ERL takes your privacy seriously and we are committed to safeguarding any Personal Data that you provide to us.
1.1 We are “ERL”, meaning for the purposes of this Privacy Notice (the “Policy”), Enterprise Retirement Living Limited (“ERL”) (referred to as “ERL” / “we” / “us”). ERL’s data protection registration number is ZA187832.*
*ERL comprises the companies that own ERL’s retirement villages (such that they are the respective villages’ landlords). However, as the relationship with the customers of those entities is with the same management and staff of ERL, and the provisions of this Policy are implemented and observed by the same people, we have not separately registered them with the Information Commissioner’s Office.
1.2 You are an ERL: customer (including potential purchasers of our properties, actual purchasers of our properties, and owners/occupiers of our properties living in ERL’s retirement villages), website user, contractor, sub-contractor, supplier, service provider, external agency, professional adviser or consultant (referred to as “you”).
1.3 For the purposes of the applicable data protection and privacy laws and regulations (“Data Protection Legislation”), we are a ‘data controller’ for all Personal Data where we decide how and why it is processed. We will be a ‘data processor’ where we use Personal Data in accordance with a third party’s instructions.
1.4 Please note that any clause headings and clause summaries are for reference purposes only and shall not have legal effect. Please read the full clause text.
We are privacy advocates and these terms set out our data protection practices.
2.1 Your privacy is at the core of our business and we want to make sure that you are comfortable with how we use the Personal Data that you disclose to us.
2.2 This Policy describes what Personal Data that we collect about you, how we use it and the rights you have in relation to its collection and usage. By “Personal Data” we refer to any Personal Data collected or held by ERL, that identifies and relates to you as an individual, as further detailed below.
We may process certain Personal Data to enable us to contact you regarding enquiries relating to purchasing one of our homes and managing any ongoing relationship with you.
3.1. We may obtain your Personal Data electronically (by direct email, or emails/registrations sent through ERL’s website) or other means (for example, business cards, reservation forms, telephone calls, letters, orders, contracts, etc).
3.2. We only collect, use, store and share (where appropriate) Personal Data that is relevant and necessary for the purposes of our relationship with you, and this will vary depending on that relationship.
3.3. The categories of Personal Data could include all or some of the following: • Contact details (name, address, telephone numbers, email address). • Your race and/or ethnicity. • Financial status and bank details. • Details of your solicitors and other professional advisers. • Date of birth, marital status and gender.* • Next of kin and/or other nominated person and their emergency contact numbers and email address.* • Copies of identification documents, including photographs.* • CCTV footage.* We may also collect, store and use more sensitive Personal Data, including (where applicable), health and medical conditions.*
* The categories marked with an asterisk above generally relate only to our customers who purchase a new-build or pre-owned retirement property and subsequently live in ERL’s retirement villages to enable us to manage our ongoing relationship.
3.4. We may also collect technical information about you when you visit ERL’s website. This information may include the Internet protocol (IP) address used to connect your computer to the Internet, your browser type and version, time zone setting, operating system and platform, browser plug-in types and version, the full URL clickstream to, through and from the website, page response times, download errors, length of visits to certain pages, page interaction (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page.
If you have consented to receiving marketing emails and newsletters, we will use your Personal Data to send these to you.
4.1. You are not required to provide any Personal Data on the public areas of our website or to opt-in to marketing communications. However, you may choose to do so by completing a registration form and providing us with Personal Data about yourself, such as your name and address, so that we can respond to requests for Personal Data.
4.2. You can unsubscribe from emails and further contact at any time and each marketing email will also contain instructions on how to unsubscribe from receiving them. Alternatively, you can request this by email, telephone or post.
We primarily use your Personal Data to deliver our contractual obligations to you or to facilitate any service information requests.
5.1. We process your Personal Data electronically and/or manually, and may contact you by email, telephone, text message or in writing, depending on the contact details you have provided and, where applicable, the means by which you have given your explicit consent to be contacted.
5.2. We only collect and use Personal Data about you when the law allows us to do so. This means we will use your Personal Data only for the specific purpose(s) it was given or obtained, for example to: • Respond to general enquiries sent via our website. • Respond to requests for brochures or to answer enquiries relating to those of our retirement villages that are of interest. • Facilitate the purchase of our properties. • Meet our responsibilities to customers living in ERL’s retirement villages. • Fulfil our part of a contract with you. • Conduct our business relationships. Each of the above scenarios are based on the lawful ground of ‘contractual necessity’.
