Promontoria Privacy Policy

Cerberus Global Investments B.V. and its Dutch associated group companies (hereinafter jointly referred to as "Promontoria"), are part of the Cerberus Group and involved in the acquisition of loan, real estate or other assets by either the acquisition of shares of companies that hold such assets or by direct asset acquisitions.

This Privacy Policy explains how Promontoria processes your personal data and which rights and options you have in this respect. Please note that where this notice explains applicable law and your rights, this applies only to personal data which is processed under the EU General Data Protection Regulation (GDPR). Where the processing of your personal data is not subject to the GDPR, different rules may apply under your applicable law.

Who is responsible for your personal data.

The Promontoria entity which owns an asset relating to you or your organization or otherwise has a business relationship with you and is identified in relevant communication with you is the responsible controller for any personal data you provide to us. Each of these entities is resident at Oude Utrechtseweg 32, 3743 KN Baarn, The Netherlands, and you may contact each entity at any time under the contact details set out below.

In addition, Cerberus Global Investments B.V., Oude Utrechtseweg 32, 3743 KN Baarn, The Netherlands, is a responsible controller for your personal data where it manages the business operations for the Promontoria asset holding vehicles.

Your personal data may be shared with further controllers within Promontoria or Cerberus Group as required in connection with our business relationship. You will be informed of any such data transfer in accordance with applicable law.

In particular, your personal data may be shared with Cerberus Capital Management, L.P., 875 Third Avenue, New York, NY 10022, for purposes of compliance with anti-money laundering, sanctions or other regulatory obligations and for portfolio management purposes. Please refer to Cerberus Capital Management, L.P.'s Privacy Policy for further details on the processing of your personal data and your related rights and options.

Purposes of data processing

Depending on the nature of our business relationship with you or your organization, Promontoria may collect and process your personal data for the following purposes:

  • Due diligence procedures in respect of the acquisition of real estate, loan or other assets and related security or collateral;
  • Concluding, performing, managing and administering your or your organization's business relationship with Promontoria, including monitoring of the obligations under loan, real estate or other asset related agreements and collection of the amounts due, such as any principal sum, interest, default or penalty interest in relation to loans;
  • Analyzing the payment behavior of debtors and related data in order to ensure the sustainability of the recovery and analyzing payment or other financial or asset related data for purposes of improvement and development of our investments and other products and services; processing and sharing of aggregated anonymous data relating to assets and other investments for statistical and business purposes;
  • Selling or otherwise divesting or restructuring of loan, real estate and other assets or asset holding entities;
  • Ensuring compliance with our legal and regulatory obligations. This may include sales and business record keeping obligations for tax or other purposes and sending required notices or other disclosures, compliance screening or recording obligations (e.g. under anti-money laundering (AML), know your customer (KYC), antitrust, export control, trade sanction and embargo or other laws or to prevent white-collar or money laundering crimes). In this context we may be required to conduct automated checks of your contact data or other information about your identity against applicable anti-money laundering or sanctioned-party lists and to contact you to confirm your identity in case of a potential match, to record interaction with you which may be relevant for antitrust purposes and to report to, comply with or support requests or investigations by competent supervisory, law enforcement or other public authorities;
  • Informing you, where permitted by applicable law, about investment opportunities and other products or services related to our business relationship with you or your organization;
  • Maintaining and protecting the security of our IT systems, databases, websites or other digital infrastructure, preventing and detecting security threats, fraud or other criminal or malicious activities; or
  • Solving disputes, enforcing our contractual agreements, including foreclosure of asset-related security or collateral, and to establish, exercise or defend legal claims.

Categories of personal data processed

Promontoria processes the personal data that is required in view of the purposes set out above which may, depending on the nature of our business relationship with you or your organization, include in particular the following categories of personal data:

  • Personal and contact information, such as full name, gender, age, date of birth, nationality, address, city and country of residence, telephone and fax number, signature, marital status, dependants, occupation, email address, copy of ID, citizen service number (Burger Service Nummer, (BSN)), data concerning previous employment;
  • financial data such as bank account number, utility bill details, data in relation to income (including salary, benefits and pensions) and liabilities and obligations;
  • data generated from our business relationship with you or your organization, including data in relation to loan, real estate and other assets and related security or collateral owned by Promontoria such as principal loan amount, interest, default or penalty interest and payment history;
  • information from publicly available resources, including data obtained from credit agencies;
  • data required for regulatory purposes, including data from compliance screening or procedures under AML, KYC or sanctioned-party law such as information about your status as a politically exposed person, relevant litigation or other legal proceedings against you or a third party related to you and our interaction with you which may be relevant for antitrust purposes;
  • data generated from your use of our website or other online services such as mobile device unique identifier and IP address.
  • Special categories of Personal Data. In certain circumstances, where required by law or where you have permitted us to do so, we may collect special categories of your personal data which are specifically protected under data protection law.

