”) is effective from and including May 25, 2018
and has been updated in accordance with the requirements of the European Union’s new General Data Protection Regulation (“GDPR
”) rules as its relates to changes in data privacy laws.Who We Are
Caerus International Ltd is a real estate private equity group with administrative and operational offices located in London, United Kingdom and Prague, Czech Republic and together with its shareholders, subsidiaries, affiliates, agents, representatives, consultants, employees, officers, and directors (collectively “Caerus
,” “Caerus Group
,” or “us
”) provides professional services to the various real estate fund entities which we originate and then externally manage.
Our third-party clients include both family offices and global institutions (including private banks, investment banks, sovereign funds, pension managers and insurance groups). Our main service offering is the origination and then subsequent investment, asset and property management of both regulated and unregulated fund vehicles (collectively our “Services
”).Application of this Policy
We will collect personal information about you from a variety of sources, including information we collect from you directly (e.g. when you contact us) and information we collect about you from other sources, described below. Note that we may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of our obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.Information we collect from our tenants
Information we collect from our clients
- Where you sign up for a newsletter, fill out a feedback form, complete a “contact us” form or enter a competition or promotion we collect personal information such as your email address, name, contact number, postcode and date of birth. Not all fields are mandatory, and provision of the information is optional but if you provide less information this may limit your use of our online services. Where you enter into a competition or promotion we may share your details with certain other service providers from time to time at the property to which the competition relates. This will be made clear to you at the time you sign up to the competition or promotion.
- Where you register online or place an order with a third-party service provider via one of our websites we collect your name, email address, billing and delivery address, phone number and credit or debit card details. These details may be shared with others, such as those providing merchant acquiring services and card issuers, but only where this is necessary to take a payment. In some circumstances these entities will be data controllers in respect of these details.
- When we send emails to you we review whether these have been opened and whether you have clicked on any links within these.
- When visiting some of buildings we may collect information from your mobile device and identify its location. This occurs whether or not you have used the Wi-Fi at the that particular building. To opt out of the collection of your MAC or IP address and location, turn off your device’s Wi-Fi and Bluetooth capabilities.
- You may be asked to complete a survey or questionnaire by us directly via email, via a third-party survey platform or at one of our buildings or via email or SMS and in doing so, we may ask for details such as your age, gender and postcode. The information captured is for research purposes and so we can understand more about our tenants in our buildings and the preferences and requirements of their workforce.
- We may occasionally stream videos on social media, such as Facebook live, and take and display photos of our building’s tenants (and occasionally members of the public) using and enjoying our buildings or attending events or functions which we have organized at our buildings.
- We operate CCTV 24/7 at our buildings for the purposes of public safety, crime prevention and prosecution, insurance and property management. At some of our buildings, we may utilize facial recognition and or number plate recognition technology for the purposes of public safety, crime prevention, property management and prosecution.
- Where we own or manage a building, we (and or our appointed external Facilities Managers) capture personal data within the system which controls access to our buildings. This comprises personal data of people who work in a building and those who visit it and includes name, occupation, employer and contact details. In relation to access control and visitor data where the data relates to us, we consider ourselves to be the data controller. Where the personal data relates to our tenants’ staff, contractors or visitors, our tenants may also be data controllers depending on the circumstances.
- Where we do not own a building, but we provide asset and or property management services for the building owner, we capture personal data within the access control system. This comprises personal data of people who work in a building and those who visit it and includes name, occupation, employer and contact details. The data controller in these situations will be the building owner or the tenants of the building owner and we are a data processor.
- Where we own a building or we provide asset and or property management services for a building owner, we collect data on accidents in order to comply with health and safety legislation.
- Where you are a commercial tenant of at one of our buildings you provide us with personal data such as financial and business information, contact details and bank account details. This is so that we can assess your suitability to be a tenant, allow you to pay the sums due under your lease and manage our buildings.
- Where you work for a tenant in one of our buildings, we may be provided with your contact details by your employer if we need to liaise with you about matters concerning your use and or occupation of that building or participation in events held at that property.
In order for us to be able to communicate with our investor clients and investment partners, we need to collect and process certain information. Depending on your use of our Services that may include:
Information we receive from social media sources
- Information you provide by completing forms on our main corporate website via our secure tenant portal – your name, email and postal addresses, telephone number, country of residence, login, and password details.
