PRIVACY NOTICE
1.0 WHY DO WE HAVE THIS PRIVACY NOTICE?
We are Rider Levett Bucknall UK Limited (“RLB”) and treating individuals and their personal information with respect reflects our core values and the values of our brand. So, we want you to know as much as possible about what we do with your personal information. Also, you and your personal information are protected by various laws and guidance and RLB is committed to upholding these and respecting your privacy and keeping your information safe. So, whilst this privacy notice is quite long, we want you to be fully informed.
In this privacy notice any reference to “us”, “we”, “our” or “ourselves” is a reference to RLB, and the particular part of the RLB group that you have a relationship with and any reference to “you”, “your” and “yourself” is a reference to you as an individual who has a relationship with us or is in contact with us.
This privacy notice applies to everyone who interacts with us in any way unless the reason you interact with us is already covered by another of our privacy notice(s). So, this privacy notice will not apply in relation to you to the extent you are currently applying or have applied to work for us, you are one of our current or former employees, you are a customer or prospective customer of ours, you are a user of any of our apps, or if your personal information has been captured by our CCTV or Access Control systems.
However, this privacy notice will cover you if you interact with us for any other reason. For example, this privacy notice will cover someone who uses our website or works as a supplier of ours or another organisation that we deal with, a member of the public who contacts us or anyone else who is affected by our activities to the extent not covered by another of our privacy notices. This privacy notice provides details in accordance with data protection laws about how we collect and use personal information about you during and after your relationship with us.
As this privacy notice covers a wide range of individuals and different types of relationships and interactions with us, not all aspects of this privacy notice may apply to you depending upon the nature of your relationship and interactions with us. If you are unsure then you can always ask us by using the contact details set out in the “Contacting us” section of this privacy notice.
2.0 THE CONTROLLER OF YOUR PERSONAL INFORMATION
For the purposes of data protection laws and this privacy notice, whichever part of the RLB group is processing your personal information is the controller of your personal information for that processing of your personal information. This will usually be the part of the RLB group that you interact with or have a relationship with. Being a controller of your personal information means that we are responsible Privacy Notice Rest of World | Policies & Procedures Page 3 of 21 for deciding how we hold and use your personal information. Our main trading entity is Rider Levett Bucknall UK Limited (Registered number 04653580) which is incorporated in England and Wales with its registered office at 15 Colmore Row, Birmingham, West Midlands, England, B3 2BH. If you are based in the UK then this company will be the controller of your personal information. If you are based outside of the UK then the controller of your personal information will be the part of our group that you interact with. Sometimes we may pass personal information to different parts of our group, so this privacy notice covers our whole group and more than one part of our group may be a controller of your personal information. However regardless of where you are based and regardless of which part of our group may be a controller of your personal information, any queries you have regarding your personal information will be dealt with by our Data Protection Compliance Manager (“DPCM”). Contact details for our DPCM are set out in the “Contacting us” section at the end of this privacy notice.
3.0 YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period of your interactions with us.
4.0 WHAT IF YOU DO NOT PROVIDE PERSONAL INFORMATION?
Failing to provide some of the personal information we require may have an adverse impact on our ability to interact with you. However, generally you are not obliged to provide us with any of your personal information.
5.0 IF YOU HAVE QUERIES OR CONCERNS, JUST ASK!
We are not required to appoint a data protection officer to oversee our compliance with data protection laws, however, we have appointed a DPCM to do this and our DPCM has overall responsibility for data protection compliance in our organisation. If you have any questions about this privacy notice or how we handle your personal information, please contact our DPCM. Contact details are set out in the “Contacting us” section at the end of this privacy notice.
6.0 DATA PROTECTION PRINCIPLES
We are committed to being transparent about how we collect and use your personal information and in meeting our data protection obligations. Data protection laws say that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
To make sure this happens we are required under data protection laws to notify you of the information contained in this privacy notice. It is important that you read this document before you begin interacting with us so that you understand how and why we will process your personal information.
7.0 WHAT PERSONAL INFORMATION DO WE COLLECT?
In connection with your relationship or interactions with us, we may collect and process a wide range of personal information about you. This includes:
- Personal contact details that allow us to identify and contact you directly such as your name, title, address, email address and telephone number(s).
- Information about your date of birth, age, gender, marital status, next of kin, dependants, family members and emergency contacts.
- Bank account details, financial transactions, payments.
- Any terms and conditions relating to your relationship with us.
