Effective as of December 11, 2024
This privacy notice (“Privacy Notice”) is provided by Cerberus Capital Management, L.P. and its affiliates as identified in this Privacy Notice (“CCM”, “we”, “our”, or “us”) and sets forth our policies for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of personal data, as defined herein.
This Privacy Policy applies to any individuals ( “you” or “your organization”) who directly or indirectly invests, in funds or investment vehicles managed by us, or otherwise engage or interact with us, and to individuals accessing and using the website www.cerberus.com (the “Site”).
This Privacy Notice explains how we process your personal data and which rights you have in this respect under any applicable privacy and data security laws and regulations (“Data Protection Laws”). We may provide you with further privacy information on specific occasions so that you are fully aware of how and why we are using your personal data. Where we refer to “personal data” in this Privacy Notice, we mean any information that relates to you or from which you can be identified or equivalent concepts under the applicable Data Protection Laws.
Please note that the Data Protection Laws of some countries will provide for special or deviating rules in relation to the processing of your personal data. We have summarized these specific rules for the relevant countries in the supplementary sections at the end of this Privacy Notice below. These sections will only apply to you if we process your personal data under the laws of the respective country.
We encourage to read our Privacy Notice completely, but you may also click below to jump directly to any section you are specifically interested in:
1. Categories of Personal Data We Process
3. For Which Purpose We Use Your Personal Data
4. With Whom We May Share Personal Data
6. How We Protect Your Personal Data
8. How We Retain Your Personal Data
9. Changes to This Privacy Policy
Supplementary information for specific countries only:
1. United states
2. EEA, UK and Cayman Islands
3. China
1. Categories of Personal Data We Process
The nature of the specific personal data we process will depend on our relationship with you. During our ordinary business activities, we may process various categories of personal data including but not limited to:
- Identifying Information: This may include information used to identify a specific individual, such as: given name(s), preferred name(s), nickname(s), academic grades or other titles, date of birth, age, place of birth, signature, nationality, passport or other national or government identity documents details, photographs, principal residential address, bills or correspondence showing address, identity risk assessment score and feedback.
- Contact Information: This may include postal address, telephone number, email address or other communication channel addresses.
- Personal Information: This may include marital status, and Identifying and Contact Information about your spouse or partner, children, and dependents.
- Financial Information: This may include bank account details, credit card numbers, and income details, source of wealth information, source of funds details, money transfers including communications on bank transfers, information about assets or net worth, social security or national insurance number mandate details, investor profile data, investment preferences, risk appetite, restrictions and objectives, financial history, income, income requirements, liabilities and obligations, liquidity information, credit rating, investor classification, tax identification number, country of tax residence, income verification data, financial details, and information needed for billing and payment processing purposes.
- Professional Information: This may include employer, employment status, position, job title and, where required or appropriate, employment history or information on qualifications.
- Interaction Information: This may include time, date and content of email, telephone or other communication, including communication for marketing purposes, marketing preferences and interaction, enquiries, disputes, investigations or other interaction with or activities concerning you, such as information regarding the use of any of our websites, fund data rooms or investor reporting portals (e.g., cookies, browsing history and/or search history), information or services requested by you, and records of any other interaction or communication with you.
- Sensitive Information: In certain circumstances, if so required by law, we may also collect, use, store and transfer sensitive data about you. In particular, as part of our due diligence processes, we may collect information as to :
– your political opinions and affiliations, if so required by law so that we can identify that you are, or are connected to, a politically exposed person; and
– your criminal records or alleged criminal activity, if so required by law as part of a background check.
2. How We Collect Your Data
Depending on the nature of our relationship with you, we may collect your Personal Data in various ways, including:
- Directly from you or your organization,including by completing subscription documents, investor questionnaires, applications or other forms (including, without limitation, any anti-money laundering, identification, and verification documentation), sending us emails or other written correspondence, via our website, fund data rooms and/or investor reporting portals (as applicable) or otherwise providing us with Personal data in the course of our business relationship.
- Indirectly from third parties or other sources, including from your nominated financial institution or other representative (i.e., a broker or solicitor acting on your behalf), our affiliates, fund administrators, tax authorities, governmental agencies and supervisory authorities, fraud prevention and detection agencies, public records, anti-money laundering (“AML”), know-your-client (“KYC”) or other due diligence providers, credit reference agencies, background check agencies or from a counterparty involved in an investment or other business relationship with you.
