Festival Place

Privacy Policy

This privacy policy explains how the Festival Place Shopping Centre handles your personal information and data. 

Festival Place Shopping Centre is owned by Festival Retail Properties Limited, a company incorporated in England and Wales with company registration number 16139907.

Estama (UK) Limited (Estama), are the owners appointed property managers and data controllers for the Festival Place Shopping Centre. Estama are a company incorporated in England and Wales with Company Number 06610868, whose registered office is at 5-6 Clipstone Street, London, W1W 6BB.

We value your trust, so we’ve strived to present this policy in clear and plain language. The policy is structured so you can quickly find answers to the questions that interest you the most.

This privacy policy applies to all the products, services and websites offered by the Festival Place Shopping Centre and their affiliates, except where otherwise noted. Products, services and websites are collectively referred to as the “services” in this policy.

References in this policy to ‘us’, ‘we’, ‘our’ are references to Estama (UK) Limited, Festival Retail Properties Limited, or Festival Place Shopping Centre or affiliates/group companies. References to ‘you’ or ‘your’ are references to any individual or business accessing the services.

What Data We Hold & Why

We collect and use the following information to provide, improve, and protect our Services:

Account information

We collect, and associate with your account, information that you provide to us when you perform actions such as signing up for an account, (like your name, email address, phone number, payment info, and physical address). 

Retailer data

Due to the service that we provide we naturally have a need to hold information on a range of retailers that we engage with including some information that will be made public through our website and marketing materials (such as store names, opening hours, offers, news, etc). Other private retailer information such as store contacts and turnover may also be retained to allow us to provide our services.

Usage information

We collect information related to how you use this website and our services, including actions you take on this website (like newsletter signup, file downloads, or clicks through to external websites). We use this information to improve our services and to develop new services and features. 

Device information.

We also collect information from and about the devices you use to access our services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information.

Cookies and other technologies. 
We use technologies like cookies and pixel tags to provide, improve, protect, and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services. Further information on how we use Cookies and Pixels can be found in our cookie policy below.

Marketing

We may give users the option to sign up to marketing such as emails, text messages, phone calls and direct mailers, via the website, social media and through competitions that we run. If you register for this marketing, we will, from time to time, send you information about products, news, events, offers & competitions. Users who receive these marketing materials can opt out at any time. If you do not want to receive marketing emails from us, simply click the ‘unsubscribe’ link in any email. You can opt out of any other marketing by emailing us at info@estama.co.uk. 

Why we hold your data

We collect and use the personal data described above in order to provide you with services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that our partners obtain such consent. 

Specifically, we use your data to:

  • Provide, update, maintain and protect our services and business.
  • Communicate with you by responding to your requests, comments, and questions. If you contact us with questions or concerns, we may use your personal information to respond.
  • Send you emails and other communications. We may contact you about important changes to our services. 
  • Understand how you use our services and improve them.
  • Investigate and prevent security issues and abuse of services.
  • Protect any person from death or serious bodily injury.
  • Comply with applicable law, legal process, or regulation.
  • Perform a task carried out in the public interest.
  • We will also collect and use your data with your consent to send you marketing materials about our services. 

Our Data Partners

We may share information as discussed below, but we won’t sell it to advertisers or other third parties.

Others working for and with us

The Festival Place Shopping Centre uses certain trusted third parties (for example, providers of customer support and IT services) to help us provide, improve, protect, and promote our services. These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Policy, and we’ll remain responsible for their handling of your information per our instructions.

Law & order and the public interest

We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or appropriate government request; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of this website or our stakeholders; (d) protect the Festival Place Shopping Centre rights, property, safety, or interest; or (e) perform a task carried out in the public interest.

Estama are the Data Controllers in respect of the CCTV at the Festival Place Shopping Centre and are responsible for the capturing and storing video images and are responsible for:

  • The security and accountability of the CCTV images and ensuring that authorised staff using the CCTV system are properly trained in the use of the equipment and comply with the Code of Practice; and
  • Deciding how the personal data being processed should be used and who it should be disclosed to if needed

 

Policy Changes

If we are involved in a reorganization, merger, acquisition, or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.

Your Right to Control and Access Your Information

You have a right to be informed of Personal Data processed by the Festival Place Shopping Centre, a right to rectification/correction, erasure and restriction of processing. You also have the right to receive from the Festival Place Shopping Centre in a structured, common and machine-readable format of Personal Data you provided to us.