- Any communications between ourselves and you.
- Details of services carried out or products provided by you in connection with our relationship with you, details of your interest in and connection with any organisation which supplies any services or products to us, details of any financial products or services supplied to us.
- Business related information, such as where you are a sole trader, a partner or a company director or a key member of employees of a business we have a relationship with or property owned by you, transactions, amounts paid or owed and tenants.
- Details of any correspondence (including e-mail correspondence) you send and receive from us and details of any claims including any letters and emails, SMS, MMS and other electronic communication and may in some cases include audio recording of telephone conversations.
- Performance information related to our relationship with you or a business we have a relationship with.
- Your social media handles, social media posts, information about your social media followers, information about any product/services or endorsements by you and your social media activity.
- Publicly available personal information, including any which you have shared via a public platform, online or on social media.
- Details of your education or work history including organisations, positions, roles, responsibilities and professional qualifications.
- Details of your performance: when working with or for us or in relation to any project or work we are engaged in.
- Personal history and information including hobbies, interests, marital details, family history, dietary requirements and your preferences.
- Advisors appointed by you including mortgage brokers, lawyers, financial advisors, surveyors.
- Responses to surveys, competitions and promotions including records of any surveys you respond to or your entry into any competition or promotion we run.
- Creditworthiness as we may undertake investigations into your creditworthiness to establish whether to enter into or continue a business relationship with you.
- How you use our website as we collect information about the pages you look at and how you use them, usernames, account details and passwords, entry and exit data when you look at or leave our website, details of products, events and materials that may be interest to you, online subscription information for example when you subscribe to one of our updates, blogs or other materials, browser related information, cookies that are set on your device by our website (for more details see our separate Cookie Policy at wwwrlb.com/Europe/privacy/).
- Your usage of the IT systems we make available to visitors to our premises such as any visitor internet and Wi-Fi facilities at our premises.
- IP address information which allows us to track your usage of our website.
- Identification information including your driving license and/or passport and other official identification details, information from a third-party money laundering check provider, Companies House information, national insurance number, membership of relevant schemes.
- Vehicle registration number, make and model if you are driving to visit us at our premises.
- Details of any queries, complaints, claims and cases involving both us and you including any related communications.
- CCTV footage and other information obtained through electronic means such as swipe card records and access control systems if you visit our premises.
- Photographs, video footage, audio recordings and other content, for example any created as part of our marketing or promotion campaigns or when you are on our premises or which you or other people create or provide to us.
- Information from Companies House, details of shareholdings in our group and associated information such as share votes, dividend entitlement, share sales/purchases.
- Any other personal information you provide to us.
- We may also in some cases collect and process more sensitive special category personal information including:
- Information about your health including any medical condition, health, and sickness records, including:
- where you have a disability or medical condition for which we need to make reasonable adjustments, including where you visit our premises.
- where you inform us about any ill-health, injury, or disability.
- information about your health.
- In some cases, equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or beliefs. This will usually only be where it is relevant to events, promotions, campaigns or other activities that may involve you.
- In very rare cases political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning sex life or sexual orientation may be processed for other purposes, but this will usually only be where you provide it to us, it is relevant to a business relationship with us or it relates to a legal claim in some way.
- In very rare cases where it is relevant, we may also collect criminal records information about you, for example an offence committed by you or alleged to have been committed by you that impacts on your relationship with us.
If you are providing us with details of any other individuals, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with them. They also have the same rights as set out in this privacy notice in relation to their personal information that we collect. Our website, events, promotions, blogs, materials and other services we provide are not intended for use by anyone under the age of 18 years and we do not knowingly collect personal information relating to anyone under the age of 18 years old unless for some reason you provide it to us.
8.0 WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM?
We collect your personal information in a variety of ways and from a variety of sources as set out below:
- Most of your personal information is collected directly from you, for example through contact with you, correspondence with you, through your applications, from your passport or other identity documents such as your driving licence, when you visit our premises, when you indicate that you may wish to attend an event, complete forms we provide to you, use our website, enter our competitions and promotions, make a claim, make a complaint, provide money laundering information to us, from correspondence with you or through meetings or other interactions with us or other personal information you provide to us.
- If you work for an organisation that has a relationship with us, then then we may collect some of your personal information from them.
- From websites, the internet, social media or other platforms including public sources of information such as LinkedIn.
- Third parties such as organisations you have worked for in the past, your landlord, Companies House, the Land Registry, professional or trade organisations, journalists or other investigators.
