Who We Are
This is the privacy notice for the website www.thegherkin.com. The website is operated by JSRE UK, part of the group that manages 30 St Mary Axe.
J. Safra Real Estate UK Limited (JSRE UK) together with JSRE 30 St Mary Axe Management Limited (30SMA) and its other subsidiary or associated companies (together described as “JSRE”) provides asset, property and facilities management and accounting services. References to “JSRE”, “JSRE UK”, “30SMA”, “we”, “us” or “our” relate to the relevant company in JSRE responsible for processing your personal data (which will be a “data controller” under privacy law).
For the purpose of applicable data protection laws (including the EU General Data Protection Regulation, “GDPR” and the UK Data Protection Act 2018), JSRE UK is registered in England and Wales under company number 08642316 – registered address is 47 Berkeley Square, London, W1J 5AU. 30SMA is registered in England and Wales under company number 9710750 – registered address is 20 Bury Street, London, EC3A 5AA.]
Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.
We are committed to protecting your privacy both online and offline. We appreciate that you expect the personal information you provide to us to be treated legally and fairly and here we explain how we collect information, what we do with it and what controls you have.
This Privacy Notice
This privacy notice tells you what to expect when we collect personal information. It applies to information we collect about:
This privacy notice applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Our Legal Basis for Processing Your Personal Information
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
a) to meet our legitimate interests, for example to protect our assets, facilities and resources; to raise awareness of amenities, rewards and benefits and to understand how you use our services and our buildings and to enable us to derive knowledge from that which in turn enables us to develop new services and further tailor our buildings to appeal to a wide variety of persons; OR
b) to comply with our legal obligations, for example health and safety obligations while you are on our premises or to a third party (e.g., the police or any other statutory agency).
Visitors to 30 St Mary Axe (or our other properties) – Information We May Collect About You
We operate CCTV at our buildings for the purposes of public safety, crime prevention and prosecution, insurance and property management. We adhere to the ICO’s code of practice for the use of CCTV.
We do not need to ask individuals’ permission to use CCTV but we make it clear where individuals are being recorded. Security cameras are clearly visible and accompanied by prominent signs.
We do not use facial recognition technology or collect biometric data in any other form.
Any enquiries about the CCTV system should be directed to email@example.com.
Where we own a building, or we provide property management services for a building owner we collect data on accidents and in the case of specific access requirements, in order to comply with health and safety legislation.
Our services, products and offerings are not aimed at children under the age of 13 but children’s personal data is processed when they enter areas where CCTV is used.
We are committed to protecting the privacy needs of children and our CCTV signage informs parents, guardians and anyone who enters our premises about JSREs use of CCTV.
We may also need to ask you for information relating to any access requirements that you have to ensure that we can meet your needs and ensure your safety on our premises.
We may use information gathered from our access control system to count the volumes and movement of customers using our buildings. Although this is not analysed or used to identify the movements of individuals, it may be possible to identify individuals from this data.
We comply with the requirements of the UK Data Protection Act 2018, UK GDPR and applicable legislation.
Tenants and Prospective Tenants – Information We May Collect About You
Where you are a commercial tenant (or prospective tenant) occupying a building we manage and/or own, you may be required to provide us with personal data relating to your employees and other occupants such as financial information, identity documentation, your contact details and bank account details and access information or other information relevant to health and safety matters at the building (such as any difficulty you or anyone else may have in using the stairs in the event of a fire) or for KYC (Know Your Customer) purposes.
This may include the personal data of your company Directors and employees.
Where you work for a tenant at one of our buildings, we may be provided with your contact details by your employer if we need to liaise about estate management matters.
Contacts via the Website or Email – Information We May Collect About You
We will monitor any emails sent to us using a spam filtering gateway for inbound and outbound email traffic. This filtering includes a level of virus and spam prefiltering plus protections. We do not monitor attachment contents but inspect the email body attributes for malicious code malware. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Your Rights & How to Exercise ThemUnder the Data Protection Act 2018 Act and the UK General Data Protection Regulation, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-myinformation-being-handled-correctly/
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information, you can contact us on firstname.lastname@example.org.
You have a right to complain to the Information Commissioners Office (ICO) if you are in any way dissatisfied with the way that we have handled your data. We are committed to cooperating with the ICO and respect the work that they do. You can report any concerns via their online portal or call their helpline on 0303 123 1113.
Accessing Your Personal Information
We try to be as open as we can be in terms of giving people access to their personal information.
Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information about you, we will:
To make a request to us for any personal information we may hold you need to put the request in writing to email@example.com.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting firstname.lastname@example.org.
Sharing Your Personal Information With Third Parties
We may share your personal information with certain third parties in the following circumstances:
We may share non-personally identifiable information with third parties such as partners, customers, tenants and suppliers for example to show trends on the use of our buildings.
We may share your personal information with third parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party or to put in place insurance for any of the buildings which we own or for which we provide property management services.
We contract with third parties which, in certain circumstances, will be controllers of your
personal data and responsible for managing it properly and, in others, will be processors who deal with your personal data in accordance with our instructions.
