Customer Privacy Notice – Merry Hill Group
We are committed to safeguarding your privacy, please read this Privacy Notice (Privacy Notice) to understand how Personal Data we hold about you will be treated on our website (www.mymerryhill.co.uk) (Website), when you visit us in person and when you otherwise interact with us. If you would like this Privacy Notice in another format (for example: audio, large print, braille) please email email@example.com or write to us at Management Suite, Merry Hill, Shopping Centre, Brierley Hill, Dudley. DY5 1QX
We regularly review this Privacy Notice and will update it where necessary. This Privacy Notice was last updated on 25th November 2021.
This Privacy Notice is divided into the following sections:
- Who we are.
- How to contact us.
- Personal Data we collect about you and our collection methods.
- How we use your Personal Data.
- How we will retain your Personal Data.
- International transfers.
- Purposes for which we use your Personal Data – summary.
- How we keep your Personal Data safe.
- How we disclose your Personal Data.
- Your own sharing of your Personal Data.
- Automated decision making.
- Direct marketing – how to opt out.
- What are cookies and how are they used?
- Third parties and the privacy of your Personal Data
- Our access to your Personal Data through social media platforms.
- Your legal right with respect to your Personal Data.
- Who we are
This is the privacy notice for the Merry Hill group of companies which compromises of Merry Hill (No. 1) General Partner Limited, Merry Hill (No. 2) General Partner Limited, Merry Hill (No. 4) General Partner Limited, Merry Hill (No. 6) General Partner Limited (referred to in these terms as Merry Hill).
Merry Hill is registered with the UK Information Commissioner’s Office with registration number(s):
- MH (No 1 Limited Partnership ZB223666.
- MH (No 2) Limited Partnership ZB223694.
- MH (No 4) Limited Partnership ZB223717.
- MH (No 6) Limited Partnership ZB223746.
We collect, use and are responsible for certain Personal Data about you. When we do so we are regulated under data protection legislation, and we are responsible as a ‘controller’ of that Personal Data for the purposes of data protection law.
- How to contact us
If you have any questions in relation to this privacy notice or how we use your Personal Data, please email us email firstname.lastname@example.org or write to us at Management Suite, Merry Hill, Shopping Centre, Brierley Hill, Dudley. DY5 1QX
- Personal Data we collect about you and our collection methods
Personal Data is information about you from which we can identify you, either on its own, or by piecing it together with other information, (Personal Data). Personal Data does not include aggregated data where you cannot be identified (e.g. statistics about usage in general or in categories).
We may, from time to time, collect your Personal Data in ways other than those set out in this privacy notice, where we do so we will provide you with relevant privacy notices at the appropriate time. This privacy notice supplements the other notices and is not intended to override them.
The types of Personal Data we collect about you are:
Contact Personal Data
- Personal Data provided when you interact with us directly including when registering on our Website with us, using our in-centre services (shopmobility, and pushchair hire), participating in promotions and competitions, or completing customer surveys – this may include your title, name, postal address, email address, telephone number(s), account details, username, login and information about your use of Merry Hill.
- Personal data provided so we can contact you regarding complaints and feedback.
Preferences and Profile Personal Data
- Personal Data about your marketing preferences, including brands and content you like, dislike, click on or share with others.
- Personal Data provided when you interact with us directly (e.g. telephoning, writing or emailing us, buying gift cards or services from us, participating in promotions and competitions).
- Demographic Personal Data.
- Personal Data collected when you interact with us or otherwise make accessible via third parties, including:
- through brand partners and social media platforms (see section 11 below). and
- through third party surveys and market research you participate in.
- Other Personal Data which you give us when dealing with us or interacting with us in any way including via third parties.
Financial Personal Data
- Your credit and/or debit card number, CVS number and expiry date may be collected if you make a purchase from us.
Health Personal Data
- Personal Data gained about you if you are involved in an accident or if first aid assistance is required on any property managed by Merry Hill.
Image Personal Data
- CCTV footage, including Body-worn Video (BWV), featuring your image. Please note that BWV include audio.