- From our website and information technology and communications systems, access control systems and CCTV and suppliers we use in connection with them.
- From third parties appointed by you, for example any agency you work with or any professional advisors such as lawyers, accountants, financial advisors, planning consultants, surveyors, consultants.
- From third parties appointed by us, for example lawyers, accountants, planning consultants, surveyors, consultants, credit reference agencies, identity or background check providers, data cleansing service providers or market/data research and analysis service providers and other advisors.
- From government or government related bodies, regulators, local authorities, the police, law enforcement authorities or the security services.
9.0 WHAT ARE OUR BASES FOR PROCESSING YOUR PERSONAL INFORMATION?
We will only use your personal information when the law allows us to. This means we must have one or more legal bases to use your personal information. Most of these will be self-explanatory. The most common legal bases which will apply to our use of your personal information are set out below:
- Where we need to perform the contract, we have entered into with you which covers your relationship with us or to take steps to enter into that contract.
- Where we need to comply with a legal obligation which applies to us, for example complying with health and safety laws for visitors.
- Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. We have set out in the section below how we use your personal information together with more details on our legitimate interests.
- You have given your consent. Generally, we do not rely on or need your consent for almost all uses we make of your personal information.
Where we are processing any sensitive special category personal information about you (which covers personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation) then we also need to have one or more of the following legal bases for using your personal information.
- Where we have your explicit consent to do so.
- Where it is necessary for us to comply with our obligations and exercising our rights in the field of employment law, social security law and social protection law.
- Where we need to protect your vital interests (or someone else’s vital interests).
- Where you have already made public the personal information.
- In establishing, exercising or defending legal claims, whether those claims are against us or by us.
- Where it is necessary in the public interest.
We will not usually process any of these types of special category personal information about you, and in cases where we do process special category personal information about you it will generally be to comply with legal obligations, where you have given your consent or to establish, exercising or defending legal claims. In some cases, more than one legal bases may apply to our use of your personal information.
10.0 WHAT WE USE YOUR PERSONAL INFORMATION FOR
There are many ways we will need to use your personal information in the context of your relationship with us. We have set out the main uses below, and indicated the main applicable legal bases of processing, but there may be other specific uses which are linked to or covered by the uses below.
The table below sets out the main purposes for which we process your personal information, the types of personal information we use and our legal basis for processing such information and applies to non- ‘special categories’ of personal information, ‘special categories’ of personal information and criminal records information.
The table is an illustrative example of how we use your personal information but there may be other specific purposes and types of personal information which have not been specifically listed. If you would like any further information in respect of how we will use your personal information, please contact us using the contact details in the “Contacting us” section at the end of this privacy notice.
Purpose | Personal information used | Lawful basis |
---|---|---|
To carry out background, identity or other checks in relation to you or to carry out credit checks to decide whether to enter a business relationship with you | All personal information (including special category personal data and criminal records information) we collect in relation to the purpose (including but not limited to your name, address, passport details, driving licence details, any other identification documents and your criminal convictions and offences) and any other relevant personal information | • To enter into a contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above • For criminal records information we process it on the basis of legal obligations or based on your explicit consent |
To monitor, manage and conduct any business or other relationship we have with you For example, to enter and perform contracts, where we may be supplying products/services to you and/or you may be supplying products/services to us or we may be involved in similar arrangements with third parties or where you contact us | All personal information (including special category personal data and criminal records information) we collect in relation to the purpose (including but not limited to your name, personal contact details, passport details, driving licence details, any other identification documents, payment information, medical requirements, your criminal convictions and offences) and any other relevant personal information | • To enter and perform our contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above • For criminal records information we process it on the basis of legal obligations or based on your explicit consent |
To deal with your queries, enquires or complaints, claims, legal disputes or raise queries, enquiries, claims, legal disputes or complaints with you | All personal information we collect in relation to the purpose (including special category personal data and criminal records information) and any other relevant personal information | • To enter and perform our contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above • For criminal records information we process it on the basis of legal obligations or based on your explicit consent |
To maintain and improve our services and/or products | All personal information (including special category personal data) we collect in relation to the purpose (including but not limited to your name and personal contact details) and any other relevant personal information | • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above |
To conduct data analytics, statistical analysis and other research to help us improve our business, online services, website and social media and other advertising | All personal information (including special category personal data) we collect in relation to the purpose (including but not limited to your personal contact details, goods and/or services purchased, payment information, information relating to how you use our website) and any other relevant personal information | • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above |
For the security of our premises and IT systems | All personal information (including special category personal data) we collect in relation to the purpose (including but not limited to personal identifiers, CCTV footage and other information obtained through electronic means such as swipe card and key fob records, use of our information and communications systems, including the computers and fixed and mobile phones that we allow you to use, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information) and any other relevant personal information | • To perform our contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above |
