Legal

Privacy Policy

Effective Date: September 1st, 2024.  

1. Introduction

This Privacy Policy describes how Fifth Wall Companies (“Fifth Wall,” “we,” “our,” or “us”) collects, uses, and discloses information about you as well as your choices regarding such information. For purposes of this Privacy Policy, unless otherwise stated, “information” or “personal information” means information relating to an identified or identifiable individual, and does not include aggregate information or information that does not identify you. This Privacy Policy applies to information we collect where we control the purposes and means of processing. Specifically, it applies to information we collect through any of our websites, emails, and other online services that link to this Privacy Policy (the “Service”). It does not apply to information collected by third parties or information collected in the context of your employment with us. Please note that your use of the Service is subject to our Terms of Use.

Some regions provide additional rights by law, as described below: 

  • California
  • Nevada
  • European Economic Area, Switzerland, and United Kingdom

If you are a U.S. consumer and have a financial product or service with us, such as an investment account through our Investor Portal, we will use and share any information that we collect from or about you not in accordance with this Privacy Policy, instead with our U.S. Consumer Privacy Notice, which offers you certain choices with respect to the use and sharing of your personal information.

For our contact details, see the “Contact Us” section below.

2. How We Collect Information

We collect information about you in a variety of contexts, as described below.

Information You Provide through the Service.

When you use the Service, you may be asked to provide information to us, such as when you create an account, make a purchase, sign up for our newsletters or other communications, participate in a promotion, respond to our surveys, contact support, visit our conferences, trade shows, or other in-person events, or apply for a job. The categories of information we may collect include:

  • Contact identifiers, including your name, email address, postal address, phone number, social security number, driver’s license number, passport number, Individual Tax Identification Number (“ITIN”), and other government-issued identification numbers. 
  • Financial information, including account balance or history, income and other financial data, investment experience, risk tolerance, redemptions or withdrawals, and information about your personal investment goals or objectives.
  • Characteristics or demographics, including your age, date of birth, gender, and country.
  • Commercial or transactions information, including records of products, subscriptions, or services you purchased, obtained, or considered.
  • Account credentials, including your username, password, password hints, and other information for authentication or account access.
  • Content, including content within any messages you send to us (such as feedback, questions, or survey responses). 
  • Professional, employment, or education-related information, including your employment and work history, transcripts, writing samples, references, and other information necessary to consider you for a job.

Please do not provide any information that we do not request. 

Information from Your Browser or Device.

When you use the Service, we and third parties we work with automatically collect information from your browser or device. The categories of information we automatically collect include:

  • Device identifiers, including your device’s IP address. 
  • Device information, including your device’s operating software and browser (e.g., type, version, and configuration), internet service provider, and regional and language settings.
  • Internet activity, including information about your browsing history and interactions, such as the features you use, pages you visit, content you view, subscription purchases you make or consider, time of day you browse, and referring and exiting pages.
  • Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level. 

This information is automatically collected through cookies and other tracking technologies incorporated into our Service, as described below:

  • Cookies. Cookies are browser-based text files which are dropped on your browser when you visit a website, open or click on an email, or interact with an advertisement. There are various types of cookies, including session cookies (which are cookies that expire when you close your browser) and persistent cookies (which are cookies that do not expire until a set expiration date or you manually delete them). Cookies may be first party (which are cookies served directly by us) or third party (which are cookies served by third parties we work with).  
  • Pixels. Pixels (also known as web beacons) are code embedded in a service. There are various types of pixels, including image pixels (which are one-pixel transparent images) and JavaScript pixels (which contain JavaScript code). Pixels are often used in conjunction with cookies. When you access a service that contains a pixel, the pixel may permit us or a third party to collect information from your browser or device, or to drop or read cookies on your browser. 

We use these tracking technologies for a variety of purposes, including to help make our Service work, personalize your browsing experience, prevent fraud and assist with security, perform measurement and analytics, and provide advertising (including targeted advertising).

For details on your choices around cookies and other tracking technologies, see the “Your Privacy Choices” section below.

Information from Other Sources.