- Through automated data collection tools, including Cookies, as defined in this Privacy Notice, and other analytics or tracking technology which may be used to collect certain data when you visit the Site or third party sites we direct you to in order to view our investor information or other electronic information about our products and services.
3. How We Use Your Personal Data
Depending on the nature of our relationship with you, we may process Personal Data for the following purposes:
- Managing and Performing our Business Relationship: To enter into, perform, manage and administer your business relationship with us, e.g. by performing transactions and orders, selling or buying assets related to you or your organization, processing payments, executing transactions, managing payments, fees and charges and collecting and recovering debts owed to us, engaging vendors, service providers and suppliers and performing relevant contracts, performing accounting, auditing, billing and collection activities or providing you with any other services or things you may have requested, processing and responding to any enquiries you have submitted to us, receiving and handling complaints, requests or reports from you, engaging with governmental or regulatory bodies or other competent authorities, and notifying you about changes to our terms or this Privacy Notice.
- Fund Administration: If you or your organization are an investor in a fund managed or owned by us, to administer and manage such investment, including holding your information on the ownership register, using your contact details to send you notices of meetings and investor communications and using your financial information (e.g. bank account details) to make payment of redemption or distribution monies.
- Direct Marketing and Customer Relationship Management: To send you marketing information about products investment opportunities or services that we think may be of interest to you, invite you to conferences and events and handle your registration and attendance, update you on other news about us, conduct market research, surveys, and similar inquiries to help us understand trends, client and website visitor needs and to improve and enhance our products, services, systems, processes and technologies.
You may opt out of direct marketing at any time by electing to unsubscribe in any direct marketing communication received from us or notifying us at the contact details set out below. If you are a new investor, we will begin sharing your personal data with our affiliates for direct marketing purposes 30 days from the date of your initial investment in or commitment to the Fund. When you are no longer our investor, we may continue to share personal data with our affiliates for direct marketing purposes, unless and until you elect to unsubscribe from any such communications. - Security: To maintain and protect the security of our premises and facilities, IT systems, databases, websites or other digital infrastructure, including preventing and detecting security incidents, improving data security and protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity, service, testing and maintenance of our systems.
- Disputes and Enforcement: To establish, exercise and defend legal claims, investigate and resolve disputes and enforce our website terms of use and other agreements.
- Compliance: To ensure, monitor and audit compliance with our legal and regulatory obligations and our internal policies and procedures, such as performing our anti-money laundering checks, sanction and anti-terrorism screening, conflict of interest checks and other due diligence checks, international tax reporting requirements, record keeping, disclosures to tax or other regulatory authorities, enforcing and complying with legal judgements, and auditing relating to interactions, transactions and other compliance activities.
- Prevention and Detection: To prevent and detect crime, including fraud or criminal activity and misuses of our products or services.
Your personal data will always be processed in accordance with the Data Protection Laws and may be processed with your consent, upon your instruction, where necessary for the performance of the investment or other contract with you; to comply with our statutory obligations; to protect our or a third party’s legitimate interests, or as otherwise permitted by the Data Protection Laws for the Legitimate Purposes.
You are typically not under a specific legal obligation to provide us with your personal data. However, unless we inform you that providing your personal data is optional, we will typically require your data to provide you or your organization with the requested products and services. If you do not provide such data, we may not be able to provide those products and services. Where personal data is required to satisfy a statutory obligation (including compliance with applicable AML, KYC or sanctions requirements) or a contractual requirement, failure to provide such information may result in your or your organization’s subscription in a fund being rejected or compulsorily redeemed or withdrawn, as applicable. Where there is suspicion of unlawful activity, failure to provide personal data may result in the submission of a report to the relevant law enforcement agency or supervisory authority.
4. With Whom We May Share Personal Data
We may disclose personal data, where that is required by law or for the Legitimate Purposes, with third parties, including:
- CCM Affiliates. With our affiliates worldwide if legally permitted and to the extent required for the purposes set out above.
- Service Providers. With our service providers who process personal data on our behalf and as instructed by us (frequently referred to as “processors”) , e.g. legal, financial and other professional advisors, accountants, fund administrators, prime brokers and executing brokers, lenders, custodians, auditors, counterparties, marketing and communications agencies, placement agents, client-facing application software, archiving services, business management software, telecommunications services and information technology services . Where we engage processors, we will enter into appropriate contractual arrangements in accordance with Data Protection Laws to ensure the integrity and security of your personal data.
