Privacy Policy

Effective as of August 2020

This Privacy Policy (“Privacy Policy”) is provided by Cerberus Capital Management, L.P. and its affiliates (“CCM”, “we”, or “us”) and sets forth our policies for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of Personal Data, as defined herein. This Privacy Policy applies to any individuals ( “you” or “your”) accessing and using the website www.cerberus.com (the “Site”).

 

Categories of Personal Data We Process

In this Privacy Policy, the term Personal Data generally means any information that could be used to identify an individual (“Personal Data”) and that is covered by applicable privacy and data security laws and regulations of a jurisdiction including but not limited to the EU General Data Protection Regulation (“GDPR”), the US Gramm-Leach-Bliley Act of 1999, as amended (“GLBA”), the California Consumer Privacy Act (“CCPA”), and the Cayman Island Data Protection Law, 2017 (“DPL”) (“Data Protection Laws”).

During our ordinary business activities, CCM may process various categories of Personal Data including but not limited to:

  • Contact information, such as full name, work address, work telephone number, work mobile phone number, work fax number and work email address; and private contact information including home address and personal cell phone, unique identifier and the IP address of your computer or mobile device;
  • Family situation, such as marital status and number of children;
  • Tax status, including tax ID and tax residence;
  • Education and employment information, including level of education, employment, employer’s name and remuneration;
  • Financial data, such as bank account details, credit card numbers, money transfers including communications on bank transfers, assets, investor profile, credit history, debts and expenses and other information needed for billing and payment processing purposes;
  • When identifying you, such as in subscription documents, we may also collect social security numbers, passport information, driver’s license or similar identification information needed for know-your-client (KYC) and anti-money laundering (AML) compliance purposes and in order to provide financial services;
  • Further business information necessarily processed in a business or other contractual relationship with CCM; or provided with your consent;
  • Information collected from publicly available resources, integrity data bases and credit agencies;
  • If legally required for compliance purposes: information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant for antitrust purposes, or other legal diligence processes including reputational risk management;
  • Information obtained by website, newsletter or other analytics technology, in particular your activities when you use our website, view our investor information or other electronic information or use our online products and services (such as downloadable content) which may include information about which content you access at what times and how often;
  • Special categories of Personal Data. In certain circumstances, where required or permitted by law or where you have provided your consent, we may collect special categories of your Personal Data which are specifically protected under Data Protection Laws;
  • In certain circumstances, and where permissible and where you have provided your consent, we may collect Personal Data for recruitment purposes including as it relates to your employment background and any incidents of unlawful conduct.

 

 

How We Process Personal Data

We may collect this personal data in various ways, including:

  • Directly from the Data Subject e.g., when an individual voluntarily submits Personal Data (“Data Subject”) to the Site or sends us an email or other written correspondence or otherwise provides us with Personal Data in the course of our business relationship.
  • Indirectly from other sources e.g., from public records or from a counterparty, typically acting with a Data Subject’s consent or where such consent is not otherwise required by Data Protection Laws.
  • Automatic collection tools e.g., Cookies, as defined in this Privacy Policy, and other analytics or tracking technology may be used to collect certain aggregate data (“Anonymized Data”) and non-Personal Data when a Data Subject visits the Site or third party sites we direct Data Subjects to in order to view our investor information or other electronic information about our products and services.

 

How and On What Basis Do We Use Your Personal Data?

We will process Personal Data including as outlined below:

For Business Purposes

  • Communicating with Data Subjects, including, where permitted by applicable law, providing you with information about investment opportunities, CCM’s products and services and other news about CCM;
  • Performing activities relating to client management, financial management and administration;
  • Conducting market research, surveys, and similar inquiries to help us understand trends, client and website visitor needs;
  • Investigating and resolving disputes and enforcing our website Terms of Use and other agreements;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
  • Monitoring and auditing compliance with internal policies and procedures, legal obligations and to meet requirements and orders of regulatory authorities;
  • Undertaking research for technological development and improving, upgrading or enhancing our products and services;
  • Selling or buying businesses or assets;
  • Establishing, exercising and defending legal claims;
  • Processing and considering applications for employment, including evaluating and confirming your suitability for the position and accuracy of any information submitted.

To Comply with Legal or Regulatory Obligations

  • Complying with legal or regulatory obligations, such as our obligations regarding KYC and AML, or record keeping, including auditing relating to interactions, transactions and other compliance activities;
  • Performing a contract with you or to take steps before entering into a contract, including to: (i) provide you with information regarding CCM investment opportunities or other products or services, (ii) assist you and answer your requests, (iii) evaluate whether we can offer you a CCM product or service and under what conditions.

For Marketing and Communications

We may collect and share Personal Data with our affiliates for direct marketing purposes, such as offers of products and services to you by us or our affiliates (“Marketing Purposes”) unless and until you notify us that you do not wish to be contacted for Marketing Purposes. You may opt out of CCM’s direct marketing at any time. If you are a new investor, we will begin sharing your Personal Data with our affiliates for Marketing Purposes 30 days from the date of your initial investment in or commitment to a fund. When you are no longer our investor, we may continue to share your Personal Data with our affiliates for Marketing Purposes, unless you elect to unsubscribe from any such communications.

 

With Whom Do We Share Personal Data?

  • Within CCM. With our affiliates worldwide if legally permitted and to the extent required for Business Purposes.
  • With third parties. With our service providers worldwide, e.g., legal advisors, fund administrators, custodians, auditors, etc. to process Personal Data for Business Purposes on our behalf and in accordance with our written instructions only.
  • With marketing and communications agencies. With your consent, we may disclose Personal Data you provide to us to companies that perform marketing services on our behalf, such as any placement agent retained by a Fund.
  • With prospective sellers or buyers. With prospective sellers or buyers and their professional advisers in connection with the sale or acquisition of businesses or assets.
  • As required by law. We also disclose your Personal Data if we are required to make disclosures by applicable law or to the government or private parties in connection with a lawsuit, subpoena, investigation or similar proceeding, or as part of our legislative or regulatory reporting requirements.