- Information you may provide for identity verification purposes including your legal name, business name and Tax ID for business entities and date of birth. In some cases, to comply with relevant Know-Your-Client (“KYC”) and Anti-Money Laundering (“AML”) legislation, we may request that you provide a secure upload of an identity document (such as your passport, driver’s license or other government-issued ID);
- Details of any requests or transactions you make as part of our Services. To that end, Caerus partners with various specialist third-party service companies (e.g. depositary agents and fund administrators) for the processing of client information, investment monies and payment of dividends, which in order to perform such functions, process your basic information in conformance with their own privacy policies. Apart from our client’s bank account information, Caerus in conformance with its regulatory obligations, also records details of all payment information (as applicable);
- Information about your activity on and interaction with any Caerus managed website, including use of any future mobile apps (such as your IP address, the type of device or browser you use, and your actions on any of our websites);
- Communications you send to us (for example, when you send us questions or comments, or report a problem);
- Information that you submit on our corporate website (in the form of comments, questions or replies on or to client reporting)
- You may decline to provide us with your information. However, this will limit your ability to register as an investor or tenant with Caerus or use our Services. You may however review, change or remove your information through your account settings.
How we use your personal information
- We may use social media such as Facebook, Twitter and or YouTube either ourselves or through third party marketing and or public relations agencies, to carry out digital advertising on the profiles of users who we think may be interested in our learning more about Services or any events or functions at any of our buildings, (based on events organized by us that they have attended, what marketing communications they have subscribed to and which parts of our website they have visited or users who are in a similar demographic to such persons.
- Information on how advertising is shown to you should be available from your own social media provider.
- The email address associated with your Facebook account, if you choose to sign up to a newsletter or event alert tool using your Facebook credentials. Caerus will also request permission to access your name, profile picture, and friend list (these permissions are governed by Facebook’s privacy policies and can be managed through your Facebook privacy settings).
- We however never post anything to your Facebook, Twitter, or other third-party accounts without your permission.
We use the information we collect for the following purposes:
- To keep your account secure and protect our Services (including to verify the identities of users and prevent fraud and abuse);
- To enable us to provide you with our Services, and to improve and promote our Services;
- To create and administer your account, contact you, and customize your interaction with Caerus; and
- To track and analyze your use of our Services so that we can improve the quality of delivery of our Services.
- Comply with legal obligations to which we are subject and to cooperate with regulators and law enforcement bodies.
- Maintain the quality of our websites and to analyse the use of our websites in order to help guide improvements;
- To better design and optimise our properties to improve the experience of our tenants and their employees;
- European Union (EU) Users
Data protection laws in Europe require a “lawful basis” for collecting and retaining personal information from citizens or residents of the European Economic Area (“EEA
”). Our lawful bases include:
- Performing the contract we have with you: In certain circumstances, we need your personal data to comply with our contractual obligation to deliver our Services.
- Legal compliance: Sometimes the law says we need to collect and use your data. For example, regulatory laws require us to retain records of investments and payments made through our Services.
- Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests.
For example, we use identity, device, and location information to prevent fraud and abuse and to keep the Services secure. We may also send you promotional communications about our Services, subject to your right to control whether we do so.
We analyze how users interact with our websites, so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the online experience we offer all our users.Your rights over your personal information
You have certain rights regarding your personal information, subject to local laws. These include the following rights to:
- access your personal information;
- rectify the information we hold about you;
- erase your personal information;
- restrict our use of your personal information;
- object to our use of your personal information;
- receive your personal information in a usable electronic format and transmit it to a third party (right to data portability);
- lodge a complaint with your local data protection authority;
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will otherwise contact you if we need additional information from you in order to honor your requests.Information Sharing
When you register as a user on any of our websites, we create a basic profile page for you within the secure portal of either our main corporate website at www.caerus.im or the secure tenant portal of any of our property microsites such as www.futuramapb.cz. By default, your profile is private and cannot be public in your account settings. No data will be publicly displayed or revealed to other persons.
- Information that’s shared with trusted third-party services: We may share your information with certain trusted third-party services to help us provide, improve, promote, or protect Caerus’ Services (like when we partner with event planners, or use services that help us manage our ads on other sites). When we share data with third-party services that support the delivery of our Services, we require that they only use your information ofor the purposes Caerus has authorized, and that they protect your personal information at least to the same standards as we do. We may also share information that’s aggregated and anonymized in a way that it doesn’t directly identify you.
