Privacy Policy

  1. Introduction

1.1        Bluehouse real estate funds and related companies for the purposes of applicable data protection laws (“we”, “us” or “our”) are committed to safeguarding the privacy of personal data and want to be transparent about the data we collect and how data is used. In particular, the personal data which is processed by us is that of natural persons who are our employees, officers, authorised representatives, investors, (excluding  visitors to our website (shown below) personal data of whom are not processed when visiting our website) as well as personal data of other individuals including but not limited to authorized representatives, employees, officers or beneficial owners of our investors or contractors being legal entities, provided that we process such personal data, during the course of our operation (“you”).

1.2        This privacy notice applies where we are acting as a data controller with respect to the personal data processed by us, during the course of our operation, meaning in cases where we determine the purposes and means of the processing of that personal data. Pursuant to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”) and other applicable data protection laws, as amended from time to time we are required to notify you of the information contained herein.

1.3        Personal data’ means any information relating to an identified or identifiable natural person and ‘processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, storage, use, disclosure, erasure or destruction.

 

  1. Categories of Personal Data

(i)         Contact information such as first name, last name, business telephone, fax number, e-mail address, country of residence;

(ii)         Personal characteristics such as date of birth and country of birth;

(iii)        Government issued identifiers such as passport, identification card, tax identification number, national insurance number;

(iv)        Tax details (where applicable) (i.e. tax identifier, tax residence, status under dividends and interests and any information required to be collected by us under withholding tax rules, FATCA rules, CRS rules and any other tax rules);

(v)        Financial details and situation (i.e. bank account number/details, data on transactions, financial information including origin of wealth, bank account details, investment experience and investment objectives etc.);

(vi)        Functions and powers of relevant representative(s) (where applicable);

(vii)       Employment and occupation information (e.g.CV, professional memberships, job title and responsibilities, professional qualifications;

(viii)      Certificate of clear criminal record (where applicable); and

(ix)        Certificate of non-bankruptcy (where applicable).

In certain cases we may collect and process special categories of personal data which is information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning sex life or sexual orientation. We shall process such data subject to your documented consent and/or where the processing is necessary for the establishment, exercise or defence of legal claims relevant to us.

If during the course of a business relationship there is a change in your personal data you must ensure that the above details (as and where applicable) are updated by contacting us as soon as practically possible.

 

  1. How we use your personal data

In all cases when we process your personal data it is,

(i)         Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

This means that we provide information to you in respect of the processing of your personal data (transparency), that the processing matches the description given to you (fairness), and that it is based on at least one of the lawful basis set out in the GDPR (lawfulness).

(ii)         Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);

This means that we specify exactly what personal data is collected, the purpose of use and limit the processing of personal data to only what is necessary to meet the relevant purpose.

(iii)        Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

This means that we do not process any personal data over and above what is required.

(iv)        Accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

This means that we have in place processes for identifying and addressing out-of-date, incorrect or unnecessary personal data.

(v)        Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);

This means that wherever possible, we process personal data in such a way that limits or prevents identification of the data subject.

(vi)        Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

 

  1. Purposes of Processing

We will process your personal data (as and where applicable) for the purposes of (i) meeting our obligations under our business relationship and/or agreement, (ii) operation, management and control of the affairs of our business and its purposes, (iii) general planning and organisation of our business, (iv) maintaining our IT systems, including our human capital, administrative and management systems, processes and policies, (v) maintaining and developing our  business relationship with the partners/investors, (vi) employee payroll, social insurance and tax calculations (vii) administration of your health insurance, (viii) management, planning and organisation at work (ix) health and safety at work, (x) complying with any requirement of law and/or regulation and/or of any competent authority or professional body (where applicable) of which we are a member.

 

  1. Lawful Basis of Processing

5.1        We are committed to your privacy. As part of the values we stand for, we will always consider your fundamental rights as a data subject. We process your personal data for the purposes mentioned above on the lawful basis that (i) the processing is necessary for compliance with a legal obligation to which we are subject (e.g. KYC requirements under the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007, as amended, under which we are required to, inter alia, develop verification procedures and processes, anti-money laundering controls, set the retention of personal data for a fixed period of time, disclose personal data to the competent authority, etc.); (ii) the processing is necessary for the performance of an agreement which you have entered into with us and in order to take steps at your request prior to entering into the said agreement(s); (iii) you have given consent (if and where applicable); and (iv) the processing is necessary for the purposes of the legitimate interests pursued by us.

5.2        Such legitimate interests include, inter-alia, our business and/or commercial interests and the management, operation and marketing of our business and/or our exercise or defence of legal claims and/or the prevention of fraud and money laundering activities and/or to disclose information to other data recipients such as our service providers, auditors and technology providers and/or to comply with obligations or internal policy requirements of our business, and/or to inform you about our investment products and services and/or to monitor and improve our relationships with you and/or to send direct marketing communications to you relating to similar products and/or to keep our internal records and/or to monitor communication to/from you using our systems and/or to protect the integrity of our IT systems.

5.2.1     As regards direct marketing, we process your personal data for direct marketing purposes (i) to provide you with information products and services that may be of interest to you in the context of the investment-related activities (ii) when raising investments for our business and (iii) in connection with future fundraising activities.

5.2.2     As regards the obtaining of consent, given the specific purposes for which we envisage the processing of your personal data, we do not anticipate obtaining your consent to do so. Where we decide to rely on explicit consent to process your personal data, we will contact you to request this accordingly. In case consent is relied solely upon to achieve the lawful processing of your personal data, you will have the right to withdraw this consent at any time.

