Skip to main content

Privacy Policy

Last updated: 17th September 2024

Who are we and what is this notice?

We are The Arch Company Services Limited and form part of The Arch Company Group. Together we operate as a landlord to a diverse, passionate group of small and medium sized businesses, entrepreneurs and community organisations across England and Wales, that we are proud to call our customers.

The Arch Company Group is made up of different legal entities and is a joint venture between TT CDR Holdings Limited (“TT”) and BX CDR Holdco Limited (“Blackstone”). Where we say “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in The Arch Company Group responsible for collecting / processing your personal data.

If you visit our website (www.thearchco.com), are a current customer or enquire about our letting services, visit one of our properties, or interact with us in some other way, we may collect and process some of your personal information (also known as ‘personal data’). This privacy notice explains:

  1. What information do we collect and process about you?
  2. How and why do we use your personal information?
  3. What lawful basis we rely on to process your personal information?
  4. When we share your personal information and with whom?
  5. How we use cookies and other technologies?
  6. How long we keep your information for?
  7. How do we keep your personal information secure?
  8. What are your legal rights?
  9. Can this privacy notice change?
  10. How to contact us?

We are a controller of your personal information. This means we decide how your personal information is processed and protected and we are responsible for keeping it safe.

Links to other websites

Our website and online services may, from time to time, contain links to external websites, plug-ins and applications including (but not limited to) social media platforms such as Facebook, Instagram, LinkedIn and X. This policy does not apply to these third-party services, and we are not responsible for the privacy policies or practices or the content of any third party. Please review third-party privacy policies and, where applicable, your privacy settings of such third parties.

1. What personal information do we collect and process about you?

Below we outline the categories of personal information we may collect and process about you. Whether we collect this information will depend on how you interact with us. Please see the How and why, we use your personal information? section of this privacy notice to understand more.

Information that you give us.

  • Name and contact information: business name, first name, last name, phone number, postal address, and email address.
  • Tenancy information: including address and any other personal information about you in the lease and related documents. If you are viewing properties let by us, we will also ask for information about your property requirements and preferences.
  • Financial information: bank account details, payment card details, billing address and details about payments made to and from you.
  • Call recordings: recordings of phone conversations we have with you. We will tell you where we intend to record a call before doing so.
  • Feedback and survey responses: any personal information contained in any feedback, queries, or survey responses we receive, which may include any of the categories of personal information previously mentioned.
  • Diversity, Equity and Inclusion data: we may ask you for permission to collect and process information about you or users of our services to monitor and manage our responsibilities to deliver an inclusive and accessible service. Such data will be anonymized wherever possible after collection.

Information we receive about your use of our services.

  • Technical information: internet protocol (IP) address used to connect your device to the Internet, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage information: interaction information about your use of our services including the full Uniform Resource Locators (URL), clickstream, content you viewed or searched for, content response times, download errors, length of visits to certain content, interaction information (such as scrolling, clicks, and hover-overs), and methods used to browse away from content.
  • Location information: We may derive your approximate regional location from your IP address.

Information we receive from other sources.

  • Social media platform information: If you interact with us through third party sites, such as Facebook, Instagram, LinkedIn and X, we may collect personal information from you. For example, if you tag us in a social media post or otherwise interact with our social media adverts and accounts.
  • CCTV information: We operate closed circuit television systems (CCTV) which may record you for security and safety purposes if you visit our premises or a property we let. We are responsible for the operation of our CCTV system and work with specialist providers who act as data processors to operate the system. Cameras may be placed both externally and internally in public and common areas. Signage on site will indicate the presence of cameras.
    Our customers may have their own CCTV or similar security systems in operation in their dedicated spaces. We are not responsible for the operation of these systems and any questions about them should always be directed to the relevant occupier or police, as applicable.
  • Access information: If you are a customer or visiting a customer at one of our spaces, your name and organisation, together with the time and date of your visit may be recorded. You may be issued with a security pass, these passes may, if scanned, enable us and our security partners to identify your location, arrival and exit times on our premises.
    Our customers may also make additional security arrangements which involve the collection of your personal information. You should ask to see their privacy notices for more information.
  • Compliance information: We sometimes collect information from you and third-party data providers or publicly available sources for anti-money-laundering, background checking and similar purposes.

