Site Services Privacy Notice (EU)

Privacy Notice (EU)

KREF Real Estate Finance Trust Inc. (“KREF”) respects your privacy and is committed to protecting your personal information. This privacy notice will inform you as to how we look after your personal information and tell you about your privacy rights and how the law protects you. This notice applies to you only if are located in the United Kingdom, a member state of the European Union or the European Economic Area. If you are a resident of California, please see our privacy notice for California residents. If you are a resident elsewhere in the United States of America or located elsewhere, please see our other privacy notices and any other privacy notices on our website from time to time.

This privacy notice is provided in a format so that you can click the arrows throughout to reveal further detail. Please also use the following table contents to navigate to the specific areas set out below. Alternatively, you can download a pdf version of the full privacy notice here.

Employees, contractors and other personnel of KREF should note that a separate privacy notice will be made available to them.

  1. IMPORTANT INFORMATION
  2. DATA PROTECTION PRINCIPLES
  3. PERSONAL INFORMATION WE HOLD ABOUT YOU, PURPOSES AND LAWFUL BASIS FOR PROCESSING
  4. COOKIES
  5. DATA SHARING
  6. DATA SECURITY
  7. DATA RETENTION
  8. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

1. IMPORTANT INFORMATION

KREF respects your privacy and is committed to protecting your personal information.

This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

It applies to:

  • individuals with whom KREF may have had contact for business purposes, either on our own account or on behalf of third parties or organisations;
  • individuals who are employed by or otherwise associated with KREF’s suppliers, vendors or professional advisors;
  • individuals who are involved in transactions or potential transactions which are evaluated or conducted by KREF or any of KREF’s sub-advisors;
  • individuals with whom KREF has contact during a recruitment process; and
  • individuals who have opted to receive communications from KREF.

KREF makes available separate privacy notices on the Investor Center here which apply to individuals associated with investors in the funds operated by KREF. This privacy notice does not form part of any contract of services.

This website is not intended for children and we do not knowingly collect data relating to children.

About KREF

The KREF Group is made up of different legal entities; more information can be found here.

This privacy notice is issued on behalf of the KREF Group so when we mention “KREF”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant entity in the KREF Group responsible for processing your personal information.

Unless otherwise specified, the designated contact entity in relation to KREF matters in the EU and EEA is KREF Alternative Investment Management Unlimited Company (registered in Ireland with company number 539765). You may contact us at [email protected] or via the contact details listed for the relevant country below.

For the purposes of the GDPR, the KREF company that you have dealings with is the controller of your personal information, for further details of which, please click below as appropriate. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the GDPR to notify you of the information contained in this privacy notice.

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Privacy Team at [email protected] or using the details set out below for the country relevant to you.

You have the right to make a complaint at any time to the relevant data protection authority (for details of which please click below). We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

If you have dealings with KREF in the United Kingdom...

Kohlberg Kravis Roberts & Co. Partners LLP is the main controller of personal information in relation to KREF business in the United Kingdom and so responsible for this privacy notice. KREF Capital Markets Limited and KREF Credit Advisors (EMEA) LLP and KREF Capstone EMEA LLP are also controllers of personal information for their respective businesses.

You can contact KREF’s Data Privacy Team from the United Kingdom as follows:

  • By post at Stirling Square, 7 Carlton Gardens, London, SW1Y 5AD and communications should be marked for the attention of the Data Privacy Team
  • By telephone on +44 20 7839 9800
  • By email [email protected]

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

If you have dealings with KREF in the Republic of Ireland...

KREF Alternative Investment Management Unlimited Company (registered in Ireland with company number 539765) is the controller of personal information for KREF business in the Republic of Ireland and so responsible for this privacy notice. KREF Credit Advisors (Ireland) Unlimited Company and KREF Capital Markets (Ireland) Limited are also controllers of personal information for their businesses.

You can contact KREF’s Data Privacy Team from the Republic of Ireland as follows:

  • By post at Level 3, 75 Saint Stephen’s Green, Dublin 2, D02 PR50, Ireland and communications should be marked for the attention of the Data Privacy Team
  • By telephone on +353 1 4757499
  • By email [email protected]

You have the right to make a complaint at any time to the Data Protection Commissioner (DPC), the Irish supervisory authority for data protection issues (https://www.dataprotection.ie). We would, however, appreciate the chance to deal with your concerns before you approach the DPC, so please contact us in the first instance.

