PRIVACY POLICY
Last updated 25 May 2018
We treat personal data provided to us with respect and integrity. Respect and integrity form part of our core values, which are the foundation for the conduct of our business in all parts of the globe. We are committed to protecting your privacy and it is important that you understand how we look after your personal data and how we make sure that we meet our legal obligations to you under UK data protection rules (including associated guidance) (the "Data Protection Laws"). This Privacy Policy outlines how we will use, store and share your personal data and supplements any fair processing notice provided to you.
This privacy policy applies globally to Lendlease Corporation Limited ABN 32 000 226 228 with its registered office at Level 14, Tower Three, International Towers Sydney, Exchange Place, 300 Barangaroo Avenue, Barangaroo NSW 2000, Australia, and its related companies (the 'Lendlease Group', 'we', 'our' or 'us') and the personal data that we collect online through your use of our website www.lendlease.com, including all country-specific websites and any other website operated by any member of the Lendlease Group, ("website"), online systems or offline through your interactions with us.
As a global organisation the Lendlease Group regularly handles and transfers “personal data” (being information which is capable of identifying an individual) between Lendlease Group companies, including between Lendlease Group companies operating in different countries. Many of our developments are delivered by the Lendlease Group companies working together, sometimes through a joint venture vehicle such as a limited liability partnership. In such cases, any personal data submitted to or otherwise collected by this website which is related to those developments is collected by all of these organisations working together. Each of these organisations is a data controller in respect of the use it makes of this information and each has agreed to comply with this Privacy Policy.
In this Privacy Policy, the terms 'we', 'our' or 'us' are used to refer to the data controller primarily responsible for your personal information. Who the data controller is depends on where you are based, and the information being provided as set out below.
WHAT DO WE COLLECT, WHAT DO WE DO WITH IT AND WHY?
1. Information collected
- Contact details (name, address, email address, phone number, fax number, correspondence)
Who from?
- You (the data subject)
Purpose/ lawful basis
- General enquiry – in our legitimate interests to process the information to respond to your enquiry
Who is it shared with?
- The Lendlease Group
2- Information collected
- Contact details (name, address, email address, phone number, fax number, correspondence)
Who from?
- You (the data subject)
Purpose/ lawful basis
- To register your interest in a residential property or make a reservation – to take steps at your request to enter into a contract with you
Who is it shared with?
- The Lendlease Group
3- Information collected
- Contact details (name, address, email address, phone number, fax number, correspondence)
Who from?
- You (the data subject)
Purpose/ lawful basis
- When you make a reservation and when you purchase a property – for the performance of our contract with you
Who is it shared with?
- The Lendlease Group and its legal and sales advisors
4- Information collected
- Contact details (name, address, email address, phone number), marketing preferences
Who from?
- You (the data subject)
Purpose/ lawful basis
- To sign up to our newsletter/ marketing or shopping centre Wi-Fi – this is in our legitimate interests,
but to comply with marketing rules, we will ask you for your consent to electronic marketing
Who is it shared with?
- The Lendlease Group
5- Information collected
- Contact details (name, address, email address, phone number, fax number, warranty information, contract, account information, defect notification(s), correspondence)
Who from?
- You (the data subject), contractors/ sub-contractors where maintenance/ support provided (e.g. defects)
Purpose/ lawful basis
- To manage your purchase/ our contractual relationship – for the performance of our contract with you
Who is it shared with?
- Contractors/ sub-contractors to remedy defects, the Lendlease Group, our Customer Relationship Management system provider.
6- Information collected
- Call recording
Who from?
- Our phone system
Purpose/ lawful basis
- For training and monitoring purposes - for our legitimate business interests
Who is it shared with?
- The Lendlease Group
7- Information collected
- CCTV images
Who from?
- Our CCTV cameras
Purpose/ lawful basis
- For crime prevention and public safety - for our legitimate business interests
Who is it shared with?
- The Lendlease Group and its property and security managers and law enforcement agencies
8- Information collected
- Job applications (Lendlease) (CV information, contact details (name, address, phone number, email address), references, correspondence)
Who from?