- Information that’s shared with third-party professional service providers: When you invest in a fund managed by Caerus, the relevant external service providers formally appointed to that fund vehicle by Caerus or one of its affiliated entities (in compliance with relevant regulatory rules and laws) (“Professional Service Providers”) know all your relevant personal contact information and the amount you have invested. All third-party Professional Service Providers are required to keep our client information confidential, except as strictly necessary to communicate with such clients as and when they may be legally required to do so, or otherwise to generally fulfill their regulatory obligations.
Such Professional Service Providers should however not ask for personal information that isn’t necessary for them to provide their services to the fund in which you have invested and Caerus and should not request sensitive personal information beyond that which you have provided during your initial account establishment. Contact us at firstname.lastname@example.org
if you receive a request for information that seems inappropriate or excessive.
Additionally, Caerus may work with external marketing, advertising, PR and event management agencies that assist us to plan, organize and implement tenant related events at each of our managed properties (“Collaborators”). These Collaborators may be able to access the information you have provided when registering on one of our property micro-sites and are required to treat each user’s information as strictly personal information with the same care and respect as Caerus does.
- Information that’s shared to protect Caerus and comply with the law: We reserve the right to disclose personal information when we believe that doing so is reasonably necessary to comply with the law, regulatory compliance, to prevent fraud or abuse, or to protect Caerus’ legal rights, property, or the safety of Caerus, its employees, clients, or others.
- Asset purchasers and joint venture partners: We may share your personal information with any third party that purchases one or more of our properties or the companies with which we might jointly own a property.
Because we operate as part of a large business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See the section on “International Data Transfer” below for more information.International Data Transfer
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law / by the European Commission.
Where this is the case we have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.Information Security and Storage/Retention
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
We will retain your information as long as is necessary to provide you with our Services or as otherwise set forth in this Policy. We will also retain and use this information as necessary for the purposes set out in this Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect Caerus’ legal rights. We also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our websites, improve our Services or comply with legal obligations.
Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
- Maintain business records for analysis and/or audit purposes or risk management purposes; Comply with our business record retention requirements;
- Defend or bring any existing or potential legal claims; and
- Deal with any complaints regarding the services.
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.Data Transfers
Because Caerus is currently a British Virgin Islands (“BVI
Users residing in certain countries, including the EU, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the ability to access, correct, and request deletion of your personal information. While these rights are not applicable globally, all Caerus users can manage their personal information, as further described below, in their account settings.
You can request a copy of the personal data we hold on you at any time from Caerus via your page. To modify or delete the personal information we hold on you, please log in and update your profile. You may also delete your account from your account settings page. We may however retain certain information as required by law or as necessary for our legitimate business purposes.Email and Mobile Notifications
We want to communicate with you only if you want to hear from us. We try to keep emails to a minimum and give you the ability to opt in to any marketing communications we may send. You may also elect to receive certain marketing email communications, in accordance with your preferences, and from which you may opt out at any time by adjusting your settings. We’ll also send you service-related announcements when it’s necessary to do so.Security
We take security seriously, and the security of your personal data is important to us. We follow industry-standard practices to protect the data we collect and maintain to encrypt information as it travels over the internet. However, no method of transmission over the internet or electronic storage is completely secure, so Caerus cannot guarantee its absolute security.
Your account information is protected by a password, which you should choose carefully and keep secure. We encourage all users to enable two-factor authentication (as applicable and where available) to further protect their account and or general user information. We have a security protocol in place in the event of a data breach and encourage the responsible disclosure of vulnerabilities of our Services by emailing email@example.comData Protection Officer
To contact our Data Protection Officer, please email firstname.lastname@example.org Otherwise you can contact us in writing at:
The Data Protection OfficerCaerus Investment Management (CZ) s.r.o.
Futurama Business Park (Building F)
186 00 Prague 8 Czech RepublicData Protection Authority
Subject to applicable law, if you are a citizen or resident of the EEA, you also have the right to (i) object to Caerus’ use of your personal information and (ii) lodge a complaint with your local data protection authority or the United Kingdom Information Commissioner’s Office, which is Caerus’ lead supervisory authority in the EU.United Kingdom Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF, United Kingdom
Telephone: +44 303 123 1113https://ico.org.uk/global/contact-us/Changes to This Policy
We may update this Policy from time to time. If we do, we’ll let you know about any material changes, either by notifying you on the respective website or by sending you an email. New versions of this Policy will never apply retroactively. We will rather tell you the exact date they go into effect. If you keep using any Caerus services after a change, that means you will have accepted the most recently updated version of this Policy.