Privacy notice for M J Mapp Ltd and M J Mapp Retail LLP clients
This privacy notice provides an overview of how we manage and protect the personal data of our clients and the officers and employees of our corporate clients and third parties related to a client (e.g. tenants and suppliers) as required by law. This notice tells you who we are, what data about you we collect, and what we do with that data.

Introduction
M J Mapp is a specialist manager of mixed commercial real estate portfolios, large office buildings and mixed use and retail schemes operating solely in the UK.

What data do we collect about you?
We use your data for various purposes connected with the services that we provide to you or your employer as set out in the contractual agreements between us.

For the most part we collect little more than your business contact details in order for us to be able to communicate in respect of fulfilling our service obligations to your employer.

We generally collect data from you directly but we may also collect data from third parties such as:

  • Other advisers and intermediaries (such as solicitors, banks, other agents), both current and previous.
  • Company information databases.
  • Client identification and verification services
  • Publicly available sources, such as Companies House.
  • Your agents and representatives
  • Other professional services providers that provide services to you and your employer.

Data we collect may include:

  • Basic contact information, proof of age and identity information.
  • Financial information and HMRC client data.
  • Referral letters from third party institutions.
  • Information relating to your use of our website, further details of which can be found in our Cookies Policy.

For what purposes do we use data about you, and on what legal basis?
We will use data about you for the following purposes:

  • To provide such services to you and your employer.
  • To make payments on your behalf or on behalf of your employer.
  • To create and manage records of your involvement with us and to communicate with you.
  • To contact you with respect to the services that we provide.
  • Sending you marketing information (but only to the extent you have consented).
  • If you provide your consent to share data with financial institutions, employers or landlords for the purposes of leases and other financial references.
  • As a residential tenant to verify your residence and identity in order to comply with our legal and regulatory requirements.
  • To comply with legal and or regulatory obligations.

The processing of your data is necessary for:

  • The performance of a contract to which you or your employer are a party.
  • Compliance with a legal obligation to which we are subject.
  • A legitimate business interest that is not overridden by your interests, rights and freedoms which require protection.

Where none of the above applies, we will ask for your consent to process data.

Who do we share your data with, and for what purposes?
We may share data about you with:

  • Our insurers in the event of a potential insurance claim;
  • Your other professional advisers;
  • Third parties who provide us with products or services in support of fulfilling our service to you; and
  • Other third parties, where required or permitted by law.

Where might data about you be sent?
We would not normally expect to need to transfer your data outside of the EU. However it is possible that it may be necessary for us to transfer data outside the country or territory where it was collected, including to a country, territory or international organisation that may not have the same data protection standards.

How do we protect data about you?
We implement appropriate technical and organisational measures to protect personal data that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the data you provide. We also require our service providers to comply with strict data privacy requirements.

How long will data about you be kept?
We store data in accordance with our agreement with your employer and legal, regulatory, financial and best-practice business requirements. Once our contract with you or your employer ends, we will securely delete/destroy your data in line with our data retention policies.

What rights and options do you have?
You may have the following rights in respect of data about you that we hold:

  • Request us to give you access to it.
  • Request us to rectify it, update it, or erase it.
  • Request us to restrict our using it, in certain circumstances.
  • Object to our using it, in certain circumstances.
  • Withdraw your consent to our using it.
  • Data portability, in certain circumstances.
  • Opt out from our using it for direct marketing.
  • Lodge a complaint with the supervisory authority in your country.
  • You are able to exercise these rights by contacting us using the details set out below.

Who should you contact with questions?
If you have any questions, or wish to exercise any of the rights detailed above, please contact us at communications@mjmapp.com

You have a right to contact your local supervisory authority with any questions or concerns. If we or they cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.

Changes to this notice
We may update this notice (and any supplemental privacy notice), from time to time. We will notify you of any material changes where required by law to do so.

Last modified 18th May 2018.