- Vehicle registration number and details (via Automatic Number Plate Recognition systems where it is in operation at Merry Hill’s car parks).
Technical and usage Personal Data
- Technical Personal Data from analytics providers.
- Details you provide when using our Wi-Fi.
Personal Data which you provided to us on application for a job either directly to us or a via third party recruiter. Please note that as part of the application process, we will provide you with a separate privacy notice for the recruitment and selection process.
- How we use your Personal Data
We may use your Personal Data to:
- Provide you with information, products, services or experiences that you request from us.
- Process payments for purchases.
- Provide reservation or booking services.
- Provide and personalise our products and services to you, including making predictions about your interests or preferences and to display targeted content, features, deals and offers that match your profile or that we believe will be of interest to you.
- Keep track of your activity patterns and preferences in order to improve the level of service you receive and to increase the functionality of our Website, including monitoring and analysing usage and trends, determining the effectiveness of our content and personalising and improving our Website.
- Inform you of products, services, experiences or promotions which we feel may be of interest to you where you have indicated that you wish to be contacted for such purposes by email, SMS, post, telephone, through our Website or social media platforms, or by other means of electronic communication (and where you have indicated that you are happy to be contacted by specific third parties, you may be contacted about products, services, experiences or promotions by those third parties).
- Ensure that content from our Website is presented in the most effective manner for you and for your computer/tablet/mobile.
- Send you push notifications.
- Interact with you on social media platforms.
- Allow you to participate in any interactive features of our products, services and experiences, when you choose to do so.
- Manage and administer any of our promotions/competitions which you enter.
- Request feedback from you.
- Respond to your emails, submissions, questions, comments, requests or complaints and provide customer service.
- Send you surveys, updates, security alerts and support and administrative messages and to facilitate your use of, and our administration and operation of, our Website, including to notify you about important changes.
- To deter and to detect fraud and combat criminal and antisocial behaviour.
- To comply with our legal obligations such as health and safety and to ensure the safety of Merry Hill’s visitors.
- How we retain your Personal Data
We will only retain your Personal Data for as long as is necessary to fulfil the purposes for which it was collected (including for the period of any contract/agreement we have with you, and for a period of time after in the event of any potential issue), unless we are required by law to retain your Personal Data for a longer period (e.g. where you make a rights request, and we maintain records to demonstrate how e comply with such requests).
- International transfers
In some cases, we may need to transfer Personal Data outside the European Economic Area (EEA) and/or United Kingdom (UK). Where this is the case, we will only share the minimal amount of Personal Data necessary for the purpose of processing and, where possible, we will share the Personal Data in an anonymised form.
Whenever we transfer your Personal Data out of the EEA and/or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we may transfer your Personal Data to countries for whom there has been an adequacy decision by the European Commission and/or an adequacy regulation granted by the UK Secretary of State (as applicable) confirming that that country provides an adequate level of protection for Personal Data. or
- we may use specific contracts approved by the European Commission and/or UK Data Protection laws (as applicable) which give Personal Data the same protection it has within the EEA and/or UK. When we rely on this measure, we will ensure that the third-party can comply with the provisions of such contracts and we have confirmed that the country to which the Personal Data is transferred provides enforceable datasubject rights and effective legal remedies for data subjects are available there. or
- a specific exception applies under applicable data protection law.
Please contact us at email@example.com if you would like further information about the specific mechanism used by us when transferring your Personal Data.
We may transfer your Personal Data outside of the UK:
- In order to store it;
- In order to enable us to provide goods or services to you and fulfil our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services;
- Where we are legally required to do so; or
- In order to facilitate the operation of our business, where it is in our legitimate interests, and we have concluded these are not overridden by your rights.