- Professional Agencies. With AML or KYC screening services, credit reference or background check agencies or other organizations where required by law or regulation to help us to conduct anti-money laundering and anti-terrorist financing and sanctions checks and to detect fraud and other potential criminal activity.
- Prospective sellers or buyers. With prospective sellers or buyers and their professional advisers in connection with the sale or acquisition of businesses or assets.
- Governmental Authorities. We also disclose your Personal data if we are required or permitted to make disclosures by applicable law (including any regulatory or enforcement body, agency, court or tax authority or their agents) or to the government or private parties in connection with a lawsuit, subpoena, investigation or similar proceeding, or as part of our legislative or regulatory reporting requirements.
- As required by Law. To any other person or organization where that is required under applicable law or regulation and permitted under applicable Data Protection Laws.
5. International Transfers
Because of the international nature of our business, your personal data may be transferred to countries outside of the country where you reside or where we provide services to you or your organization. As such other countries may not have the same level of data protection, we will comply with any applicable requirements under the Data Protection Laws and apply appropriate safeguards to ensure the security and integrity of your Personal data, regardless of where it is processed. Where required we will enter into data transfer agreements in accordance with applicable Data Protection Laws.
6. How We Protect Your Personal Data
Personal data held by us will be kept confidential and protected in accordance with Data Protection Laws and our internal policies and procedures. We will use commercially reasonable efforts to ensure that personal data is kept secure and safe from any loss or unauthorized disclosure or use.
7. Use of Cookies
Our websites and other online resources may use cookies, which are small text files downloaded onto your device. We use the following types of cookies:
- Strictly necessary cookies: These are cookies that are required for the operation of our website. Without these cookies, our website will not work properly. Accordingly, we are not asking you for your consent for these cookies.
- Analytics cookies: These are cookies that help us to improve the websites by collecting and reporting information on how you use it. We will only use these cookies if you provide us with your consent.
You can find more information about the individual cookies we use in the table below:
| Provider | Cookie Name | Cookie Type | Purpose | Further information |
|---|---|---|---|---|
| Microsoft Corporation | ARRAffinity | Strictly necessary cookie | This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session to optimise response times. | Expiry: End of browsing session Microsoft Privacy Statement |
| Microsoft Corporation | ASLBSA | Strictly necessary cookie | This cookie is used in context with load balancing by distributing the traffic load on multiple network links or servers to optimize the response rate between the visitor and the site. | Expiry: End of browsing session Microsoft Privacy Statement |
| Microsoft Corporation | ARRAffinitySameSite | Strictly necessary cookie | This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session to optimise response times. | Expiry: End of browsing session Microsoft Privacy Statement |
| Microsoft Corporation | ASLBSACORS | Strictly necessary cookie | This cookie preserves users states across page requests. | Expiry: End of browsing session Microsoft Privacy Statement |
| Cloudflare, Inc | __cf_bm | Strictly necessary cookie | This cookie is used to distinguish between humans and bots. | Expiry: 30 minutes after continuous inactivity Cloudfare Privacy Poilcy |
| Cerberus | f5avraaaaaaaaaaaaaaaa_session_ | Strictly necessary cookie | This cookie is an integral part of load balancing. It is used to store the user’s session in order to identify it in the application’s traffic. | Expiry: End of browsing session |
| Cerberus | JSESSIONID | Strictly necessary cookie | This cookie preserves users states across page requests. | Expiry: End of browsing session |
| Google LLC | _ga | Analytics cookie | This cookie is used to calculate visitor, session and campaign data for the site’s analytics reports. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors. | Expiry: 2 years Google Analytics Cookies Google Privacy Policy Google Analytics Opt-Out Add on |
| Google LLC | _gid | Analytics cookie | The cookie is used to store information relating to how visitors use the website and helps in creating an analytics report. The data collected includes the number of visitors, the source where they have come from, and the pages visited in an anonymous form. | Expiry: 1 day Google Analytics Cookies Google Privacy Policy Google Analytics Opt-Out Add on |
| Microsoft Corporation | ai_session | Analytics cookie | This cookie name is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. This is a unique anonymous session identifier cookie. | Expiry: End of browsing session Microsoft Privacy Policy |
| Microsoft Corporation | ai_user | Analytics cookie | This cookie is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. This is a unique user identifier cookie enabling counting of the number of users accessing the application over time. | Expiry: 1 year Microsoft Privacy Policy |
Our websites use Google Analytics to collect information regarding visitor behavior and visitor demographics on our website. Google Analytics uses cookies, to help our websites analyze how users use the website. The information generated by the cookie about your use (including your shortened IP address) will be transmitted to and stored by Google on a server which will regularly be located in the United States. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted from your browser as part of Google Analytics will not be put together with other Google data. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Site by going to https://tools.google.com/dlpage/gaoptout.
You may set or change your Cookie Preferences at any time by clicking here. Strictly necessary cookies cannot be opted out as they are required to operate and protect the integrity and security of the Site.
You can also set or amend your web browser controls to reject or block cookies, though your access to some functionality and areas of the Site may be restricted. You should visit your browser’s help menu for more information on how to reject or block cookies.
8. How We Retain Your Personal Data
For how long we retain your personal data will depend on the nature of our relationship with you. We will generally retain your personal data for as long as required for the Legitimate Purposes for which we collected them and for any retention period required to comply with our legal obligations, or as otherwise required or permitted under the Data Protection Laws.
The criteria we apply to determine the appropriate retention period may include, but are not limited to the following:
- The duration of our business relationship with you or your organization and the purposes for which we process your personal data;
- Any relevant legal obligations requiring us to retain data (for example, we may be required to keep records of certain transactions for a certain period of time), and;
- Whether retention is appropriate in consideration of our legal position (such as applicable statutes of limitations, pending or threatened litigation or regulatory investigations).
9. Changes to This Privacy Notice
This Privacy Notice is effective from the date first written above. From time to time, we may make changes or amend this Privacy Notice as required to reflect any changes to the way in which we use personal data or as a result of changes to Data Protection Laws. Any amended information will apply from the date it is posted on our websites. You are advised to refer to our online Privacy Notice regularly, so that you are aware of these changes. In addition, we may communicate material changes to you through appropriate communication channels.
10. Contact and Complaints
We take any complaints we receive about our use of personal data seriously. Questions, comments, requests or complaints regarding the Site, this Privacy Notice, or our use of personal data should be addressed to the contact details below.
Any personal data we receive when a complaint is made will be treated in accordance with this Privacy Notice and utilized only to process the complaint and check on the level of service we provide. Similarly, where inquiries are submitted to us, we will only use the personal data supplied to us to manage and address the inquiry and any subsequent issues and to check on the level of service we provide. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
Questions, requests, and complaints may be directed to:
Cerberus Capital Management, L.P.
Data Protection Officer
875 Third Avenue,
New York, NY 10022
[email protected]
Supplementary Information
1. UNITED STATES
The below additional information applies only to Data Subjects who are residents of the state California in the United States where we process personal data under the California Consumer Privacy Act (“CCPA”).
Data Subject Rights
In accordance with the CCPA you may have the right to:
- Access/port personal data about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic personal data transferred to another party.
- Request correction of your personal data where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal data or we may refer you to the controller of your personal data who is able to make the correction.
- Request deletion of your personal data, subject to certain exceptions prescribed by law.
- Request restriction of or object to processing of your personal data, including the right to opt in or opt out of the sale of your personal data to third parties, if applicable, where such requests are permitted by law.
If you would like to exercise any of these rights, please contact us via email at: [email protected]. You may also contact us via phone at: (646) 885-3490. We will process such requests in accordance with Data Protection Laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
2. EEA; UK AND CAYMAN ISLANDS
The below information applies only to Data Subjects who are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”) or the Cayman Islands and whose personal data we process under the GDPR, the UK GDPR or the DPL.
2.1 Responsible Controller
The responsible controller for any personal data processed by us for the above purposes will be
- Cerberus Capital Management, L.P. (875 Third Avenue, New York, NY 10022, United States of America), and/or
- Cerberus European Capital Advisors, LLP (5 Savile Row, London, W1S 3PB, United Kingdom) if you are an investor located in the EEA or the UK, and/or
- any of our affiliates which is in business contact with you or identified in our communications with you, and/or,
- if you or your organization has invested in funds or investment vehicles managed by us, the entities specified in the respective Client Privacy Notices or fund offering documents provided to you.
2.2 Legal Basis
We process your personal data for the Legitimate Purposes set out above (see “How We Use Your Personal Data”) on the following legal bases:
2.3 International Transfers
Where we transfer your personal data to countries that do not have the same level of data protection as that afforded by Data Protection Laws in the EEA, the UK or the Cayman Islands, we will comply with the applicable requirements under GDPR, UK GDPR and/or DPL and apply appropriate safeguards to ensure the security and integrity of your personal data, in particular by entering into data transfer agreements with the data recipients as required under GDPR which are in the form of EU Standard Contractual Clauses and/or equivalent data transfer agreements under the UK GDPR and DPL. Please contact us using the contact details below if you would like to learn more about the specific transfer safeguards applied.
Where required in consideration of the Data Protection Laws and other laws of the recipient country, we will apply appropriate supplementary safeguards to ensure that the recipients can comply with their obligations under the relevant data transfer agreements and that an adequate level of data protection is ensured.
2.4 Your Data Subject Rights
Under the GDPR, UK GDPR and DPL you may, subject to certain legal conditions, request access to, rectification, erasure or restriction of processing of your personal data. You may also object to processing or, under the GDPR or UK GDPR, request data portability. Additionally, you may have the right to request a copy of the personal data that we hold about you. If your request is unfounded or excessive, we reserve the right to charge an administrative fee.
For any of the above requests, we may require additional proof of identity to verify your identity and to protect your personal data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
PLEASE NOTE THAT IN ACCORDANCE WITH ARTICLE 21 (2) OF THE GDPR YOU MAY HAVE THE RIGHT TO OBJECT TO THE USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES.
If you have given us your consent for the processing of your personal data, you can withdraw the consent at any time with future effect, i.e., the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. If consent is withdrawn, we may only further process your personal data where there is another legal basis for such processing.
If you have any concerns about how your personal data is handled by us or wish to raise a complaint on how we have handled your personal data, you may contact us to have the matter investigated. You may also submit a complaint to the competent data protection supervisory authority in your country. For example, if you are from the UK, you may contact the Information Commissioners Office via their website (www.ico.gov.uk).
2.5 Complaints
If you have any concerns about how your personal data is handled by us or wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated. You may also submit a complaint to the competent data protection supervisory authority in your country. For example, if you are in the UK, you may contact the Information Commissioners Office via their website (www.ico.gov.uk).
3. CHINA
This section applies to you only if we process your personal data under the Personal Information Protection Law of the People’s Republic of China (“PIPL”).
3.1 Controller
In addition to the controllers, specified above for the EEA; UK and Cayman Islands, if you are an investor located in China, the controller for any personal data processed by us in connection with our business relationship will be Cerberus Beijing Advisors Ltd (Room 1539, 15th floor, Plaza A, China World Tower III No. 1 Jianguomenwai Avenue Beijing, 100004 China, +86-10-5737-2677).
3.2 Legal Bases
When we process your personal data for the Legitimate Purposes referred to above (see “How we use your personal data”) we rely on the following legal bases:
3.3 Location of Storage and International Transfers
Where required under the PIPL, we will store all Chinese Client data in China. Where your personal data is transferred outside of China, we will comply with the applicable requirements under the PIPL and take appropriate safeguards to ensure the security and integrity of your personal data, including by entering into appropriate data transfer agreements which may be in the form of Standard Contractual Clauses issued by the Cyberspace Administration China. You may contact us anytime using the contact details below if you would like further information on such safeguards.
3.4 Data Subject Rights
Under the PIPL, you may request access to or copies of, rectification, erasure or restriction of your personal data or de-register your accounts. Additionally, you may have the right to request a copy of the personal data that we hold about you. For any of the above requests, we may require additional proof of identity to verify your identity and to protect your personal data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled. If you have given us your consent for the processing of your personal data, you can withdraw the consent at any time with future effect, i.e., the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process your personal data where there is another legal basis for such processing.
3.5 Complaints
You may submit a complaint to the contact details set out below. You may also file a complaint with the competent data protection supervisory authority – the Cyberspace Administration of China (CAC), 11 Chegongzhuang Street, Xicheng, Beijing.