1. This Notice

KDL regards the lawful and correct treatment of personal information as paramount to successful working, and to maintaining the confidence of those with whom we deal.  This Privacy Notice explains what personal information we collect and how we use it.

We encourage you to explore the following sections of this Notice thoroughly:

  • Who we are and how to contact us (Section 2)
  • Your rights (Section 3)
  • Information we collect from you and others (Section 4)
  • What we do with your information (Section 5)
  • The legal basis for processing your information (Section 6)
  • How we keep your information secure (Section 7)
  • How long we keep your information (Section 8)
  • To note when visiting our website, or other online platforms (Section 9)
  • Capturing images (Section 10)
  • What to expect when contacting us (Section 11)
  • Changes to this Notice (Section 12)

 

2. Who we are and how to contact us

2.1 About Keyland

Keyland Developments Ltd (‘KDL’) is the property trading business of the Kelda Group and a sister company of Yorkshire Water.  KDL sits outside of the OFWAT regulated business.

In addition to transforming redundant Yorkshire Water land, KDL also works alongside independent landowners, corporates or regulated bodies to unlock development potential by securing planning consent for future use.  This land is then packaged up and sold at optimum value to the market.

KDL currently holds more than 1,100 acres of land in its own right, with an additional 550 acres held in joint venture.  A further 60 acres of land is currently being promoted on behalf of third party land owners.

2.2 Data Control

For the purposes of Privacy Law*, Keyland Developments Ltd (Company No. 2180728, registered at Western House, Halifax Road, Bradford, BD6 2SZ) is the Data Controller and determines for what purposes personal information will be held and used.

KDL is also responsible for notifying the Information Commissioner of the data it holds or is likely to hold, and the general purposes that this data will be used for.

* Privacy Law means the Data Protection Act 1998 ([as amended by the Data Protection Act 2018]), the EU Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, the General Data Protection Regulation (from 25 May 2018) and all other applicable laws and regulations relating to processing of personal data and privacy in any applicable jurisdiction as amended and replaced, including where applicable the guidance and codes of practice issued by the UK Information Commissioner or such other relevant data protection authority;

2.3 Contacting Us

If you’d like to request further information about our Privacy Notice, or exercise any of your rights [see Section 3], you can contact us:

We take any concerns we receive very seriously. If you think our collection or use of your personal information is unfair, misleading or inappropriate, please bring it to our attention and we’ll be happy to provide any additional information or explanations needed. We also welcome suggestions for improving our procedures.

You can also contact the Information Commissioner’s Office at https://ico.org.uk/ or write to Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF or 0303 123 1113 for information, advice or to make a complaint.

 

3. Your rights

You have rights relating to your personal information. You can find more information about your privacy rights on the Information Commissioner’s Office website  (https://ico.org.uk/ ).

3.1 You have the right to be informed about how and why we process your personal information

Any time you give us personal information you have the right to be informed about why we need it and how we’ll use it.

You can find most of the information you need in this Privacy Notice. However, if you have any questions, please contact us (See Section 1)

3.2 You have the right to access your personal information

You can request a copy of information we hold about you at any time.

If you do so, we will ask you to provide documented evidence of your identity before we process your request. We may also contact you to clarify your request or to ensure we have all the information we need to fully meet your request.

Privacy Law requires us to respond to your request within 1 month of verifying your identity (or within 3 months for more complex cases).  You’ll receive a full response as soon as we can reasonably provide one and we aim to resolve all subject access requests within 1 month from confirming your identity.  In more complex cases where we cannot provide a full substantive response within that time frame, we’ll write to you within 1 month to explain why an extension is needed.

We don’t charge for subject access requests unless, the requests become excessive from the same requestor.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

3.3 You have the right to ask us to correct inaccurate personal information we hold about you

If you believe information we hold about you to be inaccurate or incomplete, you can ask us to correct it or complete it at any time.  Wherever possible, we’ll correct inaccurate or incomplete information immediately.

In more complex cases we’ll take reasonable steps to confirm the accuracy of the information we hold.

We’ll let you know the outcome of our investigation as soon as we can.  Any information we can verify as inaccurate will be corrected within one month of receiving your request.