5.3. Less commonly, we may also use Personal Data about you where: • You have given us consent to use it in a certain way. • We need to protect your vital interests (or someone else’s interests). • We are carrying out a task in the public interest. • We have legitimate interests in processing the data, including without limitation, if we suspect any breach of legislation or our policies, fraud prevention or criminal activity.
5.4. Unless you have specifically registered for, and consented to receive, Personal Data in relation to one or more of our retirement villages, your details will not be entered on a central database and not used for marketing purposes.
5.5. Where it has been necessary for you to provide us with consent to use your data, you may withdraw this consent at any time.
Some services, especially in ERL’s retirement villages, are reliant on Personal Data being provided by you.
6.1. You always reserve the right to withhold your Personal Data, but this may affect your ability and eligibility to receive certain ERL services. In such circumstances, we may have to cancel all or part of the services, but we will notify you if this is the case.
We keep your Personal Data in the UK to keep it accessible and secure.
7.1. The data that we collect from you will be stored in our secure offices for hard copy files and on a restricted network accessible only by relevant staff if it is electronic. Our servers are based in the UK.
7.2. We have not needed to transfer Personal Data to another country to date, but if this changes, we would only do so in accordance with the applicable data protection and privacy laws.
We may share your Personal Data with trusted partners, your family and regulators where this is reasonably required.
8.1. We never, under any circumstances, sell Personal Data that we hold.
8.2. However, where it is necessary and applicable (and it complies with data protection legislation), or is legally required, we may share Personal Data about you with: • Colleagues within our companies. • Your family or representatives. • Your solicitors and other professional advisers. • Regulators associated with ERL’s business (for example, the Information Commissioner’s Office and HMRC). • Suppliers and service providers, to enable them to provide the service for which we have contracted them insofar as these supplies and services are related to you – these include, but are not limited to, estate agents, managing agents in respect of our retirement villages who handle the administration for those villages’ management companies. • Our auditors, lawyers and insurers. • Professional advisers and consultants. • Sector-specific organisations and professional bodies. • Police forces, courts and tribunals. • Central and local government. • Financial organisations, IT support companies and cloud storage companies. • Security organisations.
8.3. We may also share are your Personal Data with our website analytics consultants and search engine providers to assist us in the improvement and optimisation of the ERL website.
We will only hold onto your Personal Data whilst it is needed for our services or as required by law.
9.1. We will only retain your Personal Data for as long as necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
9.2. To determine the appropriate retention period for Personal Data, we consider:
9.2.1. The amount, nature, and sensitivity of the Personal Data.
9.2.2. The potential risk of harm from unauthorised use or disclosure of your Personal Data.
9.2.3. The purposes for which we process your Personal Data.
9.2.4. Whether we can achieve those purposes through other means, and the applicable legal requirements.
9.3. Once our relationship with you has ended we will keep your Personal Data for the following periods:
9.3.1. Prospective customers – for the duration of the relevant project that you are interested in, plus 2 years, from first contact date; or, if you make a reservation, after the intended purchase falls through in case the purchase is resurrected; or earlier upon your request or following an internal audit where we consider that you have no further interest in a property.
9.3.2. Purchasers of new-build properties – for 12 years to cover the home-owner warranty and the additional 2 years often required by our sub-contractors.
9.3.3. Owners/occupiers of properties living in ERL’s retirement villages – for the duration that you are owners/occupiers, plus 6 years and the current year in which you cease to be owners/occupiers.
9.3.4. Website users – as long as it take to fulfil your initial enquiry unless you consent to receive further communications, thereby becoming a mailing list subscriber (please see 9.3.5 below) or a prospective customer (in which case, please see 9.3.1 above).
9.3.5. Mailing list subscribers – for 5 years from subscribing to the mailing list (with an unsubscribe link present).
9.3.6. IP address (website only) – for the duration of any applicable cookie (see 13.6 below).
9.4. Notwithstanding the above timescales, you are at liberty to ask us to delete your Personal Data at any time, as further detailed below. If there are any consequences from such a request, this we will explain these to you at the time.
9.5. Any Personal Data that we are requested to remove, or that which is no longer required, is disposed of securely (i.e. shredded or permanently deleted from computer systems).
9.6. When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it, or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
We keep your data secure through a variety of technical security measures.
10.1. We take our security obligations very seriously and regularly monitor for breaches and potential weaknesses.
10.2. We are committed to ensuring that data is stored, archived or disposed of in a safe and secure manner. We have procedures in place to try to prevent any unauthorised access or disclosures and to safeguard and keep secure the Personal Data that we collect.