We may also receive your personal information from third party providers and partners which we work with, including our advertising partners and networks. For more information, please see How we use Cookies and other technologies?

2. How and why do we use your personal information?

We use your personal information to manage our relationship with you, including to:

  • take steps to enter into a tenancy or related agreement with you (including to register you as a new or prospective customer and run background and credit checks where required);
  • send you information about properties that we think you might be interested in and showing these properties to you;
  • administer our tenancy services to you, including managing payment transactions with you, liaising with you on matters related to your tenancy, and notifying you of changes to this privacy notice;
  • ask you to leave a review or take a survey relating to your use of our services and use this information to gain insights to improve our services, and display those responses on our website (where applicable); and
  • contact you and to respond to any correspondence we receive from you.

We use your personal information for our website and services we make accessible from it, including to:

  • deliver our website and services to you as requested, including the display of our website and to ensure content is presented in the most effective manner for you and your device;
  • manage internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • keep our website and services safe and secure;
  • analyse your use of our website and services; and
  • understand where you are accessing our services from to deliver location specific content to you.

We use your personal information for advertising and marketing purposes, including to:

  • send you direct marketing in the form of emails, text, SMS/MMS (as applicable) and to understand its effectiveness – you may receive marketing communication from us if you have requested information from us, have consented to marketing or have used our services and you have not opted out of receiving marketing or where we are otherwise legally permitted to send you marketing;
  • analyse your interaction with social media platforms and our content; and
  • enable cookies and other similar technologies (together with third parties).

We use your personal information for other purposes, including to:

  • work with third parties (which will include sharing your Personal Data) – see When we share your personal information and with whom? for more information;
  • to protect our business from fraud, money-laundering, breach of confidence, theft and other financial or business crimes;
  • for quality assurance and training purposes;
  • to comply with our legal and regulatory obligations and bring and defend legal claims; and
    4
  • to protect the security of our premises and ensure you are able to safely access and move around our premises.

Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please see How to contact us? for more information.

If we use your personal information for an unrelated purpose, we will notify you and explain the legal basis for doing so.

3. What lawful bases we rely on to process your personal information?

We must have a legal basis for each use of your personal information. We use the following personal information for each purpose listed below and set out the lawful basis we rely on.

Purpose Categories of personal data Lawful basis
To manage our relationship with you
To take steps to enter into a tenancy or related agreement with you.
  • Name and contact information.
  • Tenancy information.
  • Financial information.
  • Compliance information.
  • Performance of a contract with you.
  • Necessary to comply with a legal obligation.
To send you information about properties that we think you might be interested in and showing these properties to you.
  • Name and contact information.
  • Tenancy information.
  • Our legitimate interests (in running our business and showing you properties that you might be interested in).
To administer our tenancy related services to you.
  • Name and contact information.
  • Tenancy information.
  • Financial information.
  • Call recordings.
  • Performance of a contract with you.
  • Necessary to comply with a legal obligation.
  • Our legitimate interest (to provide you with services you require during your tenancy).
To ask you to leave a review / take a survey and use this information to gain insights to improve our services, including to monitor and manage our responsibilities to deliver an inclusive and accessible service.
  • Name and contact information.
  • Feedback and survey responses.
  • Our legitimate interest (improving our service offering and growing our business).
  • Consent (where required by law).
To contact you and respond to any correspondence we receive from you.
  • Name and contact information.
  • Call recordings.
  • Performance of a contract with you.
  • Our legitimate interest (to ensure your questions are answered and you have a great customer experience).
For our website and services, we make accessible from it
To deliver relevant website services /
content to you in the most effective manner for you and your device.
  • Technical information.
  • Usage information.
  • Location information.
  • Performance of a contract with you.
  • Our legitimate interests (to ensure customers and site visitors have a great experience when accessing and using our website and services).
To manage internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • Name and contact information.
  • Feedback and survey responses.
  • Technical information.
  • Usage information.
  • Our legitimate interests (to keep our website and services running and functional).
To keep our website and services safe and secure.
  • Technical information.
  • Usage information
  • Our legitimate interests (for network security).
To analyse your use of our website and services.
  • Technical information.
  • Usage information
  • Our legitimate interests (improving our website and services).
To understand where you are accessing our services from to deliver location specific content to you.
  • Location information.
  • Our legitimate interests (to ensure relevant content is made available to you).
For advertising and marketing purposes
To send you direct marketing and to understand its effectiveness.
  • Name and contact information.
  • Usage information.
  • Feedback and survey responses.
  • Social media platform information.
  • Our legitimate interests (making you aware of services and products you may be interested in).
  • Consent (where required by law).
To analyse your interaction with social media platforms and our content.
  • Name and contact information.
  • Platform information.
  • Usage information.
  • Our legitimate interests (growing our business and social media presence).
To enable cookies and other similar technologies to work.
  • Usage information.
  • Technical information
  • Our legitimate interests (personalising your experience of our website and delivering relevant advertisements to you).
  • Consent (where required by law).
Other
For quality assurance and training purposes.
  • Name and contact information.
  • Call recordings.
  • Feedback and survey responses.
  • Our legitimate interest (improving the quality of the service we provide to our customers).
To protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes.
  • Name and contact information.
  • Compliance information.
  • CCTV information.
  • Access information.
  • Call recordings.
  • To comply with our legal obligations.
  • Our legitimate interests (protecting our business).
To protect the security of our premises.
  • Name and contact information.
  • CCTV information.
  • Access information.
  • To comply with our legal obligations.
  • Our legitimate interest (protecting visitors at our premises).
To comply with our legal and regulatory obligations and bring and defend legal claims.
  • Name and contact information.
  • Tenancy information.
  • Financial information.
  • Call recordings.
  • Feedback and survey responses.
  • Technical information.
  • Location information.
  • CCTV information.
  • Access information.
  • Compliance information.
  • Any other personal information a law enforcement authority may require.
  • To comply with our legal obligations.
  • Our legitimate interest (defending ourselves against claims).

Where we rely on our legitimate interest to process your personal information, we will only do so if we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest in pursuing those purposes, and we will only process your personal information as necessary for the purposes described above.

4. When do we share your personal information and with whom?

We may share your personal information, where reasonably necessary for the purposes set out above, with the following categories of recipients:

  • other members of The Arch Company Group and our owners and affiliates including TT and Blackstone, where this helps us to better operate our business;
  • organisations who process your personal information on our behalf and in accordance with our instructions. This includes supporting our services, in particular data hosting services, fulfilment services, CCTV service providers, communications providers, survey providers, fraud detection services, advertising services, marketing services (such as, Mailchimp (https://mailchimp.com), those that facilitate feedback on our services and provide IT support services from time to time and third party agents we use for the purposes of identifying potential customers to occupy our premises. These organisations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your personal information to the extent necessary to perform their support functions;
  • third party agents that we work with to market our vacant spaces, identify and enter into contracts with prospective customers;
  • Network Rail, where they operate the surrounding infrastructure and where we are required to provide them with your personal information for the purposes of complying with our legal obligations or for the safety of anyone occupying property you rent from us;
  • third parties that support us in debt recovery;
  • analytics and search engine providers that assist us in the improvement and optimisation of our website or services and advertising;
  • an entity who takes over our business and assets, or relevant parts of them;
  • other third parties such as professional advisors, including banks, accountants, and lawyers; and
  • in exceptional circumstances, such as to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory; or where we are required by law to disclose.

Processing your personal information outside the UK and EEA.

We are based in the United Kingdom. However, in processing your personal information in accordance with this privacy notice we may sometimes transfer your personal information outside of the UK and European Economic Area (“EEA”). Where we do this, we ensure a similar degree of protection is afforded to your personal information by ensuring that at least one of the following safeguards is implemented:

  • We transfer your personal information to countries that have been deemed to provide an adequate level of protection by the UK Secretary of State responsible for adequacy assessment.
  • We implement certain standard contractual clauses with the recipients of your personal information to safeguard transfers to countries outside of the UK / EEA, which do not benefit from a finding of adequacy.

Please contact us if you would like further information about the specific mechanism used by us when transferring your personal data out of the UK / EEA.

5. How we use Cookies and other technologies?

We use cookies and other similar technologies to collect and store certain information about you which includes your personal information. These technologies include cookies, pixels, web beacons and JavaScript (together “Cookies”), typically involve storing pieces of information or code transferred to or accessed from your device to store and, sometimes, record information about your interaction with online services from your device.

Cookies and similar technologies enable you to be remembered when using that device to interact with online services and can be used to manage a range of features and content as well as storing searches and presenting personalised content. They allow us to distinguish you from other visitors of our website and services which helps us to provide you with a great experience and also allows us to improve our services and see how they are performing. Cookies also allow us to secure areas of our services, deliver your preferences and personalised content, and deliver ads to you online.

A number of Cookies and similar technologies we use last only for the duration of your online session and expire when you close your browser. Others are used to remember you when you return to our Services and will last for longer. Some Cookies will also record where you came to our website from and where you visit once you have left.

We use Cookies and/or other similar technologies, either alone or in combination with each other, to create a unique ID which corresponds to you.

When you first interact with our website and services, you will be notified that we use Cookies, and we will ask for your consent to use non-essential Cookies. This banner will also allow you to decide which non-essential Cookies you want to accept. We also give you information about how to disable Cookies below. Where you change your browser settings to generally disable all Cookies, you may not be able to take full advantage of our Services; some aspects may not work without some Cookies being used.

We use these Cookies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), or where you have consented to their use. We use the following types of Cookies:


You may choose to disable some Cookies. The effect of disabling Cookies depends on which Cookies you disable. As set out above, if you disable all Cookies, certain features of our website and online services may not work. You will have already had the opportunity to reject Cookies when you first arrived at our website but if you want to update your choices at any time, you can access and update your existing cookie preferences via our consent management tool accessible on our website.

6. How long do we keep your personal information?

We will only retain your personal information for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Usually, personal information is retained for a maximum of six years and often for shorter periods, for example, unless required otherwise (such as in relation to an active police investigation or security incident), CCTV footage is stored for a 30 day period. However, we may retain your personal information for a longer period in the event of a complaint, a request from you, or if we reasonably believe there is a prospect of litigation relating to an incident captured in CCTV footage. For more information about our record retention policies please contact us.

7. How we keep your personal information secure?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we have put in place measures with the objective of limiting access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. What are your legal rights?

You have the right under certain circumstances to:

  • access a copy of your personal information held by us;
  • object to processing of your personal information;
  • request correction of your personal information if it is inaccurate or incomplete;
  • request erasure of your personal information in certain circumstances;
  • restrict our use of your personal information in certain circumstances;
  • object to the use of your personal information for automated decision-making;
  • request that your provided personal information be provided to a third party; and
  • withdraw consent (only if you have provided your consent and wish to withdraw it).

If you would like to exercise any of these rights, you can contact us (see How to contact us?). We may ask you for further information to confirm your identity before we provide the information requested or otherwise comply with your request.

Withdrawing consent

If you withdraw your consent, we will no longer process your personal information for the purpose(s) you originally agreed to, unless we have another legal reason for continuing to use the personal information.

You can change your preferences and object to receiving further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you, or by sending us an email (see How to contact us?).

Complaints

If you have any concerns about this privacy notice, please contact us (see How to contact us?). If your request or concern is not satisfactorily resolved by us, you have the right to make a complaint with your relevant data protection authority. In the UK, this is the Information Commissioner’s Office. You can visit their website at www.ico.org.uk to make a complaint.

9. Can this privacy notice change?

This privacy notice was last updated on the date mentioned at the top of it. We reserve the right to change this privacy notice from time to time. If we decide to change this privacy policy, we will post the changes on our website, so our visitors and customers are aware of what information we collect, how we use it, and under what circumstances, if any, we share it. Please check back frequently to see any changes.

10. How to contact us?

If you have any questions or concerns about this privacy policy or wish to exercise any of your legal rights, please contact us by email at data.protection@thearchco.com, and make your subject “Privacy request”.

We will identify whether an Arch Company Group company, TT or Blackstone, is the lead data controller for your query and ensure that it is directed to the appropriate person for a response. Please see TT’s privacy notice and Blackstone’s privacy notice for further information on how to contact them directly.