Sirius Privacy Policy (“Privacy Policy”) for processing within the UK and Guernsey
- 1 Scope
- 1.1 Sirius Real Estate Limited (Sirius, We, Our, Us) is committed to safeguarding the privacy and confidentiality of the Personal Data you have entrusted to us. Our business relates to the investment and development of commercial property and provision of flexible and conventional workspaces, exclusively within Germany. As a result, the majority of personal data processed by us is undertaken in Germany.
- 1.2 This Privacy Policy relates solely to our processing within the UK, (where we are listed on the London Stock Exchange) and Guernsey, where our parent company is incorporated. For processing undertaken in other jurisdictions (Germany) please see our main privacy policy https://www.siriusfacilities.com/de/sirius-facilities/datenschutzerklaerung. This Privacy Policy is addressed to:
- (a) shareholders who have purchased shares listed on the London Stock Exchange; and
- (b) tenants, or employees and beneficial owners of corporate tenants; to the extent that your Personal Data is processed by us in the UK or Guernsey.
- 1.3 This Privacy Policy specifically relates to processing undertaken by:
- (a) Sirius Real Estate Ltd, which is incorporated in Guernsey;
- (b) Sirius Facilities (UK) Limited, which is incorporated in the UK; and
- (c) Sirius Finance (Guernsey) Limited, which is incorporated in Guernsey.
- 1.4 Sometimes, the above listed entities will also share Personal Data with Sirius Facilities GmbH, which delivers most of the operational services of our business. We can confirm which processing activities are undertaken by which entity on request.
- 1.5 Sirius’ websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that Sirius does not accept any responsibility or liability for their policies or processing of your Personal Data. Please check these policies before you submit any Personal Data to such third party websites.
- 2 Purpose
- 2.1 The purpose of this Privacy Policy is to allow you to understand what Personal Data Sirius will collect, how we will use it, and who may access it, within the UK or Guernsey.
- 2.2 By providing your information to us, whether via our website, in person, in writing or over the phone, you acknowledge the processing set out in this Privacy Policy. Further notices highlighting certain uses we wish to make of your Personal Data together with the ability to opt in or out of selected uses may also be provided to you when we collect Personal Data from you.
- 3 Accountability
- 3.1 Sirius has strict policies and procedures governing how it deals with your Personal Data. Each and every one of Sirius’ employees is responsible for respecting and protecting the Personal Data to which the employee has access.
- 4 Personal Data that Sirius collects
- 4.1 Sirius only collects the Personal Data that we determine is required for the purposes set out at Section 6: Purposes for which we use your Personal Data. We may collect:
- (a) Information you provide to Sirius ► Personal Data that you provide to Sirius, such as when using the contact form on our websites, including your name, email address, and other contact details; employer information, issues of interest (to the extent that this amounts to Personal Data);
- (b) In relation to shareholders only, information relating to your shareholding ► share register services are outsourced to registrars, which hold the majority of this Personal Data. We periodically receive reports listing our shareholders;
- (c) Your transactions and tenancies ► we receive a small amount of data relating to transactions and tenancies. Most tenancy information is processed by Sirius Facilities GmbH and is covered by our primary privacy https://www.siriusfacilities.com/de/sirius-facilities/datenschutzerklaerung however in relation to key transactions, a subset of tenant data is shared with our UK and Guernsey entities for the purpose of reporting to the Sirius Real Estate Limited board in the case of property acquisitions, disposals and CAPEX requirements.
- (d) Our correspondence ► if you contact Sirius, we will typically keep a record of that correspondence;
- (e) Device Information ► such as information about your operating system, browser, software applications, geolocation, security status and other device information in order to improve your experience, to protect against fraud and manage risk;
- (f) Website and communication usage ► details of your visits to Sirius’ websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access;
- 4.1 Sirius only collects the Personal Data that we determine is required for the purposes set out at Section 6: Purposes for which we use your Personal Data. We may collect:
- 5 Purposes for which we use your Personal Data
- 5.1 When Sirius collects your Personal Data. Sirius may use or disclose it for the following purposes. Below each purpose Sirius notes the “lawful basis” that allows that use of your Personal Data. An explanation of the scope of the “lawful bases” can be found in Annex A.
- (a) To facilitate our internal reporting and make business and investment decisions ► Property summaries are provided to Sirius Real Estate Limited (our parent company) in order to make Board decisions, for example the approval of a property acquisition/disposal or CAPEX.
