Privacy Policy

This privacy policy sets out how AERIA APARTMENTS uses and protects your personal data.

  1. Important Information and who we are

This privacy policy is issued on behalf of Q Apartments (UK) Ltd trading as Aeria Apartments, 153 Wandsworth Road, London SW8 2GB.

Q Apartments (UK) Ltd is the “controller” of your personal data and responsible for making decisions about how it is used.  When we say “Aeria Apartments”, "we", "us" or "our" in this privacy policy, we are referring to Q Apartments (UK) Ltd.

This privacy policy gives you information about how we collect and use your personal data through your use of www.aeriaapartments.com or our services, including any data you may provide when you submit and enquiry to us, use our services as a customer, join our loyalty programme or engage with us as a supplier or job applicant.

We keep our privacy policy under regular review and make changes from time to time. You should therefore check this policy regularly to keep up to date.  This version was last updated on 29/10/2024.

Our website is not intended for children and we do not knowingly collect data relating to children.  Therefore our website should not be used by anyone under the age of 18.

  1. The types of personal data we collect about you

Personal data means any information about an individual from which that person can be identified.

We may collect, use, store and transfer different kinds of personal data about you.  What information we collect will depend on which of our services you use. The information we may collect is as follows:

For our customers:

  • Identity Data includes first name, last name, any previous names, username or similar identifier, marital status, title, date of birth, gender, passport number and driving licence details.
  • Household Data includes information about people with whom you may share your property rental that we collect as part of providing our services. This may include information about co-habitation and who has access to your property rental through access keys and cards.  We may sometimes collect information about separation, divorce and co-habitation where this is relevant to a change in occupation.
  • Contact Data includes home address, work address, billing address, email address, telephone numbers (landline and/or mobile) and fax numbers.
  • Financial Data includes bank account and payment card details, salary information, information about housing support, social security number and national insurance number.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us and information connected to the arrangement of leases.
  • Lifestyle Data includes information about your room preferences, leisure activities, your feedback and other factors relevant to our delivery of services to you. If you have preferences or requirements related to your mental or physical health, this may include health data.  For longer term lets it may include information about livestock holdings.
  • Consumption Data connected to the use of our services such as energy and water bills, TV package and internet subscription when you are occupying a property we manage.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

In some cases you will be given the option not to provide your personal data, for example in relation to marketing communications.  However, there is some data that we must collect and use in order for us to delivery our services.  For example, a name must be provided in order to make a reservation.  If you do not provide this information then we will not be able to provide you with our services.

For website users (including customers that use our website):

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
  • Usage Data includes information about how you interact with and use our website, products and services.

For job applicants we will collect information that is relevant to the role that you are applying for including Identity Data, Contact Data and information about your experience, qualifications and right to work.

For supplier staff we will collect the information that you or your organisation provide to us, as part of supplying us with services.  This will relate to your job role.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal an individual’s identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing parts of our website to help improve the website and our service offering.

  1. How is personal data collected?

We use different methods to collect data from and about you including through:

Your interactions with us. Customers may give us their personal data by filling in online forms or by communicating with us by email, phone, fax, post or otherwise. This includes personal data customers or prospective customers provide when they:

  • make an enquiry or reservation;
  • join our loyalty programme;
  • request marketing to be sent to you;
  • sign up to email marketing offers & promotions;
  • share data as a point of entry into marketing competitions;
  • utilise free in-accommodation wifi;
  • give us feedback or contact us; or
  • make a credit application to us.

If you are applying for a job we collect information about you through the job application process (applications are made via www.weareqig.com).  If you are a member of supplier staff, you may provide us within information directly, it may be provided by your organisation or it may be provided to us by one of our customers.

Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

Third parties or publicly available sources. We may receive personal data about customers from various third parties as set out below:

  • We may receive information from your employer, relocation company or travel agency if they are facilitating your use of our services (for example if you have been referred to us by your employer or your employer is paying for your accommodation).
  • We may also request and receive from your bank, employer, current mortgage company, landlord, utility providers, government bodies, credit agencies, other businesses where you have an account or credit card or other relevant organisation, confirmation of the information you have provided to us.
  • We may receive Technical Data from the following types of company:
    • analytics providers;
    • advertising networks; and
    • search information providers.
  • If we use another organisation to carry out identity or credit checks, or to collect any debts due to us, we may receive information about you from that organisation.
  • Where your property rental is owned by another organisation or person and we are managing the rental on their behalf, we may receive information about you from the owner.
  • Contact, Financial and Transaction Data is collected from providers of technical, payment and delivery services.
  • We may also receive requests for information about you (such as confirmation that you are living at a property managed by us) from your prospective employer, banks or other organisations you have asked for credit or other reports.
  • We may collect Identity and Contact Data from publicly available sources such as Companies House or the Electoral Register.
  • We may collect Identity and Contact Data from third parties via our marketing service provider.
  • Interest based and website interaction data will be collected from social media and web digital channels in line with the cookie policy & anonymity within social media data collection policies.
  • If you are a job applicant we may obtain information from your referees. If you work for one of our suppliers we may obtain information from the organisation for which you work or our customers.
  1. How we use your personal data

