GSA privacy policy

 

Last updated 28/03/2025

This privacy notice aims to set out how GSA collects, uses and shares your personal information; your ‘personal data’. This is any information which could directly or indirectly identify you. It also explains your privacy rights under data protection law, and how you can exercise these.

Who are we?

GSA International Limited is the holding company of the real estate and investment management business, together known as the Global Student Accommodation Group, or “GSA”. Our main offices are in the United Kingdom. GSA develops and manages student accommodation and investments in student accommodation globally. Any reference to GSA in this notice includes GSA International Limited and its subsidiary companies. GSA is part of the global Dot Group, and is registered with the UK Information Commissioner’s Office (“ICO”).

How to contact us.

If you have any questions about this privacy notice or other data protection related queries you can write to us at: GSA International Limited, Portman House, 2 Portman Street, London W1H 6DU. Alternatively you can email us: [email protected].

What information are we collecting?

GSA works with both corporate and individual private investors who qualify as “Professional Investors” as defined under Annex II of Directive 2014/65/EU (MiFID II), and the details we collect may be business related (for example, your work contact details) or related to you in a personal capacity. We endeavour to limit the information we collect to what’s necessary, and without certain information, it may not be possible for us to fulfil your enquiry or request.

You can give us this information via our website enquiry form, over the telephone, via email, in person or through an application form. The types of personal details we routinely collect include:

  • Name
  • Address
  • Contact details (for example your email address and telephone number)
  • Employer(s) details (if applicable)

We may need to gather other personal information about you when it’s relevant and necessary for us to conduct appropriate due diligence checks in relation to potential investors.

We do not routinely collect what is known as ‘special category data’. This is personal information relating to matters such as health, ethnicity, racial background and political opinions. If we have a specific reason to collect this information, we will seek your permission to do so.

How we use your personal your information. 

We use your personal information for the following purposes:

  • to respond to enquiries, and for any other follow-up communications,
  • to assess suitability for an investment partnership,
  • to administer investment arrangements in either a corporate or individual context,
  • to send you monthly factsheets, where you’ve subscribed to receive such communications, or
  • to provide you with other helpful investment information.

Our lawful basis for handling your information.

Under data protection law we are required to have a lawful basis for our activities involving personal data. We rely on the following lawful bases:

  • performance of a contract (or steps necessary to enter into a contract)
  • legal obligation
  • your consent
  • legitimate interests

When we choose to rely on legitimate interests, we balance our business interests with your interests, rights and freedoms. We rely on legitimate interests for the following purposes:

  • to response to enquiries,
  • to handle relevant employees’ details when we enter into corporate investment partnerships,
  • to send monthly factsheets to subscribers, and other helpful information,
  • to gain feedback on our services, or
  • for routine administrative purposes.

In exceptional circumstances we may rely on the lawful bases of vital interests (to protect someone’s live) or public interest.

Who we share your personal information with.

Intra-group

GSA operates globally and, as such, has a number of subsidiary companies in various jurisdictions around the world. Your personal data may be shared amongst GSA companies, or the wider Dot Group. This sharing of information is limited and only occurs where appropriate and necessary in the context of our relationship with you.

To make sure your personal details are suitably protected when shared outside the UK, we have an intra-group Data Sharing Agreement. EU Standard Contractual Clauses with the UK Addendum are incorporate within this agreement as appropriate safeguard measures for cross-border transfers.  

If you’d like further information about the companies within our group, please contact us: [email protected].

Our service providers

We use service providers to support our business operations, which handle personal data on our behalf, under our instruction and are not permitted to use it for their own business purposes. For example, we use service providers to perform administrative services on our behalf. We have appropriate contractual arrangements in place governing our relationships with service providers, and only share necessary personal data with them, where relevant.

Where a service provider is based outside the UK, we make sure appropriate safeguard measures are in place to protect your personal information. Safeguard mechanisms we rely on include; the reciprocal EU-UK adequacy decision and/or EU Standard Contractual Clauses, with the UK Addendum.  

Regulators and other legal obligations

We may, from time to time, be legally obliged to share your information with regulators, crime prevention agencies or other authorities.

Your privacy rights.

Under data protection law you have a number of rights, which are listed below along with our contact details should you wish to submit a request.

  • The right to be informed: This gives you with the right to be informed about the collection and use of your personal data. This privacy notice is one of the ways in which we endeavour to fulfil this right.
  • The right of access: You have the right to request a copy of the personal data we hold about you and our purposes for using it. This is often referred to as a Data Subject Access Request (DSAR).
  • The right to rectification: If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request we correct or amend it, as appropriate.
  • The right to erasure: You have the right to ask us to erase your personal data from our systems and servers. This is also known as the ‘right to be forgotten’. This is not an absolute right, and there may be circumstances in which we can justifiably decline your request, but we will always explain why. Where your personal data has been shared by GSA with third parties (either other companies within the GSA group or our third-party service providers), you also have the right to request your personal data is deleted by these third parties.
  • The right to restrict processing: You have the right to request that we restrict or suppress your personal data. This would mean we retain it, but don’t use it for a specified purpose or purposes.
  • The right to data portability: You have the right to obtain and reuse your personal data for your own purposes or request it is securely transferred to another organisation.
  • The right to object: You have an absolute right to object to receiving direct marketing from us. In other circumstances we will assess any objection to how we are handling your personal data on a case-by-case basis.
  • The right to withdraw you consent: If you have provided your consent for GSA to use your personal data for a specific purpose, you can withdraw your consent at any time.

Data Protection legislation also contains rules aimed at protecting individuals where solely automated decisions are made with a legal or similarly significant effect. We can confirm GSA does not carry out this type of activity.

To exercise any of the rights referred to above, please write to the Operations Department, GSA International Limited, Portman House, 2 Portman Street, London W1H 6DU or email; [email protected]

If you submit a request, we may need to request proof of identity. We’ll endeavour to respond to any request as soon as possible, and at least within one calendar month. In limited circumstances we may need to extend this timeframe when responding to the Right of Access, but will always explain why if this is the case.

If you have any concerns about the way in which GSA is handling your personal information, or if you are not satisfied by our response to a privacy rights request, please contact us and we will do our utmost to resolve this for you. If you remain unsatisfied, you have the right to complain to the Information Commissioner's Office (ICO). You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

How do we keep your personal information secure?

GSA makes sure any personal data we hold about you is securely stored on our systems and servers and that any paper-based records of your personal data will be stored and destroyed in accordance with our data retention policies and procedures. We treat data security with the utmost seriousness and take appropriate measures to implement industry leading standards to protect your personal information. Only relevant members of staff will have access to your personal data, where relevant for their work.

How long do we keep your information for?

Your personal data is stored in accordance with our internal retention policy. Routinely we keep information related to enquiries for approximately twelve to eighteen months, and then destroy this information. If you enter into a corporate or private contractual relationship with us, we will keep your personal data, as necessary, for the fulfilment of this arrangement. If you would like more information about our retention periods, please email us: [email protected]

External links

Please note, if you use a link on our website to another website, or your request a service from another organisation this Privacy Notice will no longer apply once you’ve left our website.

Updates to this notice

We keep this notice under review and update it from time to time, to make improvements and/or to reflect any regulatory changes. If we make any significant changes in the ways in which we handle your personal information we will endeavour to notify you.