Fair Processing Notice
Fair Processing Notice
Fair Processing Notice Definitions
Under the definitions in the General Data Protection Regulation ((EU) 2016/679) ("GDPR"), The Crown Estate is the Data Controller.
Information We May Collect From You
We may collect and process the following data about you:
Information that you provide by filling in forms or providing information online to register an interest or to request further information or offers; If you contact us by telephone, email, web form or letter, information that forms a record of that correspondence and your contact details; Information you provide by responding to questionnaires, surveys and competitions and attending events. We treat all such data as Personal Data for the purposes of GDPR.
Where We Store Your Personal Data
The data we collect is stored on information technology systems owned and run by or on behalf of The Crown Estate or on systems run by those businesses processing it on our behalf. All information you provide to us is stored on secure servers. Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the Internet to our site; any transmission is at your own risk. Once we have received your information, we will use all necessary procedures and security measures to try to prevent unauthorised access, loss, disclosure or amendment.
How Your Personal Data Will Be Processed
We use information about you in the following ways:
To notify you about changes to our service, including updates on Saved Searches; To perform surveys and analysis with the aim of improving the services we provide; To ensure that your visit to our site is safe and secure. We may give your personal data to third parties where:
We provide the original data owners with information on how their information is being downloaded and used. However, this data will be anonymised and no information identifying data subjects will be shared with the original data owners. We are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce agreements or contracts or to protect our rights, our property, or the safety of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction. We will not share your personal data with a third party for the purposes of direct marketing.
You have the right of access to your information. This includes a description of the data being processed, the purposes of processing and any recipients to whom the data is disclosed. To exercise this right, you must make a Subject Access Request in writing to the Data Protection Officer at The Crown Estate, 1 St James's Market, London SW1Y 4AH, stating the information you require. We do not charge a fee. We may contact you to verify your identity or to clarify the precise information you require before processing your request, and will answer your request within one month.
You have the right to ask us not to process your personal data for direct marketing purposes. You will be given an opportunity to opt in to processing for direct marketing purposes when you first engage with us. However, you can withdraw your consent to receive marketing material at any time by contacting us on the address above.
You have the right to rectify your personal data at any time.
You have the right to have your personal data erased under certain conditions.
You have a right to restrict or object to some forms of data processing.
You have the right to prevent any unwarranted processing likely to cause damage or distress.
If you feel that a situation has arisen or may arise and you wish to learn more about these rights or to exercise those rights, please contact us on the address above. Please note that this will not include processing where it is necessary to fulfil a contract or where a legal obligation for us to process the information exists.
Transfer of Personal Data Outside the European Economic Area
Personal data will only be transferred outside the European Economic Area where appropriate safeguards are in place..