3.4 You have the right to ask us to delete your personal information

In some circumstances you have the right to ask us to delete information we hold about you.  For example, if we have asked for your consent to process the information, and you withdraw that consent.

We’ll respond to your request as soon as we can and we’ll act on any requests granted within one month of your request.

We can’t delete any information where we have a legal obligation to keep it. We may also refuse your request if we believe it to be excessive. If your request for deletion is refused, we’ll explain the reasons for refusal.

3.5 You have the right to ask us to restrict the use of your personal information

In some instances, you have the right to ask us to restrict the use of your personal information (for example if you’ve challenged the accuracy of the information we hold, or have objected to our processing).  We’ll restrict our use of your information whilst we investigate your objection or request to correct your information.

We’ll respond to your request as soon as we can and we’ll act on any requests within one month of your request.

If your objection is unsuccessful, we’ll only continue processing once we’ve let you know the outcome of the investigation.

When processing is restricted, we are still permitted to store your personal data, but not use it. Information related to these requests will not be automatically deleted unless you expressly ask us to.

3.6 You have the right to data portability

Where you provide us with personal information and we process that information either with your consent or for the performance of a contract, and our processing is automated, you have the right to move, transfer or copy that data to another system for your own purposes.  We don’t currently use any systems which automatically process information in this way. If we do in future, you can make a request and this data can be exported from our systems for you.

3.7 You have the right to ask us not to process your personal information

We process most of the information we collect about you under a lawful basis (See Section 6).  You have the right to object to our processing your personal information under these lawful bases.

We will respond to your objection as soon as we can, detailing any actions we can reasonably make. If we believe there is an overriding compelling reason to continue the processing, we will explain why we think this is.

We’ll action any requests to stop direct marketing as soon as we receive your objection.

You can object to us using your data at any time by contacting us using the details at Section 1.

 

4.Information we collect from you and others

We will need to ask you for some personal information to give you the best possible experience when you engage with us (via our websites or by other means) and when you use our services.

We will also collect other information about you and the devices you use to access our website by using technologies such as cookies.

The data collected by KDL includes:

  • Names
  • Postal Addresses
  • Phone Numbers
  • Email Addresses
  • Bank Details
  • Credit Information
  • IP Addresses
  • Cookies
  • Location Information
  • Site photographs
  • Land Registry Title Documentation
  • Company details

 

5. What we do with your information

5.1 General business activity

We may transfer or store your personal information outside the EEA. It may be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services and management information reporting.

Where information is transferred to a country or international organisation outside of the UK/EEA, we will comply with the relevant legal rules governing such transfers.

We’ll only use your information for the specific purpose(s) for which it has been provided to or collected by us.

If we intend to use your information for a different purpose, we’ll do so in ways consistent with Privacy Law or, wherever possible, by notifying you in advance.

We collect and process a variety of information from you and about you.  In most cases, the information we collect about you is provided by you directly. This is one of the ways we can ensure the information we collect is as accurate and up to date as possible. We’ll usually do this when you first contact us, and we may ask you to confirm your details on subsequent contacts from time to time.

We may ask you for documented evidence of the above and will keep digital copies for validation and audit purposes.

5.2 Credit reference agencies (‘CRAs’)

We may also make periodic searches at CRA’s if you are applying to be a tenant of ours, if you wish to enter into a Planning Promotion Agreement.

We’ll use this information to:

  • Verify the accuracy of the information you’ve provided to us (including your identity);
  • Help detect and prevent financial crime, fraud and money laundering; and
  • To assess the level of financial risk to KDL by entering into an agreement;

You can find out more about the CRAs, their roles as credit reference and fraud prevention agencies, the information they hold, the ways in which they use and share personal information, data retention periods and your data protection rights in more detail on the information notices set out on their websites:

Callcredit – https://www.callcredit.co.uk/crain
Experian – http://www.experian.co.uk/crain/index.html

5.3 Sharing information

There may be some circumstances where we are required to share some of your information as part of our day to day business activity, to meet our compliance obligations or where we are permitted to under Privacy Law.