We can only identify you via your email address and we can only adhere to your request and provide information if we have Personal Data about you through you having made contact with us directly and/or you using our site and/or service. We cannot provide, rectify or delete any data that we store on behalf of our users or customers.

Where you have provided consent, you may withdraw it at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing it. 

To exercise any of the rights mentioned in this Privacy Policy and/or in the event of questions or comments relating to the use of Personal Data you may contact our Data Protection Officer at gdpr@estama.co.uk.

Where Personal Data is processed for the above purposes on the basis of the Festival Place Shopping Centre legitimate interests, under the GDPR, you may object to such processing at any time. To do so please contact our Data Protection Officer at gdpr@estama.co.uk.

In addition, you have the right to contact your local data protection supervisory authority.

 

Cookie Policy

Introduction

This cookie policy (“Cookie Policy”) is intended to inform you on how we use cookies and similar technologies (“Cookies”) to assist you in making informed decisions when using this website. Please take a moment to read and understand this, Cookie Policy. This Cookie Policy should also be read in conjunction with our Privacy Policy and our Terms and Conditions.

Cookies are small text files that are stored by the browser on your computer or mobile phone. Websites are able to read and write these files, allowing them to store things like personalisation details or user preferences. You can think of Cookies as providing a "memory" for the website, enabling it to recognise a user and respond appropriately. You may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete Cookies from your computer as well as more general information about Cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

Cookies are used by us and our third-party partners on this website for identification, analysis and advertising purposes. Please note that we have no control over the Cookies placed on our website by our third-party partners. If you would like more information about the cookies used by these suppliers, as well as information on how to opt-out, please see their individual privacy policies listed below.

By using this website, you consent to the storing and accessing of Cookies on your device. To manage your Cookie preference, click Manage Cookie Preferences below. Details of the Cookies used on our website and any applicable third-party partner are set out below.

Cookies message and our use of cookies

You may see a banner when you visit www.festivalplace.co.uk inviting you to accept our use of the Cookies described in this cookie policy and / or to set your Cookie preferences. We’ll set cookies so that your computer knows you’ve seen it and not to show it again, and also to store your settings. These settings will expire after 1 year when you will be invited to review your preferences.

Our Sites also uses Cookies for which we do not require your consent. This Cookie Policy refers to these Cookies as “Essential Cookies” and without them the services that you have asked for cannot be provided.

Blocking Cookies

You can consent to, revoke or block the use of specific Cookies by activating the relevant settings in your browser. In order to use some parts of our Sites you will need to consent to Cookies. If you choose to withhold consent, or subsequently block cookies, some aspects of our Sites may not work properly, and you may not be able to access all or part of the Sites.

The Cookies we use

The list below sets out more information about the individual Cookies used on our Sites and the purposes for which they are used:

Essential Cookies

Essential Cookies are required for our website to function correctly. These Cookies are automatically enabled, as without essential cookies some site functionality may not work.

 

Prismic Cookies

  • io.prismic.preview (Prismic): Enables preview sessions for unpublished content, allowing users to see draft or scheduled changes.
  • prismic-auth (Prismic): Manages authentication for accessing Prismic CMS features, likely for content editors.

Stripe Cookies (Payments & Fraud Prevention)

  • __stripe_mid (Stripe): Used for fraud prevention and identifying the browser session for payment processing.
  • __stripe_sid (Stripe): Used for fraud prevention and identifying the browser session for payment processing.

Session Management

  • SESSION (Website): A standard cookie used to maintain a user's session (e.g., login status, shopping cart). (Expires at end of session)

User Preferences & Site Security

  • cc_cookie (Website): Stores user's cookie consent preferences.
  • csrf-token (Website): Used in preventing cross-site request forgery attacks.

Analytics Cookies

We use Analytics cookies to help us understand user interaction and visit duration. Analytics cookies collect data on website usage to understand user engagement.

Google Analytics

  • _ga (Google Analytics): Collects anonymous information on how users engage with the website (e.g., visitor numbers, behaviour).
  • _gid (Google Analytics): Collects anonymous information on how users engage with the website (e.g., visitor numbers, behaviour).

