If you have any questions, please email email@example.com or write to the Data Protection Officer, 6th Floor MidCity Place, 71 High Holborn, London, WC1V 6EA.
1 INFORMATION WE COLLECT ABOUT YOU
“Personal data” is information about you from which we can identify you (either on its own, or by piecing it together with other information). The types of personal data we collect about you may include:
• Title, name, postal address, email address, telephone number, car registration number, credit or debit card number and expiry date;
• Information about your use of our centres (“Centres”);
• Information about your use of our website or apps (the “Sites”). Some of this information may also be automatically collected, such as your Internet Protocol (IP) address, unique device identifier, browser type, browser language and access times. We may also automatically collect your location information (if you have consented to this on your device);
• Information about your preferences, including brands you like and ads you like, dislike, click on or share with others;
• Demographic information; and
• Other information which you give us when dealing with us or interacting with us in any way, including via third parties.
Personal data does not include aggregate data where you cannot be identified (e.g. statistics about usage in general or in categories).
2 HOW WE COLLECT PERSONAL DATA
We may collect personal data when you deal with us or interact with us, which could be via any one of the following methods:
• When you use the Sites;
• When you visit a Centre;
• When you use WiFi at a Centre;
• When you interact with us directly (e.g. telephoning, writing or emailing us, buying gift cards or services from us, participating in promotions and competitions and attending events);
• When you interact with us via third parties (e.g. via brand partners and social media platforms – see section 7 below); and
• From third parties (e.g. through third party surveys and market research you participate in).
3 HOW WE USE YOUR PERSONAL DATA
In all circumstances the personal data we hold about you will be adequate, relevant and not excessive. We will use your personal data in line with your legal rights under the Data Protection Act 1998. Details of your legal rights can be found on the Information Commissioner’s website www.ico.org.uk
We may use your personal data to:
• Provide you with information, products, services or experiences that you request from us;
• Process payments for purchases;
• Provide reservation or booking services;
• Compile your profile;
• Provide and personalise our products and services to you/your preferences, including making predictions about your characteristics, interests or preferences and to display targeted ads, content, features, deals and offers that match your profile or we believe will be of interest to you;
• Keep track of your activity patterns and preferences in order to improve the level of service you receive and to increase the functionality of the Sites, including monitoring and analysing usage and trends, determining the effectiveness of our ads and personalising and improving the Sites;
• Link or combine with other information we get from third parties to help understand your needs and provide you with better service;
• Inform you of products, services, experiences or promotions which we feel may be of interest to you where you have indicated that you wish to be contacted for such purposes by post, email, SMS, telephone, through the Sites or social media platforms, or other means of electronic communication (and where you have indicated that you are happy to be contacted by third parties, you may be contacted about products, services, experiences or promotions by those third parties);
• Ensure that content from our Sites is presented in the most effective manner for you and for your computer/tablet/mobile;
• Send you push notifications;
• Interact with you on social media platforms;
• Allow you to participate in any interactive features of our products, services and experiences, when you choose to do so;
• Request feedback from you;
• Respond to your emails, submissions, questions, comments, requests and complaints and provide customer service; and
• Send you surveys, updates, security alerts and support and administrative messages and to facilitate your use of, and our administration and operation of, the Sites, including to notify you about important changes, to detect fraud.
The Internet is global, so your personal data may be transferred in transit outside of the European Economic Area (“EEA”). Our business also operates globally and so it may be necessary to transfer your personal data to other companies within our group of companies located in countries outside of the EEA in particular to Australia, New Zealand and the USA. Countries outside of the EEA may not have similar protections in place regarding your personal data and its use as set out in this policy. However, we have taken the steps outlined in section 4 below to try and protect the security of your personal data and comply with our legal obligations about transfer of your personal data to non-EEA countries.
4 HOW WE KEEP YOUR PERSONAL DATA SAFE
Your personal data is held on a secure database.
We have policies, rules and technical measures in place to protect the personal data that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
All of our employees and data processors that have access to, and are associated with, the processing of your personal data are obliged to respect the confidentiality of your personal data.
