Please note that, for the purposes of this Policy, EPGL means Enterprise Property Group Limited and its directly or indirectly held subsidiaries, which include Enterprise Residential Development Limited (“ERDL”), Enterprise Heritage Limited (“EHL”), Enterprise Urban Limited (“EUL”), Enterprise Retirement Living Limited (“ERL”), Boughton Hall Management Limited (“BHML”) and Red House Ripon Management Limited (“RHRML”), the latter two being the management companies responsible for ERL’s current retirement villages.
The personal data referred to may be obtained electronically (by direct email, or emails/registrations sent through EPGL’s websites) or other means (for example, business cards, reservation forms, telephone calls, letters, orders, contracts, etc).
Under The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) (“the GDPR”), EPGL is both the Data Controller and Data Processor in respect of such information. EPGL’s Data Protection Officer is Wendy Fleckney, who can be contacted by email on email@example.com, by phone on 01223 835995, or by post at Enterprise Property Group Limited, Scutches Barn, 17 High Street, Whittlesford, Cambridge, CB22 4LT.
ERDL, ERL, BHML and RHRML are registered with the Information Commissioner’s Office under the Data Protection Act. Our registration numbers are ZA285249, ZA187832, ZA187838 and ZA263188 respectively.
ERDL and ERL comprise a number of other entities: the various LLPs which own ERDL’s developments (and which are, therefore, the vendors of the properties on those developments) and the companies that own ERL’s retirement villages (such that they are the respective villages’ landlords). However, as the relationship with the customers (as described in the third paragraph of this Policy above) of those entities is with the same management and staff of ERDL and/or ERL, and the provisions of this Policy are implemented and observed by the same people, we have not separately registered them with the Information Commissioner’s Office.
1. YOUR PERSONAL DATA
We only collect, use, store and share (where appropriate) personal data that is relevant and necessary for the purposes of our relationship with you, and this will vary depending on that relationship. We do not keep it for any longer than required, plus an applicable retention period, but again these timescales will differ according to the nature of our association (see Section 8 below).
The categories of personal data could include all or some of the following:
- Contact details (name, address, telephone numbers, email address)
- Financial status and bank details
- Details of your solicitors and other professional advisers
- Date of birth, marital status and gender*
- Next of kin and/or other nominated person and their emergency contact numbers*
- Copies of identification documents, including photographs*
- CCTV footage*
We may also collect, store and use information about you that falls into special categories of more sensitive personal data. This includes information about (where applicable):
- Health and medical conditions*
The categories marked with an asterisk generally relate only to our customers who purchase a new-build or pre-owned retirement property and subsequently live in ERL’s retirement villages. This information is required to enable the respective management companies to fulfil their obligations to those customers.
2. THE LEGITIMATE PURPOSE(S) FOR WHICH WE MAY USE YOUR DATA
We only collect and use personal information about you when the law allows us to do so. This means we will use your information only for the specific purpose(s) it was given or obtained, for example to:
- Respond to requests for brochures or to answer enquiries relating to those of our developments that are of interest
- Facilitate the purchase of our properties
- Meet our responsibilities to customers living in ERL’s retirement villages
- Fulfil our part of a contract with you
- Conduct our business relationships
- Comply with a legal obligation
- Carry out a task in the public interest
Less commonly, we may also use personal information about you where:
- You have given us consent to use it in a certain way
- We need to protect your vital interests (or someone else’s interests)
- We have legitimate interests in processing the data, for example, if we suspect any breach of legislation or our policies; fraud prevention; criminal activity
Unless you have specifically registered for, and consented to receive, information in relation to one or more of our developments, your details will not be entered on a central database and not used for marketing purposes.
Where it has been necessary for you to provide us with consent to use your data, you may withdraw this consent at any time (see Section 7 below).
You also have certain other rights in relation to your personal data, again see Section 7 below.
3. HOW WE USE YOUR INFORMATION
We process your information electronically and/or manually, and may contact you by email, telephone, text message or in writing, depending on the contact details you have provided and, where applicable, the means by which you have given your explicit consent to be contacted.
4. HOW WE STORE YOUR INFORMATION
We create and maintain various electronic and hard copy files in order to record essential information to enable us to conduct our relationship with and obligations to you. These files will vary according to that relationship and those obligations. The information contained in these files is kept secure in the following ways:
- Hard copy files and documents are kept in locked drawers or cupboards, some of which are in appropriate individual departmental offices which are locked when not attended. Unless necessary and specifically authorised, no files are removed from our offices at any time.
- The office building itself is locked (an outer door and three inner doors to separate areas, which have coded keypads) when not attended, and the building has an industry-recognised certified alarm system which is subject to regular testing and maintenance.
- Where data is stored electronically, it is held on designated computers or a central computer network system. Access to certain areas on the network is restricted to be available to management and relevant staff only, and all designated computers, and those from which the network is available, are strictly password controlled.
- The network server is sited in a location away from general office space, accessible by relevant staff only.
- The network server and all computers are protected by approved security software and a firewall. These are monitored by a specialist IT company, reviewed regularly and updated when necessary.
5. SHARING YOUR INFORMATION
We never, under any circumstances, sell personal data that we hold. However, where it is necessary and applicable (and it complies with data protection legislation), or is legally required, we may share personal information about you with:
- Colleagues within our companies
- Your family or representatives
- Your solicitors and other professional advisers
- Regulators associated with EPGL’s business (for example, the Information Commissioner’s Office and H M Revenue & Customs)
- Suppliers and service providers, to enable them to provide the service for which we have contracted them insofar as these supplies and services are related to you. These include, but are not limited to, estate agents, managing agents in respect of our retirement villages who handle the administration for those villages’ management companies, and in respect of any of our other developments which have management companies, tradespeople and sub-contractors.
