ERL takes your privacy seriously and we are committed to safeguarding any Personal Data that you provide to us.
1.1 We are “ERL”, meaning for the purposes of this Privacy Notice (the “Policy”), Enterprise Retirement Living Limited (“ERL”) (referred to as “ERL” / “we” / “us”). ERL’s data protection registration number is ZA187832.*
*ERL comprises the companies that own ERL’s retirement villages (such that they are the respective villages’ landlords). However, as the relationship with the customers of those entities is with the same management and staff of ERL, and the provisions of this Policy are implemented and observed by the same people, we have not separately registered them with the Information Commissioner’s Office.
1.2 You are an ERL: customer (including potential purchasers of our properties, actual purchasers of our properties, and owners of our properties living in ERL’s retirement villages), contractor, sub-contractor, supplier, service provider, external agency, professional adviser or consultant (referred to as “you”).
1.3 For the purposes of the applicable data protection and privacy laws and regulations (“Data Protection Legislation”), we are a ‘data controller’ for all Personal Data where we decide how and why it is processed. We will be a ‘data processor’ where we use Personal Data in accordance with a third party’s instructions.
1.4 Please note that any clause headings and clause summaries are for reference purposes only and shall not have legal effect. Please read the full clause text.
We are privacy advocates and these terms set out our data protection practices.
2.1 Your privacy is at the core of our business and we want to make sure that you are comfortable with how we use the Personal Data that you disclose to us.
2.2 This Policy describes what Personal Data that we collect about you, how we use it and the rights you have in relation to its collection and usage. By “Personal Data” we refer to any Personal Data collected or held by ERL, that identifies and relates to you as an individual, as further detailed below.
We may process certain Personal Data to enable us to contact you regarding enquiries relating to purchasing one of our homes and managing any ongoing relationship with you.
3.1. We may obtain your Personal Data electronically (by direct email, or emails/registrations sent through ERL’s websites) or other means (for example, business cards, reservation forms, telephone calls, letters, orders, contracts, etc).
3.2. We only collect, use, store and share (where appropriate) Personal Data that is relevant and necessary for the purposes of our relationship with you, and this will vary depending on that relationship.
3.3. The categories of Personal Data could include all or some of the following: • Contact details (name, address, telephone numbers, email address); • Your race and/or ethnicity; • Financial status and bank details; • Details of your solicitors and other professional advisers; • Date of birth, marital status and gender*; • Next of kin and/or other nominated person and their emergency contact numbers and email address* • Copies of identification documents, including photographs*; and • CCTV footage*. We may also collect, store and use more sensitive Personal Data, including (where applicable), health and medical conditions*.
*The categories marked with an asterisk above generally relate only to our customers who purchase a new-build or pre-owned retirement property and subsequently live in ERL’s retirement villages to enable us to manage our ongoing relationship.
3.4. We may also collect technical information about you when you visit any ERL website. This information may include the Internet protocol (IP) address used to connect your computer to the Internet, your browser type and version, time zone setting, operating system and platform, browser plug-in types and version, the full URL clickstream to, through and from the website, page response times, download errors, length of visits to certain pages, page interaction (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page.
If you have consented to receiving marketing emails and newsletters, we will use your Personal Data to send these to you.
4.1. You are not required to provide any Personal Data on the public areas of our websites or to opt-in to marketing communications. However, you may choose to do so by completing a registration form and providing us with Personal Data about yourself, such as your name and address, so that we can respond to requests for Personal Data.
4.2. You can unsubscribe from emails and further contact at any time and each marketing email will also contain instructions on how to unsubscribe from receiving them. Alternatively, you can request this by email, telephone or post.
We primarily use your Personal Data to deliver our contractual obligations to you or to facilitate any service information requests.
5.1. We process your Personal Data electronically and/or manually, and may contact you by email, telephone, text message or in writing, depending on the contact details you have provided and, where applicable, the means by which you have given your explicit consent to be contacted.