10.3. You are not required to provide any Personal Data on the public areas on ERL’s website. However, if you choose to do so, you should be aware that providing Personal Data over the Internet can never be guaranteed as being completely safe and you do so at your own risk.
You have many rights in relation to your Personal Data which gives you control.
11.1. You have rights in relation to the Personal Data that we hold about you.
11.2. You have the right to request us to:
11.2.1. Provide you with access to your Personal Data that we are processing (this is called a ‘Subject Access Request’). If you make a subject access request of us in respect of any Personal Data we hold about you, we will: • Give you a description of it. • Tell you why we are holding and processing it, and how long we will keep it for. • Explain where we got it from, if not from you. • Tell you who it has been, or will be, shared with. • Give you a copy of the Personal Data in an intelligible form. There is no charge to provide this Personal Data, except in exceptional circumstances (for example, if the request is manifestly unfounded or excessive, or if you request further copies of the data already supplied; in these cases the charge will be based on the administrative costs incurred);
11.2.2. Prevent your data being used for direct marketing.
11.2.3. Correct Personal Data that we hold about you which is incorrect or inaccurate.
11.2.4. Restrict our processing of Personal Data where it is inaccurate or breaches the law.
11.2.5. Erase data in certain circumstances (i.e. we no longer require it, you withdraw consent etc).
11.2.6. Cease processing in certain circumstances based on an objection that you may have (i.e. where we are processing your Personal Data based on our legitimate interests).
11.2.7. Transfer the Personal Data to a third party.
You can notify the ICO if you have concerns with how we process your Personal Data.
12.1. We take any complaints about our collection and use of Personal Data very seriously. If you think that our collection or use of your Personal Data is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance by contacting our Data Protection Officer. We will do everything possible to resolve any issue to everyone’s mutual satisfaction. You are also at liberty to make a complaint to the Information Commissioner’s Office (“ICO”), but we would urge you to pursue the route above first before escalating the matter in this way if it cannot be settled between us.
12.2. You can report a concern to the ICO online at: https://ico.org.uk/concerns/.
13.1. A cookie is a small file of text and numbers which is created by the website. When you visit the website, the cookie is attached to your computer or other device but does not access your hard drive on your computer. If you revisit our website, the cookie will be recognised by the website.
13.3. You can delete the files that contain cookies – those files are stored as part of your internet browser. If you wish to restrict or block the cookies which are set by ERL’s website, or indeed any other website, or if you wish to receive notification of cookie placement requests or decline cookies completely, you can do this through your browser settings. The Help function within your browser should tell you how.
13.4. Please be aware that declining or denying cookies may prevent you from being able to use the website to its highest capability.
13.5. Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile device you will need to refer to your manual.
13.6. This is a list of the cookies set by ERL’s website, and what each is used for:
|__cfruid||session||This cookie is set by the provider Cloudflare. This cookie is used for load balancing and for identifying trusted web traffic.|
|__zlcmid||1 year||This cookie is used by Zendesk live chat and is used to store the live chat ID.|
|_fbp||3 months||This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.|
|_ga||2 years||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.|
|_gat_UA-7520755-3||1 minute||This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.|
|_gcl_au||3 months||This cookie is used by Google Analytics to understand user interaction with the website.|
|_gid||1 day||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.|
|_GRECAPTCHA||5 months 27 days||This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.|
|_hjAbsoluteSessionInProgress||30 minutes||No description|
|_hjFirstSeen||30 minutes||This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.|
|_hjid||1 year||This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.|
|_hjIncludedInPageviewSample||2 minutes||No description|
|_hjIncludedInSessionSample||2 minutes||No description|
|AWSALBCORS||7 days||This cookie is used for load balancing services provded by Amazon inorder to optimize the user experience. Amazon has updated the ALB and CLB so that customers can continue to use the CORS request with stickness.|
|cookielawinfo-checbox-analytics||0||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checbox-functional||0||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checbox-others||0||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-advertisement||1 year||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".|
|cookielawinfo-checkbox-necessary||0||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-performance||0||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|
|fr||3 months||The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.|
|IDE||1 year 24 days||Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.|
|test||1 day||No description|
|test_cookie||15 minutes||This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.|
These terms may change from time to time to reflect changes to our practices or the law.
14.1. We may update this Policy from time to time. The latest version of our Policy will be available on the ERL website.
Questions, comments and requests regarding this Policy are welcomed.
15.1. Please address any questions or matters that are not covered by this Policy to firstname.lastname@example.org. Our Data Protection Officer will reply where appropriate.
This Policy was last updated June 2021.