To help train our employees, and ensure they deliver the high standards expected in relation to our business | All personal information we collect in relation to the purpose (including but not limited to information relating to our business relationship and communications with you) and any other relevant personal information | • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests |
To determine services and/or products that may be of interest to you | All personal information we collect in relation to the purpose (including but not limited to personal contact details and payment information) and any other relevant personal information | • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests |
For direct marketing | All personal information we collect in relation to the purpose (including but not limited to personal contact details and services and products that we have determined may be of interest to you or your organisation and/or which you or your organisation has purchased in the past) and any other relevant personal information | • We may ask for your consent but you may revoke your consent at any point • If you or your organisation has purchased similar services or products from us previously, we may market similar products or services as a legitimate interest in developing our business • You have the right to opt out from such marketing at any time |
To organise and hold events | All personal information (including special category personal data) we collect in relation to the purpose (including but not limited to personal contact details, details of attendance, your comments in response forms and dietary requirements and CCTV images) and any other relevant personal information | • To enter and perform our contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above • In some cases, we may rely on your consent |
To comply with our legal and regulatory obligations connected to our relationship with you or connected to visiting our premises which we need to comply with For example, to comply with health and safety laws so we can ensure that our premises are safe, to comply with data protection laws, to make filings at Companies House, to ensure equality and equal opportunities, to comply with legal disability obligations or to comply with or invoke other legal rights | All personal information (including special category personal data) we collect in relation to the purpose (including but not limited to your name and personal contact details) and any other relevant personal information | • To enter and perform our contract with you • To comply with a legal obligation which applies to us • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above |
To prevent, detect or prosecute criminal activity and other similar use | All personal information we collect in relation to the purpose (including special category personal data and criminal records information) and any other relevant personal information | • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above • For criminal records information we process it on the basis of legal obligations or based on your explicit consent |
To ensure effective general business administration and to manage our business | All personal information (including special category personal data and criminal records information) we collect in relation to the purpose (including but not limited to your personal contact details, medical information and payment information) and any other relevant personal information | • To enter and perform our contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above • For criminal records information we process it on the basis of legal obligations or based on your explicit consent |
To manage and keep proper and up to date records of our relationship with you and any associated information | All personal information we collect in relation to the purpose (including but not limited to your personal contact details and payment information) and any other relevant personal information | • To enter and perform our contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests |
To obtain referrals from other organisations you have worked for or with or to give referrals about you | All personal information we collect in relation to the purpose (including but not limited to your personal contact details and performance records) and any other relevant personal information | • To enter and perform our contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests |
To monitor any use you make of our information and communication systems and our website and social media accounts For example, to ensure compliance with our information technology policies, ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution and to monitor your use of our website and social media | All personal information (including special category personal data and criminal records information) we collect in relation to the purpose (including but not limited to use of our information and communications systems, including the computers and fixed and mobile phones that we allow you to use, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information) and any other relevant personal information | • To enter and perform our contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above • For criminal records information we process it on the basis of legal obligations or based on your explicit consent |
For the purposes of secondments, projects and security clearances | All personal information (including special category personal data and criminal records information) related to the purpose (including but not limited to your name, date of birth, national insurance number, passport details, driving licence details, personal contact details, location of employment or workplace, qualifications, education and employment history, pensions and benefits, bank details, payment and transaction information, information about your health, including any medical condition and/or disabilities) and any other relevant personal information | • To perform our contract with you • To comply with a legal obligation which applies to us • It is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests • For special category personal data, we process such data on the basis of the special category reasons for processing referred to in section 0 above • For criminal records information we process it on the basis of legal obligations or based on your explicit consent |
For some of your personal information you may have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information, we may not be able to properly perform our contract with you or the organisation you represent or comply with legal obligations and we may have to terminate our relationship. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our arrangements with you or the organisation you represent.
Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below. We will generally only ask for your consent for direct marketing.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide marketing information to you.
We may anonymise and aggregate any of the personal information we hold (so that it does not directly identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site and developing new products and services.
