Welcome to the Ballymore privacy notice. At Ballymore we are committed to ensuring that your privacy is protected. This privacy notice explains how we will collect your personal data and how we use your personal data. This means information that relates to you as an identifiable person or ‘data subject’ and therefore constitutes ‘personal data’ as defined by the General Data Protection Regulation (“GDPR”).
Ballymore Development Management Ltd (“BDML”), Ballymore Asset Management Ltd (“BAML”) and Ballymore Construction Services Ltd (“BCSL”), members of the Ballymore group, will act as a data controller of your personal data. Throughout this privacy notice BDML, BAML and BCSL are referred to collectively as “Ballymore”, “we” or “us”.
Ballymore are committed to protecting the rights and privacy of individuals and complying with the GDPR. We consider your privacy to be of utmost importance and want you to be confident that your personal data is kept safely and securely and for you to understand how it is used. As such, this privacy notice sets out the following information:
2.1. As data controllers of any personal data collected Ballymore will determine the purposes and way in which such personal data are, or will be, processed.
2.2. Our full contact details are:
We have appointed a data protection team (DPT) who are responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPT at datadepartment@ballymoregroup.com or by writing to the address at 2.2 above marked for the attention of the Data Protection Team, Data Department.
3.1. This privacy notice was last amended on 3 April 2023. It supersedes any earlier versions.
3.2. It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
3.3. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes. You can ask us to rectify or update your personal information at any time by contacting us at datadepartment@ballymoregroup.com.
4.1. We may hold and processing the following categories of personal data:
See the glossary at the end of this policy for more details of each category.
4.2. We also collect, use and share aggregated data such as statistical or demographic data to help us manage services, for example to monitor access into leisure facilities or car park to track peak periods. This aggregated data may be derived from your personal data but is no longer personal data as it does not directly or indirectly reveal your identity.
We use different methods to collect data from and about you including:
5.1. From you directly.
This includes personal data you provide when you:
5.2. From third parties.
We may receive personal data about you for the following third parties and public sources:
5.3. Automatically collected from or about you or your device.
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. If this is the case, we will notify you at the time.
6.1. In the table below, we have summarised the purposes for which we may use your personal data and the lawful basis for this. If we need to process your personal data for a different purpose that is not compatible with the original purpose, then we will let you know.
6.2. We may process your personal data for a different purpose than listed below and without your consent where it is necessary for us to comply with our legal obligations.
6.3. Where our processing of your data is based on your consent, you may withdraw your consent at any time by contacting datadepartment@ballymoregroup.com, at which point we will cease to process your personal data for the purposes to which the consent applies.
6.4. Note that we may process the lawful basis on which we rely to process your personal data may vary depending on the purpose for which we are using your data. Please contact us via the Data Protection Team (datadepartment@ballymoregroup.com) if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose / Activity | Type of Data | Lawful basis for processing including basis for legitimate interest |
To communicate with you, handle queries and complaints, manage our relationship with you and administer our business. |
Identity Contact Financial Transaction |
Necessary for our legitimate interests in running our business, keeping our records updated and executing our responsibility as Managing Agent. |
To register you as a new customer |
Identity Contact Profile Marketing and Communications |
Necessary for our legitimate interests in keeping records of our customers. |
To facilitate the reservation, purchase, sale, renting, leasing, or licensing of a property. |
Identity Contact Financial Transaction Marketing and Communications |
Performance of a contract or potential contract with you Necessary for our legitimate interests |
To facilitate the collection of service charge payments and ground rent payments due under your contract, including collection by selected third parties. |
Identity Contact Financial Transaction |
Performance of a contract with you. |
To verify your identity, verify your eligibility for certain services, conduct credit reference checks, prevent or detect fraud or money laundering. |
Identity Contact Financial Transaction |
Necessary to comply with a legal obligation, where this processing is comply with anti-money laundering legislation. Otherwise, we rely on the processing being necessary for our legitimate interest in assessing customers’ credit-worthiness and ensuring we are not defrauded. |
To verify your identity in order to verify your eligibility for access to certain services and Ballymore properties in order to prevent or detect unauthorised use (such as a lease infringement). |
Identity Contact Profile Financial Transaction Security Systems |
Necessary for our legitimate interests in protecting property and maintaining the security of our estate. |
To manage our relationship with you, including: Asking you to leave a review or take a survey or provide feedback on our services. Notifying you about changes to our terms or privacy notice. Enabling you to participate in events, competitions and surveys. |
Identity Contact Usage Profile Marketing and Communications |
Necessary for our legitimate interests: to keep our records updated, to study how customers use our websites/services, and to develop and grow our business. |
To provide customer support such as Sales services, Concierge and Front of House services, Helpdesk services, Security services, facilities services, parking services, etc. |
Identity Contact Financial Usage Profile Security Systems |
Provision of services which are necessary to perform our contract with you. |
To provide our key authorisation service, allowing you to leave your keys with us for others to collect. |
Identity Contact Profile Security Systems |
Performance of a contract with you. |
To enable you to use our gym facilities | Special Categories – health information | Consent |
To administer and protect our business and network security including websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). |
