This website (the “Website”) is operated by Chelsfield Group Ltd on behalf of ourselves, our group companies and affiliated organisations (“Chelsfield”, “we”, “our” or “us”).
We recognize that when you choose to provide us with information about yourself, you trust us to act in a responsible manner. This Privacy Notice explains how we collect, share and use personal information about you, and how you can exercise your privacy rights.
This applies to personal information that we collect though the Website or when engaging in our relationship or potential relationship with you (or your organisation) as a supplier, customer or business partner.
What information do we collect?
Depending on your relationship with Chelsfield, we may collect personal information about you that broadly falls into the following categories:
A Information that you provide voluntarily
- Website information. You can visit our website without telling us anything about yourself. However, in some situations we may ask you to voluntarily provide us with some personal information. For example, this might be if you contact us via the Website (in which case we will collect information such as name, e-mail address, organisation, country, zip code/postal code, job title, telephone number(s) and details of your comment or query. When we do receive your personal information we will treat it securely, lawfully and fairly.
- Information we collect when you do business with us. We may collect and process information relating to you as an individual (whether as a Website user or otherwise) when you conduct business with Chelsfield as, or on behalf of, a customer or prospective customer, or as, or on behalf of, a vendor, supplier, consultant, professional adviser or other third party (“Customer, Vendor or Business Partner Data”). Examples of Customer Vendor or Business Partner Data include:
- contact details of a point of contact for Chelsfield Customer, Vendor or Business Partners (such as name, business phone numbers, business address, e-mail address);
- role-related information about Customer, Vendor or Business Partners or their representatives (such as job title, responsibilities, department, work history, qualifications and experience);
- financial information (such as financial account information about individuals connected to a particular business) or property ownership information relating to such individuals if needed to take payment or fulfil contractual obligations or for due diligence or related purposes.
B Information that we collect automatically
When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, cookie ID, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality, relevance and experience of our Website for our visitors. Some of this information may be collected using cookies and similar tracking technology.
C Information that we obtain from third party sources
In order to comply with various regulations, or to conduct background checks in accordance with our internal requirements (where permissible and in accordance with applicable law), sometimes we may receive personal information about you from third party sources such as credit check databases, politically exposed persons databases, government denied parties, sanctions and watch lists, your employer, other parties in the real estate sector such as real estate agents, purchasers, vendors, borrowers, lenders, architects, engineers, surveyors, developers, landlords, tenants and financial institutions, as well as online sources databases and public registries. We will only obtain this information where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. The types of information we collect from third parties include, for example, information about whether you have been subject to any particular regulatory action or legal proceedings. We use the information we receive to maintain and improve the accuracy of the records we hold about you and assess any risks arising from any relationship or prospective relationship with you and/or your organisation.
D Sensitive personal information
Some of the information you provide or that we obtain from third party sources (where permitted by, and in accordance with, applicable law) in connection with conducting due diligence on you or your organisation may be sensitive, such as any criminal convictions you have received or details of your political activities or religious affiliations (e.g. in the context of establishing whether you are a politically exposed person). We need this information for the purposes of conducting “know your counterparty” checks and to otherwise assess risk in accordance with applicable law in the context of engaging with you/your organisation as a prospective customer or supplier.
If you provide us with information about another person, you confirm that they have appointed you to act for them, that you have informed them of our identity and the purposes (as set out in this Privacy Notice) for which their information will be processed and that you have obtained any necessary consents to the processing of their personal information. When we first contact them, we may tell them where we got the information from.
How do we use your personal information?
We use your personal information for the following purposes (or otherwise described at the point of collection):
- to provide you/your organisation with information or products and services that you have requested and deal with invoicing and payment;
- for due diligence purposes, in accordance with applicable law, to assess financial, reputational, credit or insurance risks arising from any relationship or prospective relationship with you/your organisation and/or to carry out any necessary anti-money laundering checks;
- to send you service-related communications and to deal with communications you send us;
- to improve our Website(s) and our products and services;
- to identify trends in the real estate sector;
- to ensure that the content and services that we offer are tailored to your needs and interests (or those of your organisation) and for business development purposes.
Who do we share your personal information with?
There are circumstances where we may wish to disclose or are compelled to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed in the section below. These scenarios include disclosure:
- to our group companies or affiliated entities;
- to our outsourced service providers or suppliers to facilitate the provision of our services;
- to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;
- to legal advisors who may need to manage or litigate a claim;
- to public authorities where we are required by law to do so; and
- to any other third party where you have provided your consent.
Further information about our group companies, affiliated entities and the third party service providers that may process your personal information (including their location) can be provided on request by contacting us using the details below.
Legal basis for processing personal information
Under European Union data protection law, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you and process it only:
- where we need the personal information to perform a contract with you;
- where the processing is in our legitimate interests and not overridden by your rights; or
- where we have your consent to do so.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Where we process your sensitive personal information, we do so:
- as required by applicable law;
- on the basis that the processing is necessary for reasons of substantial public interest;
- on the basis of your explicit consent; or
- to establish, exercise or defend legal claims.
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), these interests will normally be: to provide our services to you, respond to your queries, improve our Website(s), undertake marketing, or for the purposes of detecting or preventing illegal activities.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below.
How do we protect your information?
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. We take care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who provide services to us or otherwise have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Privacy Notice and that the security and confidentiality of the information is maintained.
International data transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our group companies, affiliated companies and third party service providers operate in various countries around the world. This means that when we collect your personal information we may process it in any of these countries.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so. If you are a client or vendor (or a representative of a client or vendor) then the information will be retained for a period of time to allow us to provide our services, to comply with applicable legal, tax or accounting requirements and, if necessary, for the establishment, exercise or defence of legal claims.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Your data protection rights
Data protection law provides individuals with certain rights, including the right to: access, rectify, withdraw consent, erase, restrict, transport, and object to the processing of, their personal information. Individuals also have the right to lodge a complaint with the relevant information protection authority if they believe that their personal information is not being processed in accordance with the law. Further information about your rights is set out below:
- Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete personal information. If we disagree and believe the information to be accurate and complete, we will advise you and include a notation on the record that you dispute the information’s accuracy. Requests for corrections or supplements to all other personal information should be made to us at the address set out below. We will respond to your request to correct or supplement your personal information within a reasonable time period and, in any event, within any time period specified in relevant laws.
- Right to withdraw consent. You may, as permitted by law, withdraw your consent to the processing of your personal information at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit from certain service features for which the processing of your personal information is essential.
- Right to object to processing. You may, as permitted by law, request that we stop processing your personal information.
- Right to erasure. You may request that we erase your personal information and we will comply, unless there is a lawful reason for not doing so.
- Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal information. However, you do have the right to contact the relevant supervisory authority in the relevant country directly.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Links to other websites
We link to other websites. We are not responsible for the content or privacy policies of these websites for the way in which information about their users is treated. In particular, unless expressly stated, we are not agents for these websites or advertisers nor are we authorized to make representations on their behalf. In any event, you should explore the privacy practices of those third parties.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
You can see when this Privacy Notice was last updated by checking the date at the end of this Privacy Notice.
How to contact us
If you have any questions or concerns about our use of your personal information, please contact us at: firstname.lastname@example.org . The data controller of your personal information is the Chelsfield group entity (i) with which you or your organisation is engaged as a supplier or customer; (ii) which is considering entering into a relationship with you or your organisation; and/or (iii) with which you are engaged as user of the Chelsfield website.
25 May 2018