privacy policy
Privacy Policy
We, at Dolphin Square ("we", "us", “our”) collect, process, use and store information about individuals ("personal data") including: visitors to our premises at Dolphin Square, London SW1V 3LX (“Premises”) including our Spa and Fitness Club (collectively our “Products and Services”), visitors to our website: https://www.dolphinsquare.co.uk/ (“Website”), tenants, partners, suppliers and contractors, and job applicants (collectively "you", “your”).
We are aware of our responsibilities to handle your personal data with care, keep it secure and comply with applicable privacy and data protection laws. The purpose of this privacy policy (“Policy”) is to provide a clear explanation of when, why and how we collect, process, use and store personal data as controller.
WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?
Dolphin Square Operator Limited (company registration number: 12845952 and registered office address; 1 Bartholomew Lane, London EC2N 2AX) is the controller for the personal data set out above, unless you enter into a tenancy agreement, in which case the controller will be The Dolphin Square Estate S.à.r.l. (Société à responsabilité limitée).
The primary point of contact for all queries arising from this Policy, including requests to exercise Legal Rights , is our data protection manager, who can be contacted by email at: dataprotection@dolphinsquare.co.uk, or post at: Dolphin Square, Chichester Street, London SW1V 3LX.
IMPORTANT
Please do read this Policy with care. It provides important information about how we use personal data and explains your statutory rights. Further, if you are visiting our Premises, this Policy should be read in conjunction with our CCTV Policy.
This Policy has been designed to be as user friendly as possible. We set out below an index of contents so you can easily find the information you are looking for by clicking on the relevant heading. We have clearly labelled sections of this Policy to make it easy for you to navigate to the information that may be most relevant to you.
WHAT PERSONAL DATA DO WE PROCESS AND HOW?
WHY, AND ON WHAT LEGAL BASIS, WE USE YOUR PERSONAL DATA?
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
HOW WE STORE AND PROTECT YOUR PERSONAL DATA
THIRD PARTY LINKS AND WEBSITES
HOW CAN YOU CONTACT US FOR MORE SUPPORT
WHAT PERSONAL DATA DO WE PROCESS AND HOW?
Information You Provide
We collect various types of personal data about you for the purposes described in this Policy including but not limited to:
| Interested Parties Data (where you are interested in our properties or services) | Name Date of Birth Title Address Phone Number Email Address Company Name Company Contact Details CCTV recordings/images (if you visit our premises) Call recordings (if you call us) |
| Applicant, Tenant, Guest and Member Data (where you apply for a memerbrship, tenancy, book a stay or are an existing tenant, guest or a member of our Spa and Fitness Club) | Name Date of Birth Title Address Prior addresses Phone Number Email Address Salary Details Occupation Employment Details Company Details Company Contact Details Housing Benefit Details Passport Copy Passport Expiration Visa Copy Visa Expiration Resident Permit Copy Resident Permit Expiration UK Driver's License Copy UK Birth Certificate Photo Next of Kin Emergency Contact Health Details Vehicle Registration Vehicle Details Bank Details CCTV recordings/images Call recordings Access control activity |
| Company, Vendors, Contractors, and Agents Data (where you are a prospective business partner, vendor, service provider, contractor or agent) | Name Address Email Address Phone Number Company Name VAT Registration Bank Details Photos CCTV recordings/images (if you visit our premises) Call recordings (if you call us) Access control activity |
| Website User Data (where you access, browse and/or interact with us via, our website) | your domain; your IP address; your date, time and duration of your visit; page views, clicks, and scrolling details your browser type; your operating system; your page visits; other information about your computer or device; Internet traffic; personal Preferences (Language and Location). More information about our use of cookies can be found in our Cookie Policy. |
In order to access or use certain portions, or enjoy the full functionality, of our Website, or otherwise in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal data to us in the following ways:
- by filling in forms (for example, 'Book a Viewing' or 'Enquiry' ) on our Website;
- logging into the “Resident Portal” Login;
- by corresponding with us by phone, e-mail or otherwise using our contact details (for example, to book a tour of our Spa and Fitness Club);
- registering to receive marketing from us;
- completing a membership application for the Spa or Fitness Club;
- completing a tenancy application;
- booking or staying in our serviced apartments.
The personal data you will be asked to provide may include some of the types of personal data within Interested Parties Data, Applicant, Tenant, Guest and Member Data or Job Applicant Data, including: name, address, telephone number, and email address. This personal data is required to enter into a contract with you (in anticipation of an agreement to provide services) or to perform a contract with you (such as to provide services at your request), and failure to provide any information may result in our inability to perform such contract.