- Lawful bases: legitimate interests (to enable Sirius to make key business decisions, authorise transactions and finance transactions)
- (b) To understand who our shareholders are and undertake reporting and analysis ► Our corporate records contain information in respect of shareholders listed on the London Stock Exchange (LSE) to include names and addresses, account designations and the amount of shares held. We share this information with our authorised brokers to undertake reporting analysis.
- Lawful bases: legitimate interests (to understand our shareholder demographic and undertake reporting and analysis); legal obligations
- (c) To comply with legal or regulatory requirements, or as otherwise permitted by law ► Sirius may process your Personal Data to comply with its regulatory requirements (for example, to comply with anti-money laundering or insider dealing requirements) or dialogue with its regulators or defend or prosecute claims as applicable which may include disclosing your Personal Data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world. Where permitted, Sirius will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
- Lawful bases: legal obligations; legal claims; legitimate interests (to cooperate with law enforcement and regulatory authorities)
- (d) To inform you of changes ► to notify you about changes to Sirius’ services and products;
- Lawful bases: legitimate interests (to notify you about changes to Sirius’ services)
- (e) To reorganize or make changes to Sirius’ business ► in the event that Sirius (i) is subject to negotiations for the sale of Sirius’ business or part thereof to a third party, (ii) are sold to a third party or (iii) undergo a reorganization, Sirius may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or reorganisation. Sirius may also need to transfer your Personal Data to that reorganised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy;
- Lawful bases: legitimate interests (in order to allow Sirius to change our business)
- (f) To communicate effectively with you and conduct Sirius’ business ► to conduct Sirius’ business, including to respond to your queries, to otherwise communicate with you, or to carry out its obligations arising from any agreements entered into between you and Sirius.
- Lawful bases: contract performance; legitimate interests (to enable Sirius to perform its obligations and provide its services to you)
- 5.1 When Sirius collects your Personal Data. Sirius may use or disclose it for the following purposes. Below each purpose Sirius notes the “lawful basis” that allows that use of your Personal Data. An explanation of the scope of the “lawful bases” can be found in Annex A.
- 6 Sharing your Personal Data (and transfers outside of the EEA)
- 6.1 Sirius will only use or disclose your Personal Data for the purpose(s) for which it was collected and as otherwise identified in this EEA Privacy Policy.
- 6.2 Sharing outside Sirius: Personal Data may be provided to third parties, including our brokers, share registrars, legal advisors, auditors, financial advisors, regulatory authorities or other self-regulatory organizations (when required to satisfy the legal or regulatory requirements of governments), regulatory or law enforcement authorities (where required or in cases of suspected criminal activity or contravention of law), or to comply with a court order or for the protection of our assets.
- 6.3 Sharing within Sirius: Sirius may share your Personal Data with other Sirius companies where Sirius does business, for legal and regulatory purposes, to manage credit risk and other business risks, to perform analytics, to ensure Sirius has correct or up to date information about you and to better manage your relationship with Sirius.
- 6.4 Transfers outside of the EEA: Your Personal Data may be accessed suppliers or other persons in, transferred to, and/or stored at, a destination outside the EEA in which data protection laws may be of a lower standard than in the EEA. Sirius will, in all circumstances, safeguard Personal Data as set out in this EEA Privacy Policy.
- 6.5 Where Sirius transfers Personal Data from inside the EEA to outside the EEA, Sirius may be required to take specific additional measures to safeguard the relevant Personal Data. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), Sirius will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.
- 6.6 Please contact us, see Annex B if you would like to see a copy of the specific safeguards applied to any export of your Personal Data.
- 7 Retention of your Personal Data
- 7.1 Sirius’ retention periods for personal data are based on business needs and legal requirements. Sirius retains your Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, Sirius may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, Sirius either irreversibly anonymises the data (and Sirius may further retain and use the anonymised information) or securely destroys the data.
- 8 Safeguarding your Personal Data
- 8.1 Sirius uses physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss or theft of your Personal Data in Sirius’ custody or control.
- 8.2 Sirius has agreements and controls in place with third party service providers requiring that any information Sirius provides to them must be safeguarded and used only for the purpose of providing the service Sirius has requested the company to perform.
- Security over the internet
- 8.3 No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, Sirius maintains commercially reasonable physical, electronic and procedural safeguards to protect your Personal Data in accordance with data protection legislative requirements.
- 8.4 All information you provide to Sirius is stored on its or Sirius’ subcontractors’ secure servers and accessed and used subject to Sirius’ security policies and standards. You are responsible for complying with any other security procedures of which you have been notified by Sirius.