 

How Do We Protect Your Personal Data?

Personal Data held by us will be kept confidential in accordance with Data Protection Laws and applicable CCM policies and procedures. We will use commercially reasonable efforts to ensure that Personal Data is kept secure and safe from any loss or unauthorized disclosure or use.

 

Use of Cookies

Our Site uses Google Analytics to collect information regarding visitor behavior and visitor demographics on our website. Google Analytics uses text files placed on your computer (“Cookies”), to help our website analyze how users use the Site. The information generated by the cookie about your use (including your shortened IP address) will be transmitted to and stored by Google on a server which will regularly be located in the United States. On our behalf, Google will use this information for the purpose of evaluating your use of the Site, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted from your browser as part of Google Analytics will not be put together with other Google data. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Site by going to http://tools.google.com/dlpage/gaoptout.

 

Additional Information in Relation to Data Processing Under the CCPA

The below additional information applies only to Data Subjects who are residents of the state California in the United States where we process Personal Data under the California Consumer Privacy Act.

Data Subject Rights (CCPA)

In accordance with the CCPA you may have the right to:

  • Access/port Personal Data about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic Personal Data transferred to another party.
  • Request correction of your Personal Data where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your Personal Data or we may refer you to the controller of your Personal Data who is able to make the correction.
  • Request deletion of your Personal Data, subject to certain exceptions prescribed by law.
  • Request restriction of or object to processing of your Personal Data, including the right to opt in or opt out of the sale of your Personal Data to third parties, if applicable, where such requests are permitted by law.

If you would like to exercise any of these rights, please contact us via email at: dataprotectionofficer@cerberus.com. You may also contact us via phone at: (646) 885-3490. We will process such requests in accordance with Data Protection Laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

 

Additional Information in Relation to Data Processing Under the GDPR and DPL

The below information applies only to Data Subjects who are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”) and whose Personal Data we process under the General Data Protection Regulation.

Cerberus Capital Management, L.P. (875 Third Avenue, New York, NY 10022, United States of America) or Cerberus European Capital Advisors, LLP (5 Savile Row, London, W1S 3PB, United Kingdom) if you are an investor located in the EEA or the UK, or any of our affiliates in business contact with you or identified in our communications with you, will be the responsible controller under GDPR for any Personal Data processed by us in connection with our business relationship.

Data Protection Principles

In respect of the collection, holding, storage, use, and processing of your Personal Data:

  • We will process your Personal Data lawfully, fairly and in a transparent way.
  • We will obtain your Personal Data only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • The Personal Data we collect will be relevant to the purposes we have told you about and limited only to those purposes.
  • We will take reasonable steps to ensure that your Personal Data is accurate and kept up to date.
  • Subject to applicable legal or other requirements, we will keep your Personal Data only as long as necessary.
  • We will use appropriate technical and/or organizational measures to ensure appropriate security of your Personal Data.

International Transfers

Because of the international nature of a fund management business, Personal Data may be transferred to countries outside the EEA, the UK or the Cayman Islands, and to jurisdictions where we conduct business or have a service provider, including the United States and other countries that may not have the same level of data protection as that afforded by Data Protection Laws in the EEA, the UK or the Cayman Islands. When doing so we will comply with the applicable requirements under GDPR and/or DPL and take appropriate safeguards to ensure the security and integrity of your Personal Data, in particular by entering into data transfer agreements as required under GDPR which are in the form of EU Standard Contractual Clauses.

Data Subject Rights (GDPR)

Under the GDPR, and DPL more generally, subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your Personal Data. You may also object to processing or, under the GDPR, request data portability. Additionally, you may have the right to request a copy of the Personal Data that we hold about you. If your request is unfounded or excessive, we may charge an administrative fee.

PLEASE NOTE THAT IN ACCORDANCE WITH ARTICLE 21 (2) OF THE GDPR YOU MAY HAVE THE RIGHT TO OBJECT TO THE USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES.

If you have given us your consent for the processing of your Personal Data, you can withdraw the consent at any time with future effect, i.e., the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. Where consent is withdrawn, we may only further process your Personal Data where there is another legal basis for such processing.

For any of the above requests, we may require additional proof of identity to verify your identity and to protect your Personal Data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled.

If you have any concerns about how your Personal Data is handled by us or wish to raise a complaint on how we have handled your Personal Data, you may contact us to have the matter investigated. You may also submit a complaint to the competent data protection supervisory authority in your country. For example, if you are from the UK, you may contact the Information Commissioners Office via their website (www.ico.gov.uk).

 

Changes to This Privacy Policy

From time to time, we may make changes or amend this Privacy Policy as required to reflect any changes to the way in which we use Personal Data or as a result of changes to Data Protection Laws. Any amended information will apply from the date it is posted on the Site.

 

Contact and Complaints

CCM takes any complaints we receive about our use of Personal Data seriously. Questions, comments, requests or complaints regarding the Site, this Privacy Policy, or our use of Personal Data should be addressed to: dataprotectionofficer@cerberus.com.  Any Personal Data we receive when a complaint is made will be treated in accordance with this Privacy Policy and utilized only to process the complaint and check on the level of service we provide. Similarly, where inquiries are submitted to us, we will only use the Personal Data supplied to us to manage and address the inquiry and any subsequent issues and to check on the level of service we provide. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

 

Complaints may be directed to:

Cerberus Capital Management, L.P.
Data Protection Officer
875 Third Avenue,
New York, NY 10022
dataprotectionofficer@cerberus.com