Identity Contact Profile Technical Usage Security Systems |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and unauthorised access). |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you to include permitting selected third parties to assist in improvement and optimisation of marketing material and content, our services and the websites / applications. |
Identity Contact Profile Usage Marketing and Communications Technical |
Necessary for our legitimate interests (to study how customers use our website/services, to develop them, to grow our business and to inform our marketing strategy). |
To use data analytics to improve our websites, products/services, marketing, customer relationships and experiences. | Technical Usage | Necessary for our legitimate interests (to define types of customers based on their age, gender and interests for our products and services, to keep our websites updated and relevant, to develop our business and to inform our marketing strategy). |
To ensure that content from our websites and our applications are presented in the most effective manner for you and your device. |
Identity Contact Financial Transaction Technical |
Necessary for our legitimate interests (to develop our products/services and grow our business and provision of administration and IT services). |
To make suggestions, recommendations and provide information to you about goods or services that may be of interest to you |
Identity Contact Technical Usage Profile |
Necessary for our legitimate interests (to develop and grow our business) where these suggestions and recommendations are made by post. Where these communications are electronic, we rely on your consent. |
To comply with requirements imposed by law or any court order. |
Identity Contact Financial & Transaction Employment Related Technical Usage Security Systems |
Necessary to comply with our legal obligations |
6.5. Marketing and promotional offers
6.6. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which properties, services and offers to send you (we call this marketing).
6.7. You will receive marketing communications from us via the channels you have selected (for example phone, email, SMS, push notifications) where you have opted in to receiving that marketing.
6.8. You can ask us to stop sending you marketing messages at any time by contacting the Data Protection Team or by following the opt-out links on any marketing message sent to you.
6.9. If you do withdraw your consent to marketing, this will result in us ceasing to directly market goods and services to you, but we will still process your personal data in order to fulfil our contract with you and in accordance with our legal, accountancy and regulatory obligations.
6.10. We will get your express opt-in consent before we share your personal data with any company outside the Ballymore Group for their own marketing purposes. You have the right to withdraw consent for us to pass your information to third parties for marketing purposes. If you no longer wish to be contacted by third parties for marketing purposes, please follow the instructions in their marketing communications, or consult their privacy policies about how to unsubscribe
6.11. Cookies and remarketing
We work with a number of trusted partners, suppliers, contractors and businesses in order to deliver the range of services we provide. We may share your personal data with the parties set out below for the purposes outlined in the table in section 6.
7.1. Ballymore Group companies
As set out in this privacy notice, we are part of the Ballymore group. The ‘Ballymore’ brand is licensed to a range of companies within the Ballymore Group who sell, market and manage Ballymore branded and co-branded property developments (which we refer to as ‘Ballymore Group’ companies). We share your personal data with such companies, which are based in the United Kingdom, Ireland and Jersey.
7.2. External Third Parties
We may also share your personal data with external third parties, such as:
7.3. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
8.1. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
8.2. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK. Please be aware that there may be circumstances where we are able to rely on a legal derogation from the requirement to implement an appropriate safeguard when making a transfer.
Once we have received your personal data we will use reasonable and necessary procedures and security features to prevent unauthorised access. For example, we limit who can access your personal data to those individuals and third parties who need to know it and who are subject to a duty of confidentiality.
If we become aware of a data breach we will notify the Information Commissioner’s Office. If we believe that the data breach is serious, we may notify you in accordance with our legal obligations.
10.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
10.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
10.3. Please contact us if you would like a copy of our Data Retention Policy.
10.4. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
10.5. In some circumstances, you can ask us to delete your data: Please contact us for further information.
11.1. Under data protection laws you have the right to protect and look after your personal data. You have the right to:
11.2. If you wish to exercise any of the rights set out above, please contact us at datadepartment@ballymoregroup.com. The rights listed above may apply only in certain circumstances, and so we may not always be able to comply with your request to exercise these rights.
11.3. We will usually respond to a request from you to exercise your rights within 1 month of receipt, but it might take longer if your request is particularly complex or if you have made a number of requests. Please be aware that we may need to process your personal data and/or request specific information from you to help us comply with your request. You will not usually have to pay a fee to exercise these rights, but we reserve the right to charge a fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request.
As detailed in Section 1, Ballymore will act as data controller in relation to personal data. This means that we have responsibilities in relation to that personal data. You can find out more and exercise the rights set out above by contacting us. In order to ensure that any such enquiry is dealt with promptly and efficiently, we recommend that in the first instance you contact our Data Protection Team at datadepartment@ballymoregroup.com and tell us what your enquiry relates to in the subject line.
Should you feel that your personal data has not been processed in accordance with this privacy notice or that your data protection rights have been infringed, you can complain directly to the Information Commissioner’s Office who is the UK supervisory authority for data protection issues.