Pioneer Group has responsibility under data protection law to provide individuals with information about how we process their personal data. In this policy we will provide you with information that is common to all our processing activities, as well as explaining what rights you have to control how we use your information and how to inform us about your wishes. There may be additional documents that apply to how we process your information, and it is important that you read this privacy statement together with any other documents we may provide on specific occasions so that you are aware of how and why we are using that information and what your rights are under the data protection legislation.
In many instances when Pioneer Group collects personal data, we are the Data Controller. As Data Controller, we are responsible for ensuring our systems, processes, suppliers and people comply with data protection laws in relation to the information we handle.
When we need to let you know about additional privacy information not contained in this statement, such as when we are processing data on behalf of a Data Controller, we will let you know at the point that we collect the relevant personal data from you or within a reasonable period of obtaining your personal data.
When we process your personal data, we will comply with (and will ensure that our employees comply with) all applicable data protection and privacy laws.
If you are unsatisfied with the way in which we process your personal data, we ask that you let us know so that we can try to put things right. If we are not able to resolve issues to your satisfaction, you can refer the matter to the data protection authority responsible for upholding the personal data rights of individuals where you live, work or where the matter occurred. To contact the Regulator:
• in the UK: Information Commissioner’s Office, which can be contacted by calling 0303 123 1113 or going online to www.ico.org.uk/concerns
• in Ireland: Data Protection Commission, which can be contacted by calling 017650100 / 1800437 737 or going online to www.dataprotection.ie
We may collect, use, store and transfer different kinds of personal data about you and we have grouped these together into the following broad categories of data:
• Contact Data (like name, address, email address, telephone number)
• Profile Data
• Marketing & Communications Data
• Financial Data
• Technical Data
We might not collect all of these categories from you, and you should refer to the specific privacy notice for our relationship with you for more details. Copies of these notices can be accessed through the links below:
Recruitment, Employment and Engagement Privacy Notice – available [here]
Tenants, Suppliers and Investors Privacy Notice – available [here]
Most of the personal data that we process is given to us directly by you for one of the following reasons:
• You have visited our website or our internal intranet site
• You wish to attend, or have attended a webinar or similar event
• You have subscribed to our marketing information
• You have registered with us for services
• You have applied for a job with us
We also receive information indirectly when we monitor publicly available information.
Under applicable data protection laws (including the European General Data Protection Regulations (EU GDPR) and the UK GDPR and Data Protection Act 2018) that apply in the regions in which we operate, we are only allowed to use your personal data if we have a proper reason to do so.
Data protection law sets out a number of different reasons we may collect and process your personal data. The lawful basis will depend on the specific activity for which we are collecting your personal data, but will usually be one of the following:
- You have given us permission to do so: In specific situations, we can collect and process your data with your consent – e.g. when you sign up to receive email or postal communication from us. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with particular activities.
- We need to perform a contract: In some instances, we need to process your personal data to comply with our contractual obligations. For example, if you ask to attend an event and let us know about special dietary requirements, we need your contact details to update you about the event arrangements and to let you know of any changes, and we may also need to pass some of your personal data on to our caterer.
- We need to comply with a legal obligation: We may be legally bound to collect and process your data. For example, if someone is involved in any criminal activity or fraud affecting us, we need to pass details, which could include personal data, to law enforcement.
- It is in our legitimate interest: We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your event attendance history to offer more personalised event offers. We can only use this lawful basis if our legitimate interests do not override your individual interests, rights and freedoms.
You have rights over your personal data. Under data protection law:
- we have to inform you about the collection and use of your personal data, including our purposes for processing your personal data, how long we will keep your data and who we will share your data with (known as the right to be informed);
- you can ask whether we are processing your personal data and if so, ask for a copy of your information (known as the right of access);
- you can ask for information to be corrected (known as the right to rectification);
- you can ask for information to be erased or deleted (known as the right of erasure);
- you can ask for us to limit or restrict processing (known as the right to restrict processing);
- you can ask us to send you a copy in a structured digital format or ask for us to send it to another party (known as the right to data portability);
- you can object to us processing your data, in particular where we use the data for direct marketing, including profiling for direct marketing purposes. The right to object does not apply if we must process the data to meet a contractual or legal requirement (known as the right to object);
- you have the right not to be subject to a potentially damaging decision being taken without human intervention (known as rights related to automated decision making and profiling).
