketing and Communications Data;
    • Preferences in whether you wish to receive marketing from us;
    • Communication preferences.

  • Health Data;
    • Personal Metrics e.g. height/weight data
    • Medical Conditions;
    • Emergency Contacts

4.2. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. This may be derived from your personal data but is not legally considered personal data as it does not directly or indirectly reveal your identity. For example, we may monitor access into leisure facilities to track peak periods. If we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

4.3. Some of the data we collect is considered special categories of personal data (i.e. your height, your weight, information about your health, and biometrics data (for example, facial images), for the purposes of enabling you to book fitness classes or use our gym facilities or to comply with health and safety or evacuation procedures on one of our managed developments. This will only be collected and processed with your consent, which we will obtain at the relevant time.

4.4. Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. If this is the case, we will notify you at the time.

5. How do we obtain this information?

5.1. We use different methods to collect data from and about you including:

5.2. From you directly.

You may give us some personal data directly, including but not limited to, corresponding with us by post, phone, email, through our websites or applications or otherwise. This includes personal data you provide when you:

5.2.1. Telephone, email us or visit us in person;
5.2.2. Create an account on one of our websites or other Ballymore applications where available or contact us through social media;
5.2.3. buy, sell, rent, let, lease, licence or reserve a property
5.2.4. arrange a viewing for a property or showroom;
5.2.5. request information about our properties, or related goods and services we may offer
5.2.6. subscribe to our any services or publications that we offer
5.2.7. Attend one of our social events;
5.2.8. enter a competition, promotion or survey; or
5.2.9. Provide feedback.

5.3. From third parties.

We may receive personal data about you for the following third parties and public sources:

5.3.1. Technical Data from analytics providers based outside the EU such as Google Tag Manager, Google Analytics, Google Adwords, Facebook Pixel, Twitter, DoubleClick, Addthis, BlueKai, Turn Inc., DataXu, AdGear, Weborara, Semasio, Yahoo Analytics, Visual Website Optimiser; and third party software providers which we use on our websites, based outside of the EU including Salesforce, Google Tag Manager, Lotame, Crimtan, DataXu and Response Tap.

5.3.2. Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Barclays Bank PLC based inside the EU.

5.3.3. Identity and Contact Data from publicly availably sources such as the Land Registry, Companies House, and the Electoral Register based inside the EU.

5.4. Automatically collected from or about you or your device.

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

6. How do we use your information?

6.1. In the table below, we have summarised the ways that we plan to use your personal data and the purposes for which we will use it and the lawful basis for this. If we need to process your personal data for a different purpose that is not compatible with the original purpose, then we will let you know.

6.2. We may process your personal data for a different purpose than listed below and without your consent where it is necessary for us to comply with our legal obligations.

6.3. You may withdraw your consent at any time by contacting datadepartment@ballymoregroup.com, at which point we will cease to process your personal data for the purposes to which the consent applies.

6.4. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us via the Data Protection Officer (datadepartment@ballymoregroup.com) if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity

Type of data

Lawful basis for processing including basis for legitimate interest

To contact you

Identity

Contact

Financial

Transaction

Execution of responsibility as Managing Agent.

Performance of a contract or potential contract with you.

Necessary for our legitimate interests (for running our business, to keep our records updated, etc.).

To register you as a new customer

Identity

Contact

Performance of a contract or potential contract with you.

Necessary for our legitimate interests (of our being able to keep records of our registered customers).

To facilitate the reservation, purchase, sale, renting, leasing, or licensing of a property.

Identity

Contact

Financial

Transaction

Marketing and Communications

Performance of a contract or potential contract with you Necessary for our legitimate interests

To facilitate the collection of service charge payments

Identity

Contact

Financial

Transaction

Execution of responsibility as Managing Agent.

Performance of a contract or potential contract with you.

Necessary for our legitimate interests.

To verify your identity, verify your eligibility for certain services, conduct credit reference checks, prevent or detect fraud or money laundering.

Identity

Contact

Financial

Transaction

Performance of a contract or potential contract with you.

Necessary to comply with a legal obligation.

Necessary for our legitimate interest (to prevent being defrauded).

To verify your identity in order to verify your eligibility for access to certain services and Ballymore properties in order to prevent or detect unauthorised use (such as a lease infringement).

Identity

Contact

Financial

Transaction

Security Systems

Operational

Special Categories

Execution of responsibility as Managing Agent.

Performance of a contract or potential contract with you.

Necessary for our legitimate interests (protection of property and security of estate).

To manage our relationship with you, including:

Asking you to leave a review or take a survey or provide feedback on our services.

Notifying you about changes to our terms or privacy notice.

Identity

Contact

Operational

Profile

Marketing and Communications

Performance of a contract or potential contract with you.

Necessary to comply with a legal obligation.

Necessary for our legitimate interests (to keep our records updated and to study how customers use our websites/services).

To provide customer support such as Sales services, Concierge and Front of House services, Helpdesk services, Security services, facilities services, parking services, etc.

