Effective as of December 11, 2024
This privacy notice (“Privacy Notice”) is provided by Cerberus Capital Management, L.P. and its affiliates as identified in this Privacy Notice (“CCM”, “we”, “our”, or “us”) and sets forth our policies for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of personal data, as defined herein.
This Privacy Policy applies to any individuals ( “you” or “your organization”) who directly or indirectly invests, in funds or investment vehicles managed by us, or otherwise engage or interact with us, and to individuals accessing and using the website www.cerberus.com (the “Site”).
This Privacy Notice explains how we process your personal data and which rights you have in this respect under any applicable privacy and data security laws and regulations (“Data Protection Laws”). We may provide you with further privacy information on specific occasions so that you are fully aware of how and why we are using your personal data. Where we refer to “personal data” in this Privacy Notice, we mean any information that relates to you or from which you can be identified or equivalent concepts under the applicable Data Protection Laws.
Please note that the Data Protection Laws of some countries will provide for special or deviating rules in relation to the processing of your personal data. We have summarized these specific rules for the relevant countries in the supplementary sections at the end of this Privacy Notice below. These sections will only apply to you if we process your personal data under the laws of the respective country.
We encourage to read our Privacy Notice completely, but you may also click below to jump directly to any section you are specifically interested in:
1. Categories of Personal Data We Process
3. For Which Purpose We Use Your Personal Data
4. With Whom We May Share Personal Data
6. How We Protect Your Personal Data
8. How We Retain Your Personal Data
9. Changes to This Privacy Policy
Supplementary information for specific countries only:
1. United states
2. EEA, UK and Cayman Islands
3. China
1. Categories of Personal Data We Process
The nature of the specific personal data we process will depend on our relationship with you. During our ordinary business activities, we may process various categories of personal data including but not limited to:
- Identifying Information: This may include information used to identify a specific individual, such as: given name(s), preferred name(s), nickname(s), academic grades or other titles, date of birth, age, place of birth, signature, nationality, passport or other national or government identity documents details, photographs, principal residential address, bills or correspondence showing address, identity risk assessment score and feedback.
- Contact Information: This may include postal address, telephone number, email address or other communication channel addresses.
- Personal Information: This may include marital status, and Identifying and Contact Information about your spouse or partner, children, and dependents.
- Financial Information: This may include bank account details, credit card numbers, and income details, source of wealth information, source of funds details, money transfers including communications on bank transfers, information about assets or net worth, social security or national insurance number mandate details, investor profile data, investment preferences, risk appetite, restrictions and objectives, financial history, income, income requirements, liabilities and obligations, liquidity information, credit rating, investor classification, tax identification number, country of tax residence, income verification data, financial details, and information needed for billing and payment processing purposes.
- Professional Information: This may include employer, employment status, position, job title and, where required or appropriate, employment history or information on qualifications.
- Interaction Information: This may include time, date and content of email, telephone or other communication, including communication for marketing purposes, marketing preferences and interaction, enquiries, disputes, investigations or other interaction with or activities concerning you, such as information regarding the use of any of our websites, fund data rooms or investor reporting portals (e.g., cookies, browsing history and/or search history), information or services requested by you, and records of any other interaction or communication with you.
- Sensitive Information: In certain circumstances, if so required by law, we may also collect, use, store and transfer sensitive data about you. In particular, as part of our due diligence processes, we may collect information as to :
– your political opinions and affiliations, if so required by law so that we can identify that you are, or are connected to, a politically exposed person; and
– your criminal records or alleged criminal activity, if so required by law as part of a background check.
2. How We Collect Your Data
Depending on the nature of our relationship with you, we may collect your Personal Data in various ways, including:
- Directly from you or your organization,including by completing subscription documents, investor questionnaires, applications or other forms (including, without limitation, any anti-money laundering, identification, and verification documentation), sending us emails or other written correspondence, via our website, fund data rooms and/or investor reporting portals (as applicable) or otherwise providing us with Personal data in the course of our business relationship.