We ensure that your personal data will not automatically be disclosed by us to government institutions or authorities. However, if required by law, or when we receive a request from regulatory bodies or law enforcement organisations, we may disclose your information.
Please be aware that communications over the Internet are not secure unless they have been encrypted.
We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
5 HOW WE DISCLOSE YOUR PERSONAL DATA
We may disclose your personal data to any of the following, in any country where we operate:
• Our staff;
• Our affiliates;
• Our group companies and their staff;
• Suppliers and service providers who may access your personal data when providing products or services to us;
• Purchasers or potential purchasers of our business or any part of it or of a Centre;
• Government bodies and law enforcement agencies and in response to legal or regulatory requests; and
• Auditors or other advisers auditing, assisting with or advising on any aspect of our business or a Centre.
We may also share information or statistics with third parties in an aggregated or anonymised form that does not directly identify you, e.g. we may share aggregated information about your interests and geographic preferences and/or location (if given) with advertisers and third party deal sites for marketing purposes.
Other than ensuring that we have complied with our own obligations under the Data Protection Act 1998, we are not responsible for the actions of suppliers and service providers or other third parties in the use they may make of your personal data.
6 YOUR OWN SHARING OF YOUR PERSONAL DATA
When you post in any profile, comments, forums and other interactive features of the Sites, or share personal data with individuals through the Sites or social media platforms, this personal data will be available to other users and in some cases may be publicly available outside of the Sites (e.g. on social media platforms).
7 OUR ACCESS TO YOUR PERSONAL DATA THROUGH SOCIAL MEDIA PLATFORMS
If you interact with us on social media platforms, (for example, if you ‘Like’ our Facebook Page or post on our Facebook timeline, or if you follow us or mention us in a tweet on Twitter) we can interact with you and send you things via these platforms.
The personal data we have access to through social media platforms will depend on your personal settings on these platforms. We will have access to all public information on these platforms. We may also be able to access personal data that others share about you (because they control how that is shared, not you).
We may collect any data that is accessible to us or that you provide through social media platforms, including but not limited to your Facebook and/or Twitter profile picture, gender, and usernames. We will interact with you through social media platforms in accordance with each platform’s rules but we are not responsible for how the platform owners collect and handle your data. We are not responsible for what third parties post on our social media accounts.
8 WESTFIELD APP
If you delete the Westfield app, we may still store your personal data.
• The fully qualified domain name from which you accessed our Sites, or alternatively, your IP address;
• The date and time you accessed each page on our Sites;
• The URL of any webpage from which you accessed our Sites (the referrer); and
• The web browser that you are using and the pages you accessed.
10 YOUR LEGAL RIGHTS WITH RESPECT TO YOUR PERSONAL DATA
You can write to us at any time to obtain a copy of your personal data and to have any inaccuracies corrected. Where appropriate, you may have your personal data erased, rectified, amended or completed. Please email firstname.lastname@example.org or write to the Data Protection Officer, 6th Floor MidCity Place, 71 High Holborn, London, WC1V 6EA.
When writing to us to obtain a copy of your personal data, please quote your name and address and provide brief details of the personal data of which you would like a copy of, or which you would like to be corrected, because this will help us more easily locate your personal data.
We will require proof of your identity before providing you with details of any personal data we may hold about you. We may charge £10 to cover the administration costs involved in providing you with a copy of your personal data.
11 HOW TO OPT OUT
If you would like us to stop contacting you with information about our products, services, experiences, or promotions please send an email to email@example.com or write to the Data Protection Officer, 6th Floor MidCity Place, 71 High Holborn, London, WC1V 6EA.
12 THIRD PARTIES AND THE PRIVACY OF YOUR PERSONAL DATA
You may be able to access third party websites and apps from the Sites. We are not responsible for the privacy policies and practices of other websites and apps. We recommend that you check the policy of each website and app and contact the operator of the website or publisher of the app if you have concerns or questions.
Last updated: October 2013