Some rights, however, may be limited. We may be obliged by law or regulation to keep information. We must respect other people’s privacy as well, which means we may need to redact or remove information where it includes personal data about someone else, even if it is connected to your data. On occasion there may be a compelling legitimate interest to keep processing data.
If you want a copy of your data, to object to how we use your data, or ask us to delete it or restrict how we use it or, please see ‘Getting in touch’ below.
You also have a right to complain to the data protection authority. This can be where you live, work or where the matter occurred. For more details, please refer to the Regulator’s details above.
We only keep your data for as long as is necessary for the purpose it was collected. After that period, your data is deleted or anonymised. We may also aggregate your personal data with other data to use for business planning and analysis. If you want to understand more about how long we retain your personal data, please refer to the relevant privacy notice.
At times we need to share your personal data with trusted third parties e.g. delivery couriers, IT companies, credit card processing services and so on. We only provide what they need and they cannot use your data for anything other than the purposes that they have your data for.
In addition, we may share your personal data with competent authorities processing personal data for legitimate law enforcement purposes.
We will never sell or trade your contact details with any third parties without you giving us your express consent to do so e.g. if you ask to attend an event which is being run explicitly as a joint event with a third-party.
There are some instances where we may have to share your information based on our legal obligations, for instance:
- Legal, compliance, regulatory and investigative purposes, including for government agencies and law enforcement.
- When you exercise your rights under data protection legislation, including when you ask to subscribe or unsubscribe from our marketing communications.
Where practical, your personal data will be stored within the UK and the EU. This includes data stored in physical format at our sites and in digital format in our own and our service providers systems.
Sometimes we may need to send or store your data outside of the UK and the EU. For example, to follow your instructions, to comply with a legal duty or to work with or receive services from our service providers who we use to support the operation of our business. If we do transfer information outside of the UK and the EU, we will make sure that it is protected as required under the applicable data protection laws, usually through the use of one of the following safeguards:
- Transfer it to a country with privacy laws that give the same protection as the applicable GDPR. The UK Government and the EU have the power to determine whether a country has an adequate level of data protection – known as an “adequacy decision”.
- Put in place a contract with the recipient that means they must protect it to the same standards as the UK/EU or use other mechanisms and measures to achieve adequate protection. We also may use the Standard Contractual Clauses published by the UK Government or the EU for this purpose.
- Use binding corporate rules. These are internal rules adopted by group companies to allow international transfers of personal data to entities within the same corporate group located in countries which do not provide an adequate level of protection.
Our website, apps and marketing emails use cookies and similar technology. Full information is in our Cookie Policy.
We Are Pioneer Group Limited (trading as Pioneer Group) is made up of subsidiary companies and other associated companies. This privacy statement is issued on behalf of the Group so when we mention “Pioneer Group”, “we”, “us” or “our” in this privacy statement, we are referring to the companies that make up the Group. Your personal data may be shared within the Group where it is required for our legitimate business purpose, but always in line with data protection principles. If you would like details of the Pioneer Group and subsidiaries and associated companies where your personal data is shared, please contact us using the details below.
We are Pioneer Group Limited is the controller and is responsible for this website.
We Are Pioneer Group Limited (trading as Pioneer Group) incorporated in England and Wales, with company number 13147337 and having a registered office at New Derwent House, 69 – 73 Theobalds Road, London, WC1X 8TA.
The Group is registered with the Information Commissioners Office in the UK, with registration ZB325340.
Our Chief Financial Officer is responsible for overseeing and monitoring our compliance with data protection laws and this policy.
If you want to make a request in line with your rights, you have any concerns regarding the way in which we are processing your personal data, or you just have a question relating to our processing of your personal data, the quickest way to contact us is by email to legal@thepioneergroup.com.