- Indirectly from third parties or other sources, including from your nominated financial institution or other representative (i.e., a broker or solicitor acting on your behalf), our affiliates, fund administrators, tax authorities, governmental agencies and supervisory authorities, fraud prevention and detection agencies, public records, anti-money laundering (“AML”), know-your-client (“KYC”) or other due diligence providers, credit reference agencies, background check agencies or from a counterparty involved in an investment or other business relationship with you.
- Through automated data collection tools, including Cookies, as defined in this Privacy Notice, and other analytics or tracking technology which may be used to collect certain data when you visit the Site or third party sites we direct you to in order to view our investor information or other electronic information about our products and services.
3. How We Use Your Personal Data
Depending on the nature of our relationship with you, we may process Personal Data for the following purposes:
- Managing and Performing our Business Relationship: To enter into, perform, manage and administer your business relationship with us, e.g. by performing transactions and orders, selling or buying assets related to you or your organization, processing payments, executing transactions, managing payments, fees and charges and collecting and recovering debts owed to us, engaging vendors, service providers and suppliers and performing relevant contracts, performing accounting, auditing, billing and collection activities or providing you with any other services or things you may have requested, processing and responding to any enquiries you have submitted to us, receiving and handling complaints, requests or reports from you, engaging with governmental or regulatory bodies or other competent authorities, and notifying you about changes to our terms or this Privacy Notice.
- Fund Administration: If you or your organization are an investor in a fund managed or owned by us, to administer and manage such investment, including holding your information on the ownership register, using your contact details to send you notices of meetings and investor communications and using your financial information (e.g. bank account details) to make payment of redemption or distribution monies.
- Direct Marketing and Customer Relationship Management: To send you marketing information about products investment opportunities or services that we think may be of interest to you, invite you to conferences and events and handle your registration and attendance, update you on other news about us, conduct market research, surveys, and similar inquiries to help us understand trends, client and website visitor needs and to improve and enhance our products, services, systems, processes and technologies.
You may opt out of direct marketing at any time by electing to unsubscribe in any direct marketing communication received from us or notifying us at the contact details set out below. If you are a new investor, we will begin sharing your personal data with our affiliates for direct marketing purposes 30 days from the date of your initial investment in or commitment to the Fund. When you are no longer our investor, we may continue to share personal data with our affiliates for direct marketing purposes, unless and until you elect to unsubscribe from any such communications. - Security: To maintain and protect the security of our premises and facilities, IT systems, databases, websites or other digital infrastructure, including preventing and detecting security incidents, improving data security and protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity, service, testing and maintenance of our systems.
- Disputes and Enforcement: To establish, exercise and defend legal claims, investigate and resolve disputes and enforce our website terms of use and other agreements.
- Compliance: To ensure, monitor and audit compliance with our legal and regulatory obligations and our internal policies and procedures, such as performing our anti-money laundering checks, sanction and anti-terrorism screening, conflict of interest checks and other due diligence checks, international tax reporting requirements, record keeping, disclosures to tax or other regulatory authorities, enforcing and complying with legal judgements, and auditing relating to interactions, transactions and other compliance activities.
- Prevention and Detection: To prevent and detect crime, including fraud or criminal activity and misuses of our products or services.
Your personal data will always be processed in accordance with the Data Protection Laws and may be processed with your consent, upon your instruction, where necessary for the performance of the investment or other contract with you; to comply with our statutory obligations; to protect our or a third party’s legitimate interests, or as otherwise permitted by the Data Protection Laws for the Legitimate Purposes.
You are typically not under a specific legal obligation to provide us with your personal data. However, unless we inform you that providing your personal data is optional, we will typically require your data to provide you or your organization with the requested products and services. If you do not provide such data, we may not be able to provide those products and services. Where personal data is required to satisfy a statutory obligation (including compliance with applicable AML, KYC or sanctions requirements) or a contractual requirement, failure to provide such information may result in your or your organization’s subscription in a fund being rejected or compulsorily redeemed or withdrawn, as applicable. Where there is suspicion of unlawful activity, failure to provide personal data may result in the submission of a report to the relevant law enforcement agency or supervisory authority.