5.4 Sharing information

We share your personal information with other members of the Kelda Group http://www.keldagroup.com/. We do this to ensure we offer you a comprehensive service across our departments. We share your personal information with Kelda Group employees and access is controlled in accordance with our IT Security Policies.

We share:

  • your payment information (bank account; sort code; direct debit mandates etc) with banking institutions to process your payments;
  • your personal data with our legal advisers or other professional advisors to obtain legal advice when processing legal agreements, or transactions.

If we sell or buy any business or assets, or merge with another business entity or carry out internal corporate restructuring, your information may be disclosed to new or prospective business partners or owners or the new corporate entities

5.5 Important to note

You will be made aware in most circumstances how and with whom your information will be shared.

However, there are circumstances where the law allows KDL to disclose data without prior consent.  These are:

  1. Carrying out a legal duty or as authorised by the Secretary of State
  2. Protecting vital interests of an Individual/Service User, or other person
  3. The Individual/Service User has already made the information public
  4. Conducting any legal proceedings, obtaining legal advice or defending any legal rights
  5. Monitoring for equal opportunities purposes – i.e. race, disability or religion
  6. Providing a confidential service where the Individual/Service User’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures.

 

6. Legal basis for processing your information

Privacy Law states we must have a lawful basis for processing your information.  We have identified the legal bases on which we process your information, and this varies depending on how and why we have your information.  The legal bases we use are

  • Consent: if you’ve given consent for us to process your personal information For example for certain marketing activities.
  • Legitimate interest: if the activities are for our business purposes and do not impede your rights as data subjects For example carrying out market research or customer satisfaction surveys to improve our service to you, fraud prevention and detection, ensuring network, information and public security etc.
  • Contracts: We require your information for legitimate contractual purposes such as entering into legal agreements. For example: Planning promotion agreements, land sale documentation and letting agreements.
  • Vital Interests: The processing is necessary to protect someone’s life. For example particular overlays on our mapping system Odyssey.
  • Legal Obligation: the processing is necessary for you to comply with the law (not including contractual obligations) For example our Odyssey mapping system and overlays or our health and safety report system Safeguard.

If we process any special category information i.e. information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, processing of genetic or biometric data for the purpose of uniquely identifying individuals, health data, or data concerning your sex life or sexual orientation, we must have a further lawful basis for the processing.  These further legal bases include where:

  • you give us your explicit consent to process your special category information (e.g. in relation to a support scheme support scheme);
  • the processing is necessary to protect your vital interests or someone else’s vital interests;
  • the processing is necessary for a legal claim (e.g. because you’ve failed to pay your bill).

 

7. How we keep your information secure

All customer personal information stored on our corporate systems is kept on secure IT servers. We operate a suite of IT and security policies to ensure your information is kept secure, including appropriate access and auditing controls.

We use anti-virus software and fire walls to protect against cyber-attack. Unfortunately, the transmission of information via the internet isn’t completely secure. Although we’ll do our best to protect your personal information, we cannot guarantee the security of information you send to us that is outside of our security arrangements; any transmission is at your own risk.

We also operate strict physical security at our offices and employees all receive security and data protection awareness training.

 

8. How long we keep your information

We only keep your information for as long as we need it.  We’ll retain certain information (e.g. contact information and bank details) for as long as you have a relationship with us.  Our Data Retention Policy and rules outline these time frames but the length of time depends on the purpose of the processing. Generally, we’ll keep your account information for up to seven years, after which time your personal information will be either deleted or anonymised.

Retention periods may be extended in certain limited cases as prescribed or permitted by law.

 

9. When visiting our website or other online platforms

Each time you visit to our website or mobile application we’ll automatically collect the following information:

  • Technical information – This includes the Internet Protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Location information – When using one of our location-enabled services on our website or mobile applications, we may collect and process information about your actual location. If you wish to use the feature, you’ll be asked to consent to your data being used for this purpose. You can withdraw your consent at any time either by modifying the geo-location settings of your web browser or the location awareness permissions of your mobile device.
  • Session information – information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

We use information gathered through cookies and similar technologies to measure and analyse information on visits to our websites, to tailor the websites to make them better for visitors and to improve technical performance (see below for more information).

