Skip to Main Content

You should read this privacy notice if you are a leaseholder in a property where your landlord has granted Rothesay Life Plc security over its interest in your property.

Understanding the terms of this privacy notice

The meaning of words which appear in bold underlined text are explained in the glossary. You can click on each term to see the definition. Alternatively, you can open the full glossary in another tab by clicking the link below. 

Glossary

Throughout this notice any reference to “we” or “us” refers to Rothesay Life Plc.

To read this privacy notice, please click on each section below.

About us and our relationship with you

‘Rothesay’ is the trading name for Rothesay Life Plc, an insurance company established in the UK with company registration number 06127279 and ICO registration Z1003678. We are authorised in the UK by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our registered office address is The Post Building, 100 Museum Street, London WC1A 1PB.

This Privacy Notice applies to all situations where we process personal data data about any individual who is a leaseholder within a property where their landlord has granted Rothesay Life Plc security over its interest in your property.  We make loans to companies (our borrower) who own (or have control over group companies who own) the freehold or headlease in properties. Often the units within these properties have been leased to individuals, like you. Under the terms of your lease, you may be required to pay your landlord rent. As security for our loan, your landlord (who is in the same group of companies as the borrower) granted us a charge of its interest in these properties.

This means that if the borrower breaches the loan agreement it has with us (for example, by failing to repay the amount which is due to us) or certain events occur with respect to the managing agent of your property, we have the right to appoint a new managing agent who will collect the rent from you, rather than you paying it to your landlord. This does not affect your rights under the lease, and we only have the same rights that your landlord already has. Our right to appoint a new managing agent to collect rent does not impact your rights in your property, the terms of your lease or the rent payable. Where a new managing agent is appointed, in order to enable the new managing agent to collect rent directly from you, we would need to process your personal data.

If at any time you breach the terms of your lease (for example, by failing to pay the rent due and falling into arrears or failing to keep the property in the standard required by your lease) and the landlord intends to take remedial action through the statutory legal process to cure the breach (such as the exercise of its forfeiture rights), the landlord will first be required to obtain our consent. As part of the consent process, we may receive your personal data in order to help us determine whether the landlord’s proposed course of action to remedy the breach of your lease is fair, and whether we should provide our consent to the landlord to take such remedial action.

We are a controller under data protection laws. This privacy notice explains how we use and look after your personal data. This privacy notice also tells you about your privacy rights and how the law protects you. 

About this privacy notice

This privacy notice contains information about:

Please note that we may change this privacy notice from time to time.

To request a printed copy of this privacy notice please contact us using the contact details contained in the part of this privacy notice headed Contact details.

The personal data we process

The categories of personal data we process include the following:

1. Leaseholder's personal information: Personal data relating to the homeowner with a mortgage where we have a financial interest in the mortgage. Personal data in this category includes:

  • Name
  • Address of the property
  • Correspondence address (if different) 
  • Contact details (including phone number and email address, if you have already provided these details to your landlord)

2. Lease information: Personal data relating to details of a leaseholder’s lease and property. This includes:

  • The amount of rent due to be paid to the landlord
  • Lease start date and end date
  • Use of property
  • Additional information – if you are in breach of the terms of your lease agreement, we will obtain more information about the reason for the breach to help determine what action to take

3. Sensitive personal data:This includes the processing of health data as part of an assessment to determine extenuating or exacerbating circumstances surrounding a breach of lease.

Where the personal data has been obtained

Personal data will usually be collected from your landlord and third parties appointed by your landlord, such as its managing agent who collects your rent and, if you breach the terms of your lease, its legal representatives or tracing agents.

You can request a list of landlords to whom we have disclosed your personal data using the details contained in the part of this privacy notice headed Contact details.

The reasons why and lawful bases relied on to process your personal data

The table below provides details of the purpose and the lawful bases upon which we process personal data.

Type of personal data

Why we need it

Lawful bases for processing

To operate our business

 We process personal data to operate our ground rent business and manage the risks aligned to our loans with borrowers. This includes the potential processing  of personal data in connection with the sale or potential sale of our interest in the loans to other parties.

Legitimate interests pursued by us or by a third party

We have a legitimate interest to operate our business effectively and efficiently, manage the risks associated with our business, and meet our legal and contractual obligations. This includes selling interests in the loans to other parties.

To manage any amendment or variation to leases

We process personal data in cases where our agreement is sought to amend or vary a lease over which we have a registered charge or restriction.

Legitimate interests pursued by us or by a third party

We have a legitimate interest to operate our business effectively and efficiently, manage the risks associated with our business, and meet our legal and contractual obligations. This includes selling interests in the loans to other parties.

To obtain a legal charge

We process personal data in order to take a charge over properties owned by a borrower as security for our loan to the borrower.

Legitimate interests pursued by us or by a third party

We have a legitimate interest to operate our business effectively and efficiently, manage the risks associated with our business, and meet our legal and contractual obligations. This includes selling interests in the loans to other parties.

To manage lease arrears or forfeiture cases

We process personal data to enable any breach of a lease agreement to be remedied fairly, and to help us to determine whether we should provide consent to the landlord to take any remedial action. We must also ensure the value of the property is preserved and, where appropriate, help prevent a borrower from defaulting on their obligations under the loan agreement they have with us.

 

To manage borrower defaults

If our borrower defaults on its loan or an event relating to the managing agent occurs, we need to be able to exercise our legal rights in respect of the loan agreement.

