Your privacy is important to us. The purpose of this privacy policy (the “ Privacy Policy”) is to inform you of how Student Castle Property Management Services Limited and its related entities, affiliates and subsidiaries (referred to herein as “SCPMS”, “ us”, “we” or “our”) manage personal data in accordance with the EU General Data Protection Regulation (“GDPR”).
Please take a moment to read this Privacy Policy so that you know and understand the purposes for which we collect, use and disclose your personal data. We collect, use and are responsible for certain personal data about you. When we do so, we are responsible as ‘controller’ of that personal data for the purposes of the GDPR.
This Privacy Policy supplements all other privacy notices but does not supersede nor replace them. SCPMS may from time to time update this Privacy Policy to ensure that this Privacy Policy is consistent with any changes in the purposes for which we collect, use and disclose your personal data or any changes in legal or regulatory requirements.
1. Your Personal Data
1.1 In this Privacy Policy, “Personal Data” means any data or information about you from which you can be identified either (a) from that data; or (b) from that data and other information to which we have or are likely to have access. We may collect, use, store and transfer different kinds of Personal Data about you which may include (depending on the nature of your interaction with us):
(a) your name, passport or other identification, telephone number(s), mailing address, email address and any other information relating to you which you have provided us in any forms you may have submitted to us, or in other forms of interaction with you;
(b) information about your use of SCPMS’s website and services, including cookies, IP address, subscription account details and membership details, but only to the extent that SCPMS may identify you from such information;
(c) your employment history, education background, and income levels;
(d) your payment related information, such as your bank account or credit card information, and your credit history; and
(e) information about your usage of and interaction with our website and/or services including computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from our website.
2. Collection of Personal Data
2.1 SCPMS collects your Personal Data in the following ways:
(a) when you submit forms relating to any of our products or services;
(b) when you register for or use any of our services on websites owned or operated by us or when you register as a member of websites owned and/or operated by us, or use services on such websites;
(c) when you interact with our customer service officers;
(d) when you use some of our services, e.g. our accommodation services;
(e) when you establish any online accounts with us;
(f) when you request that we contact you;
(g) when you are contacted by, and respond to, our representatives and agents;
(h) when you respond to our request for additional Personal Data;
(i) when you ask to be included in an email mailing list or other mailing list;
(j) when you respond to our promotions and other initiatives;
(k) when you submit a job application or a scholarship application;
(l) when you enter into licence agreements with us;
(m) when we receive references from business partners and third parties, for example, where you have been referred by them; or
(n) when you provide your Personal Data to us for any other reason.
2.2 When you browse our website, you generally do so anonymously but please see the section below on cookies.
2.3 If you provide us with any Personal Data relating to a third party (e.g. information of spouse, children, parents, employees and/or authorised representatives), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with their Personal Data for the respective purposes.
2.4 You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested.
3. How we use your Personal Data
3.1 We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
(a) where we need to perform the contract we are about to enter into or have entered into with you;
(b) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. These legitimate interests include:
(i) to enable us to enhance, modify, personalise or otherwise improve our products or services for the benefit of our customers;
(ii) to develop new products and services;
(iii) to better understand the effectiveness of promotional campaigns and advertising;
(iv) to promote further sales of our products and services; and
(v) to facilitate any transaction for the benefit of our business, including any relating to the acquisition, divestment, securitisation, amalgamation, listing or other corporate transaction relating to any interest in SCPMS, the shares or assets of SCPMS, and any other corporate transaction involving SCPMS;
(c) where we need to comply with a legal or regulatory obligation; and
(d) where you have given us specific and informed consent.