If you have dealings with KREF in Luxembourg...

KREF Luxembourg S.À R.L is the controller of personal information for KREF business in Luxembourg and so responsible for this privacy notice.

You can contact KREF’s Data Privacy Team from Luxembourg as follows:

  • By post at 63, rue de Rollingergrund, L-2440 Luxembourg and communications should be marked for the attention of the Data Privacy Team
  • By telephone on +352 270 2431
  • By email [email protected]

You have the right to make a complaint at any time to the National Commission for Data Protection (Commission Nationale Pour La Protection Des Données (CNPD)), the supervisory authority for data protection issues in the Grand-Duchy of Luxembourg (https://cnpd.public.lu). We would, however, appreciate the chance to deal with your concerns before you approach the CNPD, so please contact us in the first instance.

If you have dealings with KREF in Spain...

Kohlberg Kravis Roberts (España) Asesores SL is the controller of personal information in relation to KREF business in Spain and so responsible for this privacy notice.

You can contact KREF’s Data Privacy Team from Spain as follows:

  • By post at Edificio Beatriz, Calle de José Ortega y Gasset 29. 28006, Madrid, Spain and communications should be marked for the attention of the Data Privacy Team
  • By telephone on + 34 (91) 198 00 04
  • By email [email protected]

You have the right to make a complaint at any time to the Spanish Data Protection Agency (Agencia Española de Protección de Datos (AEPD)), the Spanish supervisory authority for data protection issues (http://www.agpd.es). We would, however, appreciate the chance to deal with your concerns before you approach the AEPD, so please contact us in the first instance.

If you have dealings with KREF in France...

Kohlberg Kravis Roberts & Co. SAS is the controller of personal information in relation to KREF business in France and so responsible for this privacy notice.

You can contact KREF’s Data Privacy Team from France as follows:

  • By post at 42 avenue Montaigne, 75008 Paris, France and communications should be marked for the attention of the Data Privacy Team
  • By telephone on +33 1 53 53 96 00
  • By email [email protected]

You have the right to make a complaint at any time to the Commission Nationale de l'Informatique et des Libertés (CNIL), the French supervisory authority for data protection issues (https://www.cnil.fr). We would, however, appreciate the chance to deal with your concerns before you approach the CNIL so please contact us in the first instance.

If you have dealings with KREF in Germany...

Kohlberg Kravis Roberts GmbH is the controller of personal information in relation to KREF business in Germany and so responsible for this privacy notice.

You can contact KREF’s Data Privacy Team from Germany as follows:

  • By post at Maintor Panorama, 12th Floor, Neue Mainzer Str. 2-4, 60311, Frankfurt, Germany and communications should be marked for the attention of the Data Privacy Team
  • By telephone on +49 (0) 69 80 88 35 80
  • By email [email protected]

You have the right to make a complaint at any time to the Der Hassische Beauftragte für Datenschutz und Informationsfreiheit (HBDI), the supervisory authority for data protection issues in Hessen (https://www.datenschutz.hessen.de). We would, however, appreciate the chance to deal with your concerns before you approach the HBDI so please contact us in the first instance.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

We reserve the right to update this privacy notice at any time. We may also notify you in other ways from time to time about the processing of your personal information.


2. DATA PROTECTION PRINCIPLES

We will comply with applicable data protection law. This says that the personal information we hold about you must be:

  1. used lawfully, fairly and in a transparent way;
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  3. relevant to the purposes we have told you about and limited only to those purposes;
  4. accurate and to the extent appropriate, kept up to date;
  5. kept only as long as necessary for the purposes we have told you about; and
  6. kept securely.

3. PERSONAL INFORMATION WE HOLD ABOUT YOU, PURPOSES AND LAWFUL BASIS FOR PROCESSING

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are more sensitive types of personal data which require a higher level of protection, known as ‘special categories’ of personal data under the GDPR. We do not collect any ‘special categories’ of personal data about you except in the context of dietary requirements for events and meetings and limited health data to assist in the control of infectious diseases (such as the virus Covid-19) that you voluntarily provide to us. We do not collect any information about criminal convictions and offences, unless revealed by due diligence conducted to comply with a legal or regulatory obligation, transactional due diligence or as part of our recruitment processes.

