KDL regards the lawful and correct treatment of personal information as paramount to successful working, and to maintaining the confidence of those with whom we deal. This Privacy Notice explains what personal information we collect and how we use it.
We encourage you to explore the following sections of this Notice thoroughly:
Keyland Developments Ltd (‘KDL’) is the property trading business of the Kelda Group and a sister company of Yorkshire Water. KDL sits outside of the OFWAT regulated business.
In addition to transforming redundant Yorkshire Water land, KDL also works alongside independent landowners, corporates or regulated bodies to unlock development potential by securing planning consent for future use. This land is then packaged up and sold at optimum value to the market.
KDL currently holds more than 1,100 acres of land in its own right, with an additional 550 acres held in joint venture. A further 60 acres of land is currently being promoted on behalf of third party land owners.
For the purposes of Privacy Law*, Keyland Developments Ltd (Company No. 2180728, registered at Western House, Halifax Road, Bradford, BD6 2SZ) is the Data Controller and determines for what purposes personal information will be held and used.
KDL is also responsible for notifying the Information Commissioner of the data it holds or is likely to hold, and the general purposes that this data will be used for.
* Privacy Law means the Data Protection Act 1998 ([as amended by the Data Protection Act 2018]), the EU Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, the General Data Protection Regulation (from 25 May 2018) and all other applicable laws and regulations relating to processing of personal data and privacy in any applicable jurisdiction as amended and replaced, including where applicable the guidance and codes of practice issued by the UK Information Commissioner or such other relevant data protection authority;
If you’d like to request further information about our Privacy Notice, or exercise any of your rights [see Section 3], you can contact us:
We take any concerns we receive very seriously. If you think our collection or use of your personal information is unfair, misleading or inappropriate, please bring it to our attention and we’ll be happy to provide any additional information or explanations needed. We also welcome suggestions for improving our procedures.
You can also contact the Information Commissioner’s Office at https://ico.org.uk/ or write to Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF or 0303 123 1113 for information, advice or to make a complaint.
You have rights relating to your personal information. You can find more information about your privacy rights on the Information Commissioner’s Office website (https://ico.org.uk/ ).
Any time you give us personal information you have the right to be informed about why we need it and how we’ll use it.
You can find most of the information you need in this Privacy Notice. However, if you have any questions, please contact us (See Section 1)
You can request a copy of information we hold about you at any time.
If you do so, we will ask you to provide documented evidence of your identity before we process your request. We may also contact you to clarify your request or to ensure we have all the information we need to fully meet your request.
Privacy Law requires us to respond to your request within 1 month of verifying your identity (or within 3 months for more complex cases). You’ll receive a full response as soon as we can reasonably provide one and we aim to resolve all subject access requests within 1 month from confirming your identity. In more complex cases where we cannot provide a full substantive response within that time frame, we’ll write to you within 1 month to explain why an extension is needed.
We don’t charge for subject access requests unless, the requests become excessive from the same requestor.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If you believe information we hold about you to be inaccurate or incomplete, you can ask us to correct it or complete it at any time. Wherever possible, we’ll correct inaccurate or incomplete information immediately.
In more complex cases we’ll take reasonable steps to confirm the accuracy of the information we hold.
We’ll let you know the outcome of our investigation as soon as we can. Any information we can verify as inaccurate will be corrected within one month of receiving your request.
In some circumstances you have the right to ask us to delete information we hold about you. For example, if we have asked for your consent to process the information, and you withdraw that consent.
We’ll respond to your request as soon as we can and we’ll act on any requests granted within one month of your request.
We can’t delete any information where we have a legal obligation to keep it. We may also refuse your request if we believe it to be excessive. If your request for deletion is refused, we’ll explain the reasons for refusal.
In some instances, you have the right to ask us to restrict the use of your personal information (for example if you’ve challenged the accuracy of the information we hold, or have objected to our processing). We’ll restrict our use of your information whilst we investigate your objection or request to correct your information.
We’ll respond to your request as soon as we can and we’ll act on any requests within one month of your request.
If your objection is unsuccessful, we’ll only continue processing once we’ve let you know the outcome of the investigation.
When processing is restricted, we are still permitted to store your personal data, but not use it. Information related to these requests will not be automatically deleted unless you expressly ask us to.
Where you provide us with personal information and we process that information either with your consent or for the performance of a contract, and our processing is automated, you have the right to move, transfer or copy that data to another system for your own purposes. We don’t currently use any systems which automatically process information in this way. If we do in future, you can make a request and this data can be exported from our systems for you.
We process most of the information we collect about you under a lawful basis (See Section 6). You have the right to object to our processing your personal information under these lawful bases.
We will respond to your objection as soon as we can, detailing any actions we can reasonably make. If we believe there is an overriding compelling reason to continue the processing, we will explain why we think this is.
We’ll action any requests to stop direct marketing as soon as we receive your objection.
You can object to us using your data at any time by contacting us using the details at Section 1.
We will need to ask you for some personal information to give you the best possible experience when you engage with us (via our websites or by other means) and when you use our services.
We will also collect other information about you and the devices you use to access our website by using technologies such as cookies.
The data collected by KDL includes:
We may transfer or store your personal information outside the EEA. It may be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services and management information reporting.
Where information is transferred to a country or international organisation outside of the UK/EEA, we will comply with the relevant legal rules governing such transfers.
We’ll only use your information for the specific purpose(s) for which it has been provided to or collected by us.
If we intend to use your information for a different purpose, we’ll do so in ways consistent with Privacy Law or, wherever possible, by notifying you in advance.
We collect and process a variety of information from you and about you. In most cases, the information we collect about you is provided by you directly. This is one of the ways we can ensure the information we collect is as accurate and up to date as possible. We’ll usually do this when you first contact us, and we may ask you to confirm your details on subsequent contacts from time to time.
We may ask you for documented evidence of the above and will keep digital copies for validation and audit purposes.
We may also make periodic searches at CRA’s if you are applying to be a tenant of ours, if you wish to enter into a Planning Promotion Agreement.
We’ll use this information to:
You can find out more about the CRAs, their roles as credit reference and fraud prevention agencies, the information they hold, the ways in which they use and share personal information, data retention periods and your data protection rights in more detail on the information notices set out on their websites:
There may be some circumstances where we are required to share some of your information as part of our day to day business activity, to meet our compliance obligations or where we are permitted to under Privacy Law.
We share your personal information with other members of the Kelda Group http://www.keldagroup.com/. We do this to ensure we offer you a comprehensive service across our departments. We share your personal information with Kelda Group employees and access is controlled in accordance with our IT Security Policies.
If we sell or buy any business or assets, or merge with another business entity or carry out internal corporate restructuring, your information may be disclosed to new or prospective business partners or owners or the new corporate entities
You will be made aware in most circumstances how and with whom your information will be shared.
However, there are circumstances where the law allows KDL to disclose data without prior consent. These are:
Privacy Law states we must have a lawful basis for processing your information. We have identified the legal bases on which we process your information, and this varies depending on how and why we have your information. The legal bases we use are
If we process any special category information i.e. information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, processing of genetic or biometric data for the purpose of uniquely identifying individuals, health data, or data concerning your sex life or sexual orientation, we must have a further lawful basis for the processing. These further legal bases include where:
All customer personal information stored on our corporate systems is kept on secure IT servers. We operate a suite of IT and security policies to ensure your information is kept secure, including appropriate access and auditing controls.
We use anti-virus software and fire walls to protect against cyber-attack. Unfortunately, the transmission of information via the internet isn’t completely secure. Although we’ll do our best to protect your personal information, we cannot guarantee the security of information you send to us that is outside of our security arrangements; any transmission is at your own risk.
We also operate strict physical security at our offices and employees all receive security and data protection awareness training.
We only keep your information for as long as we need it. We’ll retain certain information (e.g. contact information and bank details) for as long as you have a relationship with us. Our Data Retention Policy and rules outline these time frames but the length of time depends on the purpose of the processing. Generally, we’ll keep your account information for up to seven years, after which time your personal information will be either deleted or anonymised.
Retention periods may be extended in certain limited cases as prescribed or permitted by law.
Each time you visit to our website or mobile application we’ll automatically collect the following information:
We use information gathered through cookies and similar technologies to measure and analyse information on visits to our websites, to tailor the websites to make them better for visitors and to improve technical performance (see below for more information).
Our website may also contain links to and from other websites including our partner networks and affiliates. If you follow a link to any of these websites, please note that we do not have control over these websites or their content. These websites have their own privacy policies and we’ll not accept any responsibility or liability for these. We recommend that you review the website terms and conditions that are applicable to the third-party website.
For the same reasons as above, we may obtain information about your general internet usage by using a cookie file which is stored on your browser, your mobile device or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our systems site and to deliver a better and more personalised service. Some of the cookies we use are essential for the services site to operate.
The Cookies that we use on our website or mobile applications are listed below:
PHPSESSID – this cookie is set by the PHP platform we have built our website upon, to store the user’s session. The session cookie expires immediately after the internet browser is closed.
These cookies are set to remember when you have acknowledged and accepted our cookie message.
We comply with the Surveillance Commissioners ‘Surveillance camera code of practice’ for all our CCTV usage. If you have any privacy related concerns about our use of CCTV please contact us by email at firstname.lastname@example.org, or by post to Keyland Developments, 2 The Embankment, Sovereign Street, Leeds, LS1 4BP.
When you sign in to our visitor system at any of our sites your name and other information will be collected.
Our premises are monitored by CCTV so your image may be captured whenever you enter our site boundary. Where the CCTV is located on our premises but near a public space, it may also record these images.
There are signs to show you when you are entering an area monitored by CCTV. CCTV Images are stored in line with our data retention rules.
When you contact us by telephone, your telephone number may be added to our records so that we can contact you in future.
All post, including enclosures, received by us is scanned electronically on to our systems. The hard copy versions are destroyed using a confidential paper shredding and recycling facility.
Post is stored and processed in a secure area of the building. The retention of hard-copy documents and electronic images of post received is detailed in our Data Retention Policy.
If you email us, we’ll respond to you using the email address you give us. We may add your email address to your account and use it for future communications, but only in line with the relevant legal basis (see Section 6).
Please note that email isn’t considered to be a secure communication method. If you’ve any concerns over the security of your information in transit, please raise this with a Keyland staff member who will suggest alternative methods of contact.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Emails are stored, archived and deleted in line with our information security and data retention policies.
We strongly advise not to post your personal contact or other sensitive information on a public social media site. If you contact us using social media to report an issue, we’ll ask you to private message us to gather suitable information. We may suggest an alternative contact method if we think this is more appropriate
If you make a complaint to us, email@example.com. [If it is a data request please see Section 2]. We may need to share details about your complaint internally to fully investigate.
If the complaint relates to a service provided by a third party, we’ll share information with them to resolve your complaint. If you don’t want information identifying you to be disclosed, we’ll try not to disclose this. However, it may not be possible to handle a complaint on an anonymous basis.
We’ll only use the personal information we collect to process the complaint and to check on the level of service we provide.
We’ll keep complaints in line with our Data Retention Policy.
This Notice will be updated regularly as required to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 2018.
The most up to date version will be published on our website at www.keyland.co.uk.
[This Notice is dated 25 May 2018]