- Our auditors, lawyers and insurers
- Professional advisers and consultants
- Sector-specific organisations and professional bodies
- Police forces, courts and tribunals
- Central and local government
- Financial organisations
- Security organisations
6. TRANSFERRING DATA INTERNATIONALLY
We have not in the past had cause to transfer personal data to another country, but should the need arise, we will do so in accordance with data protection legislation.
7. YOUR RIGHTS
How to access personal information held about you
Individuals have a right to make a subject access request to gain access to personal information that any organisation holds about them.
If you make a subject access request of us in respect of any information we hold about you, we will:
- Give you a description of it
- Tell you why we are holding and processing it, and how long we will keep it for
- Explain where we got it from, if not from you
- Tell you who it has been, or will be, shared with
- Give you a copy of the information in an intelligible form
If you would like to make a subject access request, please contact our Data Protection Officer, who will explain the process and timescales.
There is no charge to provide this information, except in exceptional circumstances (for example, if the request is manifestly unfounded or excessive, or if you request further copies of the data already supplied; in these cases the charge will be based on the administrative costs incurred).
Your other rights regarding your data
Under data protection legislation, individuals have certain rights regarding how their personal data is used and kept safe. You have the right to:
- Object to the use of your personal data if it would cause, or is causing, damage or distress
- Prevent your data being used for direct marketing
- Object to the use of your personal data for decisions being taken by automated means (by a computer or machine, rather than by a person)
- In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict its processing
- Claim compensation for damages caused by a proven breach of the data protection regulations
You may also have the right for your personal information to be transmitted electronically to another organisation in certain circumstances.
If you require your record to be removed or amended, please contact our Data Protection Officer.
8. INFORMATION RETENTION
The length of time we retain information once our relationship with you has come to an end is:
- Customers who have expressed an interest in one or more of our developments, or our business in general, by registering via one of our websites or by other means and have given their consent to receive information from us – until such time as that interest results in becoming a customer or contact in one of the different categories below, or when customers/contacts unsubscribe or otherwise ask to be removed from our records. This is because the duration of some of our schemes, particularly the retirement villages, from their initial marketing to completion and full occupation can be lengthy. The retirement villages also have re-sale properties come to the market from time to time. However, we may also remove records as the result of an internal audit where it is apparent that no contact has been received for some time, when we will assume that there is no further interest.
- Potential purchasers of our properties in cases where an intended purchase falls through – 1 year. This so we still have relevant details should the purchase be resurrected.
- Actual purchasers of our new-build properties – for 12 years. This period covers the 10 years of the home-owner warranty provided (usually by the NHBC) on our properties, plus an additional 2 years, which is often a requirement in our agreements with the sub-contractors we use.
- Owners of our properties living in ERL’s retirement villages – 3 years. Selected hard copy data is scanned and stored, together with relevant existing electronic material, on a secure computer. This is because experience has shown that this information is sometimes required following an owner moving out or passing away. Anything not considered necessary for this purpose is securely shredded and/or deleted from computer systems.
- All other business contacts as listed above – indefinitely. This enables us to contact you should we require your services again. However, as indicated below, you have the right to ask us at any time to remove your information.
Notwithstanding the above timescales, you are at liberty to ask us to delete your information at any time (see Section 7 above). If there are any consequences arising from your doing so, we will explain this at the time.
Any information that we are requested to remove, or that which is no longer required, is disposed of securely (ie, shredded or permanently deleted from computer systems).
We take any complaints about our collection and use of personal information very seriously. If you think that our collection or use of your personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance by contacting our Data Protection Officer. We will do everything possible to resolve any issue to everyone’s mutual satisfaction.
You are also at liberty to make a complaint to the Information Commissioner’s Office (“ICO”), but we would urge you to pursue the route above first before escalating the matter in this way if it cannot be settled between us. The contact details for the ICO are:
- Report a concern online at: https://ico.org.uk/concerns/
- Call: 0303 123 1113
- Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
10. OTHER ISSUES
If you have any other questions or matters to raise in relation to this Policy not covered by the above, please contact our Data Protection Officer.
The following sections apply only to use of our websites:
You are not required to provide any personal information on the public areas of our websites. However, you may choose to do so by completing a registration form and providing us with information about yourself, such as your name and address, so that we can respond to requests for information. You can unsubscribe from emails and further contact at any time on request, when we will delete any details we hold on you. Email marketing circulars will contain an Unsubscribe option which you can click on to have your details removed. Alternatively, please contact our Data Protection Officer by direct email, telephone or post.
12. HOW TO CONTROL AND DELETE COOKIES
We know that people have concerns about cookies, but we believe that the benefit that you and ERL gain from their proper use is worthwhile.
You can delete the files that contain cookies – those files are stored as part of your internet browser. If you wish to restrict or block the cookies which are set by EPGL’s websites, or indeed any other website, or if you wish to receive notification of cookie placement requests or decline cookies completely, you can do this through your browser settings. The Help function within your browser should tell you how. Please be aware that declining or denying cookies may prevent you from being able to use the website to its highest capability.
Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile device you will need to refer to your manual.
This is a list of the main cookies set by EPGL’s websites, and what each is used for:
|Cookie name||Used for||Cookie expires||Definition|
|__utma||Metrics: Google||2 years||www.erl.co.uk uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of our website and compile reports on user activity.
Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
|__utmb||Metrics: Google||30 mins|
|__utmc||Metrics: Google||End of session|
|__utmz||Metrics: Google||6 months|
|__atuvc||AddThis||2 years||AddThis cookies allow users to share content via Social Networking websites and email.