We also collect information from other sources. The categories of other sources from which we collect information include: 

  • Business partners that offer co-branded services, sell or distribute our products, or engage in joint marketing or promotional activities.
  • Third party vendors and related parties we work with in connection with receiving analytics, advertising, security, and fraud prevention services.
  • Third-Party Services and Sources. We may obtain personal information about you from other sources, including government agencies, Registered Investment Advisors (RIAs), credit reporting agencies, Company affiliates, and other qualified third-party services and organizations. 
  • Social media platforms with which you interact. For example, when you engage with our content on social media (such as through our brand page or direct messages), we may collect information such as your contact identifiers and any comments you provide. We may also receive additional information from the social media platform that you have authorized the platform to disclose to us. If you publicly reference our Service on social media (such as by tagging us or using a hashtag associated with us in a post), we may use your reference on or in connection with our Service.  
  • Data providers, such as licensors of private and public databases.
  • Public sources, such as information in the public domain.

Information We Infer.

We infer new information from other information we collect, including to generate information about your likely preferences or other characteristics. 

Sensitive Information.

To the extent any of categories of information we collect are sensitive categories of information under applicable law, we process such information only for the limited purposes permitted by applicable law. We do not sell or use sensitive categories of information for purposes of targeted advertising or to make inferences.  

3. How We Use Information.

We collect and use information in accordance with the practices described in this Privacy Policy. Our purposes for collecting and using information include:

  • Providing services. We use information to provide services to you, including to operate the Service, establish and maintain your account, and provide support. 
  • Personalizing your experience. We use information to personalize your experience and show you content we believe you will find interesting. 
  • Communications. We use information to communicate with you about updates, security alerts, changes to policies, and other transactional messages. We also use information to personalize and deliver marketing communications to you. Communications may be by email, and, where you opt-in, text and push notification. 
  • Analytics and improvement. We use information to understand trends, usage, and activities, for example through surveys you respond to and tracking technologies that we incorporate into the Service (such as Google Analytics). We also use information for research and development purposes, including to improve our services and make business and marketing decisions. 
  • Advertising. We work with agencies, ad networks, technology providers, and other third parties to place ads about our products and services on other websites and services. For example, we place ads through Google and Facebook that you may view on their platforms as well as on other websites and services. As part of this process, we incorporate tracking technologies into our own Service as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities over time and across non-affiliated services and obtain or infer information about you for purposes of showing you relevant advertising based on your preferences and interests (“targeted advertising”). We also use audience matching services (which is a type of targeted advertising) to reach people (or people similar to people) who have visited our Service or are identified in one or more of our databases (“matched ads”). This is done by us providing a list of hashed email addresses to a third party or incorporating a pixel from a third party into our own Service, and the third party matching common factors between our data and their data. For instance, we incorporate the Facebook pixel on our Service and may disclose your hashed email address to Facebook as part of our use of Facebook Custom Audiences. 
  • Promotions. When you voluntarily enter a promotion, we use information as set out in the official rules that govern the promotion as well as for administrative purposes and as required by law. By entering a promotion, you agree to the official rules that govern that promotion, and that, except where prohibited by applicable law, we, the sponsor, and related entities may use your name, voice and/or likeness in advertising or marketing materials.
  • KYC, security and enforcement. We use information to comply with know your customer (KYC) and anti-money laundering (AML) laws and regulations, and to prevent, detect, investigate, and address fraud, breach of policies or terms, or threats or harm. 
  • Recruitment. We use information to make decisions about recruiting and in anticipation of a contract of employment. 
  • At your direction or with your consent. We use information for additional purposes where you direct us to use it in a certain way or with notice to you and your consent. 

Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may use non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around use of your information, see the “Your Privacy Choices” section below.

4. How We Disclose Information.

We disclose the information we collect in accordance with the practices described in this Privacy Policy. The categories of persons to whom we disclose information include: 

  • Service providers. Many of the third parties we work are service providers that collect and process information on our behalf. Service providers perform services for us such as payment processing, AML/KYC, data analytics, marketing and advertising, website hosting, and technical support. To the extent required by law, we contractually prohibit our service providers from processing information they collect on our behalf for purposes other than performing services for us, although we may permit them to use non-personal information for any purpose to the extent permitted by applicable law.
  • Third party vendors and related parties. Some of the third parties we work with independently control the purposes and means of processing your information. For example, we disclose information to ad networks, technology providers, and other third parties that help provide targeted advertising. For these third parties, we encourage you to familiarize yourself with and consult their policies and terms of use. 
  • Business partners. We disclose information to our business partners in connection with offering co-branded services, selling or distributing our products, or engaging in joint marketing or promotional activities. 
  • Affiliates. We disclose information to our affiliates and related entities, including where they act as our service providers subject to this Privacy Policy or use the information in accordance with their own privacy policies.
  • The public. We disclose information you make public, such as information in your profile or that you post on public boards. Please think carefully before making information public as you are solely responsible for any information you make public. Once you have posted information, you may not be able to edit or delete such information, subject to any rights you have under applicable law.
  • Recipients in a merger or acquisition. We disclose information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business. 
  • Recipients for security and enforcement. We disclose information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also disclose information to protect the rights, property, life, health, security and safety of us, the Service or anyone else. 
  • Recipients at your direction or with your consent. We disclose information where you direct us to or with notice to you and your consent. 

Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may disclose non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around disclosure of your information, see the “Your Privacy Choices” section below.

5. Third Parties.

Our Service may link to, or be incorporated into, websites and online services controlled by third parties. In addition, we may integrate technologies into our Service, including those disclosed in the “How We Collect Information” section above, controlled by third parties. Except where third parties act as our service providers, they, and not us, control the purposes and means of processing any information they collect from you, and you should contact them directly to address any concerns you have about their processing. Third party data practices are subject to their own policies and disclosures, including what information they collect, your choices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

6. Your Privacy Choices. 

We provide a variety of ways for you to exercise choice, as described below. 

Region-Specific Rights.

Some regions provide additional rights by law. This subsection details how to exercise certain of those rights to the extent they apply to you. See your region-specific terms for further details. 

  • Data subject requests. Depending on your region, you may have the right to access, correct, delete, or exercise similar rights with respect to your information. To exercise your rights, please submit a data subject request through our form here (specifying the rights you wish to exercise) or call our toll-free number at 888-454-4725. We will confirm receipt of and respond to your request consistent with applicable law. Please note these rights require verification and are subject to exceptions. To verify your identity, we may contact the email address that matches our records, and wait for your response. In some instances, we may ask for additional information. If we are unable to verify your identity, we may deny your request.
  • Opt-out of sales, shares, and targeted advertising. Depending on your region, you may have the right to opt-out of sales or shares (as those terms are defined by applicable law), or the processing of your information for targeted advertising purposes. To exercise your rights, click here to manage your tracking technology preferences or turn on a recognized opt-out preference signal, such as Global Privacy Control, in your browser or extension. Please note that when you opt-out through either of the above methods we do not know who you are within our systems, and your opt-out will apply only to information collected from tracking technologies on the specific browser from which you opt-out. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings. If you want the opt-out to apply to information we have about you in our systems, such as your email address, please also submit a request through our form here.
  • Authorized agent. Depending on your region, you may have the right to designate an authorized agent to exercise rights on your behalf. Except for requests made by opt-out preference signal, we will require written and signed proof of the agent’s permission to do so and may verify your identity directly with you. To the extent permitted by applicable law, rights must be exercised through the designated methods listed above.
  • Appeals. Depending on your region, you may have the right to appeal our decision if we deny your request. To appeal, please contact us at the email address set out in the Contact Us section below and specify what you wish to appeal. We will review and respond to your appeal in accordance with applicable law. If we deny your appeal, you may submit a complaint to your relevant regulatory authority through the links specified in your region-specific terms. 

Communications.

You can opt-out of receiving certain communications from us, as described below. Your opt-out is limited to the email address used and will not affect subsequent subscriptions.  

  • Emails. By following the unsubscribe instructions near the bottom of such emails, or by emailing us at as set out in the “Contact Us” section below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt out of transactional messages.
  • SMS/MMS Messaging: No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude test messaging originator opt-in data and consent; this information will not be shared with any third parties.

Accounts.

If you have an account with us, you can delete your account through your account settings. We will address your request in accordance with our data retention practices. 

Browser and Device Controls. 

