Effective as of June 28, 2022
This Privacy Policy (“Privacy Policy”) is provided by Cerberus Capital Management, L.P. and its affiliates (“CCM”, “we”, “our”, or “us”) and sets forth our policies for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of Personal Data, as defined herein.
This Privacy Policy applies to any individuals ( “you” or “your organization”) who directly or indirectly invests, in funds or investment vehicles managed by us, or otherwise engage or interact with us, and to individuals accessing and using the website www.cerberus.com (the “Site”).
This Privacy Notice explains how we process your personal data and which rights you have in this respect under any applicable privacy and data security laws and regulations (“Data Protection Laws”). If we process your Personal Data under any of the following specific Data Protection Laws, please also refer to the relevant supplementary sections of this Privacy Policy below:
- The EU General Data Protection Regulation (“GDPR”), the GDPR as incorporated into UK law by the Data Protection Act 2018 (“UK GDPR”) or the Cayman Island Data Protection Law, 2017 (“DPL”);
- The US Gramm-Leach-Bliley Act of 1999, as amended (“GLBA”) and the California Consumer Privacy Act (“CCPA”).
Click on one of the links below to jump to the listed section:
Categories of Personal Data We Process
For Which Purpose We Use Your Personal Data
With Whom We Share Personal Data
How We Protect Your Personal Data
Additional Information in Relation to Data Processing Under the CCPA
Additional Information in Relation to Data Processing Under the GDPR, UK GDPR and DPL
Changes to This Privacy Policy
Categories of Personal Data We Process
In this Privacy Policy, the term “Personal Data” generally means any information relating to an individual (also referred to as “Data Subject”) that could be used either alone or together with other information to identify that individual and that is covered by applicable Data Protection Laws.
The nature of the specific Personal Data we process will depend on our relationship with you. During our ordinary business activities, we may process various categories of Personal Data including but not limited to:
- Personal information, such as name, age, date of birth, place of birth, nationality, residential address, private contact details, signature, marital status and the name of your spouse or partner, children, and dependents;
- Where required or appropriate, such as in subscription documents, we may also collect further information identifying you, such as social security numbers, passport information, driver’s license or similar identification information needed for know-your-client (KYC) and anti-money laundering (AML) compliance purposes and in order to provide financial services;
- Contact information, such as work address, work telephone number, work mobile phone number, work fax number and work email address; and private contact information including home address, personal email address and cell phone;
- Tax status, including tax ID and tax residence;
- Professional information, including position, job title, employer, and, where required or appropriate, level of education and remuneration;
- Financial data, such as bank account details, credit card numbers, money transfers including communications on bank transfers, information about assets or net worth, assets, investor profile, credit history, debts and expenses, source of funds details, data in relation to income including salary, benefits and pensions; and liabilities and obligations and information needed for billing and payment processing purposes;
- Marketing and communication data, such as your marketing and communication preferences, marketing communication you responded to, survey responses, any information or services requested by you and records of other communication with you;
- Further business information necessarily processed in a business or other contractual relationship with CCM; or provided with your consent;
- Information collected from publicly available resources, such as integrity data bases and sanctions lists or by professional agencies such as credit agencies or background check agencies;
- If legally required for compliance purposes: information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant for antitrust purposes, or other legal diligence processes including reputational risk management;
- Information obtained by website, newsletter or other analytics technology, in particular your activities when you use our website, view our investor information or other electronic information or use our online products and services (such as downloadable content) which may include information about which content you access at what times and how often, unique identifier and the IP address of your computer or mobile device, browser type and version and plug in types or operating system; and
- Special categories of Personal Data. In certain circumstances, where required or permitted by law or where you have provided your consent, we may collect special categories of your Personal Data which are specifically protected under applicable Data Protection Laws.
How We Collect Your Data
Depending on the nature of our relationship with you, we may collect your Personal Data in various ways, including:
- Directly from you or your organization e.g., when you or your organization provide Personal Data to us by completing subscription documents, sending us emails or other written correspondence or otherwise providing us with Personal Data in the course of our business relationship.
- Indirectly from other sources e.g., from public records, credit reference agencies, background check agencies or from a counterparty involved in an investment or other business relationship with you.
- Automatic collection tools e.g., Cookies, as defined in this Privacy Policy, and other analytics or tracking technology may be used to collect certain aggregate data (“Anonymized Data”) and non-Personal Data when you visit the Site or third party sites we direct you to in order to view our investor information or other electronic information about our products and services.
For which Purpose We Use Your Personal Data
Depending on the nature of our relationship with you, we may process Personal Data for the following purposes:
For Business Purposes
- To accept a subscription for an investment and delivering the services or products under a contract with you or your organization;
- Financial management and administration, executing transactions, managing payments, fees and charges and collecting and recovering debts owed to us;
- General administration of your or your organizations’ investment or other business relationship with us, including communicating with investors, service providers and counterparties, accounting and auditing accounts, risk monitoring, keeping internal records, notifying you about changes to our terms of business or this Privacy Policy;
- Engaging vendors, service providers and suppliers and performing relevant contracts;
- Interacting with governmental or regulatory bodies or other competent authorities;
- Conducting market research, surveys, and similar inquiries to help us understand trends, client and website visitor needs and testing and upgrading our systems and processes to improve and enhance our products, services and technologies;
- Allowing you to register for our and attend our conferences and other events that we host;
- Maintaining and protecting the security of our premises and facilities, IT systems, databases, websites or other digital infrastructure, including preventing and detecting security incidents, improving data security and protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity, service, testing and maintenance of our systems;
- Monitoring and auditing compliance with internal policies and procedures, legal obligations and to meet requirements and orders of regulatory authorities;
- Selling or buying businesses or assets;
- To ensure that content from our website are presented in the most effective manner for you and your device;
- Establishing, exercising and defending legal claims, investigating and resolving disputes and enforcing our website Terms of Use and other agreements;
To Comply with Legal or Regulatory Obligations
- Complying with our legal or regulatory obligations, such as record keeping, disclosures to tax or other regulatory authorities, enforcing and complying with legal judgements, and including auditing relating to interactions, transactions and other compliance activities;
- Preventing and detecting crime, including fraud or criminal activity and misuses of our products or services;
- Performing a contract with you or your organization or to take steps before entering into a contract, including to: (i) perform KYC and AML checks, sanction and anti-terrorism screening, fraud prevention, conflict of interest checks and other due diligence checks, (ii) receive and handle complaints, requests or reports from you, (iii) evaluate whether we can offer you a CCM product or service and under what conditions; and/or
For Marketing and Communication Purposes
- We may collect and share your Personal Data with our affiliates for direct marketing purposes, such as informing you electronically or by paper about investment opportunities, offers of products and services to you by us or our affiliates, inviting you to participate in surveys and providing you with other news about CCM (“Marketing Purposes”) unless and until you notify us that you do not wish to be contacted for Marketing Purposes. If you or your organization are a new investor, we will begin sharing your Personal Data with our affiliates for Marketing Purposes 30 days from the date of the initial investment in or commitment to a fund. When you or your organization are no longer our investor, we may continue to share your Personal Data with our affiliates for Marketing Purposes, unless you elect to unsubscribe from any such communications.
You may opt out of CCM’s direct marketing at any time by clicking the opt-out links in any electronic marketing communication we send to you or by using the contact details in the “Contact and Complaints” section below.
Unless we inform you that the provision of your Personal Data is optional, any Personal Data we request is necessary for us to provide you or your organization with the products and services requested. If you do not provide the Personal Data requested, we may not be able to provide those products and services.
With Whom We Share Personal Data
- CCM Affiliates. With our affiliates worldwide if legally permitted and to the extent required for the purposes set out above.
- Service Providers. With our service providers worldwide, e.g. legal, financial and other professional advisors, accountants, fund administrators, custodians, auditors, counterparties, marketing and communications agencies, placement agents, who will process your Personal Data on our behalf and in accordance with our instructions only.
- Professional Agencies. With credit reference or background check agencies or other organizations where required by law or regulation to help us to conduct anti-money laundering and anti-terrorist financing checks and to detect fraud and other potential criminal activity.
- Prospective sellers or buyers. With prospective sellers or buyers and their professional advisers in connection with the sale or acquisition of businesses or assets.
- Governmental Authorities. We also disclose your Personal Data if we are required or permitted to make disclosures by applicable law (including any regulatory or enforcement body, agency, court or tax authority or their agents) or to the government or private parties in connection with a lawsuit, subpoena, investigation or similar proceeding, or as part of our legislative or regulatory reporting requirements.
