Privacy Policy

M&G Real Estate Limited is committed to respecting your privacy. We are one of the world’s largest property investors and we actively manage our properties.

M&G Real Estate Limited is a limited liability company incorporated in England and Wales (registration number 3852763) and our registered office is 10 Fenchurch Avenue, London EC3M 5AG.

All personal data collected in accordance with this Privacy Notice will be processed lawfully in accordance with applicable Data Protection Laws, including the EU and/or UK General Data Protection Regulation. The personal data we collect is only used for the purposes set out in this privacy notice.

This Privacy Notice explains who we are, how we collect, share and use your personal data, and how you can exercise your privacy rights.

If you have any questions or concerns about our use of your personal data, then please contact us using the details below:

 

Updates to this Privacy Notice

We update this Privacy Notice from time to time in response to changing legal, technical or business developments. You can see when this Privacy Notice was last updated by checking the ‘last updated’ date given at the end of this document.

You can request a copy of the current version by getting in touch using the contact details above.

We collect and process the following personal data about you:

  • Personal data that you provide by filling in forms or providing personal data online to register an interest or to request further information or offers.
  • If you contact us by telephone, email, web form or letter, personal data that forms a record of that correspondence and your contact details.
  • Personal data you provide by responding to questionnaires, surveys and competitions and attending events.
  • When you enrol for an event we collect your name and contact details; this data may be captured on a third-party booking system.
  • Promotional photography: we may take photographs of you when you attend one of our events.
  • When you interact with us on social media we may have access to your user generated content, such as posts, comments, pages, profiles and images (depending on the privacy settings you have applied in your social media accounts, and based on the content that you choose to share). We may also have access to contact details, personal data (such as age, gender, employer, education, location and habits and preferences).
  • If you visit one of our locations in person, your contact information such as your name, Closed Circuit Televisions images (CCTV)
  • and Internet Protocol (IP) camera recordings, body-mounted video recording and Automatic Number Plate Recognition (ANPR) information. We collect this personal data to help us understand how our customers use our facilities, for health and safety,
  • purposes, and the prevention and detection of crime, and to manage our car parks and administer car parking fees.
  • Access control information such as an individual’s name (in some cases identification verification information, eg driving licence), the organisation with which they are associated and movement data.
  • Accident and incident reporting: when an incident occurs at one of our properties, we are required to document the particulars of an incident, which may include witness statements, CCTV footage, photographs and written reports (this personal data may include
  • special categories of data depending on the nature of the incident).
  • Personal details of occupiers, their employees, visitors and contractors on site (including names, addresses, emails, phone numbers and other contact details) which are processed for the purposes of:
    • providing property and facility management services – for example, we may take personal details of occupiers or their employees to register facility issues and report back resolutions in connection with services under the lease
    • billing – to invoice in accordance with the terms of the lease
    • providing secure access to the premises as a service under the lease;
    • reporting any injuries or potential insurance claims – these may include special categories of personal data – to discharge our legal obligations or defend a claim
    • provide business continuity services to allow us to alert occupiers and their employees of an incident that may impact their business operations, which may include collecting ‘home’ contact information
    • contacting you for matters relating to the building and for property management purposes
    • debt collection
    • collateral in the form of notarial deeds
    • bank guarantees for lease agreements
    • analysing energy

If you visit one of our dedicated websites, further personal data may be collected – please refer to the Privacy Policy available on each website.

We receive personal data about you from third-party sources such as:

  • our property managers
  • public authorities
  • credit reference agencies.

This may include personal data about your financial situation and credit worthiness; we use this personal data to ensure that your rent accounts are up to date, your needs in terms of the management

of the property are met and the administration of the buildings is efficient and that you are able to afford the financial commitments you have entered into with us. We may also collect information about any criminal convictions. This information may be shared internally for the purposes of reaching a suitability decision.

 

Legal basis for processing personal data

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.

However, we will normally collect personal data from you where we need the personal data to perform a contract with you, to comply with a legal or regulatory obligation or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may collect personal data from you with your consent or may otherwise need the personal data to protect your vital interests or those of another person.

If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the details provided at the end of this notice.

 

Sharing your personal data

When necessary, we share your personal data with:

  • our service providers who support us in the provision of services our non-residential occupants
  • government departments and/or regulatory authorities prosecuting authorities and courts
  • third parties connected with legal proceedings or claims fraud prevention and/or law enforcement agencies
  • third parties when we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets
  • third parties where we are required to do so by law, for example when there is a court order
  • our insurers including underwriters.

