Privacy Policy

Castle Mall Shopping Centre is committed to protecting your privacy and ensuring the security of your personal information.  We use your information as set out in this Privacy Notice.

INFORMATION ABOUT US

Castle Mall Shopping Centre is managed by Munroe K Asset Management Ltd on behalf of the owner of the property.  The owner acts as joint data controller with Munroe K in relation to the personal information which is used in running Castle Mall Shopping Centre. Munroe K’s details are as follows:

Munroe K Asset Management Ltd.

Registered office: 125 Wood Street, London EC2V 7AW

Registered company number: 03971723

Contact details (should you have any questions): 14 Floral Street, London WC2E 9DH

The owners are responsible for overall strategy decisions in relation to the shopping centre.  Service providers or other third parties who handle your information may be appointed by the owner or by Munroe K on the owner’s behalf.  Munroe K are responsible for the day-to-day management of your information, within the scope of their management contract, including storing it, keeping it secure and responding to any requests you make.

When we refer to ‘us’ or ‘we’ in this notice, we are referring to the owners jointly with Munroe K. References to Munroe K or the owners include their subsidiary companies. References made to ‘you’ or ‘your’ refers to any individual whose personal information we process.

INTRODUCTION

We will treat your personal information as confidential and in accordance with data protection legislation; your personal information will only be shared with others in accordance with this Privacy Notice.

This Privacy Notice outlines:

What personal information is
Types of personal information we collect and why
The legal basis for processing your personal information
How your personal information is shared
How long your personal information is retained
How we keep your personal information secure
Your rights in relation to your personal information
How to contact us or to make a complaint
How future changes to this Privacy Notice will be dealt with

PERSONAL INFORMATION

Personal information is any information about you.  This could include information such as name, date of birth, contact details, bank account details or any information about your circumstances.

Under data protection legislation certain personal information relating to health, racial or ethnic origin, religious beliefs or political opinions and sexual orientation is classified as ‘special’ due to it being sensitive information.  We need to have further justifications for collecting, storing and using this type of personal information. Please see section 2.

Where this privacy notice makes reference to personal information it will include personal data, and where relevant, special categories of personal data.

TYPES OF PERSONAL INFORMATION COLLECTED AND WHY

Contract information and other correspondence

Whenever you engage with us (by email, telephone, post, SMS or via our website) we may collect your full name and contact details (such as phone number, email address and postal address) from you.

When you enter into a contract with us (or someone does so on your behalf) there will be personal information about you relating to that contract such as your name, contact details, contract details, and correspondence with us about the contract that will be required to enable us to carry out the contract with you.  If the information is not provided we will be unable to perform our contract with you and may not be able to provide services to you or continue to provide certain services to you. When this is the case this will be explained at the point when information is collected from you

When you are entering into a contract certain information is generally mandatory including the information set out above plus any information required for us to carry out anti money laundering checks.

Call information. We may also collect details of phone numbers used to call our organisation and the date, time and duration of any calls. Please note that if we record your calls to or from us, we will inform you of this.

Marketing

If you subscribe to receive marketing information or news we may collect your name and contact details (such as your email address, phone number or address) in order to send you information about events, goods or services which you might be interested in.  We may collect this directly from you, or through a third party. If a third party collected your name and contact details, they will only pass those details to us for marketing purposes if you have given your permission.

You always have the right to ‘opt out’ of receiving our marketing. You can exercise that right at any time by contacting us at datacontrol@castlemallnorwich.co.uk

.  If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails.  We may still need to contact you for administrative or operational purposes, but we will make sure that those communications don’t include direct marketing.

We never share your name or contact details with third parties for marketing purposes unless we have your ‘opt-in’ consent to share your details with a specific third party for them to send you marketing.  We do use third party service providers to send out our marketing, but we only allow them to use that information where they have agreed to treat the information confidentially and to keep it secure.

Website information

We may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools.  We use this as necessary for our legitimate interests in administering our website and to ensure it operates effectively and securely.

For detailed information on the cookies we use and the purposes for which we use them see https://castlemallnorwich.co.uk/cookies/

Our website may, from time to time, contain links to third party websites.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Employee information

If you work for one of our customers, suppliers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you.  This information may be collected directly from you or provided by your organisation. We use this as necessary for our legitimate interests in managing our relationship with your organisation and to comply with our legal obligations.

Information collected at our premises

Visitor information. We collect information about visitors to our premises.  We may record information on your visit, including the date and time, who you are visiting, your name, employer, contact details and vehicle registration number.  If you have an accident at our premises, this may include an account of your accident.