Please click on the relevant section to see the categories of personal information about you that we collect, store, and use, the purposes of processing and our lawful basis for doing so.

Visitors to KREF’s website

We may collect information about you through technology. For example, we may collect your IP address each time you request a page during a visit to the website. (An IP address is often associated with the portal through which you enter the Internet.) At times, we may also use IP addresses to collect information regarding the frequency with which users browse various parts of the website.

The website may also use other technical methods to track and analyse the traffic patterns on the website, such as the frequency with which our users visit various parts of the website. These technical methods may involve the transmission of information either directly to us or to another party authorised by us to collect information on our behalf. We may also use these technical methods in HTML e-mails that we send our website users to determine whether such users have opened those e-mails and/or clicked on links in those e- mails. We may collect the information from use of these technical methods in a form that is personally identifiable.

During some visits we may use software tools such as JavaScript to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse overs), and methods used to browse away from the page. We may use this information to measure website activity, to develop ideas for improving our websites and for any other purpose to the extent permitted by applicable law.

You are not required to provide any personal information to access public areas of our website, other than parts of the Investor Center.

Please also see the section on Cookies below.

Visitors to KREF’s offices

When you visit our offices, we collect the following personal information about you for the following purposes:

  1. contact information by completion of the security list of visitors in line with our legitimate interests (security of the building);
  2. video images of you in the entry and exit areas from CCTV footage in line with our legitimate interests (security of the building);
  3. your name and time of entry to KREF’s offices through a security access system in line with our legitimate interests (maintaining security of our offices);
  4. names and dietary preferences for catering purposes in meetings in line with our legitimate interests (respecting visitors’ needs);
  5. health data to assist in the control of infectious diseases (such as the virus Covid-19) in line with our health and safety legal obligations;
  6. if applicable, health information by completion of the first aid accident book in order to comply with our health and safety legal obligations; and
  7. guests’ name and organisation for the purpose of organising events (for example conferences, charity events or student/alumni events) and providing name badges, attendee lists, team lists and table plans.

Individuals with whom KREF has contact for business purposes

If you have had contact with KREF, for example through emailing or meeting a representative of KREF, we collect, use and store limited amounts of personal information relating to you, such as your name, job title, employer organisation and contact details. We use publicly available information about you or information you have provided us with to add to KREF’s contact directory. If your contacts with KREF also fall within other categories defined below, we will also collect, store and share your personal information as described in those categories.

We will collect and store this personal information for the purposes of:

  1. maintaining a directory of contacts;
  2. organising meetings between you and KREF’s representatives; and
  3. general business marketing, including reporting on macro trends and other business and economic insights;
  4. sending you periodic updates about KREF’s business, events, presentations and opportunities, including by email and post; you can opt out of receiving updates at any time by contacting us (including by email at [email protected]), by asking your KREF business contact, or by clicking the “Unsubscribe” link in any email that you receive.

We will share the personal information we hold about business contacts with:

  1. third-party service providers which process personal information on KREF’s behalf,
  2. professional advisors, such as accountants, lawyers or other consultants;
  3. other companies in the KREF Group;
  4. KREF’s auditors; and
  5. applicable regulators and other governmental agencies anywhere in the world.

The legal basis for collecting, using and storing personal information about business contacts is that such processing is necessary for our legitimate interests in undertaking business development and promotion.

Individuals who are associated with KREF’s suppliers, vendors or professional advisers

If you are a supplier or vendor to KREF, or one of our professional advisers, we will collect, use and store limited amounts of personal information relating to you, including your name, job title, qualifications, employer or parent organisation and contact details.

We will collect, use and store this personal information for the purposes of conducting anti-money laundering checks, administering and maintaining records of goods, services or advice we have received, and commissioning further services or procuring further goods.

The personal information we hold about suppliers and professional advisers will be shared with:

  1. a wide range of third-party service providers which process personal information on KREF’s behalf, such as providers of telecoms, IT, courier, HR, security, legal accountancy, data and catering services.
  2. professional advisors, such as accountants, lawyers or other consultants;
  3. other companies in the KREF Group;
  4. KREF’s auditors; and
  5. applicable regulators and other governmental agencies anywhere in the world.