11.0 CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you by updating this privacy notice on our website, so please check back regularly for any updates.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. We will rarely need to rely on your consent to process any of your personal information.
12.0 AUTOMATED DECISION-MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision about that person without any human intervention which produces legal effects concerning them or similarly significantly affects them. We do not currently use this type of automated decisionmaking in our business in relation to you.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.
However, we do use automated processing so that we can show you personalised advertisements whilst browsing our website or those of other companies. Any advertisements you see may relate to your browsing activity on our website from your computer or other devices.
These advertisements are provided by us via external market leading specialist providers using techniques such as pixels, web beacons, ad tags, mobile identifiers and ‘cookies’ placed on your computer or other devices (see further information on the use of cookies in our Cookie Policy at www.rlb.com/europe/privacy/). You can remove or disable cookies at any time – see link to Cookie Policy for further information.
We may analyse your browsing and purchasing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us to decide what advertisements are suitable for you and to ensure that we draw to your attention products, services, events and offers that are tailored and relevant to you. To do so, we use software and other technology for automated processing. This allows us to provide a more personalised service and experience.
We may also review personal information held about you by external social media platform providers, such as the personal information available on social media platforms such as Twitter, Instagram, YouTube, Twitter and Facebook.
We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process personal data by profiling and segmenting, identifying what our customers like and ensuring advertisements we show you are more relevant based on demographics, interests, purchase behaviour, online web browsing activity and engagement with previous communications.
13.0 WHO HAS INTERNAL ACCESS TO YOUR PERSONAL INFORMATION?
Your personal information may be shared internally with our employees, including with our managers, researchers, procurement department, media, insights, events, campaign, technical and legal teams and senior employees in the business area involved in your relationship with us where access to your personal information is necessary for the performance of their roles. We only provide access to your personal information to those of our employees who need to have access to your personal information.
14.0 WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH EXTERNALLY?
When using your personal information, we may share it with third parties but we will only do so when it is appropriate and we have a legal basis for doing so. Third parties that we may share your personal information with include:
- Any third party approved by you.
- An organisation you work for or that represents you if that organisation has a relationship with us.
- Service or product providers to our business, for example information technology services suppliers, credit reference agencies, identification agencies, marketing and public relations service providers.
- If you are connected to one of our suppliers, to other companies in the supply chain so they can contact you about any supply chain issues.
- Third parties that process personal information on our behalf and in accordance with our instructions.
- Another company within our group of companies, especially if you may have a relationship with that part of our group.
- Purchasers, investors, funders and their advisers if we sell all or part of our business, assets or shares or restructure whether by merger, re-organisation or in another way.
- Our legal and other professional advisers, including our auditors or any professional advisors appointed by you, for example a legal advisor or an agency you work with.
- Third party record keepers, for example to maintain our share register or to make filings at Companies House.
- Third parties who ask for or want referrals.
- Information providers such as credit reference agencies, money laundering check provider, Companies House, the Land Registry.
- Social media and other online platforms where relevant to our relationship with you.
- Governmental bodies, local authorities, planning authorities, HMRC, regulators, police, law enforcement agencies, security services, courts/tribunals.
We also use Google Analytics which sets cookies to collect information about how visitors use our website. See our Cookie Policy at www.rlb.com/europe/privacy/). We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
We do not disclose personal information to anyone else except as set out above unless we are legally entitled to do so. We may provide third parties with aggregate statistical information and analytics about users of our products and services but we will make sure no one can be identified from this information before we disclose it.
15.0 INTERNATIONAL TRANSFERS
It is sometimes necessary to share your personal information outside of the UK and the European Economic Area (the EEA) or it will be collected outside of the UK and the EEA. This will typically occur when service providers to our business are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws.
The same applies to any transfer of personal information to another part of our group of companies based outside of the UK and the EEA. We also apply the same standards to any transfer of personal information between members of our group, regardless of where the group company is based.
If we transfer your personal information outside of the UK and the EEA, we will ensure that the transfer will be compliant with data protection laws and all personal information will be secure. Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are to be taken as regards the personal Information in the overseas location; alternatively, we use standard data protection clauses. This means that when a transfer such as this takes place, you can expect a similar degree of protection in respect of your personal information.
Our directors and other key employees working for us may in limited circumstances access personal information from outside of the UK and EEA if they are on holiday abroad outside of the UK or EEA. If they do so they will be using our security measures and the same legal protections will apply that would apply to accessing personal information from our premises in the UK.