4. Purposes for the Collection, Use and Disclosure of Your Personal Data
4.1 Generally, SCPMS collects, uses and discloses your Personal Data for the following purposes:
(a) responding to your queries and requests and responding to complaints;
(b) managing the infrastructure and business operations of SCPMS and complying with internal policies and procedures;
(c) facilitating business asset transactions (which may extend to any merger, acquisition or asset sale;
(d) matching any Personal Data held which relates to you for any of the purposes listed herein;
(e) verifying your identity;
(f) preventing, detecting and investigating crime, including fraud and money-laundering, and analyzing and managing other commercial risks;
(g) protecting and enforcing our contractual and legal rights and obligations;
(h) conducting audits, reviews and analysis of our internal processes, action planning and managing commercial risks;
(i) preventing, detecting and investigating crime and managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances); and/or
(j) compliance with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities.
4.2 In addition, SCPMS may collect, use and disclose your Personal Data for the following purposes, depending on the nature of our relationship with you:
(a) If you have a membership account with us:
(i) to process your application for student accommodation services;
(ii) to maintain your account with us;
(iii) to verify and process your personal particulars and payments in relation to provision of student accommodation services to you;
(iv) to provide you with the goods and services which you have signed up for;
(v) communicating with you to inform you of changes and development to SCPMS policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
(vi) resolving complaints and handling requests and enquiries; and
(vii) conducting market research for statistical, profiling and statistical analysis for the improvement of services provided to you.
(b) If you use download or use any of our Apps:
(i) where the App includes App Subscription Services, to process your application for these services;
(ii) to maintain your account with us and to ensure your access of the App is within the scope of your subscription;
(iii) to verify and process your personal particulars and payments in relation to provision of goods and services connected to the App;
(iv) to provide you with the goods and services which you have signed up for and to push articles to you which may be relevant to you;
(v) communicating with you to inform you of changes and development to SCPMS policies, terms and conditions and other administrative information, including for the purposes of servicing you in relation to products and services offered to you;
(vi) resolving complaints and handling requests and enquiries; and
(vii) conducting market research for statistical, profiling and statistical analysis for the improvement of services provided to you.
(c) If you are a prospective licensee/occupier or a licensee/occupier:
(i) conducting appropriate due diligence checks to ensure suitability of licensee/occupier; and
(ii) preparation of documentation, including letters of offer, other relevant licence documentation and applications for any relevant regulatory licences which may be required.
(d) If you submit an application to us as a candidate for employment or an internship:
(i) processing your application including pre-recruitment checks;
(ii) providing or obtaining employee references or other references where relevant for background screening/vetting;
(iii) collecting information about your suitability for the position applied for;
(iv) organising training and staff development programs;
(v) assessing your performance;
(vi) administrating benefits and payroll processing;
(vii) providing you with tools to facilitate or as required for you to do your job; and
(viii) communicating with you as required by SCPMS to comply with its policies and processes, including for business continuity purposes.
4.3 In addition, where you have given us your specific and informed consent, SCPMS may also collect, use and disclose your Personal Data for the following purposes:
(a) providing services, products and benefits to you, including promotions, loyalty and reward programmes;
(b) matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of products and services, whether by SCPMS or other third parties;
(c) administering contests, competitions and conducting lucky draws, including, where necessary, in order to announce the results of these contests, competitions and lucky draws and identify and contact the winners, and in order to publicise and conduct marketing strictly related to these contests, competitions and lucky draws;
(d) sending you details of products, services, special offers and rewards, either to our customers generally, or of particular products and services which may be of interest to you; and
(e) conducting market research, understanding and determining customer location, preferences and demographics for us to review, develop and improve our products, services and also develop special offers and marketing programmes.
4.4 If you have provided your contact details and have indicated that you consent to receiving marketing or promotional information via your contact details, then from time to time, SCPMS may contact you using such contact details with information about our products and services (including discounts and special offers).You can withdraw your consent to this marketing at any time by contacting us at the contact details in paragraph 12.