- A summary purposes for which we use your Personal Data
We have set out below, in a table format, a broad summary of the ways we use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your Personal Data on more than one lawful ground if we are processing the same Personal Data for more than one specific purpose.
|Purpose for processing||Type of Personal Data||Legal basis for processing|
|Notifying you about changes to our terms or privacy notice. *||Contact||Performance of a contract.|
Necessary to comply with a legal obligation.
|Asking you to leave a review or take a survey||Contact Preferences and Profile||Necessary for our legitimate interests to keep our records updated and to study how customers use our products/services.|
|Responding to your requests. *||Contact Preferences and Profile||Necessary for our legitimate interests to keep our records updated and to study how customers use our products/services.|
|To administer and protect our business (including protecting Merry Hill, visitors and staff) and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), this may include Personal Data collected from on-site visits to Merry Hill.||Contact Preferences and Profile Technical and Usage Image||Necessary for our legitimate interests, for running our business, provision of administration and IT services, network security, to prevent crime and fraud in Merry Hill, and on our Website and in the context of a business reorganisation or group restructuring exercise, and in the event that we need to commence and manage any legal proceedings.|
|To comply with current legislation e.g. health and safety legislation. *||Contact Health Personal Data Financial||Necessary to comply with a legal obligation.|
|To use data analytics to improve our Websites, products/services, marketing, customer relationships and experiences.||Technical and Usage||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy).|
To send marketing communications, including suggestions and recommendations to you about services that may be of interest to you, and to provide you with updates about us and Merry Hill (which may be personalised).
|Contact Preferences and Profile Technical and Usage||Necessary for our legitimate interests (to develop our products/services and grow our business).|
|To send you marketing communications which you have signed up directly to.||Contact Preferences and Profile Technical and Usage||Your consent (see also Direct marketing – how to opt out).|
|To manage and administer any of our promotions and competitions which you enter or participate in.||Contact Preferences and Profile||Necessary for our legitimate interests (to develop our products/services and grow our business) e.g. in order to establish what products you are interested in so we can target marketing and promotional material which we feel may be most relevant to you.|
|To comply with any contractual obligation which we are bound to comply with when you have participated in our promotions and competitions. *||Contact Preferences and Profile||Performance of a contract.|
|To provide a service to you (including services provided through our apps).||Contact Preferences & Profile Technical and Usage Financial||Performance of a contract.|
In certain circumstances you may be obliged to provide us with personal data and if you fail to provide the personal data, when requested, we may not be able to provide a service or assist with your enquiry. Where this is the case, we have identified these instances in the table above with an “*.”
- How we keep your Personal Data safe
We have a number of measures to keep your Personal Data safe and secure:
- Your Personal Data is held on a secure database.
- We have policies, rules and technical measures in place to protect the Personal Data that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
- We limit access to your Personal Data to those who have a genuine business need to know it. All of our employees and data processors that have access to, and are associated with, the processing of your Personal Data is obliged to respect the confidentiality of your Personal Data.
- All third parties supporting our Websites as external data processors are engaged under appropriate contractual and confidentiality protections.
- How we disclose your Personal Data
We ensure that your Personal Data will not automatically be disclosed by us to government institutions or authorities. However, if required by law, or when we receive a request from regulatory bodies or law enforcement organisations, we may disclose Personal Data we hold about you.
We may disclose your Personal Data to the following third parties to the extent necessary to fulfil the purpose for which your Personal Data was collected:
- Our staff.
- The Merry Hill Group companies and their staff.
- Suppliers and service providers who may access your Personal Data when providing products or services to us, in particular providers of platform, data storage, marketing and data security services.
- Purchasers or potential purchasers of our business or any part of it.
- Government bodies and law enforcement agencies and in response to legal or regulatory requests. and
- Auditors or other advisers auditing, assisting with or advising on any aspect of our business, including our external legal advisors.
We may also share Personal Data with third parties in an aggregated or anonymised form that does not directly identify you, e.g. we may share aggregated information about your interests and geographic preferences and/or location (if given) with advertisers and third-party Websites for marketing purposes.