Legitimate interests pursued by us or by a third party

We have a legitimate interest to operate our business effectively and efficiently, manage the risks associated with our business, and meet our legal and contractual obligations.

 

Sensitive personal data such as health information might be received as part of a case analysis. In such circumstances, we process personal data under a substantial public interest condition, such as safeguarding the economic well-being of individuals.

We may also process personal data including sensitive personal data to comply with other laws, regulations or criminal reporting requirements that we are subject to. This includes compliance with law enforcement agency procedures in connection with various investigations and compliance with any requirement to prevent or detect unlawful acts.

How we keep your personal data secure

Our commitment to corporate security is demonstrated through the implementation of policies, controls and procedures, which are externally certified and audited to the international information security standard, ISO 27001:2013.

Our security policies, controls and procedures are regularly reviewed and updated so that we maintain good practices across our business to keep your information safe.

We have contractual arrangements in place with all of our service providers who process personal data which are compliant with data protection laws. We regularly check that our service providers are complying with their contractual commitments. This includes assessing and reporting on our service providers’ information security controls to check their compliance using questionnaires and/or on-site audits.

How long we store your personal data for

We will only keep your personal data for so long as we reasonably require it and, in any event, only for as long as our internal rules and polices allow us in order to fulfil our business or legal and regulatory obligations. This will usually be six years after the date of the final repayment of the loan of the relevant borrower.

Who has access to your personal data

We share personal data with a variety of other companies to operate our business. However, we only share the personal data where necessary to help us satisfy one or more of the reasons for processing set out above.

We have detailed the types of companies with whom we currently share personal data below. The companies fall into two categories.

Processors with whom we share personal data

For these companies, we determine the purposes for which the personal data we pass to them is processed and they should not process that personal data other than in accordance with our written instructions. Processors with whom we share personal data:

1. Back-up managing agent

We appoint a back-up managing agent to hold the following data: (i) details of our loans (including the properties that we have charges over), (ii) the leaseholders of each property and (iii) the amount of rent payable in respect of each property (so that if a borrowerbreaches the loan or an event occurs with respect to the managing agent, we can replace the existing managing agent with the back-up managing agent who will collect rent). In such circumstances, the back-up managing agent will need to contact you to notify you that rent must be paid to them.

2.  Other managing agent

If our borrower defaults or an event occurs with respect to your managing agent, we may appoint a managing agent who is not our back-up managing agent. In such circumstances, they will need to contact you to notify you that rent must be paid to them instead of your existing managing agent.

3. IT service providers
Our main IT infrastructure and core software is provided by Goldman Sachs Group, Inc.. This means that personal data we process is stored on Goldman Sachs’ IT systems.

4. Other service providers to our business
Other companies who process personal data on our behalf include those who provide day-to-day operational business services such as emails, archiving, document scanning and copying, document destruction and printing.

Controllers with whom we share personal data

For these companies, we do not determine the purposes for which the personal data we pass to them is processed once it is shared. To understand how the other controllers process your personal data , you should refer to their privacy notices. Controllers with whom we share personal data:

1.  Other loan providers like us

If we decide to sell our interests in certain of our loans to another provider, we may give your personal data to the actual or proposed purchaser.

2. Group entities

We will sometimes need to share personal data with entities within the Rothesay group of companies for administrative purposes and as part of our internal financing arrangements.

3. Professional advisers

We sometimes have to share personal data with our professional advisers (including accountants and lawyers) where it is required for the purposes of their advice.

4. Regulators, law enforcement and auditors

We will share personal data when requested by regulators, law enforcement agencies or other third parties to comply obligations imposed on us by laws and regulations.

International transfers

Where personal data is transferred to and processed in a country outside of the UK or the EEA (as applicable), we take steps to provide appropriate safeguards to protect your personal data, including by entering into approved standard contractual clauses obliging recipients to protect your personal data and only transferring personal data to the extent that an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data is ensured in compliance with data protection laws.

If you want further information on the specific mechanisms used by us when transferring your personal data outside of the UK or EEA, please contact us using the details contained in the part of this privacy notice headed Contact details.

 

Your rights

Under certain circumstances, you have the following rights under data protection law:

How to exercise your rights

If you wish to exercise any of your rights, please contact us using the details contained in the part of this privacy notice headed Contact details.

Contact details

How to contact us regarding this privacy notice

You may want to contact us to:

  • Ask any questions you have in relation to the information contained in this privacy notice
  • Exercise any of your rights under the data protection laws
  • Request a printed copy of this privacy notice printed in large print or braille
  • Request an audio version of this privacy notice
  • Make a complaint (see below)

To contact us you can email our Data Protection Officer (DPO) at dpo@rothesay.com or write to:

Data Protection Team, Rothesay Life Plc, The Post Building, 100 Museum Street, London WC1A 1PB

If you live within the European Union, you can also contact our European representative. Their details are as follows:

Address: Bird & Bird GDPR Representative Services SRL, Avenue Louise 235, 1050 Bruxelles, Belgium.

Or email: EUrepresentative.Rothesay@twobirds.com

How to make a complaint

If you have a problem or concern relating to the ways we process your personal data or the contents of this privacy notice, please contact us in the first instance.

We hope that we will be able to address the problem or concern to your satisfaction. However, you also have the right to make a complaint to the Information Commissioner’s Office. The process for making a complaint to the Information Commissioner’s Office is available here: 

www.ico.org.uk/make-a-complaint

Their contact details are as follows:

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Or phone: 0303 123 1113

ico.org.uk