- Workday (external website), you (the data subject)
Purpose/ lawful basis
- To review and interview job candidates – for our legitimate business interests
Who is it shared with?
- The Lendlease Group, recruitment contractors
9- Information collected
- Cookies and IP addresses
Who from?
- Please see our cookies policy
Purpose/ lawful basis
- Please see our cookies policy
Who is it shared with?
- Please see our cookies policy
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods
Home owners
When you purchase a home from us, we’ll keep the personal data you give us for twelve years, so we can comply with our legal and contractual obligations.
Inactive customers
If you’ve not used your account for more than five years, it will be flagged as inactive and we’ll contact you to ask whether you want to keep it open. Unless you reply to say ‘yes’, we’ll close the account and delete or anonymise the personal data associated with it.
Where we say above that we collect your information on the basis of our legitimate business interests, we are required to carry out a balancing test of these interests against your interests and rights under the Data Protection Laws. As a result of our balancing test, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal data in accordance with the Data Protection Laws on the basis that we have a legitimate business interest.
Legitimate interest
We have a legitimate interest in processing your information as:
- We need the information to respond to your enquiries;
- We need the information to send you information;
- We would be unable to provide our services without processing your information;
- We would be unable to process your job application without processing your information;
- We need call recordings for evidential purposes and to help us perform our contract(s) with you; and/or CCTV is there for safety reasons and for the prevention/ detection of crime.
Necessity
We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as we process your personal data only so far as is necessary for such purpose.
Impact of processing
We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as it can be reasonably expected for us to process your personal information in this way for the purposes set out above. In most cases the information is being processed for your benefit as well as ours.
Special Categories of personal data
Where we process any special categories of personal data (e.g. diversity, medical, biometric information), we will separately ask for explicit consent, if this is required by law. In this case, you have the right to withdraw your consent to this processing at any time.
In some circumstances, we may have another lawful reason to collect such special categories of personal data, in which case we will inform you of this prior to the processing taking place.
DO WE USE COOKIES AND SIMILAR TECHNOLOGIES?
We use cookies on the website.
For more information about how we use cookies on the website please read the full version of our Cookie Policy.
OTHER DISCLOSURES OF YOUR PERSONAL DATA?
We may disclose your personal information to any member of the Lendlease Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 ("Lendlease Group").
We will disclose your personal information to third parties, as set out above and:
- to our professional advisors (including without limitation tax, legal or other corporate advisors who provide professional services to the Lendlease Group);
- to other third-party suppliers for business administration or IT purposes;
- in the event, or in connection with, a merger or sale involving all or part of the Lendlease Group or as part of a corporate reorganisation or share sale or other change in corporate control to any prospective sellers or buyers of such business or assets;
- in the event of any insolvency situation (e.g. the administration or liquidation) of Lendlease Corporation Limited or any of its group entities;
- if we, or any member of the Lendlease Group, or substantially all of its assets, are acquired by a third party, in which case personal data held by us about our customers and/or employees may be one of the transferred assets; in order to enforce or apply our website terms of use;
- to protect the rights, property, or safety of us, our staff, our customers, or others.This includes exchanging information with other companies and organisations (including without limitation the local police or other local law enforcement agencies or regulatory bodies) for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction; and/or
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
We may disclose, use and/or aggregate, anonymous information about you for marketing, advertising, research, compliance, or other purposes.
DO WE DISCLOSE PERSONAL DATA TO THIRD COUNTRIES?
We may transfer personal information to countries other than the country in which the data was originally collected. These countries may not have the same data protection laws as the country in which you initially provided the information and may not provide the same level of protection.
Where your information is processed by or shared between the Lendlease Group, your information is likely to be transferred to or from Australia, the United Kingdom, Greater China, Japan, Malaysia, Singapore, Hong Kong, the United States and Italy for the purposes set out above.