M&G Real Estate may appoint or be appointed by a fund to administer numerous properties on its behalf. From time to time, M&G Real Estate will share your personal data with advisers and service providers so that they can help us to carry out our duties, rights and discretions in relation to our contractual duties and responsibilities.

Some of those organisations will be responsible to you directly for their use of personal data that we share with them. They are referred to as data controllers. We are happy to provide you with further information upon request.

 

Transfers of your personal data outside the UK and/or EEA

Your personal data may be transferred outside of the UK and/or EEA from time to time to members or businesses within the M&G plc Group*, trusted service providers and other third parties. These other countries may have different, and sometimes lower, standards of data protection than those in the UK or the EEA. We require third parties to keep your personal data confidential and secure. We will ensure that suitable protection is maintained by ensuring that appropriate safeguards are in place. But where we are required by law to disclose, we may not always have control over the terms under which we are required to share your personal data. We will make sure that any disclosure is lawful. We will only transfer your personal data outside the UK or the EEA using appropriate safeguards which include adequacy decisions determined by the European Commission and/or UK Government or otherwise in compliance with applicable laws.

MGRE has established presence in the EU by virtue of having branches in both Sweden and Germany. Should you have any questions about how your data is processed, please contact privacy. team@mandg.com

 

Retaining your personal data

We retain your personal data for as long as is necessary for the purposes described above. We keep personal data for as long as it is required by us to meet our legal or regulatory obligations and in the defence of any legal claims.

 

Protecting your personal data

We always maintain the security and protection of any personal data we hold by putting in place administrative, technical and physical measures on our systems which are designed to guard against

and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal data that it holds. We place similar obligations on our service partners and undertake robust risk assessments on their security measures.

 

Profiling and automated decision making

We do not engage in any profiling activities with your personal data

We do not use any automated processes to make decisions about you which produce legal or significant effects concerning you.

 

Your data subject rights

You have certain rights relating to the personal data we hold about you which are outlined below:

Request access to the personal data we hold about you (Data Access Request) You may request access to a copy of the personal data we hold about you. We can refuse to provide personal data where to do so may reveal another person’s personal data or would otherwise negatively impact another person’s rights.
Object to processing (Right to Object) You may object to us undertaking automated processes, or fully automating decision making, using your personal data except where used to detect, prevent and investigate fraud and other financial crimes. You may also object to us using your personal data for direct marketing purposes. This includes any profiling we perform as part of our direct marketing activities. Once we receive and have processed your objection, we will stop using your personal data for these purposes.
Request a copy of your personal data (Data Portability) Where you gave us the personal data directly and it was processed electronically, you can request the data we hold on you in a commonly used machine-readable format.
Request that your personal data is deleted (Right to be Forgotten) You can ask us to delete the personal data we hold about you when it is no longer required for a legitimate business need, legal or regulatory obligations, where you have withdrawn your consent or for the purposes it was collected for.
Amend or correct your personal data (Right to Rectification) If you believe that the personal data we hold about you is inaccurate, incorrect or incomplete, please contact us as soon as possible so we can update it.
Restrict the processing of your personal data (Right to Restrict) You may ask us to restrict our processing of your personal data whilst we resolve any complaints you have about the way your data is used, require it for a legal claim, believe the personal data is not accurate, we no longer need the data, you have objected to the processing of your personal data or if you think our processing is unlawful but you do not want us to delete your data.
Rights in relation to consent (Right to Withdraw) At any time, you may withdraw the consent you granted for your personal data to be used for direct marketing. When you withdraw your consent, it will not affect the lawfulness of any past activities we have undertaken based on the previous consent.

 

None of these are absolute and are subject to various exceptions and limitations. You can exercise these rights at any time by contacting us using the details below.

 

Making a data protection complaint

If you have any concerns about the use of your personal data, or the way we handle your requests relating to your rights, you can raise a complaint with us by contacting our Data Protection Officer using the details below:

By post: M&G Real Estate, 10 Fenchurch Avenue, London EC3M 5AG By email: privacy.team@mandg.com

Please note your correspondence may be received by our property managers who will pass this on to us.

If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with the UK Information Commissioner’s Office via the details available on their website: www.ico.org.uk

You may complain to your local supervisory authority in the Member State of your place of engagement or residence.

For alternate EU Data Protection Authority contacts please see further information on the following link National Data Protection Authorities.