  • Cookies and pixels. You may be able to manage cookies through your browser settings. When you manage cookies, pixels associated with such cookies may also be impacted. Please note that cookie management only applies to our website. If you use multiple browsers, you will need to instruct each browser separately. If you delete or reset your cookies, you will need to reconfigure your settings. Your ability to limit cookies is subject to your browser settings and limitations.
  • Preference signals. Your browser or extension may allow you to automatically transmit Do Not Track and other preference signals. Except as required by law, we do not respond to preference signals.
  • Third party opt-out tools. Some third parties we work with offer their own opt-out tools related to information collected through cookies and pixels. To opt out of your information being used by Google Analytics, please visit https://tools.google.com/dlpage/gaoptout. We are not responsible for the effectiveness of any third party opt-out tools.
  • Industry opt-out tools for targeted advertising. Some of the third parties we work with participate in programs that allow you to opt-out of receiving targeted advertising from participants. To opt-out of receiving targeted advertising from participants of the Digital Advertising Alliance (“DAA”) on your browser, visit https://www.aboutads.info/choices. To opt-out of receiving targeted advertising from participants of the Network Advertising Initiative (“NAI”) on your browser, visit https://www.networkadvertising.org/choices/.   If you choose to opt-out of targeted advertising through these links, you should no longer see targeted advertising from the selected participants on the browser or device from which you opted-out, but the opt-out does not mean that the participants will not process your information for targeted advertising purposes or that you will not receive any advertising. We are not responsible for the effectiveness of any third party opt-out tools.

Matched Ads.

To opt out of us disclosing your hashed email address to third parties for matched ads purposes, please submit a request through our form here. We will remove your email address from any subsequent lists disclosed to third parties for matched ads purposes.

7. Children.

The Service is not directed toward children under 13 years old, and we do not knowingly collect personal information (as that term is defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected personal information from children, please contact us as set out in the “Contact Us” section below. We will delete the personal information in accordance with COPPA. 

8. Data Security.


We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.

9. Retention.

We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

If you are based in the UK or European Union, by law we have to keep basic information about our customers for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data: see Paragraph 15 below for further information.

In some circumstances we will anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. 

10. International Transfer.

We are based in the U.S. If you are located outside the U.S., please be aware that your information may be transferred to and processed in the U.S. or another country where we operate. Where required by applicable law, we will provide appropriate safeguards for data transfers, such as through use of standard contractual clauses. Please see Paragraph 15 for further information on international transfers.

11. Changes to this Privacy Policy.

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide additional notice to you, such as through email or prominent notice on the Service. 

12. Contact Us.

If you have any questions about or trouble accessing this Privacy Policy, please contact us:

Fifth Wall

66 Hudson Blvd E, Suite 5340 / 53rd FloorNew York, NY 10001

(332) 264-4184

info@fifthwall.com 

To exercise choice, use the methods described in the “Your Privacy Choices” section above or your region-specific terms below. 

13. California.

These additional rights and disclosures apply only to California residents. Terms have the meaning ascribed to them in the California Privacy Rights Act (“CPRA”), unless otherwise stated. The CPRA does not apply to what is referred to as “nonpublic personal information” collected by financial institutions (like Fifth Wall), as that information is subject instead to other financial privacy laws. As a result, the CPRA does not apply to most of the information that Fifth Wall collects.

Notice at Collection.

At or before the time of collection of your personal information, you have a right to receive notice of our data practices. Our data practices are as follows:

  • For the categories of personal information we have collected in the past 12 month, see the “How We Collect Information” section above.
  • For the categories of sources from which personal information is collected, see the “How We Collect Information” section above.
  • For the specific business and commercial purposes for collecting and using personal information, see the “How We Use Information” section above.
  • For the categories of third parties to whom information is disclosed, see the “How We Disclose Information” section above. 
  • For the criteria used to determine the period of time information will be retained, see the “Retention” section above. 

Some of our disclosures of personal information may be considered a “sale” or “share” as those terms are defined under the CPRA. A “sale” is broadly defined under the CPRA to include a disclosure for something of value, and a “share” is broadly defined under the CPRA to include a disclosure for cross-context behavioral advertising. We collect, sell, or share the following categories of personal information for commercial purposes: contact identifiers, characteristics or demographics, commercial or transactions information, content, device identifiers, device information, internet activity, non-precise geolocation data, and inferences drawn from any of the above. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. We do not knowingly sell or share the personal information of minors under 16 years old who are California residents. For details on your rights regarding sales and shares, please see the “Right to Opt-Out of Sales and Shares” section below.

Some of the personal information we collect may be considered sensitive personal information under the CPRA. We collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information. 

Right to Know, Correct, and Delete.