Information We Collect Automatically
When you visit our Website, our server automatically collects certain browser or device generated information, which may in some cases constitute personal data, including but not limited to Website User Data. Our Website uses cookies to remember information such as your login details and personal site preferences. More information about our use of cookies can be found in our Cookie Policy.
When you enter our premises, we have CCTV cameras at our premises, which automatically capture video footage.
Information We Collect from Other Sources
We may also obtain some types of personal data within Interested Parties Data, Applicant, Tenant, Guest and Member Data or Job Applicant Data about you from third parties, namely other applicants, referring Agencies, referring websites, and referencing companies, for example:
- Details from publicly accessible sources such as government websites
- Details about you provided by another applicant
- Details from an Agency
- Details from inquiries on websites like Rightmove and Zoopla
- Where you are identified as a guarantor
- Details from pre-tenancy checks conducted by referencing companies
WHY, AND ON WHAT LEGAL BASIS, WE USE YOUR PERSONAL DATA?
All our processing and use of personal data is justified. Whenever we process your personal data we do so relying on a legal basis for that processing. The table below provides an overview of the justified legal grounds for processing personal data, and why we use your personal data:
| Type of Personal Data | Purpose of Processing | Lawful Basis |
|---|---|---|
| Interested Parties Data | To contact and provide details of the services provided at Dolphin Square, including relating to available apartments and services according to your enquiry or to understand the kind of property or service you are interested in based on your information request or desire to be contacted, as well as marketing material, updates and to obtain feedback. | Your consent, or where information is solicited, our legitimate interest to send you communications related to similar services to which you have previously received or entered into negotiations to receive, where permitted by privacy laws. |
| Applicant, Tenant, Guest and Member Data | To provide services requested or where a contract is in place or when there is a tenancy agreement in place, which include (as applicable): Manage security and access, Verify details provided are true and accurate, Ensure you meet the financial obligations of renting an apartment, your booking or membership, Manage and provide services, and communicate with you during a lease/tenancy agreement, stay or membership, Process and collect payments, Respond to enquiries, complaints or requests, Record keeping, Obtain feedback, Communicate changes to services, Statistical purposes, Provide maintenance services, Ensure active membership, Provide access control. | The processing is necessary for performance of a contract. Our legitimate interest to respond to any correspondence, complaints or queries you send us, to send you any service-related information and to obtain feedback. Where necessary to comply with applicable legal obligation, but also it is our legitimate interest to take steps to verify against any illegal or fraudulent activity. |
| Company, Vendors, Contractors, and Agents Data | To receive services, provide payment for services where a contract is in place, including to: support systems and operations enforce health and safety rules and processes monitor compliance support security and access control. | The processing is necessary for performance of a contract. Where necessary to comply with legal obligations and to assist compliance and security. |
| Website User Data | To help us to keep our Website available and secure, and to improve your experience when you visit our Website. This includes: (a) for statistical analysis to improve, test and monitor the effectiveness of our Website; (b) to monitor metrics such as total number of visitors and traffic data (including demographic patterns); and (c) to ensure content on our Website is presented in the most effective manner for you and to enhance your use of our Website. | Our legitimate interest to provide and maintain our Website through utilising cookies that are strictly necessary. Your consent for cookies that are not strictly necessary, such as cookies relating to performance, functionality and target/advertising. |
| Job Applicant Data | To respond to requests for vacancies and for recruiting and hiring purposes, carry out right-to-work checks and comply with our legal requirements and to improve our recruitment process and activities. | The processing is necessary for us to administer our contract with you - or take steps to consider entering into an employment contract with you. Necessary to comply with employment and social security law obligations (for example, carrying out right to work checks) and our legitimate interests to maintain our reputation as a reputable employer. |
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Depending on your dealings with us, we may disclose some or all of the personal data we collect from and obtain about you to the following third parties:
| Name | Data | Purpose Of Processing | Country of Processing |
|---|---|---|---|
| Microsoft Corporation | Applicant, Tenant, Guest and Member Data | Service platform used for infrastructure services, business applications, and data hosting | European Economic Area ("EEA") |