- As required by Law. To any other person or organization where that is required under applicable law or regulation and permitted under applicable Data Protection Laws.
International Transfers
Because of the international nature of a fund management business, Personal Data may be transferred to countries outside of the country where you reside or where we provide services to you or your organization. As such other countries may not have the same level of data protection, we will comply with any applicable requirements under the Data Protection Laws and apply appropriate safeguards to ensure the security and integrity of your Personal Data, regardless of where it is processed. Where required we will enter into data transfer agreements in accordance with applicable Data Protection Laws, including as specifically set out below for the GDPR, UK GDPR and DPL.
How We Protect Your Personal Data
Personal Data held by us will be kept confidential and protected in accordance with Data Protection Laws and applicable CCM policies and procedures. We will use commercially reasonable efforts to ensure that Personal Data is kept secure and safe from any loss or unauthorized disclosure or use.
Use of Cookies
Our Site uses cookies, which are small text files downloaded onto your device. We use the following types of cookies:
- Strictly necessary cookies: These are cookies that are required for the operation of our website. Without these cookies, our website will not work properly. Accordingly, we are not asking you for your consent for these cookies.
- Analytics cookies: These are cookies that help us to improve the Site by collecting and reporting information on how you use it. We will only use these cookies if you provide us with your consent.
You can find more information about the individual cookies we use in the table below:
Provider | Cookie Name | Cookie Type | Purpose | Further information |
---|---|---|---|---|
Microsoft Corporation | ARRAffinity | Strictly necessary cookie | This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session to optimise response times. | Expiry: End of browsing session Microsoft Privacy Statement |
Microsoft Corporation | ASLBSA | Strictly necessary cookie | This cookie is used in context with load balancing by distributing the traffic load on multiple network links or servers to optimize the response rate between the visitor and the site. | Expiry: End of browsing session Microsoft Privacy Statement |
Microsoft Corporation | ARRAffinitySameSite | Strictly necessary cookie | This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session to optimise response times. | Expiry: End of browsing session Microsoft Privacy Statement |
Microsoft Corporation | ASLBSACORS | Strictly necessary cookie | This cookie preserves users states across page requests. | Expiry: End of browsing session Microsoft Privacy Statement |
Cloudflare, Inc | __cf_bm | Strictly necessary cookie | This cookie is used to distinguish between humans and bots. | Expiry: 30 minutes after continuous inactivity Cloudfare Privacy Poilcy |
Cerberus | f5avraaaaaaaaaaaaaaaa_session_ | Strictly necessary cookie | This cookie is an integral part of load balancing. It is used to store the user’s session in order to identify it in the application’s traffic. | Expiry: End of browsing session |
Cerberus | JSESSIONID | Strictly necessary cookie | This cookie preserves users states across page requests. | Expiry: End of browsing session |
Google LLC | _ga | Analytics cookie | This cookie is used to calculate visitor, session and campaign data for the site’s analytics reports. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors. | Expiry: 2 years Google Analytics Cookies Google Privacy Policy Google Analytics Opt-Out Add on |
Google LLC | _gid | Analytics cookie | The cookie is used to store information relating to how visitors use the website and helps in creating an analytics report. The data collected includes the number of visitors, the source where they have come from, and the pages visited in an anonymous form. | Expiry: 1 day Google Analytics Cookies Google Privacy Policy Google Analytics Opt-Out Add on |
Microsoft Corporation | ai_session | Analytics cookie | This cookie name is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. This is a unique anonymous session identifier cookie. | Expiry: End of browsing session Microsoft Privacy Policy |
Microsoft Corporation | ai_user | Analytics cookie | This cookie is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. This is a unique user identifier cookie enabling counting of the number of users accessing the application over time. | Expiry: 1 year Microsoft Privacy Policy |
Our Site uses Google Analytics to collect information regarding visitor behavior and visitor demographics on our website. Google Analytics uses cookies, to help our website analyze how users use the Site. The information generated by the cookie about your use (including your shortened IP address) will be transmitted to and stored by Google on a server which will regularly be located in the United States. On our behalf, Google will use this information for the purpose of evaluating your use of the Site, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted from your browser as part of Google Analytics will not be put together with other Google data. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Site by going to https://tools.google.com/dlpage/gaoptout.