Before we share Personal Data with any third parties, we will carry out due diligence on their processes and procedures to ensure they will keep any Personal Data we share with them adequately secure. We will require all third parties to respect the security of your Personal Data and to treat it in accordance with the law and subject to appropriate contractual terms. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
- Your own sharing of your Personal Data
When you post in any profile, comments, forums and other interactive features on our Website, or share Personal Data with individuals through our Website or social media platforms, this Personal Data will be available to other users and in some cases may be publicly available outside of our Website (e.g. on social media platforms).
Our access to your Personal Data through social media platforms
If you interact with us on social media platforms, (for example, if you ‘Like’ our Facebook Page or post on our Facebook timeline, or if you follow us or mention us in a tweet on Twitter) we can interact with you and send you information via these platforms.
The Personal Data we have access to through social media platforms will depend on your personal settings on these platforms. We will have access to all public information on these platforms. We may also be able to access Personal Data that others share about you (because they control how that is shared, not you).
We may collect any Personal Data that is accessible to us or that you provide through social media platforms, including but not limited to your Facebook and/or Twitter profile picture, gender, and usernames. We will interact with you through social media platforms in accordance with each platform’s rules, but we are not responsible for how the platform owners collect and handle your data. We are not responsible for what third parties post on our social media accounts.
- Automated decision-making
Automated decision-making takes place when an electronic system uses Personal Data to decide without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not carry out automated decision making in the course of providing some of our services.
- Direct marketing – how to opt out
If you have signed up to received offers and the latest news about Merry Hill, you can opt-out of receiving marketing communications from us at any time. You can do this by clicking on the unsubscribe link on any communications from us, or by emailing firstname.lastname@example.org.
We take your online privacy very seriously, so if you need any assistance in unsubscribing to future communications, please contact us email@example.com. We will promptly take action to ensure that you are “opted-out” from receiving any further mailing or other information. Although we will remove your name from our e-mail list as quickly as possible, there may be a period of time after you unsubscribe during which you may still receive e-mails from us. Additionally, in order to ensure you do not continue to receive correspondence from us, we may retain your Personal Data on a suspension list.
- What are cookies and how are they used?
Cookies are small files of letters and numbers stored on your browser or device These cookies are used to ensure that you are sent the correct content when your computer requests it. Some cookies are essential to enable you to move around our Website and use its features and/or services. If you choose to buy or book an event with us, we will use a cookie to remember your choice as you move through our website.
In addition, our Website contains cookies from third parties, such as Google Analytics & Facebook. These cookies are used to collect information about how visitors use our Website. We use the information to compile reports and to help us improve the Website. The cookies collect information in an anonymous form, including the number of visitors to the Website and where visitors have come to the Website from, and the pages they have visited.
When you first visit our website you will be provided with information about the cookies we use and to manage your cookie preferences.
- Third parties and the privacy of your Personal Data
You may be able to access third party websites and apps from our Website. We are not responsible for the privacy policies and practices of other websites and apps. We recommend that you check the privacy notice of each website and app and contact the operator of the website or publisher of the app if you have concerns or questions.
- Your legal rights with respect to your Personal Data
Under certain circumstances, you have rights under data protection laws in relation to your Personal Data, as listed below, to:
- be informed about how we use your Personal Data.
- request access to your Personal Data.
- request correction of your Personal Data.
- request erasure of your Personal Data.
- object to processing of your Personal Data.
- request restriction of processing your Personal Data.
- request transfer of your Personal Data. and
- withdraw consent to processing of your Personal Data.
If you wish to exercise any of the rights set out above, please contact us at
Fees and refusal to comply with requests
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive we may charge a reasonable fee and/or refuse to comply with your request.
Time limit to respond
We will respond to all legitimate requests within one month. If your request is particularly complex or you have made a number of requests and it is likely to take us longer than a month to respond, we will notify you of that, within the one-month period, and keep you updated as to progress.
Your right to make a complaint
In addition to your legal rights set out above, you also have the right to make a complaint at any time to our data protection regulator, the ICO (www.ico.org.uk).
We are committed to protecting your Personal Data and would appreciate the opportunity to address any concerns or complaints you may have before you approach the ICO so that we can remedy them. Any concerns or complaints should be sent by email to firstname.lastname@example.org.