CCTV. We may operate CCTV at our premises which may record you and your activities.  We display notices to make it clear what areas are subject to surveillance. We only release footage following a warrant or formal request from law enforcement, or as necessary in relation to disputes or requests from insurers.

The information is to ensure site security and visitor safety as well as administering parking.

Job applicants

We collect and hold information provided to us by direct job applications or from recruitment agencies and use this in evaluating candidates, recording our recruitment activities, to enter into an employment contract and to enable us to perform our employment law obligations and rights.  For successful applicants, information will be used in accordance with our internal privacy notice which will be provided.

If you are listed as a referee by a job applicant or an emergency contact by someone who works for us, we will hold your name, contact details and details of your relationship with that worker.  We will use this only to contact you to carry out our obligations under employment law.

Legal claims

If we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims.  We may also need to share this information with our insurers or legal advisers.

Information we receive from third parties

We work with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) who may provide us with information about you, to be used as set out in this notice.

Special categories of data

We may collect and use the following “special categories” of more sensitive personal information in the following situations:

Biometric data (in relation to security access systems)

Information about your health, including medical records (in relation to insurance claims for the legitimate interest of managing the property  and as necessary to establish, exercise or defend legal claims).

THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

We will only use your personal information when the law allows us to do so.  Although in limited circumstances we may use your information because you have specifically consented to it, we generally rely on the following legal bases to use your information:

For employment-related purposes
Where we need information to perform the contract we have entered into with you
Where we need to comply with a legal obligation
Where the processing is necessary for us to carry out activities for which it is in our legitimate interests (or those of a third party) to do so and provided that your interests and fundamental rights do not override those interests.
We will only use your personal information for the purposes for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

HOW YOUR PERSONAL INFORMATION IS SHARED

As well as any sharing listed above, we may also share your information with third parties, including third-party service providers (for example, those providing legal advice, IT services or payment processing).  Third parties are required to respect the security of your personal information and to treat it in accordance with the law. We never sell your data to third parties.

We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation.

All our third-party service providers are required to take appropriate security measures to protect your personal information.  Where third parties process your personal information on our behalf as ‘data processors’ they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We may also need to share your personal information with a regulator or to otherwise comply with the law.

HOW LONG WE RETAIN YOUR PERSONAL INFORMATION

The period for which we will keep your personal information will depend on the purposes for which we are using your information.  The retention period may be longer than the period for which we are providing services to you where we have statutory or regulatory obligations to retain personal information for a longer period, or where we may need to retain the information in case of a legal claim.

HOW WE KEEP YOUR INFORMATION SECURE

Maintaining the security of information is very important and we have measures in place which are designed to prevent unauthorised access to your personal information, we have set out some of these below.

All data is hosted on our own secure servers or those of our third-party providers of specific services.  We have systems and protections in place to protect against unauthorised access and other external factors that could cause damage to your personal data.  There are strict access requirements in place and access is restricted to those personnel on a need to know basis. Training is provided to our employees and workers who need access to personal information.

Hard copy documentation is stored in locked cabinets.

YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

You have a number of rights in relation to your personal information.  The key rights are set out below:

Be informed about how we use your personal information

Obtain access to your personal information that we hold

Request that your personal information is corrected if you believe it is incorrect, incomplete or inaccurate

Request that we erase your personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations).

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim).

Request the restriction of processing of your personal information.  This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

In the event that you notify us that you withdraw consent to the collection, processing and transfer of your personal information for a specific purpose (if we are relying on your consent rather than one of the other bases set out in section 3).  We will no longer process your information for the purpose(s) you originally agreed to once we have received your notification unless we have another legitimate interest in doing so. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with the Information Commissioner’s Office ‘ICO’ (see section 8).

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us at datacontrol@castlemallnorwich.co.uk

CONTACT DETAILS AND COMPLAINTS

Contact details

If you have any questions, comments or requests regarding any aspect of this Privacy Policy, please do not hesitate to contact us by sending an email to datacontrol@mkaml.co.uk or writing to 14 Floral Street, London WC2E 9DH.

Complaints

If you have any complaints about the way we use your personal information please contact us at 14 Floral Street, London WC2E 9DH and we will try to resolve the issue.  If we cannot resolve any issue, you also have the right to complain to the Information Commissioners Office at ico.org.uk

CHANGES TO THIS PRIVACY NOTICE

Any changes we make to our privacy notice in the future will be posted on this page.  Please check back frequently to see any updates or changes to our privacy notice.