5.2. We only collect and use Personal Data about you when the law allows us to do so. This means we will use your Personal Data only for the specific purpose(s) it was given or obtained, for example to: • Respond to requests for brochures or to answer enquiries relating to those of our retirement villages that are of interest; • Facilitate the purchase of our properties; • Meet our responsibilities to customers living in ERL’s retirement villages; • Fulfil our part of a contract with you; and • Conduct our business relationships. Each of the above scenarios are based on the lawful ground of ‘contractual necessity’.
5.3. Less commonly, we may also use Personal Data about you where: • You have given us consent to use it in a certain way; • We need to protect your vital interests (or someone else’s interests); • We are carrying out a task in the public interest; • We have legitimate interests in processing the data, including without limitation, if we suspect any breach of legislation or our policies, fraud prevention or criminal activity.
5.4. Unless you have specifically registered for, and consented to receive, Personal Data in relation to one or more of our retirement villages, your details will not be entered on a central database and not used for marketing purposes.
5.5. Where it has been necessary for you to provide us with consent to use your data, you may withdraw this consent at any time.
Some services, especially in ERL’s retirement villages, are reliant on Personal Data being provided by you.
6.1. You always reserve the right to withhold your Personal Data, but this may affect your ability and eligibility to receive certain ERL services. In such circumstances, we may have to cancel all or part of the services, but we will notify you if this is the case.
We keep your Personal Data in the UK to keep it accessible and secure.
7.1. The data that we collect from you will be stored in our secure offices for hard copy files and on a restricted network accessible only by relevant staff if it is electronic. Our servers are based in the UK.
7.2. We have not needed to transfer Personal Data to another country to date, but if this changes, we would only do so in accordance with the applicable data protection and privacy laws.
We may share your Personal Data with trusted partners, your family and regulators where this is reasonably required.
8.1. We never, under any circumstances, sell Personal Data that we hold.
8.2. However, where it is necessary and applicable (and it complies with data protection legislation), or is legally required, we may share Personal Data about you with: • Colleagues within our companies; • Your family or representatives; • Your solicitors and other professional advisers; • Regulators associated with ERL’s business (for example, the Information Commissioner’s Office and HMRC); • Suppliers and service providers, to enable them to provide the service for which we have contracted them insofar as these supplies and services are related to you – these include, but are not limited to, estate agents, managing agents in respect of our retirement villages who handle the administration for those villages’ management companies; • Our auditors, lawyers and insurers; • Professional advisers and consultants; • Sector-specific organisations and professional bodies; • Police forces, courts and tribunals; • Central and local government; • Financial organisations; IT support companies; Cloud storage companies; and • Security organisations.
8.3. We may also share are your Personal Data with our website analytics consultants and search engine providers to assist us in the improvement and optimisation of the ERL websites.
We will only hold onto your Personal Data whilst it is needed for our services or as required by law.
9.1. We will only retain your Personal Data for as long as necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
9.2. To determine the appropriate retention period for Personal Data, we consider:
9.2.1. the amount, nature, and sensitivity of the Personal Data;
9.2.2. the potential risk of harm from unauthorised use or disclosure of your Personal Data;
9.2.3. the purposes for which we process your Personal Data; and
9.2.4. whether we can achieve those purposes through other means, and the applicable legal requirements.
9.3. Once our relationship with you has ended we will keep your Personal Data for the following periods:
9.3.1. potential customers – for 1 year after an intended purchase falls through in case the purchase is resurrected, or earlier upon your request or following an internal audit where we consider that you have no further interest in a property;
9.3.2. actual purchasers of new-build properties – for 12 years to cover the home-owner warranty and the additional 2 years often required by our sub-contractors; and
9.3.3. owners of properties living in ERL’s retirement villages – for 3 years; and
9.3.4. all other business to business contacts – indefinitely so we can contact you again if we require your services, or any time upon your request.
9.4. Notwithstanding the above timescales, you are at liberty to ask us to delete your Personal Data at any time, as further detailed below. If there are any consequences from such a request, this we will explain these to you at the time.
9.5. Any Personal Data that we are requested to remove, or that which is no longer required, is disposed of securely (i.e. shredded or permanently deleted from computer systems).