Google & Segment (Authentication & Security)

  • SAPISID (Google): Helps authenticate users and personalize services for session management.
  • SEARCH_SAMESITE (Google): Prevents cross-site request forgery in Google Search.
  • SIDCC (Google): Provides additional security checks to prevent abuse and fraud.
  • SSID (Google): Authenticates users across Google services.
  • HSID (Google): Verifies user identity and protects against abuse.
  • AEC (Google): Helps verify legitimate requests and prevents Cross-Site Request Forgery (CSRF) attacks.
  • ajs_anonymous (Google/Segment): Tracks anonymous user sessions.
  • ajs_anonymous_id (Google/Segment): Tracks anonymous user sessions for analytics purposes.
  • ajs_user_id (Google/Segment): Identifies logged-in or known users for analytics tracking.

Salesforce (CRM Session & Analytics)

  • BrowserId (Salesforce): Used for session management, secure login, and performance analytics in relation to CRM integrations.
  • sid (Salesforce): Used for session management, secure login, and performance analytics in relation to CRM integrations.

Hotjar (Usability Analytics)

  • hjSessionUser* (Hotjar): Collects data on user interactions to understand website usability and identify areas for improvement.

Intercom (Customer Support & Messaging)

  • intercom-device-id-* (Intercom): Identifies devices for Intercom services (customer messaging, support, analytics).
  • intercom-session-* (Intercom): Manages user sessions for Intercom services.

Mixpanel (Product Analytics)

  • mp_* (Mixpanel): Tracks user interactions and events for product analytics and understanding feature usage.

Other Analytics Cookies

  • danuid: A unique user ID used for tracking user behavior and site analytics.
  • analytics_session_id: Generic session identifier for website analytics.
  • analytics_session_id.last_access: Tracks last access time for an analytics session.

Bloomreach

  • exponea_etc: Tracks customer engagement and behaviour for personalisation purposes.
  • xnpe_[project-token]: Enables server-side tracking and customer identification across sessions.
  • exponea_time2: Synchronises timestamp between browser and server for accurate tracking.

Advertising Cookies

We use internet advertising Cookies to measure the effectiveness of our advertising, understanding which advertising you click on and interact with. We then may use this to create user profiles and group those with similar behaviours into segments to improve the efficiency and relevance of our advertising.

iBeacon

  • (Name not specified) (iBeacon): Collects non-personally identifiable location information for location-based adverts and visitor counting.

DoubleClick (Ad Tracking)

  • IDE: Used for advertisement tracking, targeting, and measurement.
  • ar_debug: Used for advertisement tracking, targeting, and measurement.
  • receive-cookie-: Used for advertisement tracking, targeting, and measurement.

Google Ads

  • IDE: Helps show relevant ads, track conversions, and support ad performance reporting.
  • RA_Audience: Helps show relevant ads, track conversions, and support ad performance reporting.
  • RA_cookies: Helps show relevant ads, track conversions, and support ad performance reporting.
  • dan_UID: Helps show relevant ads, track conversions, and support ad performance reporting.

Google (Ad Personalization)

  • NID: Remembers user preferences and personalizes ads.
  • APISID: Builds user profile for personalized ads and content.

Meta / Facebook

  • _fbp: Delivers targeted ads on Facebook to previous site visitors.
  • _fbc: Delivers targeted ads on Facebook to previous site visitors.
  • test_cookie: Delivers targeted ads on Facebook to previous site visitors.

TikTok

  • _ttp: Tracks user behaviour for TikTok advertising/analytics.
  • ttenable_cookie: Tracks user behaviour for TikTok advertising/analytics.
  • ttcsid: Tracks user behaviour for TikTok advertising/analytics.
  • ttcsid_CLHJM6: Tracks user behaviour for TikTok advertising/analytics.

Other Marketing Cookies

  • RAAUDIENCE: Classifies users into marketing audiences for personalised ads.
  • RACOOKIES: Manages consent and tracking preferences for ads.
  • RAPERSONALIZATION: Stores user personalization data for content/ad targeting.
  • __spdt: Used for tracking personalization preferences or user sessions.

Modifications of this policy.

 We may revise this Privacy Policy from time to time. If we make any changes to this privacy policy that may materially impact on you or our processing of your personal data, we will notify you by means of a notice on our website prior to the change becoming effective.