Where your information is transferred to a third party (for example our Customer Relationship Management system provider) this is also likely to be transferred to a third country, namely the United States.
Where your personal data is collected within the European Economic Area ("EEA"), it will only be transferred outside of the EEA where an adequate level of protection for your rights as a data subject can be ensured, and where the transfer is otherwise in accordance with relevant data protection laws, including by incorporating standard clauses approved by the European Commission in our agreements. A copy of these can be found at: http://eur-lex.europa.eu/
Search = CELEX:32010D0087
WHAT DO WE DO TO HELP PROTECT PERSONAL DATA?
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We, and our external service providers, take reasonable steps to protect personal data from misuse, interference or loss and unauthorised access, modification and disclosure with appropriate safeguards and security measures and restrict access to those who have a legitimate business purpose and reason for accessing it. We store most data about you in computer systems and databases operated by either us or our external service providers. However, safeguards and security measures apply to personal data in both electronic and hard copy form.
Personal data is only retained for as long as it is necessary for the identified purposes, to the extent necessary for purposes reasonably related to those identified purposes (for example, resolving disputes) or as required by law, in accordance with the periods set out above.
WHAT RIGHTS DO YOU HAVE?
You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below. You may contact us using the details set out below to exercise any of these rights. We will respond to your request within one month.
In some instances, we may be unable to carry out your request, in which case we will write to you (again, within one month) to explain why.
1. You have the right to request access to your personal data
You have the right to request confirmation that your personal data is being processed, to request access to your personal data (through us providing a copy) and to be provided with other information about how we process your personal data.
2. You have the right to ask us to rectify your personal data
You have the right to request that we rectify your personal data if it is not accurate or not complete.
3. You have the right to ask us to erase your personal data
You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data. This right would apply if we no longer need to use your personal data to provide services to you, where you withdraw your consent for us to process special categories of your personal data, or where you object to the way we process your personal data (see right 6 below).
4. You have the right to ask us to restrict or block the processing of your personal data
You have the right to ask us to restrict or block the processing of your personal data that we hold about you. This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we don't need to use your personal data for the purpose we collected it for but may require it to establish, exercise or defend legal claims.
5. You have the right to port your personal data
You have the right to obtain your personal data from us and use it for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.
6. You have the right to object to our processing of your personal data
You have the right to object to our processing of your personal data where we process your data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.
7. You have the right not to be subject to automated decisions
You have the right to object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.
8. You have the right to withdraw your consent
You have the right to withdraw your consent to our processing of personal data, if consent was the mechanism we used to collect it.
HAVE A PRIVACY ENQUIRY?
If you have any enquiries regarding this Privacy Policy, wish to exercise your rights in respect of your personal data or wish to make a complaint in relation to how the Lendlease Group has handled your personal data, you should contact us at:
ATTN: Data Protection Manager
Lendlease
Level 9, 5 Merchants Square
London W2 1BQ
United Kingdom
We aim to resolve all enquiries promptly and in accordance with Data Protection Laws.
We will always aim to address your concerns if you have any and would encourage you to contact us at the address above. You can also contact the relevant data protection/ supervisory authority in your jurisdiction. For the purposes of the Data Protection Laws, our lead supervisory authority is the Information Commissioner's Office, who can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or at www.ico.org.uk.
Sole traders, partnerships and businesses
Where we are engaged with you as a sole trader, partnership or business that you represent or are employed/ contracted by and this involves the collection and use of your personal data by us, this will be done in accordance with the relevant parts of this Privacy Policy.
Other websites
Our website may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or your use of those websites.
GROUP COMPANIES
A list of Lendlease Group entities can be found here.
CHANGES TO THIS POLICY
From time to time, we may change our policy on how we deal with personal data or the types of personal data which we hold. We will take all measures necessary to communicate any changes to this Privacy Policy to you and any updated version of this Privacy Policy will be published on this page. You may obtain a copy of our current policy from our website or by contacting us at the contact details above.
In the event of any conflict between the English language version of this Privacy Policy and other language versions, the English language version will prevail.