Our legal basis for collecting, using and storing personal information that you provide to us is that such processing is necessary for our legitimate interests in operating our business.

Individuals are who are involved in transactions or potential transactions by or on behalf of KREF

If you are involved in a transaction or potential transaction relating to KREF business, including as an investor or potential investor in any of our investment products, we collect, use and store personal information relating to you. To the extent appropriate, this includes your business and personal contact details, interest/marketing preferences, professional opinions and judgements, visual images and photographs required for business purposes, log-in details for user accounts, information relating to your financial status and dealings, nationality information (including copies of identity documents, such as a passport), references provided by third parties, and results of other due diligence carried out.

We collect, process and store this personal information for the purposes of:

  1. performing conflicts checks;
  2. verifying the identity of individuals;
  3. undertaking due diligence and performing background checks;
  4. conducting anti-money laundering checks;
  5. evaluating potential transactions;
  6. maintaining records of investments;
  7. trade and transaction reporting;
  8. administering transactions which are entered into;
  9. statistical analysis and market research;
  10. maintaining records of investments;
  11. billing and invoicing purposes;
  12. complying with our regulatory and legal obligations, including assessing and managing risk;
  13. identifying and preventing fraud and other unlawful activity;
  14. safeguarding our legal rights and interests;
  15. seeking and receiving advice from our professional advisors, including accountants, lawyers and other consultants;
  16. organising and holding meetings and events;
  17. marketing of investment products;
  18. general business marketing, including reporting on macro trends and other business and economic insights; and
  19. sending you periodic updates about KREF’s business, events, presentations and opportunities.

Please note that you can opt out of receiving marketing updates or change your preferred method(s) for receiving them (e.g. email, post) at any time by contacting us (including via email at [email protected]), asking your KREF contact or by clicking the “Unsubscribe” link in any email that you receive.

The personal information we collect, use and store about our counterparties with whom we conduct business may be shared with:

  1. third-party service providers which process personal information for us;
  2. credit reference agencies;
  3. financial intermediaries;
  4. professional advisors, such as accountants, lawyers or other consultants;
  5. other persons who have an interest or involvement in, or who are considering an interest or involvement in, a transaction upon which KREF is advising, including co-investors, other providers of finance and investors in KREF;
  6. other companies in the KREF Group;
  7. KREF’s auditors; and
  8. applicable regulators and other governmental agencies anywhere in the world.

Our legal basis for collecting, using and storing personal information about you is that such processing is necessary for our legitimate interests in running our business, including by advising on potential transactions. If we enter into a transaction that you are involved in, it will also be necessary for us to process your personal information for the purpose of performing that contract and to comply with our regulatory and legal obligations.

Public shareholders in KREF & Co. Inc. and investors

We collect, use and store personal information about our public shareholders and other investors for the purposes of:

  1. communicating with investors in relation to their holdings;
  2. complying with our regulatory and legal obligations;
  3. facilitating the payment of dividends and/or other distributions; and
  4. sending you periodic updates about KREF’s business, activities and opportunities, including by email and post; you can opt out of receiving updates at any time by contacting us (including via email at [email protected]), asking your KREF contact or by clicking the “Unsubscribe” link in any email that you receive.

We share the personal information we hold about our public shareholders and other investors with:

  1. companies which process personal information for us;
  2. professional advisors, such as accountants, lawyers, proxy advisers or other consultants;
  3. other companies in the KREF Group;
  4. our auditors; and
  5. applicable regulators and other governmental agencies anywhere in the world.

Our legal basis for collecting and storing personal information about our shareholders and other investors is that such processing is necessary for our legitimate interests in running and operating our business and ensuring effective communications with shareholders.

Individuals with whom KREF has contact during a recruitment process

We collect personal information about candidates through the application and recruitment process, either directly from candidates or sometimes from third parties (including recruitment agencies, former employers and credit reference agencies). Recruitment agencies which collect and use your personal information, including for the purpose of introducing you as a candidate to KREF, act as the controller of your personal information for that purpose and so are subject to a separate privacy notice provided by the agencies to you.

