- Please note you will need to provide proof of identity before we can process your request.
We process your personal information if we collect it as part of our relationship with you. We collect and hold your personal information if:
- You are a supplier or potential supplier to our business; or
- You are a landlord or potential landlord of ours or of our customers, Vodafone and Telefónica; or
- You provide your contact details to us at a business event;
- You write to us with an enquiry or a complaint. As part of our processing for these purposes, we share your information with other suppliers who provide services to us or our customers. This Notice explains what data we process, why we process, how it is legal and your rights.
This Privacy Notice is provided by Cornerstone Telecommunications Infrastructure Limited ("Cornerstone" or "we" or "us") Cornerstone is, for the purposes of the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018, your Data Controller. This means that we are responsible for, and control the processing of, your personal information. We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information about:
- Your rights;
- The Personal Data we collect about you and why we collect the data;
- What we do with your data, and;
- Who your information will be shared with.
How to contact us
If you have any questions about this Privacy Notice, the information we hold about you, or wish to exercise any of your rights, please contact us via email at: firstname.lastname@example.org or write to us at Cornerstone, Building Cornerstone, Hive 2, 1530 Arlington Business Park, Theale, Berkshire, RG7 4SA.
Useful words and phrases
Please familiarise yourself with the following words and phrases as they have a particular meaning in Data Protection Laws and are used throughout this Privacy Notice:
- GDPR - General Data Protection Regulation (EU) 2016/679 including as applied in the UK. This legislation, along with the Data Protection Act 2018, sets out the principles and rules about how companies can process Personal Data and your rights in relation to your data.
- Personal data - Any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion and indications of intentions about Data Subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
- Special categories of personal data - Any information relating to: Racial or ethnic origin, political opinions, religious beliefs or beliefs of a similar nature, trade union membership, physical or mental health or condition, sexual life; or genetic data or biometric data for the purpose of uniquely identifying you.
- Processing - This covers virtually anything anyone can do with Personal Data, including Obtaining, recording, retrieving, consulting or holding it, organising, adapting or altering it, disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
- Data subject - The person whom the data is about.
- Information Commissioner - The UK Information Commissioner who is responsible for implementing, overseeing and enforcing the Data Protection Laws.
- Data controller - The person who determines the purposes for which, and the manner in which, any personal data are processed.
- Data processor - The person who processes the data on behalf of the Data Controller.
- Information Security Officer - This is the designated person within Cornerstone who is responsible for ensuring that the Data Protection Rules are adhered to.
- Data Protection Laws - This means the laws which govern the handling of data. This includes the GDPR and the Data Protection Act 2018.
What information do we collect?
If you are an individual supplier or an individual landlord (or a potential supplier or potential landlord) then we collect and hold the following information:
- Contact details (address, phone number, email address)
- Bank account details (if we pay you)
- Site address (if you are one of our landlords)
Special categories of data
- If there is a health and safety issue at one of our sites then we may hold information about you and the incident and that may contain health or medical information.
If you are a business contact or write to us with an enquiry or a complaint then we will hold the Personal Data that you provide to us.
Why we process your personal data?
We use your Personal Data for the following purposes listed in this section.
Contract and lease/licence management - To manage the contract or lease/licence we have with you and to pay you under the terms of the contract or lease/licence.
Security - To keep your Personal Data secure and prevent unauthorised access, loss, damage, destruction or corruption.
Legal and Regulatory Requirements - To comply with regulations and laws governing Cornerstone or our customers (Vodafone and Telefonica) for example health and safety laws and to exercise our rights under the Electronic Communications Code.
Name, address and email - To communicate with you if we collected your Personal Data at a business event or to respond to an enquiry or a complaint.
We are allowed to do so on certain legal bases. Please go to the "How is the Processing Lawful" section in this Privacy Notice below which provides more detail.
- Contract and lease/licence management - To manage the contract or lease/licence we have with you and to pay you under the terms of the contract or lease/licence.
- Security - To keep your Personal Data secure and prevent unauthorised access, loss, damage, destruction or corruption.
- Legal and Regulatory Requirements - To comply with regulations and laws governing Cornerstone or our customers (Vodafone and Telefónica) for example health and safety laws and to exercise our rights under the Electronic Communications Code.
- Name, address and email - To communicate with you if we collected your Personal Data at a business event or to respond to an enquiry or a complaint.
How long will we keep your data?
The list below provides details about how long we will retain your Personal Data.
- Name and address of an individual landlord - During the lease or licence and for 6 years after the lease or licence terminates or expires.
- Name and address of an individual supplier - During the contract and for 6 years after the contract terminates or expires.