4. With Whom We May Share Personal Data
We may disclose personal data, where that is required by law or for the Legitimate Purposes, with third parties, including:
- CCM Affiliates. With our affiliates worldwide if legally permitted and to the extent required for the purposes set out above.
- Service Providers. With our service providers who process personal data on our behalf and as instructed by us (frequently referred to as “processors”) , e.g. legal, financial and other professional advisors, accountants, fund administrators, prime brokers and executing brokers, lenders, custodians, auditors, counterparties, marketing and communications agencies, placement agents, client-facing application software, archiving services, business management software, telecommunications services and information technology services . Where we engage processors, we will enter into appropriate contractual arrangements in accordance with Data Protection Laws to ensure the integrity and security of your personal data.
- Professional Agencies. With AML or KYC screening services, credit reference or background check agencies or other organizations where required by law or regulation to help us to conduct anti-money laundering and anti-terrorist financing and sanctions checks and to detect fraud and other potential criminal activity.
- Prospective sellers or buyers. With prospective sellers or buyers and their professional advisers in connection with the sale or acquisition of businesses or assets.
- Governmental Authorities. We also disclose your Personal data if we are required or permitted to make disclosures by applicable law (including any regulatory or enforcement body, agency, court or tax authority or their agents) or to the government or private parties in connection with a lawsuit, subpoena, investigation or similar proceeding, or as part of our legislative or regulatory reporting requirements.
- As required by Law. To any other person or organization where that is required under applicable law or regulation and permitted under applicable Data Protection Laws.
5. International Transfers
Because of the international nature of our business, your personal data may be transferred to countries outside of the country where you reside or where we provide services to you or your organization. As such other countries may not have the same level of data protection, we will comply with any applicable requirements under the Data Protection Laws and apply appropriate safeguards to ensure the security and integrity of your Personal data, regardless of where it is processed. Where required we will enter into data transfer agreements in accordance with applicable Data Protection Laws.
6. How We Protect Your Personal Data
Personal data held by us will be kept confidential and protected in accordance with Data Protection Laws and our internal policies and procedures. We will use commercially reasonable efforts to ensure that personal data is kept secure and safe from any loss or unauthorized disclosure or use.
7. Use of Cookies
Our websites and other online resources may use cookies, which are small text files downloaded onto your device. We use the following types of cookies:
- Strictly necessary cookies: These are cookies that are required for the operation of our website. Without these cookies, our website will not work properly. Accordingly, we are not asking you for your consent for these cookies.
- Analytics cookies: These are cookies that help us to improve the websites by collecting and reporting information on how you use it. We will only use these cookies if you provide us with your consent.