Please see below a list of the categories of personal information about you that we collect, store, and use:

  • personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • date of birth;
  • gender;
  • nationality;
  • current salary, annual leave, pension and benefits information;
  • current notice period;
  • desired start date with KREF;
  • desired location of employment or workplace;
  • passport number and driver’s license;
  • recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
  • employment records (including job titles, responsibilities, work history, working hours, language capabilities, training records, appraisal and fitness and propriety records and professional memberships);
  • compensation history; and
  • visual images and photographs required for business purposes.

Most commonly, we will use your personal information in the following circumstances:

  1. to take steps prior to entering into a contract with you (for example your employment contract, consultancy contract or partnership agreement);
  2. where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
  3. where we need to comply with a legal or regulatory obligation.

Should you be successful in your application, we will only transfer personal information to your employment record if it is relevant to your ongoing working relationship with KREF.

Should you be unsuccessful in your application, we will securely destroy your application details but will keep on file your name, any additional identifiers required to distinguish candidates of the same name and the position for which you applied for future recruitment purposes unless you specifically request that this should not be the case.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a candidate of KREF we will not keep any personal information about you for any longer than is necessary for the purposes for which the personal information is processed and will securely destroy it after this point.

Lawful basis for using your personal information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances (each a lawful basis):

  1. where we need to perform the contract we are about to enter into or have entered into with you;
  2. where it is necessary for our legitimate interests (as further explained in the relevant section applicable to you above) and your interests and fundamental rights do not override those interests; or
  3. where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform any contract we may have entered into with you, or we may be unable to deal with you.

Change of purpose

We will only use your personal information for the purposes for which we collected it or as otherwise described in this privacy notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


Managing Cookies

The help menu of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies completely. Additionally, you can disable or delete similar data used by browser extensions by changing the extension’s settings or visiting the website of its manufacturer. However, if you disable cookies, you may experience reduced functionality and, for sites using cookies for authentication, declining cookies will prevent you from using the website altogether.

To learn more about what cookies are set on your computer as you browse the Web and how to manage or delete them, visit www.allaboutcookies.org.

5. DATA SHARING

We seek to share your personal information with third parties only where we believe it is necessary or consistent with our legitimate interests, including to third-party service providers and other companies in the KREF Group.

We require third parties to respect the security of your personal information and to treat it in accordance with the law. We use a range of third parties from time to time to provide a wide range of services, including telecoms, IT, courier, HR, security, legal, accountancy, data, and catering services.

We transfer your personal information outside the European Economic Area and when we do, you can expect a similar degree of protection in respect of your personal information.

Why do we share your personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so. “Third parties” includes third-party service providers (including contractors) and other companies within the KREF Group worldwide.

How secure is your personal information with third-party service providers and other companies in our group?

All our third-party service providers and other companies in KREF Group are required to take appropriate security measures to protect your personal information in line with the GDPR. Except where needed for their own direct relationship with you or where they otherwise act as a controller of your personal information, we do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

When do we share your personal information with other companies in the KREF Group and with KREF Capstone companies?

We will share your personal information with other companies in the KREF Group and with KREF Capstone for internal administrative purposes on the lawful basis of our legitimate interests.

When do we share your personal information with any other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business or an audit. If needed to comply with law and regulations, we will also need to share your personal information with a regulator, governmental agency or otherwise.

Transferring your personal information outside Europe

We share your personal data within the KREF Group. This will involve transferring your personal information outside the European Economic Area (EEA).

Many of our third-party service providers are based outside the EEA so their processing of your personal information will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is applied to it by implementing at least one of the following safeguards:

  1. We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  2. We use specific contracts approved by the European Commission which give personal information the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  3. Where we use third-party service providers based in the US, we may transfer data to them if they participate in the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us (preferably via email at [email protected]) if you would like further information on the specific mechanism used by us when transferring your personal information out of the EEA.


6. DATA SECURITY

We have put in place appropriate security measures to protect personal information.

Third parties will only process your personal information held by us where they are obliged to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to access it.

They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


7. DATA RETENTION

How long will you use my information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


8. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Your rights in connection with your personal information

Under certain circumstances, under applicable data protection law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact us via email at [email protected] or via the other methods set out above.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may, where the relevant law permits, charge a reasonable fee if your request for access is clearly unfounded or excessive (for example, for repeat copies). Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Your right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us via email at [email protected] or via the other methods set out above. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Powered by Sitecore