In limited circumstances the people to whom we may disclose personal information may be located outside of the UK and EEA and we will not have an existing relationship with them, for example a foreign police force. In these cases, we will impose any legally required protections to the personal information as required by law before it is disclosed.
Also, if you are based outside of the UK and EEA, then your personal data may all or mainly be held and used outside of the UK and EEA anyway, for example if you are a supplier to us dealing with a member of our group located outside of the UK or EEA.
If you would like any more details about how we protect your personal information in relation to international transfers then please contact our DPCM using the details in the “Contacting us” section below.
16.0 HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We are committed to keeping your personal information safe and secure and so we have numerous security measures in place to protect against the loss, misuse, and alteration of information under our control. Our security measures include:
- Encryption of personal information where appropriate.
- Regular cyber security assessments of all service providers who may handle your personal information.
- Regular planning and assessments to ensure we are ready to respond to cyber security attacks and data security incidents.
- Regular penetration testing of systems.
- Security controls which protect our information technology systems infrastructure and our premises from external attack and unauthorised access.
- Aiming to use best in class security systems implemented across our networks and hardware to ensure access and information are protected.
- Regular backups of information technology systems data with functionality to correct errors or accidental deletion/modification to data.
- Internal policies setting out our information security rules for our employees.
- Regular training for our employees to ensure employees understand the appropriate use and processing of personal information.
- Where we engage third parties to process personal information on our behalf, they do so based on our written instructions, they are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of personal information.
We take information security very seriously and will use all reasonable endeavours to protect the integrity and security of the personal information we collect about you.
17.0 HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We will hold your personal information for the duration of your relationship with us and then usually for a further period of up to 6 years after that. However, for some business relationships, for example those relating to land or leases of premises, we may need to keep records for 12 years or more. Whichever time period normally applies, in some cases we may need to keep your personal information for longer, for example if it is still relevant to a dispute or legal case or claim.
We have set out below the main retention periods which will apply:
- For individual contacts at customers and suppliers this will be for as long as we continue to have a relationship with that customer or supplier and then for a period of 12 years afterwards.
- For marketing contacts, it will generally be a period of 6 years after we were last in contact with you.
- For website users it will generally be a period of 6 years after you used our website.
- For individuals seeking information, making complaints or otherwise corresponding with us it will generally be 2 years.
- For individuals attending an event it will generally be a period of 2 years after the event.
We will not retain your personal information for longer than necessary for the purposes for which it was collected and it is being used. We do not guarantee to retain your personal information for the whole of the periods set out above; they are usually the maximum period, and in some cases, we may keep your personal information for a much shorter period.
For more information, please see our Data Retention Policy which can be obtained from our DPCM using the details set out in the “Contacting us” section below.
18.0 YOUR RIGHTS
As an individual whose personal information we collect and process, you have a number of rights. You may:
- Withdraw any consent you have given to us, although this will only be relevant where we are relying on your consent as a basis to use your personal information, but it is an absolute right. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose or purposes for which you originally gave your consent, unless we have another legal basis for doing so.
- Request details about how your personal information is being used. This right is linked with the right of access mentioned below.
- Request access and obtain details of your personal information that we hold (this is commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This means that you can ask us to delete or stop processing your personal information, for example where we no longer have a reason to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (set out below). The right to have data erased does not apply in all circumstances.
- Object to the processing of your personal information where we are relying on a legitimate interest (ours or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Object to direct marketing where we are processing your personal information for direct marketing purposes, for example contacting you about products that might interest you. This is an absolute right.
- Request the restriction of processing of your personal information. This enables you to ask us to stop processing your personal information for a period if data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data.
- Request the transfer of your personal information to another party in certain circumstances.
- Object to certain automated decision-making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your personal information to another service provider or the right to object to automated decision-making, may not always apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. Also, for example we do not use automated decision-making in relation to your personal information which has legal or other significant effects for you, but we do use automated processing to show you relevant advertisements. However, some of your rights have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
If you would like to exercise any of these rights, please contact our DPCM using the details set out in the “Contacting us” section below.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person or dealt with by a person who has no right to do so.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a complex area of law. More information about your legal rights can be found on the ICO’s website at https://ico.org.uk/for-the-public/.
19.0 DIRECT MARKETING
Email, post and SMS marketing: from time to time, we may contact you by email, post or SMS with information about products or services we believe you may be interested in.
