- This website theknightsbridgeestate.co.uk (the “Website”) is operated by Chelsfield KE LLP on behalf of ourselves, our group companies, Carraig Investments Sarl (“Carraig”) and affiliated organisations (collectively, “Chelsfield”, “we”, “our” or “us”).
- Chelsfield KE LLP, jointly with Carraig, are the data controllers in respect of your personal data. This means that Chelsfield KE LLP and Carraig jointly determine the purposes and means of the processing of your personal data.
Our contact details: 50 Hans Crescent, London, SW1X 0NA
3. This Privacy Notice explains how we use the personal information that we collect through the Website or when you provide personal information as part of our relationship or potential relationship with you (or your organisation) as a supplier, customer or business partner.
4. If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed herein, please address questions, comments and requests to the contact details set out in section 15 below.
What information do we collect?
We collect the following information directly from you:
A. Information you provide voluntarily
This includes information about you that you give to us if you email us about a question, complaint or to report a problem with the Website, or that we may ask you to provide to us. This information may include your name, e-mail address, organisation, country, zip code/postal code, job title, telephone number(s) and details of your comment or query.
If you provide us with information about another person, you confirm that they have appointed you to act for them, that you have informed them of our identity and the purposes (as set out in this Privacy Notice) for which their information will be processed and that you have obtained any necessary consents to the processing of their personal information. When we first contact them, we may tell them where we got the information from.
B. Information we collect when you do business with us
We may collect and process information relating to you as an individual (whether as a Website user or otherwise) when you conduct business with Chelsfield in respect of the Knightsbridge Estate as, or on behalf of, a customer or prospective customer, or as, or on behalf of, a vendor, supplier, consultant, professional adviser or other third party (“Customer, Vendor or Business Partner”) (“Customer, Vendor or Business Partner Data” shall mean personal data related to Customers, Vendors or Business Partners). Examples of Customer, Vendor or Business Partner Data include:
- contact details of a point of contact for Chelsfield Customer, Vendor or Business Partners (such as name, business phone numbers, business address, e-mail address);
- role-related information about Customer, Vendor or Business Partners or their representatives (such as job title, responsibilities, department, work history, qualifications and experience); and/or
- financial information (such as financial account information about individuals connected to a particular business) or property ownership information relating to such individuals if needed to take payment or fulfil contractual obligations or for due diligence or related purposes.
5. Information that we collect automatically
When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, cookie ID, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. Some of this information may be collected using cookies and similar tracking technology. For more information on this, please read our cookies policy.
C. Information we obtain from third party sources
Sometimes we may receive personal information about you from third party sources such as credit check databases, politically exposed persons databases, government denied parties, sanctions and watch lists, your employer, other parties in the real estate sector such as real estate agents, purchasers, vendors, borrowers, lenders, architects, engineers, surveyors, developers, landlords, tenants and financial institutions, as well as online sources databases and public registries. We will only obtain this information where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. The types of information we may collect from third parties includes information about whether you have been subject to any particular regulatory action or legal proceedings.
Sensitive personal information
Some of the information you provide or that we obtain from third-party sources (where permitted by, and in accordance with, applicable law) may be sensitive (or what is known as special category data), such as any criminal convictions you have received or details of your political activities or religious affiliations (e.g. in the context of establishing whether you are a politically exposed person).
For which purposes do we use your personal data?
6. Your personal data may be stored and processed by us in the following ways and for the following purposes:
- to maintain and improve the accuracy of the records we hold about you and for the administration and maintenance of databases storing personal data;
- to assess any risks arising from any relationship or prospective relationship with you and/or your organisation;
- to conduct “know your counterparty” checks and to otherwise assess risk in accordance with applicable law in the context of engaging with you/your organisation as a prospective customer or supplier;
- for ongoing review and improvement of the information provided on our Website to improve the quality, relevance and experience of our Website for our visitors and to ensure they are user friendly and to prevent any potential disruptions or cyber attacks;
- to understand feedback on our products and services and to help provide more information on the use of those products and services quickly and easily;
- to communicate with you in order to provide you with services or information about our products and services;
- to understand your needs and interests;
- for the management and administration of our business;
- in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; or
- to establish or defend legal rights or for other purposes relating to legal proceedings.