You may set or change your Cookie Preferences at any time by clicking here. Strictly necessary cookies cannot be opted out as they are required to operate and protect the integrity and security of the Site.
You can also set or amend your web browser controls to reject or block cookies, though your access to some functionality and areas of the Site may be restricted. You should visit your browser’s help menu for more information on how to reject or block cookies.
Retention of Personal Data
For how long we retain your Personal Data will depend on the nature of our relationship with you. We will generally retain your Personal for as long as required for the purposes for which we are processing your Personal Data (as set out above) and for any retention period required to comply with our legal obligations.
The criteria we apply to determine the appropriate retention period include, but are not limited to the following:
- The duration of our business relationship with you or your organization and the purposes for which we process your personal data;
- Any relevant legal obligations requiring us to retain data (for example, we may be required to keep records of certain transactions for a certain period of time) and
- Whether retention is appropriate in consideration of our legal position (such as applicable statutes of limitations, pending or threatened litigation or regulatory investigations).
Additional Information in Relation to Data Processing Under the CCPA
The below additional information applies only to Data Subjects who are residents of the state California in the United States where we process Personal Data under the California Consumer Privacy Act.
Data Subject Rights (CCPA)
In accordance with the CCPA you may have the right to:
- Access/port Personal Data about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic Personal Data transferred to another party.
- Request correction of your Personal Data where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your Personal Data or we may refer you to the controller of your Personal Data who is able to make the correction.
- Request deletion of your Personal Data, subject to certain exceptions prescribed by law.
- Request restriction of or object to processing of your Personal Data, including the right to opt in or opt out of the sale of your Personal Data to third parties, if applicable, where such requests are permitted by law.
If you would like to exercise any of these rights, please contact us via email at: [email protected]. You may also contact us via phone at: (646) 885-3490. We will process such requests in accordance with Data Protection Laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
Additional Information in Relation to Data Processing Under the GDPR, UK GDPR and DPL
The below information applies only to Data Subjects who are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”) or the Cayman Islands and whose Personal Data we process under the GDPR, the UK GDPR or the DPL.
a) Responsible Controller
The responsible controller for any Personal Data processed by us for the above purposes will be
- Cerberus Capital Management, L.P.(875 Third Avenue, New York, NY 10022, United States of America),
- and/or Cerberus European Capital Advisors, LLP(5 Savile Row, London, W1S 3PB, United Kingdom) if you are an investor located in the EEA or the UK,
- and/or any of our affiliates which is in business contact with you or identified in our communications with you,
- and/or, if you or your organization has invested in funds or investment vehicles managed by us, the entities specified in the respective Client Privacy Notices or fund offering documents provided to you.
b) Legal Basis
We process your personal data for the purposes set out above (see “For which Purpose We Use Your Personal Data”) on the following legal bases:
Purpose | Legal Basis |
---|---|
Business Purposes | |
Accepting investment subscription and performing contract with you or your organisation | Performance of a contract |
Financial management and administration, transactions execution, payment and fees management, and debt management | Performance of a contract Legitimate Interest: to perform our contract with your organisation, manage payments and recover debt owed to us |
General administration of your or your organizations’ investment or other business relationship with us | Performance of a contract |
Engaging vendors and performing vendor contracts | Performance of a contract Legitimate interest: to ensure reliability and suitability of our vendors |
Interacting with regulatory authorities | Legal or regulatory obligation |
Market research, surveys and technological development | Legitimate Interest: to improve our products, services and technologies |
Event registration and management | Legitimate Interest: event management and administration. |
Identifying and preventing security threats to facilities, premises and systems | Legitimate Interest: office and facilities security and administration, maintain our IT systems, network and data security |
Internal audits and complying with regulatory orders | Legal or regulatory obligation |
Selling or buying businesses or assets | Performance of a contract |
Website presentation | Legitimate Interest: ensure website content is effectively presented |
Establishing, exercising and defending legal claims | Legal claim |
Legal or Regulatory Purposes | |
Compliance activities | Legal or regulatory obligation Legitimate Interest: to comply with our legal obligations |
Crime detection and prevention | Legal or regulatory obligation Legitimate Interest: to comply with our legal obligations |
Due diligence checks | Legal or regulatory obligation Legitimate Interest: to comply with our legal obligations |
Marketing and Communication Purposes | |
Direct Marketing | Consent (where required) Legitimate Interest: to promote our products and services |
You may opt out of CCM’s direct marketing at any time by clicking the opt-out links in any electronic marketing communication we send to you or by using the contact details in the “Contact and Complaints” section below.