| RealPage UK Limited | Applicant, Tenant, Guest and Member Data | Service platform used for establishing tenant leases, tracking occupancy, accounting, payments, recording activity, communication, online service portals, and providing maintenance services | EEA |
| HelpScout | Applicant, Tenant, Guest and Member Data | Customer service platform that support customer service interactions via phone, chat, and email | United States |
| Hubspot, Inc | Applicant, Tenant, Guest and Member Data | Service platform used for content management, marketing, analytics, customer surveys, customer interactions via phone, chat, and email | United States |
| Stripe, Inc | Applicant, Tenant, Guest and Member Data | Service platform used for payment processing | EEA & United States |
| Bottomline Technologies, Inc. | Applicant, Tenant, Guest and Member Data | Service platform used for payment processing | EEA |
| DocuSign, Inc | Applicant, Tenant, Guest and Member Data | Service platform for eSignatures | EEA |
| Mailchimp | Applicant, Tenant, Guest and Member DataInterested Parties Data | Service platform used for email delivery and communication | United States |
| Your Parking Management | Applicant, Tenant, Guest and Member DataCompany, Vendors, Contractors, and Agents Data | Service provider used for parking management | EEA |
| William Martin Compliance | Applicant, Tenant, Guest and Member DataCompany, Vendors, Contractors, and Agents Data | Service platform used for health, safety, and risk compliance | EEA |
| Xplor Technologies | Applicant, Tenant, Guest and Member Data | Service platform used for gym access control, membership management, activity booking, marketing, and communication | EEA |
| Dolphin Square 2005 | Applicant, Tenant, Guest and Member Data | Service provider with a legitimate interest in tenants with an Option B tenancy agreement | EEA |
| Contractors and Vendors | Applicant, Tenant, Guest and Member Data | Service providers used for repairs and maintaining infrastructure, features, and operations needs of Dolphin Square | EEA |
| Rightmove | Applicant, Tenant, Guest and Member Data | Service provider used for tenancy referencing | EEA |
| Tenancy Deposit Scheme | Applicant, Tenant and Member Data | Service Provider for deposit protection services | EEA |
| Flatfair | Applicant, Tenant, Guest and Member Data | Service provider for alternative deposit scheme | EEA |
| Birdeye UK Limited | Applicant, Tenant, Guest and Member Data | Service platform used for surveys, review and referral management | USA |
| Keyzapp | Applicant, Tenant, Guest and Member DataCompany, Vendors, Contractors, and Agents Data | Service platform used for key management. | EEA |
| Salto | Tenant, Guest and Member DataCompany, Vendors, Contractors and Agent Data | Service platform supporting building and apartment access control. | EEA |
| PandaDoc | Applicant, Tenant, Guest and Member DataCompany, Vendors, Contractors, and Agents Data | Service platform for eSignatures and document generation | EEA |
| Paperform | Applicant, Tenant, Guest and Member DataCompany, Vendors, Contractors, and Agents Data | Service platform used for digital forms. | USA |
| Paxton | Applicant, Tenant, Guest and Member DataCompany, Vendors, Contractors, and Agents Data | Service platform supporting building access control. | UK |
| HappyFox, Inc. | Applicant, Tenant, Guest and Member Data Company, Vendors, Contractors, and Agents Data | Customer service platform that support customer service interactions via phone, chat, and email | EEA & United States |
| Lavanda Ventures Limited | Applicant, Tenant, Guest and Member Data Company, Vendors, Contractors, and Agents Data | Service platform used for managing serviced apartments occupancy, payments, accounting, recording activity, communication, online services portals, applications and marketing distribution. | UK & EEA |
| Amber Energy Solutions Ltd. | Applicant, Tenant, Guest and Member Data | Service platform for billing and metering. | UK & EEA |
We may also share your personal data in the manner and for the purposes described below:
- with government organisations and agencies, law enforcement and regulators to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
- debt collection agencies to assist us with the collection of arrears and outstanding debts;
- banks and payment providers to authorise and complete payments;
- retailers and businesses providing awards and prizes in conjunction with us; and
- with credit reference agencies and organisations working to prevent fraud.
If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser/investor of our business or assets.
In addition, there may be circumstances, where we share your personal data with relevant third parties (where authorised by you for such circumstances), which may include (but not limited to) another landlord, local council, bank etc.
INTERNATIONAL TRANSFERS
Some of the third parties listed in WHO DO WE SHARE YOUR PERSONAL DATA WITH? above are based outside the EEA. Whenever we make transfers of your personal data, we implement appropriate safeguards in accordance with applicable data protection laws, for instance:
- the EU Standard Contractual Clauses and additional measures to supplement such clauses as may be required in line with transfer impact assessments we carry out, to prevent interference by public authorities of third countries;
- the UK Addendum; and/or
- by sending to countries that have an adequacy decision by the European Commission and/or the UK Information Commissioner's Office (ICO).
Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed. If you would like to find out more about any such transfers or obtain a copy of safeguards, please contact us using the details set out in HOW CAN YOU CONTACT US FOR MORE SUPPORT.
MARKETING
We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you. You may change your marketing preferences at any time by contacting us.
Our processing of your personal data for marketing purposes is based on our legitimate interests, or it may be based on your consent (such as where required by law). In particular, you can always opt-out of email marketing communications by clicking the "unsubscribe" link at the bottom of marketing emails, or by contacting the contact details provided in HOW CAN YOU CONTACT US FOR MORE SUPPORT.
When you choose to unsubscribe, your data is automatically moved to a suppression list to prevent your email address being accidentally added to our database again. If you wish your data to be fully deleted from our systems, we will do so at your request but, if your email address is at any point added back into our database, by you or on your behalf, there will be no automated process in place to prevent marketing being emailed to you again. Please note that where we have another lawful basis for processing, we will continue to process personal data for other purposes – for example, we may process information based on contract necessity. You may also receive indirect marketing from us by way of general marketing communications (e.g. post or non-targeted adverts in the media etc).
HOW WE STORE AND PROTECT YOUR PERSONAL DATA
We will not retain your personal data longer than it is necessary to carry out the purposes listed in WHY, AND ON WHAT LEGAL BASIS, WE USE YOUR PERSONAL DATA? or than is required by law.
In some circumstances we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned. No security measures are perfect or impenetrable but, we regularly review our security procedures to consider appropriate new technology and methods. These measures include:
- placing confidentiality requirements on our staff members and service providers;
- destroying or permanently anonymising personal data if it is no longer needed for the purposes for which it was collected;
- following strict security procedures in the storage and disclosure of your personal data to prevent unauthorised access to it;
- training and awareness for staff members in the handling of your personal data; and
- using secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input on our Website before it is sent to us. SSL is an industry standard encryption protocol and this ensure that the information is reasonably protected against unauthorized interception.
As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.
WHAT ARE YOUR LEGAL RIGHTS?
You have several rights in relation to your personal data set out in this section. In certain circumstances these rights might not be absolute, as they depend on our reason for processing your personal data.
You are not required to pay any charge for exercising your rights, although we may charge a reasonable fee if your request is unfounded, repetitive or excessive. We have one month to respond to you (unless you have made a number of requests or your request is complex, in which case we may take up to an extra two months to respond).
Please note that, where we ask you for proof of identification, the one-month time limit does not begin until we have received this. If we require any clarification and/or further information on the scope of the request, the one-month deadline is paused until we receive that information.
| Right | What this means |
|---|---|
| Access | You can ask us to: confirm whether we are processing your personal data; give you a copy of that data; provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from etc., to the extent that information has not already been provided to you in this Policy. |
| Rectification | You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it. |
| Erasure | You can ask us to erase your personal data, but only where: it is no longer needed for the purposes for which it was collected; or you have withdrawn your consent (where the data processing was based on consent); or following a successful right to object (see 'Objection' below); or it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request. |
| Restriction | You can ask us to restrict (i.e. keep but not use) your personal data, but only where: its accuracy is contested (see “Rectification” above), to allow us to verify its accuracy; or the processing is unlawful, but you do not want it erased; or it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction, where: we have your consent; or to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person. |
| Portability | You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format or you can ask to have it 'ported' directly to another Data Controller, but in each case only where: the processing is based on your consent or on the performance of a contract with you; an the processing is carried out by automated means. |
| Objection | You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis (see WHY, AND ON WHAT LEGAL BASIS, WE USE YOUR PERSONAL DATA?) if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. |
| International Transfers | You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the EEA. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity. |
| Supervisory Authority | You have a right to lodge a complaint with your local supervisory authority about our processing of your personal data. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time. |
| Withdrawal of consent | If you have given your consent to the processing of your personal data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data before this remains unaffected. |
CHANGES TO THIS POLICY
We may make changes to this Policy from time to time to keep it up to date with legal requirements and the way we operate our business, and will place any updates on this webpage. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this Policy, we will seek to inform you by notice on our website or email.
It is important that the personal data we hold about you is accurate and up-to-date. Please let us know if any of your personal data changes during your relationship with us.
THIRD PARTY LINKS AND WEBSITES
You might find external links to third party websites on our website. This Policy does not apply to your use of a third party site.
HOW CAN YOU CONTACT US FOR MORE SUPPORT
We hope this Policy has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that have not been covered, please contact our data protection manager via email at: dataprotection@dolphinsquare.co.uk
If you have a concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with the ICO at any time.
This Policy was last updated on February 2025.