 

  1. Providing your personal data to others

We disclose your personal data (processed by us) to the following categories of recipients:

(i)         other member companies and/or entities and/or affiliated entities of the Bluehouse group;

(ii)         our auditors, administrators, lawyers, tax advisors, valuators, consultants, accountants, investment advisors and other professional advisors (as shall be engaged from time to time);

(iii)        our IT service providers and other companies who assist us with the effective operation of our business by providing technological expertise, file storage and record management, logistic services and solutions;

(iv)        persons acting on behalf of investors, including and not limited to payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks;

(v)        banks (e.g. who act as our custodians) and/or other financial institutions, payment services providers, insurance and companies; and

(vi)        public and regulatory authorities (where applicable) such as the Cyprus Securities and Exchange Commission and the Unit for Combating Money Laundering (MOKAS), for the purposes described above.

When we transfer personal data to countries located outside of the EEA we carry out such transfers to a recipient (i) who is in a country which provides an adequate level of protection for personal data or (ii) under appropriate safeguards pursuant to the provisions of applicable data protection laws (e.g. under an agreement in the form of standard data protection clauses adopted by the European Commission), the form of which is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. In some cases we may carry out such transfers where we have obtained the explicit consent from the relevant data subjects, in respect of the proposed transfer, provided that the data subject has been informed of the possible risks of such transfer (due to the absence of an adequacy decision and appropriate safeguards).

 

  1. Your rights

7.1        In this Section 7, we have summarised the rights that you have under the provisions of the GDPR. Some of the rights are complex, and not all details have been included in our summaries. We suggest the below are read together with the relevant provisions of the GDPR and guidance from the competent regulatory authorities for a full explanation of these rights.

7.2        Your principal rights under data protection law are:

(i)         The right to access- you have the right to request a copy of the information that we hold about you.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. Such additional information includes inter-alia, details of the purposes of the processing, the categories of personal data concerned and the categories of recipients of the personal data. In supplying to you a copy of your personal data we shall not adversely affect the rights and freedoms of others. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee (based on administrative costs incurred).

(ii)         The right to rectification- you have a right to correct data that we hold about you that is incomplete or inaccurate.

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

(iii)        The right to erasure(right to be forgotten) – where certain criteria are met you can ask for the data we hold about you to be erased from our records.

In some circumstances you have the right to obtain the erasure of your personal data without undue delay. Those circumstances include cases where (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent on which the processing is based solely on consent; (iii) you object to processing which is based on our legitimate interests and there are no overriding legitimate grounds for the processing; (iv) the processing is for direct marketing purposes; (v) the personal data have been unlawfully processed; and (vi) the personal data have to be erased for compliance with a legal obligation to which we are subject.

The above shall not apply where processing is necessary (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing by a law to which we are subject; (iii) for reasons of public interest; or for the establishment, exercise or defense of legal claims.

(iv)        The right to restriction of processing- where certain criteria are met you can ask to restrict the processing.

In some circumstances you have the right to obtain from us the restriction of processing of your personal data. Those circumstances include cases where (i) you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data; (ii) processing is unlawful but you oppose erasure and you request the restriction of their use instead; (iii) we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; (iv) and you have objected to processing which is based on our legitimate interests, pending the verification of that objection.

Where processing has been restricted on the basis of the above, we will continue to store your personal data. However, we will only otherwise process it (i) with your consent; (ii) for the establishment, exercise or defense of legal claims; (iii) for the protection of the rights of another natural or legal person; (iv) for compliance with a legal obligation which requires processing by a law to which we are subject; or (v) for reasons of important public interest.

(v)        The right to object to processing– you have the right to object to certain types of processing;

You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is not necessary for (i) the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or (ii) the purposes of the legitimate interests pursued by us or by a third party. If you make such a request, we will cease to process the personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

You also have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes, if applicable). If you make such an objection, we will cease to process your personal data for this purpose.

(vi)        The right to data portability– where certain criteria are met you have the right to have the data we hold about you transferred to another organisation;

You have the right to receive personal data which you have provided to us in a structured, commonly used and machine-readable format and the right to transmit those data to another data controller. However, please note that this right to data portability only arises where (a) the processing is based on consent (as and if applicable) or is necessary for the performance of a contract to which you are a party; and (b) the processing is carried out by automated means (as and if applicable). In conforming to such requests we will not adversely affect the rights and freedoms of others.

(vii)       The right to lodge a complaint to a supervisory authority;

If you consider that our processing of your personal data infringes data protection laws and/or in the event you have any concern about the processing of your personal data, you have a legal right to lodge a complaint with the office of the Cyprus Commissioner for the Protection of Personal Data at any time.

(viii)      The right to withdraw consent (when and if “consent” legal basis is applicable)  – where certain criteria are met you have the right to withdraw your consent.

To the extent that the legal basis for our processing of your personal information is consent (as and where applicable), you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

 

  1. Security

As part of our privacy policy we process personal data which is adequate, relevant and limited to what is necessary in relation to the purposes mentioned above and implement appropriate technical and organizational measures to ensure an adequate level of security appropriate to the applicable risk. Such measures aim to prevent unauthorised or unlawful processing, accidental loss, destruction or damage of personal data.

 

  1. Visitors to our website

We don’t use cookies on our website.

 

  1. Retention of personal data

We shall process and store your personal data for as long as you have a business relationship with us and for six years thereafter and/or as required under applicable law. Your personal data may be retained for longer periods for the purposes of our legitimate interests in case of any legal process commencing prior to the completion of the six year period.

 

  1. Further Information

If you want more details on the processing of your personal data and/or should you wish to exercise any of your rights in relation to your personal data, do not hesitate to contact us as follows:

Contact us by email at: gdpr@bluehousecapital.com

 

  1. Amendments

This privacy notice is kept under regular review and is updated from time to time by publishing a new version on our website. Please check this page occasionally in order to be kept aware.