9.1 Third-party links

Our website may also contain links to and from other websites including our partner networks and affiliates. If you follow a link to any of these websites, please note that we do not have control over these websites or their content. These websites have their own privacy policies and we’ll not accept any responsibility or liability for these.  We recommend that you review the website terms and conditions that are applicable to the third-party website.

9.2 Cookies

For the same reasons as above, we may obtain information about your general internet usage by using a cookie file which is stored on your browser, your mobile device or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our systems site and to deliver a better and more personalised service. Some of the cookies we use are essential for the services site to operate.

Cookies are widely used to make our services websites work, or work more efficiently, as well as to provide information.  If you continue to use our site services, you agree to our use of cookies.

The Cookies that we use on our website or mobile applications are listed below:

  • Visitor Statistics Cookies

We use cookies to compile visitor statistics such as how many people have visited our website, what type of technology they are using (e.g. Mac or Windows which helps to identify when our site isn’t working as it should for particular technologies), how long they spend on the site, what page they look at etc. This helps us to continuously improve our website. These so called ‘Analytics’ programs also tell us if how people reached this site (e.g. from a search engine) and whether they have been here before helping us to put more money into developing our services for you instead of marketing spend. We use: Google Analytics.

  • Session cookie

PHPSESSID – this cookie is set by the PHP platform we have built our website upon, to store the user’s session. The session cookie expires immediately after the internet browser is closed.

  • Cookie Control

These cookies are set to remember when you have acknowledged and accepted our cookie message.

10. Capturing Images

We comply with the Surveillance Commissioners ‘Surveillance camera code of practice’ for all our CCTV usage.  If you have any privacy related concerns about our use of CCTV please contact us by email at enquiries@keyland.co.uk, or by post to Keyland Developments, 2 The Embankment, Sovereign Street, Leeds, LS1 4BP.

10.1 Visiting our offices

When you sign in to our visitor system at any of our sites your name and other information will be collected.

Our premises are monitored by CCTV so your image may be captured whenever you enter our site boundary. Where the CCTV is located on our premises but near a public space, it may also record these images.

There are signs to show you when you are entering an area monitored by CCTV. CCTV Images are stored in line with our data retention rules.

 

11. What to expect when contacting us

11.1 Contacting us by telephone

When you contact us by telephone, your telephone number may be added to our records so that we can contact you in future.

11.2 Contacting us by post

All post, including enclosures, received by us is scanned electronically on to our systems. The hard copy versions are destroyed using a confidential paper shredding and recycling facility.

Post is stored and processed in a secure area of the building. The retention of hard-copy documents and electronic images of post received is detailed in our Data Retention Policy.

11.3 Emailing us

If you email us, we’ll respond to you using the email address you give us. We may add your email address to your account and use it for future communications, but only in line with the relevant legal basis (see Section 6).

Please note that email isn’t considered to be a secure communication method. If you’ve any concerns over the security of your information in transit, please raise this with a Keyland staff member who will suggest alternative methods of contact.

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Emails are stored, archived and deleted in line with our information security and data retention policies.

11.4 Contacting us via social media

We strongly advise not to post your personal contact or other sensitive information on a public social media site. If you contact us using social media to report an issue, we’ll ask you to private message us to gather suitable information. We may suggest an alternative contact method if we think this is more appropriate

11.5 Making a complaint

If you make a complaint to us, enquiries@keyland.co.uk. [If it is a data request please see Section 2]. We may need to share details about your complaint internally to fully investigate.

If the complaint relates to a service provided by a third party, we’ll share information with them to resolve your complaint.  If you don’t want information identifying you to be disclosed, we’ll try not to disclose this. However, it may not be possible to handle a complaint on an anonymous basis.

We’ll only use the personal information we collect to process the complaint and to check on the level of service we provide.

We’ll keep complaints in line with our Data Retention Policy.

 

12. Changes to this Notice

This Notice will be updated regularly as required to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 2018.

The most up to date version will be published on our website at www.keyland.co.uk.

[This Notice is dated 25 May 2018]