Identity

Contact

Operational

Security Systems

Special Categories

Performance of a contract with you.

Execution of responsibility as Managing Agent.

To provide our key authorisation service, allowing you to leave your keys with us for others to collect.

Identity

Contact

Security Systems

Performance of a contract with you.

To enable you to partake in events, competitions and surveys

Identity

Contact

Profile

Marketing and Communications

Operational

Performance of a contract or potential contract with you.

Necessary for our legitimate interests (to develop and grow our business).

To administer and protect our business and network security including websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

Identity

Contact

Technical

Security Systems

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and unauthorised access).

Necessary to comply with a legal obligation.

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

Identity

Contact

Profile

Website Usage

Marketing and Communications

Technical

Necessary for our legitimate interests (to study how customers use our website/services, to develop them, to grow our business and to inform our marketing strategy).

To use data analytics to improve our websites, products/services, marketing, customer relationships and experiences.

Technical

Website Usage

Necessary for our legitimate interests (to define types of customers based on their age, gender and interests for our products and services, to keep our websites updated and relevant, to develop our business and to inform our marketing strategy).

To ensure that content from our websites and our applications are presented in the most effective manner for you and your device.

Identity

Contact

Financial

Transaction

Technical

Necessary for our legitimate interests (to develop our products/services and grow our business and provision of administration and IT services).

To make suggestions, recommendations and provide information to you about goods or services that may be of interest to you

Identity

Contact

Technical

Usage

Profile

Necessary for our legitimate interests (to develop and grow our business)

To permit selected third parties:

  • to provide you with information related to the delivery of services to residents (such as ground rent demands, energy billing, etc.)
  • to assist us in the improvement and optimisation of advertising, marketing material and content, our services and the websites / applications.

Identity

Contact

Financial

Transaction

Operational

Technical

Website Usage

Execution of responsibility as Managing Agent.

Performance of a contract or potential contract with you.

Necessary to comply with a legal obligation.

Consent (in relation to SMS and email marketing communications and application notifications).

Necessary for our legitimate interests (to deliver our services and to develop our business and improve our business).

To comply with requirements imposed by law or any court order.

Identity

Contact

Financial & Transaction

Employment Related

Technical

Website Usage

Operational

Security Systems

Special Categories

Necessary to comply with our legal obligations

To validate the identity and competency of external contractors including the use of DBS checks.

Identity

Employment Related

Operational

Special Categories

Execution of responsibility as Managing Agent.

Performance of a contract or potential contract with you.

Necessary for our legitimate interests (protection of our property, assets and residents’ interests).


6.5. Marketing and promotional offers

6.6. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which properties, services and offers may be relevant for you (we call this marketing).

6.7. You will receive marketing communications from us via the channels you have selected (for example phone, email, SMS, push notifications) where you have opted in to receiving that marketing.

6.8. You can ask us to stop sending you marketing messages at any time by contacting Data Protection Officer or by following the opt-out links on any marketing message sent to you.

6.9. If you do withdraw your consent, this will result in us ceasing to directly market goods and services to you, but we will still process your personal data in order to fulfil our contract with you and in accordance with our legal, accountancy and regulatory obligations.

6.10. We will get your express opt-in consent before we share your personal data with any company outside the Ballymore Group for their own marketing purposes. You have the right to withdraw consent for us to pass your information to third parties for marketing purposes. If you no longer wish to be contacted by third parties for marketing purposes, please follow the instructions in their marketing communications, or consult their privacy policies about how to unsubscribe.

6.11. Cookies and remarketing

6.12. We automatically collect data about how you use our App and websites in order to help us improve future functionality. Additionally, we may pass your personal data to online advertising tools including Google Analytics, Google Adwords, Facebook Pixel, Lotame and Yahoo Analytics. We use tools such as these to carry out remarketing activities so that if you have already visited one of our websites, we can target advertisements at you by third party vendors.

These third-party vendors often use cookies to provide these advertisements based on your visits to our websites in the past.

6.13. You can opt out of third party vendor’s use of cookies by visiting http://optout.networkadvertising.org/?c=1#!/. You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

7. Who we share your data with

We work with a number of trusted partners, suppliers, contractors and businesses in order to deliver the range of services we provide in the execution of our roles. We may share your personal data with the parties set out below for the purposes outlined in the table in paragraph 6.

7.1. Ballymore Group companies

As set out in this privacy notice, we are part of the Ballymore group. The ‘Ballymore’ brand is licensed to a range of companies who sell, market and manage Ballymore branded and co-branded property developments (which we refer to as ‘Ballymore Group’ companies). We share your personal data with such companies, which are based in the United Kingdom, Ireland and Jersey.

