Last updated: October 2022

IM Group Services Ltd and your personal data

This is the IM Group Services Ltd’s Privacy Policy. In the rest of this document ‘IM Group Services’ may be used to mean ‘The Mall Blackburn’. It sets out how we collect and process your personal data, what we use it for, and gives you important information on how you can amend information we hold on you such as amending or removing consent for marketing communications or updating your personal details. If you have any queries about this policy or how we handle any personal data you provide to us, please contact us using the details provided at the bottom of this document.

“Personal Data” is any data that identifies you. The Personal Data which you supply to us you agree will be true. We will deal with your Personal Data in compliance with the current UK & EU data protection legislation, which includes the EU General Data Protection Regulation (GDPR). Please note this applies only to services which we operate and control and not to other companies’ or organisations’ websites to which we may link. For such external services or sites please see their Privacy Policies to understand how they might be handling your data.

Who is IM Group Services Ltd?

IM Group Services Ltd is a family owned and managed UK shopping centre management company.

Our Purpose for Collecting and Processing Personal Data

We collect and process data to to carry out marketing for both IM Group Services Ltd and our Shopping centres; and in order to manage the operations of our business such as contracts with businesses operating in our Shopping centres. In some cases, we are also required to hold certain information for legal compliance, law enforcement or contractual purposes.

Legal Basis

Data protection laws set out a number of valid reasons for the collection and processing of personal data. These include consent, such as ticking a box to opt-in to receive marketing emails from us; legitimate Interest; compliance with the law; and, to fulfil contractual obligations.

What Data We Collect

For businesses operating within our centres, such as retailers and kiosk traders, we collect business and personal data such as names and contact details in order to create contracts and administer our business operations. Some of this information is required to conduct these services.

Use of personal Data for Marketing Communications

We only send post, email, text messages and mobile notifications to you about news and services that we consider may be of interest to you only if you have given us permission to do so.

Electronic notifications may be sent to you via your internet browser if you have given consent for us to do so. If you subsequently wish to remove consent for these, you can do so following the instructions provided by your internet browser software.

Who Controls or Has Access to the Data?

Personal data may be accessed and processed by staff at IM Group Services Ltd. The use of personal data will remain under the control of IM Group Services Ltd at all times operating as the Data Controller. We will not sell your data to other companies without your explicit permission.

Some customer data is required to fulfil retailer and commercial partner requests and to fulfil contractual obligations.

In compliance with the law we may be obligated to disclose Data about you to a law enforcement agency or by a court order.

Personal Data is held and processed only within the EU.

Data subjects have various rights in relation to accessing and amending the data companies hold on them under GDPR. More information on how to do this can be found later in this document.

Your personal data is not shared with other companies for their own purposes unless specifically stated at the time of collection and you have given your permission. An example of potential cases when this might happen would be for during competitions run with partners where we offer a tick box for you to opt-in to receive information from that company as well as from ourselves. If you opt-in to receive information from the additional company, please see their Privacy Policy for information on how they handle your data.

Corporate transaction

We may share information in the event of a corporate transaction e.g the sale of an asset. In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Policy.

Marketing

We may use your Personal Information, such as name, email address, telephone number etc. ourselves or by third party subcontractors for the purpose of providing you with promotional material, concerning our services which we believe may be of interest to you.

Retention Period & Criteria

We only keep personal data for as long as necessary for the purpose for which it was collected or to comply with legal, contractual or law enforcement purposes.

Security

We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the Internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.

Data Subject’s Rights

Data subjects have a number of rights which we recognise and uphold. These include: The right to be informed about how we collect and process your personal data which is detailed in this document; The right to access this information; The right to rectify or erase data; The right to restrict the processing of data; The right to data portability; The right to object; and, rights relating to automated decision making and profiling. Data subjects also have the right to lodge complaints with the Information Commissioners Office and the right to withdraw consent.

How do I access or amend my data?

Please contact us using the details found in the footer at the bottom of this page.

Changes to this Privacy Statement

We will occasionally update this Privacy Statement and when we do, we will also revise the “last updated” date at the top of this document. We will obtain your consent for any updates to this Privacy Statement that materially expand the sharing or use of your personal information in ways not disclosed in this Privacy Statement at the time of collection.

Identity and Contact Details

Data Controller: IM Group Services Ltd.

If you have any comments or queries in connection with our privacy policy or the data we hold, please telephone, email or write to use using the contact details at the bottom of this page.