9.6. When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it, or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
We keep your data secure through a variety of technical security measures.
10.1. We take our security obligations very seriously and regularly monitor for breaches and potential weaknesses.
10.2. We are committed to ensuring that data is stored, archived or disposed of in a safe and secure manner. We have procedures in place to try to prevent any unauthorised access or disclosures and to safeguard and keep secure the Personal Data that we collect.
10.3. You are not required to provide any Personal Data on the public areas on any ERL website. However, if you choose to do so, you should be aware that providing Personal Data over the Internet can never be guaranteed as being completely safe and you do so at your own risk.
You have many rights in relation to your Personal Data which gives you control.
11.1. You have rights in relation to the Personal Data that we hold about you.
11.2. You have the right to request us to:
11.2.1. provide you with access to your Personal Data that we are processing (this is called a ‘Subject Access Request’). If you make a subject access request of us in respect of any Personal Data we hold about you, we will: • Give you a description of it; • Tell you why we are holding and processing it, and how long we will keep it for; • Explain where we got it from, if not from you; • Tell you who it has been, or will be, shared with; and • Give you a copy of the Personal Data in an intelligible form. There is no charge to provide this Personal Data, except in exceptional circumstances (for example, if the request is manifestly unfounded or excessive, or if you request further copies of the data already supplied; in these cases the charge will be based on the administrative costs incurred);
11.2.2. prevent your data being used for direct marketing;
11.2.3. correct Personal Data that we hold about you which is incorrect or inaccurate;
11.2.4. restrict our processing of Personal Data where it is inaccurate or breaches the law;
11.2.5. erase data in certain circumstances (i.e. we no longer require it, you withdraw consent etc);
11.2.6. cease processing in certain circumstances based on an objection that you may have (i.e. where we are processing your Personal Data based on our legitimate interests); and
11.2.7. transfer the Personal Data to a third party.
You can notify the ICO if you have concerns with how we process your Personal Data.
12.1. We take any complaints about our collection and use of Personal Data very seriously. If you think that our collection or use of your Personal Data is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance by contacting our Data Protection Officer. We will do everything possible to resolve any issue to everyone’s mutual satisfaction. You are also at liberty to make a complaint to the Information Commissioner’s Office (“ICO”), but we would urge you to pursue the route above first before escalating the matter in this way if it cannot be settled between us.
12.2. You can report a concern to the ICO online at: https://ico.org.uk/concerns/.
13.1. A cookie is a small file of text and numbers which is created by the Website. When you visit the Website, the cookie is attached to your computer or other device but does not access your hard drive on your computer. If you revisit our Website, the cookie will be recognised by the Website.
13.3. You can delete the files that contain cookies – those files are stored as part of your internet browser. If you wish to restrict or block the cookies which are set by ERL’s websites, or indeed any other website, or if you wish to receive notification of cookie placement requests or decline cookies completely, you can do this through your browser settings. The Help function within your browser should tell you how.
13.4. Please be aware that declining or denying cookies may prevent you from being able to use the website to its highest capability.
13.5. Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile device you will need to refer to your manual.
13.6. This is a list of the cookies set by ERL’s websites, and what each is used for:
|Cookie Name||Used for||Cookie Expires||Definition|
|__utma||Metrics: Google||2 years||ERL’s websites use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets cookies in order to evaluate your use of our website and compile reports on user activity|
|__utmb||Metrics: Google||30 minutes|
|__utmc||Metrics: Google||End of session||Google may also transfer this information to third-parties where required to do so by law, or where such third-parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.|
|__utmz||Metrics: Google||6 months|
These terms may change from time to time to reflect changes to our practices or the law.
14.1. We may update this Policy from time to time. The latest version of our Policy will be available on the relevant ERL website.
Questions, comments and requests regarding this Policy are welcomed.
15.1. Please address any questions or matters that are not covered by this Policy to firstname.lastname@example.org. Our Data Protection Officer will reply where appropriate.
This Policy was last updated October 2020.