The law requires us to have a legal basis for collecting and using personal data. We rely on one or more of the following legal bases:

  • For customer data, performance of a contract that we have with the customer or to take steps at the customer’s request before agreeing such a contract
  • Legitimate interests: We may use your personal data where it is necessary to conduct our business and/ or pursue our legitimate interests, as set out in more detail in the table below. We make sure we balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests
  • Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose

We have set out below, in a table format, a description of all the ways we plan to use the various categories of personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

We do not use your personal data to make automated decisions about you.  You can find out more about automated decisions on the Information Commissioner’s website: www.ico.org.uk

 

Purpose/Use Legal basis
To register a new customer Performance of a contract with you (if you are a customer)
To process and deliver our services:

(a) Sending customers pre-arrival confirmation and other details about their receipt of our services

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(c) Liaise with the property owner, if applicable

(d) If you are an individual based at one of our suppliers, to deal with that supplier

 (a) Performance of a contract with you (if you are a customer)

(b) Necessary for our legitimate interests (to deliver our services to customers and property owners; and recover debts due to us)
To safeguard the life, health or property of an individual. (a) Necessary to protect the vital interests of an individual

(b) Necessary for the performance of a task carried out in the public interest by e.g. the emergency services

(c) Necessary for our legitimate interests (to provide safe and secure accommodation)
Liaising with and assisting any intermediary organisation (e.g. your employer, travel agent, relocation company or corporate account holder) that has made a reservation, agreed to make payments, arranged for discounts or purchased our services on your behalf.

This may include:

- modifying or cancelling a reservation made with the assistance of the intermediary

- responding to questions or comments made by the intermediary on your behalf

- facilitating any task that the intermediary informs us you intend them to fulfil or that it would be standard industry practice for the intermediary to fulfil

 Necessary for our legitimate interests (to provide our customers with services) and those of the intermediary organisation (to enable them to manage their relationship with our customers)
To enable our suppliers to perform business activities on our behalf (e.g. credit card processing, customer support services, our booking management system, market research or database management services) Necessary for our legitimate interests (to provide customers with services and to enable us to manage our operations)
To manage our relationship with our customers which may include:

(a) Notifying customers about changes to our terms or privacy policy

(b) Dealing with customer requests, complaints and queries

(c) Registering and managing any on-line account or profile our customers have with us

(d) Asking for and receiving feedback from customers

(e) Responding to any request from an individual to subscribe to our newsletter

 (a) Performance of a contract with you (if you are a customer)

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated, manage our relationship with you, improve our services, keep people up to date about our services)

 

 
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data, liaising with government and law enforcement agencies) (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

 
To deliver relevant website content and online advertisements and measure or understand the effectiveness of our advertising Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to improve our website, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To carry out market research, send you relevant marketing communications, make personalised suggestions and recommendations to you about goods or services that may be of interest to you, share news and updates with you and involve you in offers or promotions (a)    Necessary for our legitimate interests (to carry out direct marketing to our customers or those who have expressed an interest in our services, develop our products/services and grow our business)

(b)    For other individuals, your prior consent to receiving direct marketing communications
To comply with legal or regulatory requirements, which may be set out in law or a court order.

To assist regulators or comply with their guidance.

To exercise our rights or defend legal claims

 (a) Necessary for our legitimate interests (to co-operate with the regulator; to enforce our legal rights and comply with our contractual and other obligations)

(b) Necessary to comply with a legal obligation

(c) Necessary for the performance of a task carried out in the public interest by the regulator

 
To negotiate and implement the sale, transfer or merging parts of our business or our assets; or the acquisition of/ merger with other businesses. (We will use de-identified or aggregated data where appropriate.) If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy. Necessary for our legitimate interests (the negotiation and implementation of mergers and acquisitions).
If you are a job applicant, to consider your job application. (a) Necessary to comply with a legal obligation (employment law)

(b) Necessary for our legitimate interests (to recruit appropriate staff)

Direct marketing

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving the marketing.