7.2. External Third Parties

We may also share your personal data with external third parties, such as:

7.2.1. Joint venture partners of Ballymore branded or co-branded property developments, who may be based outside of the EU.
7.2.2. Estate agents acting as processors, such as Savills, Johns & Co, Foxtons, CBRE, Knight Frank, JLL based both within and outside the EU who provide property marketing services.
7.2.3. Managing agents acting for us or the Ballymore Group company that you have a contract with, who provide management services to Ballymore branded or co-branded properties.
7.2.4. Property related businesses acting as processors for us, such as property managers and furniture providers such as Johns and Co and David Phillips based in the United Kingdom (subject to your consent).
7.2.5. Professional advisors acting as processors for us or the Ballymore Group that you have a contract with including lawyers, bankers, auditors and insurers based in the United Kingdom and Ireland who provide consultancy, banking, legal, insurance and accounting services.
7.2.6. Service providers acting as processors for us or the Ballymore Group company that you have a contract with who provide database, IT and system administration services, such as Salesforce and Egnyte which are based in the USA.
7.2.7. Freeholders of the properties in which you live, or own, or other companies within the property owning structure of your property.
7.2.8. Marketing, communication and survey providers / advisors acting as processors for us or the Ballymore Group company that you have a contract with, such as MailChimp based in the USA or In-House Research based in the United Kingdom.
7.2.9. HM Revenue & Customs, National Crime Agency, the National House-Building Council, local authorities, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
7.2.10. Banks and payment processing companies who complete financial transfers and transactions.
7.2.11. Anti-money laundering agencies, which may be based outside of the EU.
7.2.12. Human resources consultants who provide advice and support to Ballymore and its employees relating to matters of employment law.
7.2.13. Maintenance contractors and service providers who undertake a range of activities for us or the Ballymore Group company that you have a contract with, such as maintenance on building services and systems, security services, billing services, etc.
7.2.14. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

7.3. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

8. International Transfer of your data

8.1. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

8.1.1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

8.1.2. Where we use certain service providers, we may use specific contracts approved by the European Commission, which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

8.1.3. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

8.2. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

9. How we keep your data safe and secure

Once we have received your personal data we will use reasonable and necessary procedures and security features to try and prevent unauthorised access. For example, we limit who can access your personal data to those individuals and third parties who need to know it and who are subject to a duty of confidentiality.

If we become aware of a data breach we will notify the Information Commissioner’s Office. If we believe that the data breach is serious, we may notify you in accordance with our legal requirements.

10. How long we keep your data

10.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

10.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

10.3. Please contact us if you would like a copy of our Data Retention Policy.

10.4. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

10.5. In some circumstances, you can ask us to delete your data: Please contact us for further information.

11. What are your rights

11.1. Under data protection laws you have the right to protect and look after your personal data. You have the right to:

11.1.1. ask us for the personal data that we hold and process about you (this is often referred to as a data subject access request). You have rights to the following information:

12.1.1.1. the purpose(s) for which we are processing your information;

12.1.1.2. the categories of personal information we hold about you;

12.1.1.3. the recipients or categories of recipient to whom the personal data have been or will be disclosed;

12.1.1.4. the period for which we will store your information, or the criteria used to determine that period;

12.1.1.5. prevent the use of your personal data for marketing purposes by using any of the steps at 7.8;

11.1.2. ask that any inaccurate information we hold about you is corrected;

11.1.3. ask that we delete the personal data we hold about you in certain situations;

11.1.4. ask that we stop using your personal data for certain purposes;

11.1.5. ask that we do not make decisions about you using completely automated means; and/or

11.1.6. ask that personal data we hold about you is given to you, or where technically feasible a third party chosen by you, in a commonly used, machine-readable format;

11.1.7. complain to the Information Commissioner’s Office (the UK’s data protection supervisory authority), if you have any complaints or concerns about the way in which your personal data is processed. We would suggest contacting Ballymore first, however, you do have the right to contact the supervisory authority directly.

11.2. If you wish to exercise any of the rights set out above, please contact us at datadepartment@ballymoregroup.com. The rights listed above may apply only in certain circumstances, and so we may not always be able to comply with your request to exercise these rights.

11.3. We will usually respond to a request from you to exercise your rights within 1 month of receipt, but it might take longer if your request is particularly complex or if you have made a number of requests. Please be aware that we may need to process your personal data and/or request specific information from you to help us comply with your request. You will not usually have to pay a fee to exercise these rights, but we reserve the right to if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request.

12. Our responsibilities and how you can contact us about your data

As detailed in Section 1, Ballymore will act as data controller in relation to personal data. This means that we have responsibilities in relation to that personal data. You can find out more and you can exercise the rights set out above by contacting us. In order to ensure that any such enquiry is dealt with promptly and efficiently, we recommend that in the first instance you contact our Data Protection Officer at datadepartment@ballymoregroup.com and tell us what your enquiry relates to in the subject.

Should you feel that your personal data has not been processed in accordance with this privacy notice or should you feel that your data protection rights have been infringed, you can complain directly to the Information Commissioner’s Office who is the UK supervisory authority for data protection issues.