What is our legal basis for processing your personal data?
7. The legal basis for processing your personal data: we are entitled to process your personal data in these ways because either:
- we have obtained your consent, where this has been given unambiguously;
- we have legal and regulatory obligations that we have to discharge;
- we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
- processing is necessary for the performance of a contractual obligation;
- the use of your personal data as described is necessary for the purposes of the legitimate interests pursued by us such as:
- allowing us to effectively and efficiently manage and administer the operation of our business;
- marketing our products and services;
- ensuring the security of information systems; and
- ensuring compliance with: (i) internal policies and procedures; and (ii) all legal and regulatory obligations and industry standards and preventing fraud.
Who do we share your data with?
8. The recipients or categories of recipients of your personal data may include:
- our third party suppliers who help us maintain the Website and run our business e.g. our hosting provider, website developers, marketing agencies and our IT support team;
- our professional advisors e.g. accountants;
- other companies within the Chelsfield Group Limited group of companies and affiliates of Carraig; and
- credit reference agencies, law enforcement and fraud prevention agencies.
We may also disclose your personal data to any prospective buyer of our business or assets or if we are acquired by a third party, in which case the personal data held by us about you will be disclosed to the third party buyer.
We may share data with our company entity in Luxembourg. If applicable, we shall ensure that there is an adequate transfer mechanism in place. We may also transfer or process your data outside the EEA. Where we transfer your personal data outside of the EEA, we take reasonable steps to ensure that your data will be protected and that any transfer is in line with EU data protection laws.
International transfers of personal data
9. We are an international business and, as a result, we may transfer your personal data to locations outside of your country.
Where we transfer your personal data to another country outside the European Economic Area (“EEA”), we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside the EEA, for example, this may be done in one of the following ways:
- the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for personal data;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data;
- the recipient may have adhered to binding corporate rules (only for intragroup transfers);
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
- in other circumstances the law may permit us to otherwise transfer your personal data outside Europe.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us as described in Section 15 below.
10. We are committed to protecting the information we receive from you. We follow reasonable technical and management practices to help protect the confidentiality, security and integrity of data stored on our system. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
Third party websites
11. The Website may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
12. We retain your personal data for: (i) as long as we need it to carry out the processing detailed in this Privacy Notice; and (ii) where applicable, any minimum period required by law. Specific information about our record retention policies is available on request. Please contact us at firstname.lastname@example.org. Note that we may retain some limited information about you even when we know that you have left the organisation that you represent, so that we can maintain a continuous relationship with you if and when we are in contact with you again, representing a different organisation.
Your data protection rights
13. Under data protection law you may have a right:
- of access to the personal information that we hold about you, and to some related information;
- to request any inaccurate personal information to be corrected or deleted;
- to object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances; and
- to request the transfer of your personal information to another party in a machine-readable commonly used and structured format.14. If we are relying on your consent to process data, you may withdraw your consent at any time by notice to us.15. If you wish to exercise any of these rights, please contact us as at email@example.com. We will respond to your request within one month of receipt of your request. In some cases we may not be able to fulfil your request to exercise the right before this date, and may need to request more time. Where we cannot provide a full response to you for any reason, we will let you know about this in our initial reply to your request. You can also lodge a complaint about our processing of your personal information with the office of the UK Information Commissioner (ico.gov.uk).
16. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
17. If you choose not to supply your personal data to us you may not be able to access certain areas of the Website or use certain services.
18. We may change this page from time to time, to reflect how we are processing your data. If we make significant changes, we will make that clear on the Website or by some other means of contact such as email, so that you are able to review the changes before you continue to use the Website.