personal information (such as name, telephone number, email address)
We use your personal data to enable us to provide our services to you under our terms of business with you, inform our own marketing, risk and diversity policies , and to comply with our legal obligations, for example to prevent fraud . We do not use your personal data to make automated decisions or for profiling.
Processing is necessary for either:
the performance of our contract with you or for us to take steps for us to enter into a contract or
the legitimate interests of ourselves or a third party, except where such interests are overridden by your interests, rights or freedoms. Such as to enable us to run our business, make marketing and risk decisions or to enable us to comply with our compliance obligations or the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller such our duty to identify fraud.
The information you provide to us is on a voluntary basis. This data may be personal data. We may obtain personal data from publicly accessible sources (including social media). We cannot provide our services to you without processing and disclosing your personal data.
We hold your data;
In the case of data processed in pursuance of a contract with you or due to our legal obligations, seven years following the last date we communicated with you;
In the case of data processed with your consent for marketing purposes, 2 years after you first gave us consent or earlier if you withdraw consent;
after which time it is securely disposed of and/or deleted.
In the case of data processed in respect of our legitimate interests after considering your own, we review this every year and we will delete the data as soon it is no longer necessary for our purpose or earlier if you object.
We routinely share this information with:
People in connection with the work we do for you with such as data lawyers and IT and marketing companies.
People in connection with the operation of our business such as, accountants, lawyers and regulatory bodies.
People to whom we have a legal duty, such as the police.
We do not share information about you with anyone without consent unless the law and our policies allow us to do so.
We only share your data if it is
Necessary for the purpose of our contract with you
Necessary due to a legal obligation
Necessary for a legitimate interest we have, after considering your own interests.
We have robust processes in place to ensure that the confidentiality of your personal data is maintained and there are stringent controls in place regarding access to it and its use.
Decisions on whether we release your personal data to third parties are subject to a strict approval process and based on a detailed assessment of:
who is requesting the data
the purpose for which it is required
the level and sensitivity of data requested; and
the arrangements in place to securely store and handle the data
To be granted access to your personal data, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or;
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe, or;
Where we use providers based in the US, we may transfer data to them if they are part of Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact,
The Data Protection Officer
OIG Real Estate Limited
Labs Atrium, Staples Market,
London NW1 8AH
object to processing of personal data that is likely to cause, or is causing, damage or distress;
prevent processing for the purpose of direct marketing ;
object to decisions being taken by automated means;
in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed;
claim compensation for damages caused by a breach of the Data Protection regulations .
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact the Data Protection Manager.