Where we use your personal data for marketing this may include reviewing your personal data to decide which services and offers may be of interest to you, so that we can then send you relevant marketing communications.

Third-party marketing

We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

Opting out of marketing

You can ask us to stop sending you marketing communications at any time by:

  • logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences
  • following the opt-out links within any marketing communication sent to you
  • contacting us using the details below: hello@aeriaapartments.com

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example relating to updates to our Terms and Conditions and checking that your contact details are correct.  We may also need to retain information if there is an ongoing complaint or dispute that the information is needed to resolve.

Cookies

For more information about the cookies we use and how to change your cookie preferences, please see https://www.aeriaapartments.com/cookie-policy/.

  1. Disclosures of your personal data

We may share your personal data where appropriate with the kinds of organisations described below for the purposes set out in the table above.

For customers and prospective customers only

  • An intermediary organisation such as your employer, travel agency, relocation company or other organisation/ corporate account holder that has made reservations, obtained a discount or paid for our services on your behalf. The information shared may include Household, Transaction and Lifestyle Data.  Information may be transferred to partner organisations of the intermediary.
  • Companies that support us by carrying credit and identity checks or assist us with collecting debts due to us.
  • Credit card issuers, credit reporting agencies and fraud checking agencies where you have authorised them to report on you/ your finances.
  • If your property rental is owned by someone other than Aeria Apartments, the person on whose behalf we are renting out the property.

For all individuals (including customers)

  • Companies that provide us with IT, web, payment and other technical services
  • Our professional advisors
  • Courts, tribunals, law enforcement authorities, other organisations involved in the administration of justice and regulators
  • Other companies within our group
  • Third parties to whom we are considering selling, transferring or merging parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
  1. International transfers

We share your personal data within our Group. This may involve transferring your data outside the UK to our overseas offices in [list countries].

We may also transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the UK and EU to countries which have laws that do not provide the same level of data protection as UK / EU law.

If we transfer your personal data out of the UK and EU to countries which have laws that do not provide the same level of data protection as the UK / EU law, we always ensure that a similar degree of protection is afforded to it. We do this by either ensuring the receiving country has been considered to provide an adequate level of protection for personal data by the UK government, or by ensuring that approved contractual safeguards are in place to ensure that adequate protection is in place.

To obtain a copy of these contractual safeguards, please contact us using the details below.

  1. Data retention

How long will you use my personal data for?

We will only retain personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period if we have a need to do so, for example if there is a complaint, if we reasonably believe there may be litigation connected with our relationship with you or following guidance from our professional advisors.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data: see below for further information.

Please note that if you are in a property that used to be managed by us but is no longer, we will still need to retain your personal data for a period of time.  This is to ensure there is a smooth handover and ensure that any outstanding contractual obligations are met.

  1. Your legal rights

If your personal data is held by us you have a number of rights under data protection laws in relation to your personal data.

You have the right to:

  • Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
  • You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes (see above for details of how to object to receiving direct marketing communications).
  • Request the transfer of your personal data to you or to a third party. Note that this right only applies to information provided by you that we process relying on the legal basis of consent or performance of a contract with you. If this right applies, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
  • If we rely on your consent as the legal basis for using your information (see the table above), you may withdraw your consent at any time (see the table above for details of if/ when we rely on your consent as the legal basis for using your data). Any withdrawal of consent will only apply to the future use of your personal data – it will not apply to any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
  • If you want us to establish the data's accuracy;
  • Where our use of the data is unlawful but you do not want us to erase it;
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise any of the rights set out above, please contact us – see the contact details section below. Please note that some exceptions apply to the rights outlined above.  We will let you know if one of these applies.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all valid requests within one month of your identity being confirmed. Occasionally it could take us longer than a month if your request is particularly complex, you have made a number of requests or we need to take legal advice. In this case, we will notify you and keep you updated.

  1. Contact details

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us by:

  • Email address: hello@aeriaapartments.com
  • Postal address: Q Apartments (UK) Ltd. t/a Aeria Apartments,153 Wandsworth Road, London SW8 2GB
  • Telephone number: +44 (0)20 3404 4040
  1. Complaints

Where your personal data is being used or held by us you have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues www.ico.org.uk and Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

For customers based outside of the UK, there may be a data protection regulator in your own country, to which you can complain.  For further information about this please contact us using the details included in the Contact details section above.

We would appreciate the chance to deal with your concerns before you approach the regulator so please contact us in the first instance.

  1. Changes to the privacy policy and your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

  1. Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or use of your data. When you leave our website, we encourage you to read the privacy policy of every website you visit.