- Landlord or supplier bank account details - During the contract or lease/licence (as applicable).
- Name, address and email of contacts or individuals who contact us with an enquiry or complaint - During our relationship with you. If you have made a complaint then we will retain your information for 6 years after the complaint has been resolved if we consider that there is a risk of further dispute.
How is processing your data lawful?
We are allowed to process your Personal Data for the following reasons and on the following legal bases:
- It is necessary for the performance of your contract/lease or license with Cornerstone.
We have a legitimate interest in processing your data, having considered the impact of processing on your interests and rights, and having ensured appropriate safeguards are in place to minimise any intrusion on your privacy. The legitimate interests for which we process your Personal Data are:
- Exercising our legal and regulatory rights under the legislation. If you are a landlord we may use your information to exercise our rights under the Electronic Communications Code.
- Establishing and defending our legal rights.
- Responding to enquiries or complaints that you make.
It is necessary in order to comply with legal obligations we are under for example health & safety at our sites.
How we keep your data secure
We use technical and organisational measures to safeguard your Personal Data, for example, we use secure connections on our internal systems, to ensure data residing on it is encrypted. This means that we convert your data into a computer code, which will make it harder for hackers to access your data when stored on our internal systems. We have up-to-date technical security measures and security policies. These ensure that we follow good practices across our business. We aim to keep your information safe from external threats such as hackers and malicious software. Whilst we will use all reasonable efforts to safeguard your Personal Data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any Personal Data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How you can contact us?’ above).
Who will have access to your personal data?
We may disclose your Personal Data to third parties who provide certain services for us, including:
- Personal Data
- Landlord name, address and bank details
- Supplier name, address and bank details
Who information is shared with:
- Our estates management provider, Cluttons LLP and our IT service provider, Accruent.
Transfers of your information to International organisations and otherwise out of the UK or the EEA
We may need to transfer your Personal Data to the United States to our IT service provider (Accruent), but only for the purpose of services that we receive from Accruent. Any transfer of your data will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
As a Data Subject, you have the following rights under the Data Protection Laws:
- The right of access to Personal Data relating to you;
- The right to correct any mistakes in your information;
- The right to restrict or prevent your Personal Data from being processed in some circumstances;
- The right to have your Personal Data ported to another Data Controller;
- The right to the erasure of your Personal Data; and
- The right to withdraw consent to receive our newsletter.
- The right to lodge a complaint with the Information Commissioners Office ("ICO")
These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your Personal Data, please contact us using the contact details located in the "How to Contact us" section above, on page 1 of the document. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months. There are exemptions to many of these rights which we will apply in accordance with the law.
Right to access Personal Data relating to you
You may ask to see what Personal Data we hold about you and be provided with:
- A copy;
- Details of the purpose for which it is being or is to be processed;
- Details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
- The period for which it is held (or the criteria we use to determine how long it is held);
- Any information available about the source of that data; and
- Requests for your Personal Data must be made in writing.
To help us find the information easily, please give us as much information as possible about the type of information you would like to see. If to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person if possible. There are certain types of data which we are not obliged to disclose to you, which include Personal Data which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold, free of charge. If you would like to do this, please:
- Email, call or write to us (see ‘How to contact us?’ above);
- Let us have enough information to identify you (e.g. name or email address); and
- Let us know the information that is incorrect and what it should be replaced with.
Right to prevent the processing of Personal Data
You may request that we stop processing your Personal Data temporarily if:
- You do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
- The processing is unlawful but you do not want us to erase your data;
- We no longer need the Personal Data for our processing, but you need the data to establish, exercise or defend legal claims; or
- You have objected to processing because you believe that your interests should override Cornerstone's legitimate interests.
Right to erasure
You can ask us to erase your Personal Data where:
- You do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
- You object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
- Your data has been processed unlawfully or has not been erased when it should have been.
Right to withdraw consent
If you receive our newsletter by post you may at any time elect to no longer receive it from us. If you no longer wish to receive the newsletter then please email, call or write to us (see ‘How to contact us?’ above).
Copies of your Personal Data (Data portability)
You may ask for an electronic copy of your Personal Data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
What will happen if your rights are breached?
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
If you do not think that we have processed your data in accordance with this Privacy Notice, you should let us know as soon as possible. As part of your request, you will need to provide valid identification to help us verify your identity. Similarly, you may complain to the Information Commissioner's Office. Information about how to do this is available on the website at www.ico.org.uk
Changes to the Privacy Notice
We might change this Privacy Notice from time to time, and if we do and we have your email address we will provide you with notice by email of any forthcoming changes that have an impact on you as an individual.