- 9 Changes to this EEA Privacy Policy
- 9.1 From time to time, Sirius may make changes to this Privacy Policy.
- 9.2 This Privacy Policy at http://www.sirius-real-estate.com/privacy-policy/ is always the most recent version.
- 9.3 Please see Annex B to ask any questions you may have about this Privacy Policy.
- 10 Your Rights
- 10.1 If you have any questions in relation to Sirius’ use of your Personal Data, you should first contact Sirius as per the contact details in Annex B. Under certain conditions (in particular where Sirius has directed the use of your Personal Data from one of its European branch offices), you may have the right to require Sirius to:
- (a) provide you with further details on the use Sirius makes of your information;
- (b) provide you with a copy of information that you have provided to Sirius;
- (c) update any inaccuracies in the Personal Data Sirius holds;
- (d) delete any Personal Data that Sirius no longer has a lawful ground to use;
- (e) where processing is based on consent, to withdraw your consent so that Sirius stops that particular processing;
- (f) object to any processing based on the legitimate interests ground unless Sirius’ reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- (g) restrict how Sirius uses your information while a complaint is being investigated.
- 10.2 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and Sirius’ interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, Sirius will check your entitlement and respond in most cases within a month.
- 10.3 If you are not satisfied with Sirius’ use of your Personal Data or Sirius’ response to any exercise of these rights you have the right to complain to the data protection regulator in the country where the Sirius company with which you deal is established. The relevant regulators are listed in Annex B.
- 10.1 If you have any questions in relation to Sirius’ use of your Personal Data, you should first contact Sirius as per the contact details in Annex B. Under certain conditions (in particular where Sirius has directed the use of your Personal Data from one of its European branch offices), you may have the right to require Sirius to:
- 11 Contact Us
- 11.1 If you have any questions or concerns about our privacy practices, the privacy of your Personal Data or you want to change your privacy preferences, please let Sirius know. The relevant contacts are listed in Annex B.
- 11.2 If after contacting Sirius you do not feel that Sirius has adequately addressed your concerns, you may contact the data protection regulator in the country where the Sirius company with which you deal is established.
ANNEX A: Table of Lawful Bases
Use of Personal Data under EU data protection laws must be justified under one of a number of legal “grounds” and Sirius is required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available is set out below. Sirius notes the grounds Sirius uses to justify each use of your information next to the use in the “Uses of your Personal Data” section of this policy.
These are the principal legal grounds that justify our use of your information:
Consent: where you have consented to Sirius’ use of your information. More information is set out at Section 4. You may withdraw your consent by Contacting us, see Annex B. |
Contract performance: where your information is necessary to enter into or perform Sirius’ contract with you. |
Legal obligation: where Sirius needs to use your information to comply with its legal obligations. |
Legitimate interests: where Sirius uses your information to achieve a legitimate interest and Sirius’ reasons for using it outweigh any prejudice to your data protection rights. |
Legal claims: where your information is necessary for Sirius to defend, prosecute or make a claim against you, Sirius or a third party. |
Annex B: Sirius Entities in the UK and Guernsey
Data Protection Contact |
|||
Sirius Real Estate Limited |
Plaza House, Fifth Floor, Admiral Park, St Peter Port, Guernsey, GY1 2HU, Channel Islands |
website@sirius-real-estate.com +44 1481 746024
|
Office of the Data Protection Commissioner Guernsey Information Centre North Esplanade, St Peter Port Guernsey GY1 2LQ Telephone: +44 (0)1481 742074 Email: enquiries@dataci.org |
Sirius Facilities (UK) Limited |
33 St. James' Square, Pall Mall London, United Kingdom, SW1Y 4JS |
website@sirius-real-estate.com +44 1481 746024
|
The Information Commissioner’s Office Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 1625 545 745 e-mail: international.team@ico.org.uk |
From time to time, your Personal Data may also be processed by Sirius Facilities GmbH, the Group company chiefly responsible for operational delivery. The majority of processing of Personal Data undertaken by Sirius Facilities GmbH is not covered under this privacy policy and is set out here https://www.siriusfacilities.com/de/sirius-facilities/datenschutzerklaerung
Sirius Facilities GmbH |
Lennéstrasse 3 10785 Berlin |
Matthias Riße Telefon: +49 30 4377 8625 |
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit Tel. +49 228 997799 0; +49 228 81995 0 |