Where we do not own a building but we provide property management services for the building owner and/or provide access control system services for the building, we capture personal data within the buildings systems. This comprises personal data of people who work in a building and those who visit it and includes name, occupation, employer and contact details.
We only share your personal data with third parties when we have a lawful basis to do so. For example, when we investigate a complaint, we will need to share personal information with the organisation concerned and with other relevant bodies.
You can also get further information on:
By contacting email@example.com.
Keeping Your Personal Information Secure and Retention Periods
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instruction and they are subject to a duty of confidentiality. We evaluate these measures on a regular basis to ensure the security of our data processing.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
Transfers of Your Personal Information Beyond the UK/ EEA
Your personal information may be transferred to, stored and processed in a country outside of the UK or the EEA that is not regarded as ensuring an adequate level of protection for personal information under European Union law/by the European Commission. We will take all steps reasonably necessary to implement appropriate measures to ensure your personal data remains protected at all times.
Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you
Some of the cookies and other similar technologies used by this website are set by us, and some are set by third parties who are delivering services on our behalf. We may use the following types of cookies:
Necessary cookies are cookies that are essential for the operation of our website. These cookies enable core functions such as security, network management and accessibility. Necessary cookies are automatically activated and you can only disable these cookies by changing your browser settings, but this may affect the way the website works.
Performance cookies serve the purpose of optimising the performance of the website and improving the experience for the user. For this purpose, performance cookies are used to collect and analyse information about the use of the website by visitors. This information includes details about the browser and operating system used, the URL from which users came to our website, the pages accessed or the time a user spent on these pages. Performance cookies are not used to create user profiles.
We use marketing cookies on our website in order to show you advertisements that correspond to your interests. Marketing cookies are also used to evaluate the efficiency of advertisements. In addition, they limit the number of times a particular advertisement is displayed to you. In some cases, we also pass on the data collected with marketing cookies to third parties. These third parties may combine this information with other information about you that you have provided to them or that they have collected as part of your use of their services.
Functional cookies are primarily used to make the use of our website as pleasant as possible for the user by storing information that has already been entered – for example language selection or login data – so that you do not have to re-enter this information each time you visit our website. Furthermore, this data enables us to personalise the use of the website for you, for example by adjusting the corresponding currency details. Finally, we require functional cookies for certain functions on the website, such as playing videos.
Overview on cookies currently used on our website
Below is a full table of the cookies we currently use on our website. This particularly includes information on the cookie category, the lifespan of the cookie as well as its purpose. Further, the table indicates the provider of the cookie and the personal data processed in relation to the cookie.
We will only drop cookies (except for necessary cookies) with your consent. If you do not activate non-necessary cookie, these cookies will not be dropped, and we will not process your personal data. Please see below for some more information on our use of Google Analytics cookies. The legal basis for our collection of personal data through the use of necessary cookies is that it falls within our legitimate interests, our entitlement to use of all other cookies is based on your consent (which you can withdraw at any time by updating your browser settings – see below.
Please note that this table may regularly be updated if we delete cookies or implement new cookies.
Further information on Google Analytics
Every time someone visits our website, software provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA generates cookies.
These cookies can tell us whether you have visited the site before. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the United States and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. The corresponding evaluation of your surfing behaviour is made available to us in anonymised form.
Your browser will tell us if you have these cookies and, if you don’t, we generate new ones.
This allows us to track how many individual users we have, and how often they visit the site.
We have activated the IP anonymisation function on this website. As a result, your IP address is truncated by Google within member states of the European Union or other Contracting States to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases the full IP address will be transmitted to a Google server in the United States and truncated there. The IP address transmitted by Google Analytics as part of Google Analytics will not be merged with other Google data.
We have entered into a data processing agreement with Google.
In addition, Google is certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield, thereby ensuring an appropriate level of data protection at Google in the United States.
Necessary cookies are automatically set when you visit our website. Other non-necessary cookies are deactivated and will only be dropped if you give your prior consent. You may continue with only these necessary cookies by clicking “Continue with necessary cookies only” in the cookie banner. Alternatively, you can consent to all non-necessary cookies by pressing the button “Accept all cookies” in the cookie banner. In addition, you may select the different cookie categories individually by changing the respective toggles on the cookie preference page in the cookie banner. Your settings will be saved accordingly.
Most web browsers allow a certain control of many cookies over the browser settings. For more information about cookies, including how to see which cookies have been set, please visit www.aboutcookies.org or www.allaboutcookies.org.
Please note, however, that by blocking or deleting cookies used on this website, you may not be able to take full advantage of the website. Methods for disabling the most common cookies on the most common browsers are set out below.
The effect of disabling cookies depends on which cookies you disable, but in general the Site and/or Applications may not operate properly if cookies are switched off. You can either disable cookies by adjusting your preferences on the cookie preference page.
Further, you may disable cookies by changing your website browser settings to reject cookies. How you can do this will depend on the browser you use.
For Microsoft Edge:
For Microsoft Internet Explorer:
For Google Chrome:
For Mozilla Firefox:
For Opera 6.0 and further:
Information on how to delete cookies from types of browser not listed above can be found on a number of third party websites including https://www.allaboutcookies.org/.