You can find more information about the individual cookies we use in the table below:
Provider | Cookie Name | Cookie Type | Purpose | Further information |
---|---|---|---|---|
Microsoft Corporation | ARRAffinity | Strictly necessary cookie | This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session to optimise response times. | Expiry: End of browsing session Microsoft Privacy Statement |
Microsoft Corporation | ASLBSA | Strictly necessary cookie | This cookie is used in context with load balancing by distributing the traffic load on multiple network links or servers to optimize the response rate between the visitor and the site. | Expiry: End of browsing session Microsoft Privacy Statement |
Microsoft Corporation | ARRAffinitySameSite | Strictly necessary cookie | This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session to optimise response times. | Expiry: End of browsing session Microsoft Privacy Statement |
Microsoft Corporation | ASLBSACORS | Strictly necessary cookie | This cookie preserves users states across page requests. | Expiry: End of browsing session Microsoft Privacy Statement |
Cloudflare, Inc | __cf_bm | Strictly necessary cookie | This cookie is used to distinguish between humans and bots. | Expiry: 30 minutes after continuous inactivity Cloudfare Privacy Poilcy |
Cerberus | f5avraaaaaaaaaaaaaaaa_session_ | Strictly necessary cookie | This cookie is an integral part of load balancing. It is used to store the user’s session in order to identify it in the application’s traffic. | Expiry: End of browsing session |
Cerberus | JSESSIONID | Strictly necessary cookie | This cookie preserves users states across page requests. | Expiry: End of browsing session |
Google LLC | _ga | Analytics cookie | This cookie is used to calculate visitor, session and campaign data for the site’s analytics reports. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors. | Expiry: 2 years Google Analytics Cookies Google Privacy Policy Google Analytics Opt-Out Add on |
Google LLC | _gid | Analytics cookie | The cookie is used to store information relating to how visitors use the website and helps in creating an analytics report. The data collected includes the number of visitors, the source where they have come from, and the pages visited in an anonymous form. | Expiry: 1 day Google Analytics Cookies Google Privacy Policy Google Analytics Opt-Out Add on |
Microsoft Corporation | ai_session | Analytics cookie | This cookie name is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. This is a unique anonymous session identifier cookie. | Expiry: End of browsing session Microsoft Privacy Policy |
Microsoft Corporation | ai_user | Analytics cookie | This cookie is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. This is a unique user identifier cookie enabling counting of the number of users accessing the application over time. | Expiry: 1 year Microsoft Privacy Policy |
Our websites use Google Analytics to collect information regarding visitor behavior and visitor demographics on our website. Google Analytics uses cookies, to help our websites analyze how users use the website. The information generated by the cookie about your use (including your shortened IP address) will be transmitted to and stored by Google on a server which will regularly be located in the United States. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted from your browser as part of Google Analytics will not be put together with other Google data. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and processing of data generated by your use of the Site by going to https://tools.google.com/dlpage/gaoptout.
You may set or change your Cookie Preferences at any time by clicking here. Strictly necessary cookies cannot be opted out as they are required to operate and protect the integrity and security of the Site.
You can also set or amend your web browser controls to reject or block cookies, though your access to some functionality and areas of the Site may be restricted. You should visit your browser’s help menu for more information on how to reject or block cookies.
8. How We Retain Your Personal Data
For how long we retain your personal data will depend on the nature of our relationship with you. We will generally retain your personal data for as long as required for the Legitimate Purposes for which we collected them and for any retention period required to comply with our legal obligations, or as otherwise required or permitted under the Data Protection Laws.
The criteria we apply to determine the appropriate retention period may include, but are not limited to the following:
- The duration of our business relationship with you or your organization and the purposes for which we process your personal data;
- Any relevant legal obligations requiring us to retain data (for example, we may be required to keep records of certain transactions for a certain period of time), and;
- Whether retention is appropriate in consideration of our legal position (such as applicable statutes of limitations, pending or threatened litigation or regulatory investigations).
9. Changes to This Privacy Notice
This Privacy Notice is effective from the date first written above. From time to time, we may make changes or amend this Privacy Notice as required to reflect any changes to the way in which we use personal data or as a result of changes to Data Protection Laws. Any amended information will apply from the date it is posted on our websites. You are advised to refer to our online Privacy Notice regularly, so that you are aware of these changes. In addition, we may communicate material changes to you through appropriate communication channels.
10. Contact and Complaints
We take any complaints we receive about our use of personal data seriously. Questions, comments, requests or complaints regarding the Site, this Privacy Notice, or our use of personal data should be addressed to the contact details below.
Any personal data we receive when a complaint is made will be treated in accordance with this Privacy Notice and utilized only to process the complaint and check on the level of service we provide. Similarly, where inquiries are submitted to us, we will only use the personal data supplied to us to manage and address the inquiry and any subsequent issues and to check on the level of service we provide. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
Questions, requests, and complaints may be directed to:
Cerberus Capital Management, L.P.
Data Protection Officer
875 Third Avenue,
New York, NY 10022
[email protected]