We will only send marketing messages to you in accordance with the marketing preferences you set when you create your account or that you tell us afterwards you are happy to receive or where you or the organisation you represent have purchased similar services or goods from us previously.
You can then let us know at any time that you do not wish to receive marketing messages by sending an email to us by using the details set out in the “Contacting us” section below. You can also unsubscribe from our marketing by clicking on the unsubscribe link in any marketing messages we send to you.
20.0 COMPLAINTS
We hope that you do not have any reason to complain, and we will always try to resolve any issues you have, but you always have the right to make a complaint at any time to the ICO if you are based in the UK about how we deal with your personal information or your rights in relation to your personal information. If you are based outside of the UK, you may have the right to complain to your local data protection regulator.
You can make a compliant in writing to the ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom or you can go to https://ico.org.uk/make-a-complaint/.
21.0 CHANGES TO THIS NOTICE
We keep our privacy notice under regular review and we may update this privacy notice at any time. The current version of this notice is available on our website at www.rlb.com/europe/privacy/ or by requesting a copy from our DPCM using the details set out in the “Contacting us” section below. If there are any material changes to this privacy notice in the future, we will let you know, usually by updating the version on our website.
22.0 CONTACTING US
If you have any queries regarding our use of your personal information or this privacy notice then please contact our DPCM, Stuart Stables, at stuart.stables@uk.rlb.com or write to Data Protection Compliance Manager, Rider Levett Bucknall UK Limited,15 Colmore Row, Birmingham, West Midlands, England, B3 2BH. You can use these details regardless of which of our group companies you are working for or used to work for.
COOKIE POLICY
We may also use ‘cookies’ or other similar tracking technologies on our websites that help us track your website usage and remember your preferences. A cookie is a small data file that can be used to track internet use. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. More information about cookies can generally be found in the “help” (or similar) section of your computer’s internet browser.
At RLB, we primarily use cookies to help us determine which service and support information is appropriate to your machine. RLB has no desire or intent to infringe your privacy while using our websites. Cookies can be either “persistent” or “session” based. Persistent cookies are stored on your computer, contain an expiration date, and may be used to track your browsing behaviour upon return to the issuing website. Session cookies are short-lived, are used only during a browsing session, and expire when you quit your browser.
When you first access our websites you will be given the choice to enable or disable cookies through our cookie banner. You can revisit your choice at any time by going to the cookie tool bar which you can access on our website by clicking on the wheel symbol at the bottom left of your screen. You can also disable cookies on your web browser. For instructions on how to block or delete cookies please consult your browser’s privacy or help documentation. Disabling cookies may interfere with your use and enjoyment of our websites.
AUTOMATIC COLLECTION OF PERSONAL INFORMATION
In some instances, RLB and its service providers use cookies, web beacons and other technologies to automatically collect certain types of information when you visit us online, as well as through emails that we may exchange. The collection of this information allows us to customize your online experience, improve the performance, usability and effectiveness of RLB’s online presence, and to measure the effectiveness of our marketing activities.
COOKIES
Cookies will typically be placed on your computer or internet-enabled device whenever you visit us online. This allows the site to remember your computer or device and serves several purposes.
On some of our web sites, a notification banner will appear allowing you to manage your consent to collect cookies (cookie banner). Below is a summary of the categories of cookies collected on our websites, and how your consent may impact your experience of certain features as you navigate those websites:
STRICTLY NECESSARY COOKIES
Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
ANALYTICAL/MARKETING COOKIES
These cookies collect and report information on how visitors use this site and about their browsing habits. Keeping these cookies enables us to make the site better and to display advertisements that are more relevant to you and your interests.
You can manage your consent for targeting cookies using the cookie banner, or by updating your browser’s settings (often found in your browser’s Tools or Preferences menu) to not accept cookies.
Although most browsers automatically accept cookies, you can choose whether to accept cookies via the cookie consent banner or your browser’s settings (often found in your browser’s Tools or Preferences menu). If you wish to revoke your selection, you may do so by clearing your browser’s cookies, or by updating your preferences in the cookie banner.
Further information about managing cookies can be found in your browser’s help file or through sites such as www.allaboutcookies.org.