4.5 In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, then we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
5. Disclosure of Personal Data
5.1 SCPMS will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, this Personal Data may be disclosed, for the purposes listed above (where applicable), to the following third parties:
(a) SCPMS affiliates;
(b) agents, contractors or third party service providers who provide operational services to SCPMS, such as telecommunications, information technology, payment, payroll, processing, training, market research, newspaper vendor services, newspaper delivery services, storage, archival or other services to SCPMS;
(c) vendors or any third party business partners who offer goods and services or sponsor contests or other promotional programs on SCPMS’s sites, whether in conjunction with us or not;
(d) external business and charity partners in relation to corporate promotional events;
(e) credit bureaus, or in the event of default or disputes, any debt collection agencies or dispute resolution centres;
(f) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale;
(g) anyone to whom we transfer or may transfer our rights and duties;
(h) banks, credit card companies and their respective service providers;
(i) our professional advisors such as our auditors and lawyers;
(j) relevant government regulators or authority or law enforcement agency to comply with any laws or rules and regulations imposed by any governmental authority; and
(k) any other party to whom you authorise us to disclose your personal data.
6. Use of cookies
6.1 SCPMS uses “cookies”. A cookie is a small data file which is stored on your device when you use our website. For more information about the cookies we use, please click here for our Cookie Policy.
7. Third-Party Sites
7.1 Our website and/or our Apps may contain links to other websites operated by third parties. We are not responsible for the privacy policies of websites operated by third parties that are linked to our website. We encourage you to read the privacy policies of all such third party websites you visit. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable terms, conditions and policies of the third party website to determine how they will handle any information they collect from you.
8. International transfers
8.1 We transfer your Personal Data outside the European Economic Area (EEA).
8.2 Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that a GDPR compliant safeguard is in place.
8.3 Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
9. Data security
9.1 We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
9.2 We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Data retention
10.1 We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
10.2 To determine the retention period for your Personal Data, we (amongst other things) consider the nature of the Personal Data, the risk of unauthorised use or disclosure of your Personal Data, the purposes for which we process it Personal Data and the applicable legal requirements.
10.3 Details of retention periods for different aspects of your Personal Data are available on request, by contacting us.
10.4 In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
11. Withdrawal, Access and Correction of your Personal Data
11.1 Should you wish to withdraw consent to use of your Personal Data (where this is the legal basis for us using your data) or obtain access to or make corrections to your Personal Data records, please log in to the relevant account through which the Personal Data was provided, if any, failing which please contact our Data Protection Officer via the details listed in section 12 below.
11.2 Please note that if you notify us that you no longer wish us to use your Personal Data, depending on the nature of your request, SCPMS may not be in a position to continue to provide its products or services to you or administer any contractual relationship in place, and this may also result in the termination of any agreements with SCPMS and your being in breach of your contractual obligations or undertakings, and SCPMS’s legal rights and remedies in such event are expressly reserved.
11.3 Under certain circumstances, you have rights under the GDPR in relation to your Personal Data. In particular, you have the following rights which you can exercise free of charge, by contacting us via the details below:
11.4 You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
|
Access |
The right to be provided with a copy of your Personal Data (the right of access) |
|
Rectification |
The right to require us to correct any mistakes in your Personal Data |
|
To be forgotten |
The right to require us to delete your Personal Data —in certain situations |
|
Restriction of processing |
The right to require us to restrict processing of your Personal Data—in certain circumstances, e.g. if you contest the accuracy of the data |
|
Data portability |
The right to receive the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
|
To object |
The right to object: —at any time to your Personal Data being processed for direct marketing (including profiling); and —in certain other situations to our continued processing of your Personal Data, e.g. processing carried out for the purpose of our legitimate interests. |
|
Not to be subject to automated individual decision-making |
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. |
11.5 We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
11.6 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
12. How to contact us
12.1 Please direct any queries about this policy or about the way we process your personal information using the contact details below. If you wish to write to us, please write to Student Castle Property Management Services Limited, Head Office, Third Floor, 16 D'Arblay Street, London, W1F 8EA. Our email address for data protection queries is dpo@studentcastle.co.uk. If you would prefer to speak to us by phone, please call 020 7183 7764.
13. How to complain
13.1 We hope that we can resolve any query or concern you may raise about our use of your Personal Data.
13.2 The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
(Last updated on 15 October 2020)