Legal basis

We will process your Personal Data for the above purposes only

  • where it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into such a contract;
  • where it is necessary for our or a third party's legitimate interests, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. Our "legitimate interests" may include our commercial interests in operating our business in a professional, sustainable manner, in accordance with all relevant legal and regulatory requirements;
  • for our compliance with our legal obligations;
  • where it is necessary to protect your or another person's vital interests;
  • where we have obtained your specific or, where necessary, explicit consent to do so. We will in each case inform you about the processing of your data and your related rights prior to obtaining your consent.

The legal bases for processing of your personal data are set forth in Article 6 of the GDPR.

From which sources we collect your personal data.

We will collect your information (i) from you directly; (ii) from your nominated financial institution; (iii) where you act as a representative on behalf of an entity, from that entity or (iv) where required from third parties including from AML, KYC or sanctioned-party service providers, publicly available resources or credit agencies.

Sharing data with third parties

We may share your personal data as required for the above purposes as follows:

  • With our affiliates within Promontoria and Cerberus Group worldwide if and to the extent required for the Permitted Purposes and legally permitted. In such cases, these entities will use your personal data for the above purposes and under the same conditions as outlined in this Privacy Notice.
  • With Cerberus Capital Management, L.P., 875 Third Avenue, New York, NY 10022 for purposes of compliance with anti-money laundering, sanctions or other regulatory obligations and for portfolio management purposes.
  • With third parties that are engaged in providing financial, legal, ICT and management consultancy, administrative services to Promontoria. These service providers will act as data processors. Some of these service providers will have access to and process your personal data on behalf of and under the instruction of Promontoria for the purpose of performing loan servicing and administering services in respect of the mortgage loans. These services include the collection of all sums due in relation to the mortgage loan and, if necessary, enforcement actions. Promontoria will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
  • With courts, regulators, law enforcement or other competent authorities as required or permitted under applicable law to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
  • With credit reference agencies and other companies for use in credit decisions, for fraud prevention and to collect debts.
  • With third parties if we sell or buy any loan, real estate or other assets or asset holding entities, including in connection with the due diligence undertaken by the prospective seller or buyer and its professional advisers.

Protection of your personal data

We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data from unauthorized access or intrusion. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We will at all times strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data.

Where we process your personal data

We may transfer your personal data to locations outside your jurisdiction in order to provide our services to you as outlined in this Notice.

This transfer may include a transfer of your personal data outside the European Economic Area (EEA), for example, if your personal data is transferred to CCM, it will be transferred to the United States. The level of personal data protection in countries outside the EEA may be less than that offered within the EEA. In some instances these countries will be subject to an adequacy decision which is issued by the European Commission indicating that the third country has an appropriate level of data protection. In other instances, we will implement appropriate measures to ensure that your personal data remains protected and secure in accordance with applicable data protection laws. We typically use standard contractual clauses to safeguard any of your personal data which is transferred outside the EEA. Please contact us if you would like a copy of these standard contractual clauses.

Data Retention

We will hold your personal data as long as required to provide you with the products, services or information you have requested and to execute and administer your business relationship with us. If you have asked us not to communicate with you, we will hold this information as long as required to comply with your request. We are also required to keep certain of your personal data (e.g. relating to business or tax relevant transactions) for certain retention periods under applicable law. Your personal data will be promptly deleted when it is no longer required for these purposes.

Exercising your rights

Subject to certain legal conditions, you may request access to; rectification; erasure; or restriction of processing, of your Personal Data. You may also object to processing or request data portability. In particular you have the right to request a copy of the Personal Data that we hold about you. If you make this request repeatedly, we may make an adequate charge for this. Please refer to Articles 15-22 of the EU General Data Protection Regulation for details on your data protection rights. As we want to make sure that your Personal Data is accurate and up to date you may also ask us to correct or remove any information which you think is inaccurate.

If you have given us your consent for the processing of your Personal Data you can withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the Personal Data where there is another legal ground for the processing.

For any of the above requests, please send a description of your Personal Data concerned stating your name, account information, and if applicable, your date of birth as proof of identity to the contact details below. We may require additional proof of identity to protect your Personal Data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled.

If you have any concerns about how your Personal Data is handled by us or wish to raise a complaint on how we have handled your Personal Data, you can contact us at the contact details below to have the matter investigated. If you are not satisfied with our response or believe we are processing your Personal Data not in accordance with the law you can complain to the competent data protection supervisory authority www.datatilsynet.dk

Changes to the Privacy Policy

Promontoria may make changes to this Privacy Policy from time to time. Promontoria advises you to refer to this Privacy Policy on a regular basis, so that you are aware of these changes.

Contacting Promontoria

If you have any questions about this Privacy Policy or in case you want to assert your rights, please do not hesitate to contact us:

Cerberus Global Investments B.V.
For the attention of Data Protection Department
Oude Utrechtseweg 32
3743 KN Baarn
+ 31 (0)35 548 8710
dataprotection@promontoria.nl