You have the following rights under the CPRA:

  • The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which personal information was collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of personal information that we sold, shared, or disclosed for a business purpose, the categories of third parties to whom we disclosed personal information, and the specific pieces of personal information we have collected about you. 
  • The right to correct inaccurate personal information that we maintain about you.
  • The right to delete personal information we have collected from you.

For details on exercising these rights, see the “Data subject requests” subsection of the “Your Privacy Choices” section above. 

Right to Opt-Out of Sales and Shares.

You have the right to opt-out of sales or shares of your personal information to third parties. For details on exercising this right, see the “Opt-out of sales, shares, and targeted advertising” subsection of the “Your Privacy Choices” section above.

Right to an Authorized Agent.

You have the right to designate an authorized agent to exercise your rights. For details on exercising this right, see the “Authorized agent” subsection of the “Your Privacy Choices” section above.

Right to Non-Discrimination.

You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

Shine the Light. 

Under California’s Shine the Light law, customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To make a request, please write us at the email or postal address set out in the “Contact Us” section above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year. 

14. Nevada.

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at info@fifthwall.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in the “Contact Us” section above.

15. European Economic Area, Switzerland, and United Kingdom

The following terms apply if the General Data Protection Regulation (Regulation (EU) 2016/679) (the “EU GDPR”) or the UK General Data Protection Regulation and the UK Data Protection Act 2018 (together the “UK GDPR”), applies to the processing of your personal information by Fifth Wall  acting as a data controller. 

Legal basis for processing

The law requires us to have a legal basis for collecting and using your personal information. We rely on one or more of the following legal bases:

  • Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate interests: We may use your personal information where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Legal obligation: We may use your personal information where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
  • Consent: We rely on consent only where we have obtained your active agreement to use your personal information for a specified purpose, for example if you subscribe to an email newsletter.

Direct marketing

You will receive marketing communications from us if you have requested information from us (such as signing up to our newsletter) or purchased services from us and you have not opted out of receiving the marketing.

We may also analyse your contact identifiers and device identifiers to form a view of which products, services and offers may be of interest to you so that we can then send you relevant marketing communications.  

Third-party marketing

We will get your express consent before we share your personal information with any third party for their own direct marketing purposes.

Opting out of marketing

You can ask us to stop sending you marketing communications at any time by submitting a request through our form here, or by following the opt-out links within any marketing communication sent to you or by contacting us using the details at Paragraph 12.

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes, for example relating to updates to our Terms and Conditions.

Data transfers outside the EU or UK

We share your personal information within the Fifth Wall Group. This will involve transferring your data outside the EU and UK to our overseas offices in the US. We may also transfer your personal information to service providers that carry out certain functions on our behalf.

Whenever we transfer your personal information out of the EU or UK to countries which have laws that do not provide the same level of data protection as the EU GDPR and UK GDPR, we always ensure that a similar degree of protection is afforded to your personal information by ensuring that the following safeguards are implemented:

  • We use specific standard contractual terms approved for use in the EU and UK which give the transferred personal information the same protection as it has in the EU and UK, namely the UK International Data Transfer Agreement or the European Commission’s standard contractual clauses for international data transfers. 

Retention 

If you are based in the UK or European Union, by law we have to keep basic information about our customers for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data: see Paragraph 15 below for further information. For more information on our data retention practices, please see Paragraph 9.

In some circumstances we will anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. 

Your legal rights 

You have a number of rights under EU GDPR and UK GDPR  in relation to your personal information.

You have the right to:

  • Request access to your personal information (commonly known as a "subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no legal reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with applicable law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
  • You also have the right to object any time to the processing of your personal information for direct marketing purposes (see “Opting out of marketing” above for details of how to object to receiving direct marketing communications).
  • Request the transfer of your personal information to you or to a third party. We will provide your personal information to you, or a third party you have chosen, personal information in a structured, commonly used, machine-readable format. Note that this right only applies to personal information that we are processing by automated means and in relation to which you initially provided consent for us to process or where we processed the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in one of the following scenarios:
    • If you want us to establish the data's accuracy;
    • Where our use of the data is unlawful but you do not want us to erase it;
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise any of the rights set out above, please contact us using the details at Paragraph 12.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure that you have the right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to assist and/or speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

If you are based in the European Economic Area, you have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the EU GDPR. 

If you are based in the UK, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). 

We would, however, appreciate the chance to deal with your concerns before you approach your data protection supervisory authority or the ICO so please contact us in the first instance.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept