Privacy policy

Introduction

NHS Property Services Ltd provides property and facilities management expertise to the NHS. We provide services centred around four main business areas; asset management, construction project management, facilities management and strategic estate planning. Our portfolio consists of around 3500 buildings. Made up of hospitals, offices, health centres and GP surgeries and represents approximately 10% of the NHS Estate. Our services are business centric and as such our collection and processing of your personal data is in regard to the fulfilment of our business aims.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes our policies and practices regarding the collection and use of your personal data and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Data Protection Officer

Our registered office location is in London, in the United Kingdom. We have appointed an internal Data Protection Officer (DPO) and should you have any questions or concerns about our personal data policies or practices, you can contact us by:

DPO
NHS Property Services Ltd
99 Gresham Street
London
EC2V 7NG
Tel: 0800 085 3015
Email: DPO@property.nhs.uk

How we collect and use (process) your personal information

  1. Personal information you give to us:

A. Customers

When you become our customer we collect various pieces of information about you including (but not limited to) your name, your company name (if applicable), and your contact details.

We process your personal information under Article 6 (1)(b) of the General Data Protection Regulation in order to provide you will the product / service you have purchased and undertake standard business functions such as lease management. We may also process your information under Article 6 (1)(c) of the General Data Protection Regulation to fulfil our statutory duties for example, Land Registry reporting. We may also use this information under Article 6 (1)(f) of the General Data Protection Regulation to help us undertake and improve our core business functions, such as strategic planning.

You can find information on the article listed above on the UK Information Commissioners website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

B. Publications

We offer content on our website related to the work we do. We also provide the ability for you to push this content into your Twitter and Facebook feeds.  This means you may find yourself on our website or reading an email from us, and we will offer you a link to another organisation’s website. If you click on these links, we not responsible or liable for content provided by these third-party websites or personal information they may happen to gather from you.

We do not share this information with any third party other than to store the information in our cloud-hosted databases which are predominantly based in the UK.

You may manage your subscriptions to our newsletters by subscribing or unsubscribing at any time. If you have any difficulties managing your email or other communication preferences with NHS Property Services Ltd please contact us at DPO@property.nhs.uk

We use tools on our websites to track how often people gain access to or read our content. We use this information in the aggregate to understand what content our customers find useful or interesting, so we can tailor our content and services to meet your needs.

C. Your correspondence with us

If you correspond with us by email, the postal service, or other form of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry; to notify you of our publications, or services; or to keep a record of your complaint and the like. If you wish us to consider erasing some of your personal information or otherwise refrain from communicating with you, please contact us at DPO@property.nhs.uk

D. Purposes for processing your data

We process your data to provide you or the company you work for with the business services you have requested or purchased from us. We may also use this information to refine and improve our business services.

  1. Personal information we get from third parties

From time to time, we may receive personal information about individuals from third parties. However, this information is only ever requested or received in the context of our core business aims and providing you with the service or product you have requested.

  1. What happens if you don’t give us your data

You can enjoy all of the information on our website without giving us your personal data. With regards to our core business functions; some personal information is necessary so that we can supply you with the services you have purchased or requested for example the lease of one of our buildings.

Use of the NHS Property Services Ltd Website

As is true of most other websites, our website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of our website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyse trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. Our website also uses cookies. It does not track users when they cross to third party websites, does not provide targeted advertising to them, and therefore does not respond to Do Not Track (DNT) signals.

  • Cookies

Cookies are pieces of data that a Web site transfers to a user’s hard drive for record-keeping purposes.

The Site uses cookies to aggregate traffic data (e.g., what pages are the most popular). These cookies may be delivered in a first-party or third-party context. We may also use cookies in association with e-mails delivered by us.

Our Site also captures limited information (such as user-agent, HTTP referrer, last URL requested by the user, client-side and server-side clickstream) about visits to our Site; we may use this information to analyse general traffic patterns and to perform routine system maintenance. You have many choices with regards to the management of cookies on your computer. All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage cookies, please consult the privacy features in your browser.

This website uses Google Analytics, a web analytics service provided by Google, LLC. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. If we ask you for other personal information, we will explain what it is for.

When and how we share information with others

Information about the services / products you have purchased from us are maintained in association with your account. The personal information that we hold is stored in one or more databases hosted by third parties located within the UK. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval.

We do not otherwise reveal your personal data to third-parties for their independent use unless: (1) you request or authorise it; (2) the information is provided to comply with the law (for example, to comply with a search warrant or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (3) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (4) to address emergencies or acts of God; or (5) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.

Our website uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from our website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.

Data subject rights

The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office at www.ico.org.uk.

This Privacy Notice is intended to provide you with information about what personal data we collect about you and how it is used. If you have any questions, please contact us at DPO@property.nhs.uk

If you wish to confirm that NHS Property Services Ltd is processing your personal data, or to have access to the personal data we may have about you, please contact us in writing at DPO@property.nhs.uk or by post.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside of our organisation might have received the data from us; what the source of the information was (if you didn’t provide it directly to us); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by us if it is inaccurate. You may request that we erase that data or cease processing it, subject to certain exceptions. You may also request that we cease using your data for direct marketing purposes.  You have a right to lodge a complaint with Information Commissioner if you have concerns about how we process your personal data. When technically feasible, we will—at your request—provide your personal data to you or transmit it directly to another controller.

Reasonable access to your personal data will be provided at no cost upon request made to us at DPO@property.nhs.u or our postal address. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.

Security of your information

To help protect the privacy of data and personally identifiable information you transmit through use of this Site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

Data storage and retention

Your personal data is stored by us on our servers, and on the servers of the cloud-based database management services that we engage. We retain data for the duration of the relationship with us. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact our Data Protection Officer by email at DPO@property.nhs.uk or by post.

Changes and updates to the Privacy Notice

By using our website, you agree to the terms and conditions contained in this Privacy Notice and Conditions of Use and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use this Site or any of our services. You agree that any dispute over privacy or the terms contained in this Privacy Notice and Conditions of Use, or any other agreement we have with you, will be governed by the laws of the United Kingdom.

As our business changes from time to time, this Privacy Notice and Conditions of Use is expected to change as well. We reserve the right to amend the Privacy Notice and Conditions of Use at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice and Conditions of Use at this Site. We may e-mail periodic reminders of our notices and terms and conditions and will e-mail customers of material changes thereto, but you should check our Site frequently to see the current Privacy Notice and Conditions of Use that is in effect and any changes that may have been made to it. The provisions contained herein supersede all previous notices or statements regarding our privacy practices and the terms and conditions that govern the use of this Site.

Questions, concerns or complaints

Please contact our privacy officer at the address below:

Data Protection Officer
NHS Property Services Ltd
99 Gresham Street
London
EC2V 7NG

Tel: 0800 085 3015

Email: DPO@property.nhs.uk