Unless we inform you that the provision of your Personal Data is optional, any Personal Data we request is necessary for us to provide you or your organization with the products and services requested. If you do not provide the Personal Data requested, we may not be able to provide those products and services.
c) Data Protection Principles
In respect of the collection, holding, storage, use, and processing of your Personal Data:
- We will process your Personal Data lawfully, fairly and in a transparent way.
- We will obtain your Personal Data only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- The Personal Data we collect will be relevant to the purposes we have told you about and limited only to those purposes.
- We will take reasonable steps to ensure that your Personal Data is accurate and kept up to date.
- Subject to applicable legal or other requirements, we will keep your Personal Data only as long as necessary.
- We will use appropriate technical and/or organizational measures to ensure appropriate security of your Personal Data.
d) International Transfers
Where we transfer your Personal Data to countries that do not have the same level of data protection as that afforded by Data Protection Laws in the EEA, the UK or the Cayman Islands, we will comply with the applicable requirements under GDPR, UK GDPR and/or DPL and apply appropriate safeguards to ensure the security and integrity of your Personal Data, in particular by entering into data transfer agreements with the data recipients as required under GDPR which are in the form of EU Standard Contractual Clauses and/or equivalent data transfer agreements under the UK GDPR and DPL. Please contact us using the contact details below if you would like to learn more about the specific transfer safeguards applied.
Where required in consideration of the Data Protection Laws and other laws of the recipient country, we will apply appropriate supplementary safeguards to ensure that the recipients can comply with their obligations under the relevant data transfer agreements and that an adequate level of data protection is ensured.
e) Your Data Subject Rights
Under the GDPR, UK GDPR and DPL you may, subject to certain legal conditions, request access to, rectification, erasure or restriction of processing of your Personal Data. You may also object to processing or, under the GDPR or UK GDPR, request data portability. Additionally, you may have the right to request a copy of the Personal Data that we hold about you. If your request is unfounded or excessive, we reserve the right to charge an administrative fee.
For any of the above requests, we may require additional proof of identity to verify your identity and to protect your Personal Data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
PLEASE NOTE THAT IN ACCORDANCE WITH ARTICLE 21 (2) OF THE GDPR YOU MAY HAVE THE RIGHT TO OBJECT TO THE USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES.
If you have given us your consent for the processing of your Personal Data, you can withdraw the consent at any time with future effect, i.e., the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. If consent is withdrawn, we may only further process your Personal Data where there is another legal basis for such processing.
If you have any concerns about how your Personal Data is handled by us or wish to raise a complaint on how we have handled your Personal Data, you may contact us to have the matter investigated. You may also submit a complaint to the competent data protection supervisory authority in your country. For example, if you are from the UK, you may contact the Information Commissioners Office via their website (www.ico.gov.uk).
Changes to This Privacy Policy
From time to time, we may make changes or amend this Privacy Policy as required to reflect any changes to the way in which we use Personal Data or as a result of changes to Data Protection Laws. Any amended information will apply from the date it is posted on the Site. You are advised to visit the Site regularly to check for any amendments. In addition, we may communicate material changes to you through the appropriate channel we normally use to communicate with you.
Contact and Complaints
CCM takes any complaints we receive about our use of Personal Data seriously. Questions, comments, requests or complaints regarding the Site, this Privacy Policy, or our use of Personal Data should be addressed to: [email protected]. Any Personal Data we receive when a complaint is made will be treated in accordance with this Privacy Policy and utilized only to process the complaint and check on the level of service we provide. Similarly, where inquiries are submitted to us, we will only use the Personal Data supplied to us to manage and address the inquiry and any subsequent issues and to check on the level of service we provide. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
Complaints may be directed to:
Cerberus Capital Management, L.P.
Data Protection Officer
875 Third Avenue,
New York, NY 10022
[email protected]