Below we briefly identify the cookies we use:
wdt_ID | Provider | Cookie | Cookie Type | Purpose | Expiry | Category |
---|---|---|---|---|---|---|
1 | google-analytics.com | __utm.gif | Pixel | Google Analytics Tracking Code that logs details about the visitor's browser and computer. | Session | Analytic Cookie |
2 | rlb.com | __utma | HTTP | Collects data on the number of times a user has visited the website as well as dates for the first and most recent visit. Used by Google Analytics. | 2 Years | Analytic Cookie |
3 | rlb.com | __utmb | HTTP | Registers a timestamp with the exact time of when the user accessed the website. Used by Google Analytics to calculate the duration of a website visit. | 1 day | Analytic Cookie |
4 | rlb.com | __utmc | HTTP | Registers a timestamp with the exact time of when the user leaves the web site. Used by Google Analytics to calculate the duration of a web site visit. | Session | Analytic Cookie |
5 | rlb.com | __utmt | HTTP | Used to throttle the speed of requests to the server. | 1 day | Analytic Cookie |
6 | rlb.com | __utmz | HTTP | Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used. Used by Google Analytics. | 6 Months | Analytic Cookie |
7 | rlb.com | _ga | HTTP | Registers a unique ID that is used to generate statistical data on how the visitor uses the web site. | 2 Years | Analytic Cookie |
8 | rlb.com | _gid | HTTP | Registers a unique ID that is used to generate statistical data on how the visitor uses the web site. | 1 day | Analytic Cookie |
9 | vimeo.com | vuid | HTTP | Collects data on the user's visits to the web site, such as which pages have been read. | 2 years | Analytic Cookie |
10 | doubleclick.net | r/collect | Pixel | This cookie is used to send data to Google Analytics about the visitor's device and behavior. It tracks the visitor across devices and marketing channels. | Session | Marketing Cookie |
11 | addthis.com | na_tc, mus, uvc, uid, loc, na_id, s_fid, s_nr, ouid, s_cc, sshs, ssh, __atuvs, __atuvc, _ga | Social Sharing | These Cookies are used to enable you to share pages and content that you find interesting on our websites through third-party social networking and other websites. These Cookies may also be used for advertising purposes. | Up to 2 years | Social Sharing |
IP ADDRESSES
An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognise and communicate with one another. IP addresses from which visitors appear to originate will be recorded for IT security and system diagnostic purposes. This information will also typically be used in aggregate form to conduct web site trend and performance analysis.
GOOGLE ANALYTICS
RLB uses Google Analytics. More information about how Google Analytics is used by RLB can be found here: https://marketingplatform.google.com/about/
To provide web site visitors with more choice on how their data is collected by Google Analytics, Google have developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the web site visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the web site itself or to other web analytics services.
LOCATION-BASED TOOLS
RLB will collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographic location, and to improve our location-based products and services.
SOCIAL MEDIA WIDGETS AND APPLICATIONS
RLB’s web sites will typically include functionality to enable sharing via third party social media applications, such as the Facebook Like button and Twitter widget. These social media applications will collect and use information regarding your use of RLB web sites. Any personal information that you provide via such social media applications will often be collected and used by other members of that social media application and such interactions are governed by the privacy policies of the companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information.
In addition, RLB web sites may host blogs, forums, crowd-sourcing and other applications or services (collectively “social media features”). The purpose of social media features is to facilitate the sharing of knowledge and content. Any personal information that you provide on any RLB social media feature will typically be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we often have limited or no control.
WEB BEACONS
A web beacon is a small image file on a web page that can be used to collect certain information from your computer, such as an IP address, the time the content was viewed, a browser type, and the existence of cookies previously set by the same server. RLB only uses web beacons in accordance with applicable laws.
RLB or its service providers will use web beacons to track the effectiveness of third-party web sites that provide us with recruiting or marketing services or to gather aggregate visitor statistics and manage cookies.
You have the option to render some web beacons unusable by rejecting their associated cookies. The web beacon may still record an anonymous visit from your IP address, but cookie information will not be recorded.
In some of our newsletters and other communications, we will monitor recipient actions such as email open rates through embedded links within the messages. We collect this information to gauge user interest and to enhance future user experiences.
CHILDREN
RLB understands the importance of protecting children’s privacy, especially in an online environment. In particular, our sites are not intentionally designed for or directed at children under the age of 13. It is our policy never to knowingly collect or maintain information about anyone under the age of 13, except as part of an engagement to provide professional services.
MAILING LIST REGISTRATION
We use data collected to provide marketing material.
Data collected in contact us forms is processed by Mailchimp, view their Privacy Policy here: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts