Cookie Policy
Introduction and our commitment.
UPP (Broadgate Park) Limited (UPP) is committed to protecting the privacy of students applying for accommodation at Albion House, Broadgate Park and Cloister House, its residents, the users of its website www.www.uppbroadgatepark.com, and anyone we communicate with. It is our goal to maintain compliance with the highest standards of privacy so that users of our website, students receiving our services, and anyone we communicate with, be informed about their privacy rights and how the law protects them so that they may comfortably and safely deal with us for a range of information needs. Where we refer to “UPP”, as appropriate this includes its affiliated and parent organisations.
UPP operates the Broadgate Park accommodation at the University of Nottingham. We use your personal data, as set out in the policy, which includes:
- Managing and making decisions about your application for accommodation at Broadgate Park.
- Allocating rooms to successful applicants and entering into a student resident agreement with you.
- Providing accommodation services, such as handing out keys, running a reception service, cleaning and maintaining your room, handling your post, and managing security on site.
- We also work with student bodies [such as the JCR] to arrange and run events and activities for our residents.
- We work closely with the University to make sure you and others are safe and secure – for example, the University’s wardens, pastoral care team.
- Managing your accommodation deposit and ensuring its timely return to bank details you provide.
- Marketing and communications data includes your preferences in receiving marketing from, and your communication preferences.
Please read this policy carefully, and also take a moment to read the website Terms and Conditions.
We have set out our privacy policy in full below. For those of you who know what you are after, you can click on the following links to take you to the relevant section:
- Aim of this policy
- Who is in charge of the data collected?
- How to contact us or make a complaint
- Changes to this policy
- Third-party links
- What information do we collect about you?
- How is personal data collected by UPP?
- How we use your personal data
- Marketing
- Who do we share your information with?
- Security procedures/access.
- International Data transfers
- How long will your personal data be retained for?
- Automated decision-making including profiling
- Your data protection rights
USE OF COOKIES
1. Aim of this policy
UPP processes personal data in compliance with data protection legislation. This policy relates to how UPP processes personal data relating to individuals which apply for or use our accommodation services at Broadgate Park, access our website, provide information to us via our website, via our social media accounts and communications between us. If you provide information about others, like your family members or guests, then this policy applies to any individuals whose personal data you provide to us.
If you are applying to UPP or any of its group companies for a job, please contact Compliance@upp-ltd.com or call the Team on 020 7398 7200 to discuss our applicant privacy policy.
Our services, and our website, are not intended for children and we do not collect personal data relating to children unless we are providing accommodation to your children.
It is important that you read this policy together with any other privacy notices that we may provide on specific occasions when we collect or process personal data about you. In this way, you can ensure that you fully understand how and why we are using your data.
2. Who is in charge of the data collected?
UPP is responsible for processing your data. and will deal with your enquiries if you communicate with us. Where appropriate, we may ask one of our UPP group companies to deal with your request. Usually, this will be UPP Residential Services Limited, or it may be our parent company, UPP Group Limited who provide services to us.
UPP will treat your personal data (which means data from which you can be identified, including – but not limited to – your name, address, e- mail address, phone number, room number, details of your application and your residence agreement with us, as well as technical information about your visit to our website, and the like) in accordance with data protection legislation here in the UK.
It is important that the personal data we hold is accurate and up to date. Please inform us if any of your personal data changes during your relationship with us.
3. How to contact us or make a complaint
UPP’s address is Turnpike Lane, Beeston, Nottingham NG9 2RX, UK. If you have any questions about this policy, or how we process your personal data, email our UPP Compliance Team at Compliance@upp-ltd.com or call the Team on 020 7398 7200.
If you have a complaint, we ask you to get in touch with us as soon as you can. You can, of course, make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues, at https://ico.org.uk/concerns/. We would however, like the opportunity to deal with your complaint or concern before you approach the ICO so please do contact us in the first instance.
4. Changes to this policy
This policy was last updated on 29 May 2019. You can obtain previous versions by contacting us.
Any changes that we make to this policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.
5. Third-party links
Information that we may post on our website or via our social media accounts, may include links to third-party websites, plug-ins and applications for your convenience and information. If you use these links, you will leave our site or our social media accounts. When you access a website or social media account that is owned by a third party, we do not control the content and are not responsible, or liable, for how they process your personal data. For example, they may send their own cookies to users, collect data or solicit personal data from you. We encourage you to read the privacy policy of every website, app and social media account that you use or visit.
6. What information do we collect about you?
When you contact us through the UPP website, our social media accounts, or communicate with us, or use our accommodation, you will provide us with personal data about you, such as:
- Identity data includes first name, last name and title.
- Contact data includes email address and telephone numbers, your social media profile information (if you use this to get in touch with us) and the content of your communications with us by whatever means.
- Application data includes your application for accommodation, our discussions with you, our decision about your application, as well as other information you, the University, UCAS, or any others provide in support of your application. This may include information about any special requirements you provide to us, such as easy access rooms, or facilities for any health or disability issues you may have.
- Resident data includes your student residence agreement with us, details about your use of our accommodation including your room number, access details (like your key number, or security card, and where and when they are used), your communications with us as a resident, details of your family members and your guests who use the accommodation, details about your deposit, and communications with us from others about you or your use of the accommodation (like maintenance or cleaning, or complaints from other residents), and historic addresses and forwarding addresses and contact details. This will include information about any special requirements you have, whether you or the University provides those to us, or we make an assessment about you, such as your requirements for easy access rooms, or facilities for any health or disability issues you may have, or where we need to make decisions about your safety and safety of others.
- Financial data includes the details you provide to pay for your accommodation or arrange a refund, including bank account and payment card details. This may also include your intended method of payment and reliance upon your student loan to meet your payment arrangements.
- Marketing and communications data includes your preferences in receiving marketing from us, and your communication preferences.
- Technical data includes Internet protocol (IP) address; [your login data;] browser type and version; time zone setting and location; browser plug-in types and versions; operating system, platform and other technology on the devices you use to access our website; information about your visit, including the full Uniform Resource Locator (“URL”); clickstream to, through and from our website or the social media accounts that we operate (including date and time); information that you viewed or searched for; page interaction information (such as scrolling, clicks, mouse-overs and likes); and any phone number used to call our customer service/receptionist office number.
- Usage data includes information about how you use our website, such as time of visit, pages viewed, and time spent on these pages. Aggregated data is collected and reviewed to understand website usage, the data is not used to track individual activity.
7. How is personal data collected by UPP?
We use different methods to collect data from and about you including through:
- Direct interactions with you. You may give us your identity data, contact data, applicant data, resident data, and marketing and communications data by filling in forms or by corresponding with us via our website, by post, by phone, by email, via our social media accounts, face to face or otherwise, or respond to a survey or enter a prize-draw.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources:
- Applicant data – where we receive information from others such as the University, or UCAS about your application for accommodation.
- Resident data – where we receive information from the University about your attendance or any welfare issues we need to be aware, or from police.
- Marketing and communications data. When we use social media sites such as Instagram, Facebook and Twitter to contact you via that platform or share content with you. Those sites may also provide us with information about you, such as where you send us a message, or like or comment on us or our content. We do not buy in mailing lists.
- Technical data. You may provide this to our hosting providers when you interact with our website or our social media accounts. We also receive information from the following parties:
- Analytics providers such as [Google based within the EU].
- Search information providers based inside the EU.
- Identity and contact data from the police and HM Revenue & Customs (“HMRC”).
- Identity data from publicly availably sources such as Companies House and the electoral register in your jurisdiction.
Where possible, we will notify you when we receive information about you from third parties and will inform you about the purposes for which we intend to use that information.
8. How we use your personal data
We use the personal data that we hold about you in certain ways. Mostly, we use your personal data for:
- Managing and making decisions on your application for accommodation at Broadgate Park.
- Allocating rooms to successful applicants and entering into a student resident agreement with you.
- Providing accommodation services, such as handing out keys, running a reception service, cleaning and maintaining your room, handling your post, and managing security on site.
- To deal with your enquiries, claims and complaints.
- Operating the CCTV at Broadgate Park.
- We also work with student bodies [such as the JCR] to arrange and run events and activities for our residents.
- We work closely with the University to make sure you and others are safe and secure – for example, the University’s wardens, pastoral care team.
- To manage surveys and any prize draws.
- To comply with our legal or regulatory obligations.
- To ensure that content from our Site and the social media accounts that we operate is presented in the most effective manner for you and for your computer.
- To manage our business, including to notify you of changes to our services and to our site.
- Managing your accommodation deposit and ensuring its timely return to bank details you provide.
- Marketing and communications data includes your preferences in receiving marketing from, and your communication preferences.
Purposes and legal bases for processing your personal data
Data protection law requires that UPP needs to have a lawful basis to process personal data.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in very limited circumstances, for example, in relation to sending direct marketing communications to you via email or text message or where we process special categories of personal data about you.
You have the right to withdraw your consent to receive marketing at any time by contacting us at [brodgatepark@upp-ltd.com].
The table below describes in more detail the purposes for which we use your personal data. It also identifies the relevant type of data, and the legal bases we rely on for that purpose.
If we have identified multiple legal bases for a particular purpose, please contact us if you would like further information.
Purpose/activity |
Type of data |
Legal basis for processing including basis of legitimate interest |
Managing and making decisions about your application for accommodation at Broadgate Park. |
Identity Contact Applicant |
To take steps necessary to perform a contract with you, or to take steps at your request prior to entering into a contract with you. Our legitimate interests:
Your consent:
|
Allocating rooms to successful applicants and entering into a [student resident agreement] with you and providing accommodation services, such as handing out keys, running a reception service, cleaning and maintaining your room, handling your post, and managing security on site. |
Identity Contact Applicant Resident |
To take steps necessary to perform a contract with you, or to take steps at your request prior to entering into a contract with you. Our legitimate interests:
Your consent: To use information about your health or disabilities as necessary to decide what accommodation would be suitable for you, and what adaptations you may require (we will always contact you to discuss your requirements), and to and ensure health and safety of yourself and others on site. |
To comply with your enquiries and to handle complaints or claims. |
Identity Contact Applicant Resident CCTV |
To take steps necessary to perform a contract with you, or to take steps at your request prior to entering into a contract with you. Our legitimate interests:
|
monitoring CCTV and managing security on site at Broadgate Park |
CCTV |
To take steps necessary to perform a contract with you to provide a secure environment for you to live in. Our legitimate interests:
|
To deal with emergencies, such as illness or serious injuries of you or others. |
Identity Contact |
The vital interests of you, or others on site Our legitimate interests:
|
To work with [student bodies [such as the JCR] to arrange and run events and activities for our residents] |
Identity Contact |
To take steps necessary to perform a contract with you. Our legitimate interests, and those of the student bodies:
|
To work with the University to make sure you and others are safe and secure – for example, the University’s wardens, pastoral care team. |
Identity Contact Applicant Resident CCTV |
To take steps necessary to perform a contract with you to provide a secure environment for you to live in. Our legitimate interests:
|
To manage surveys and any prize draws |
Identity Contact |
Your consent |
To ensure that content from our website and the social media accounts that we operate is presented in the most effective manner for you and for your computer. |
|
Necessary for our legitimate interests:
|
To send you our marketing material about our services or about issues that we think may interest you (by email, text message, social media, post or phone), and to measure the effectiveness of our marketing material. |
Contact Marketing and communications |
Consent (where this is necessary). Necessary for our legitimate interests:
|
To manage our business, including our relationship with you, which will include:
|
Contact Marketing and communications Applicant Resident |
Performance of a contract with you. Necessary to comply with a legal obligation under the Data Protection Act 2018 that requires us to provide you with fair processing information, and to keep our records of personal data up to date and accurate. Necessary for our legitimate interests:
|
To administer and protect our business and our website. |
Identity Contact Technical Usage |
Necessary for our legitimate interests:
|
To use data analytics and to conduct statistical analysis and research. |
Technical Usage Marketing and communications Contact |
Necessary for our legitimate interests:
|
To sell our business, or part of it. |
Applicant Resident |
Necessary for our legitimate interests to manage our business effectively |
To Manage the financial obligations referred to in the Student Residence Agreement
|
Applicant Resident Financial |
Necessary for the performance of contract that we have with you, so that we can administer the financial obligations in the Student Residence Agreement. |
There are also legal obligations around processing special categories of personal data (such as data relating to your health). We process this data on the following basis:-
- To establish, exercise or defend legal claims. For example, you may have a complaint against UPP regarding the provision of our services relating to your health or illness which is not resolved to your satisfaction and would like to initiate legal proceedings against UPP.
- To protect your vital interests. For example, where you have fallen ill on the university premises and are incapable of giving your consent.
- Where you have given us your explicit consent to process the data.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like to understand more about any of our purposes, please contact us.
If you fail to provide personal data
Where we need to collect personal data by law, or under a contract we have with you, or we are processing your personal data to fulfil a request you have made, and you fail to provide that data when requested, you may be in breach of the law, and/or we may not be able to perform the contract or comply with your request. We will use reasonable efforts to notify you if this is the case.
9. Marketing
We hope that you enjoy and value our updates, and our marketing material generally. We respect your right to choose what marketing messages you receive. You can opt out of any marketing material that we send you at any time by clicking the unsubscribe link in our emails, or by contacting us.
We may ask you to confirm or update your marketing preferences over time, such as when you instruct us to provide further services in the future, or if there are changes in the law or the regulation or structure of our business.
10. Who do we share your information with?
All of our contractors, suppliers and staff (including volunteers, agents, temporary workers and casual workers) are subject to strict contractual requirements and are aware of their data protection obligations when processing personal data on our behalf.
Where we are required to disclose your personal data to another organisation that acts as a controller (for example, the University, law enforcement agencies; regulators; HMRC; or as part of court proceedings), we will only do so if required by law, or where appropriate, you have approved that disclosure.
We only disclose information to a third party where permitted by law, where they are acting as our data processors under a contract, or where it is necessary to achieve a legitimate purpose. We will never share your personal data with any party for their own marketing purposes without your prior consent.
We may disclose your personal data to the following:
- Internal third parties such as our subsidiary companies. This includes UPP Residential Services Limited (which is our main accommodation provider subsidiary), UPP Group Limited which provides central group services such as our IT and management services, as well as any of our subsidiaries and parent companies which support our services or have a need to know in order to respond to your enquiries or to meet our commitments to you.
- External third parties in connection with our services – this includes:
-
- The University of Nottingham where we need to verify your attendance at the University, and where they need information to support your attendance at the University, or to help support the health and safety and security of you and others while attending the University or using its facilities.
- Our suppliers, sub-contractors and providers of goods or services for the performance of any contract that we enter into with them to support our business. For example, our sub-contractors in technical, payment and delivery services, marketing and advertising service providers, analytics providers, and search and social media information and optimisation providers.
- Where legally compelled to do so, a court or tribunal, a regulatory authority, and law enforcement agencies.
- Other professional advisers acting on your behalf.
- Our professional advisers and our bank.
- Our insurers if we need to discuss your organisation’s request for services.
- Companies in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets only for that purpose and subject to appropriate confidentiality agreements.
- Companies who acquire UPP assets in whole or in part, the personal data held by it about its customers will be one of the transferred assets.
- To enforce or apply our website’s Terms of Use or our standard terms and conditions of business or other agreements, or to protect the rights, property or safety of UPP, our residents, other students, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- To anyone where we have you prior consent.
11. Security procedures/access.
The only people who can use your personal data are authorised UPP staff, in particular our ICT department, or our suppliers which are contractually committed to maintain the confidentiality of your personal data and to treat it in accordance with data protection law in the UK.
UPP has a strong commitment to data security. UPP uses all reasonable endeavours to protect personal information from loss, misuse or alteration and we have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. UPP takes appropriate steps to communicate and train its staff in relation to applicable data protection law.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website or via the social media accounts that we operate; therefore, any transmission is at your own risk.
If you would like to know more about our data security measures please contact us.
12. International Data transfers
Wherever possible, we will not transfer your data outside the European Economic Area (EEA). However, there are circumstances where this will be unavoidable. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
How long will your personal data be retained for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
We retain your personal data in accordance with our retention policy. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
14. Automated decision-making including profiling
UPP does not use your personal data to make any automated decisions or conduct any profiling about you.
15. Your data protection rights
You have the following rights under data protection law:
- The right of access: You have the right to request access to your personal data (known as a “data subject access request”). You can ask to receive a copy of the personal data we hold about you. It helps you understand how and why we are using your data, and to check that we are lawfully processing it.
- The right to rectification: You have the right to request to correct any of your personal data which you think is inaccurate or incomplete.
- The right to erasure: You have the right to request your personal data to be deleted (also known as ‘the right to be forgotten’).
- The right to restrict processing : You have the right to ask us to suspend processing of your personal data if: (a) you are concerned about the accuracy of the personal data; (b) where processing of your personal data is unlawful but you do not want it to be erased but restricted instead; (c) you need it to establish, exercise or defend legal claims even though we no longer need it; or (d) you have objected to the use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
- The right to object: You have the right to object to the processing of your personal data in certain circumstances such as where we are processing your personal data for direct marketing purposes, including any profiling related to that direct marketing.
- The right to data portability: You have the right to request the transfer of your personal data to a third party where your information is processed by automated means, and we process your personal data on the basis of consent or a contract with you, you can ask to be provided with your personal data, or that a third party you have chosen is provided with, your personal data in a structured, commonly used, machine-readable format.
- The right to be informed: This information right requires data controllers to inform you about how your personal data is processed to guarantee fair and transparent processing. We do this mainly by providing you with privacy notices and policies such as this.
Please note that some of the rights above are not absolute and only applies in certain circumstances. If we are unable to fulfil your request which you have exercised (whether in whole or in part), then we will explain our reasons to you. If you wish to exercise any of the rights set out above, please contact us.
No fee is usually required – You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive to meet the administrative costs of complying with the request, or if you are requesting further copies of your data following your subject access request.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all requests promptly but usually within one month of receipt. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. If this is the case, we will notify you and keep you updated.
Use of Cookies
Cookies and how they Benefit You
Our site uses cookies, as almost all websites do, to help provide you with the best experience we can. Cookies are small text files that are placed on your computer or mobile phone when you browse websites
Our cookies help us:
- Make our site work as you’d expect
- Remember your settings during and between visits
- Improve the speed/security of the site
- Allow you to share pages with social networks like Facebook
- Continuously improve our website for you
- Make our marketing more efficient (ultimately helping us to offer the service we do at the price we do)
We do not use cookies to:
- Collect any personally identifiable information (without your express permission)
- Collect any sensitive information (without your express permission)
- Pass data to advertising networks
- Pass personally identifiable data to third parties
- Pay sales commissions
You can learn more about all the cookies we use below
Granting us permission to use cookies
If the settings on your software that you are using to view this website (your browser) are adjusted to accept cookies we take this, and your continued use of our website, to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.
More about our Cookies
We use cookies to make our site work including:
- Remembering if you have accepted our terms of use
- Showing you which pages you have recently visited
There is no way to prevent these cookies being set other than to not use our site.
Social Website Cookies
So you can easily like or share our content on the likes of Facebook and Twitter we have included sharing buttons on our site.
Cookies are set by: The privacy implications on this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.
Visitor Statistics Cookies
We use cookies to compile visitor statistics such as how many people have visited our website, what type of technology they are using (e.g. Mac or Windows which helps to identify when our site isn’t working as it should for particular technologies), how long they spend on the site, what page they look at etc. This helps us to continuously improve our website. These so called analytics programs also tell us if how people reached this site (e.g. from a search engine) and whether they have been here before helping us to put more money into developing our services for you instead of marketing spend.
Turning Cookies Off
You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing so however will likely limit the functionality of our’s and a large proportion of the world’s websites as cookies are a standard part of most modern websites
It may be that you have concerns around cookies relate to so called “spyware”. Rather than switching off cookies in your browser you may find that anti-spyware software achieves the same objective by automatically deleting cookies considered to be invasive.