Promontoria Privacy Policy

Cerberus Global Investments B.V. and its  affiliates acting under the trade name "Promontoria" (hereinafter jointly referred to as "Promontoria") are part of the Cerberus Group and are involved in the acquisition of loan, real estate or other assets, or interests in such assets, by either the acquisition of shares of companies that hold such assets, or by direct or indirect asset acquisitions.

This Privacy Notice explains how Promontoria collects, uses, stores, discloses, transfers or otherwise processes your personal data and which rights you have in this respect. Please note that where this Privacy Notice explains applicable law and your rights, this applies only to personal data which is processed under the EU General Data Protection Regulation (“GDPR”’). Where the processing of your personal data is not subject to the GDPR, different rules may apply under your applicable law.

Who is responsible for your personal data

The Promontoria entity which owns, or has in interest in, an asset relating to you or your organization, or otherwise has a business relationship with you, and is identified in relevant communication with you, is the responsible controller for any personal data that you provide to us.

Promontoria entities incorporated in the Netherlands are resident at Oude Utrechtseweg 32, 3743 KN Baarn, The Netherlands. Promontoria entities incorporated in Ireland are resident at 3 Fleming Court, Fleming's Place, Dublin 4, Ireland.

You may also contact each Promontoria entity at any time under the contact details set out below.

In addition, Cerberus Global Investments B.V., Oude Utrechtseweg 32, 3743 KN Baarn, The Netherlands, is a responsible controller for your personal data where it manages the business operations for Promontoria.

Your personal data may be shared with further controllers within Promontoria or  the Cerberus Group as required in connection with our business relationship.

In particular, your personal data may be shared with Cerberus Capital Management, L.P. (“CCM”), 875 Third Avenue, New York, NY 10022, United States, for purposes of compliance with anti-money laundering, sanctions or other legal, compliance or regulatory obligations and for portfolio management purposes. Please refer to CCM’s Privacy Policy for further details on the processing of your personal data and your related rights.

Please note that, in the event that legal title to an asset relating to you or your organization is held by a third party, such party does not determine the purposes and means of processing of your personal data and, thus, is not responsible for your personal data as a controller.

Purposes of data processing

Depending on the nature of our business relationship with you or your organization, Promontoria may collect and process your personal data for the following purposes:

  • Due diligence procedures in respect of the acquisition of real estate, loan or other assets, or interests in such assets, and related security or collateral;
  • Concluding, performing, managing and administering your or your organization's business relationship with Promontoria, including monitoring of the obligations under relevant loan, real estate or other asset related agreements and collection of the amounts due, such as any principal sum, interest, default or penalty interest in relation to loans;
  • Analyzing the payment behavior of debtors and related data in order to ensure the sustainability of the recovery, and analyzing payment or other financial or asset related data for purposes of improvement and development of our investments and other products and services;
  • Processing and sharing of aggregated anonymous data relating to assets and other investments for statistical and business purposes;
  • Selling or otherwise divesting or restructuring of loan, real estate and other assets or asset holding entities;
  • Ensuring compliance with our legal, compliance and regulatory obligations, such as our obligations regarding anti-money laundering (“AML”) and know-your-client (“KYC”), or record keeping;
  • Complying with or supporting requests or investigations by competent supervisory, law enforcement or other public authorities;
  • Informing you, where permitted by applicable law, about investment opportunities and other products or services related to our business relationship with you or your organization;
  • Maintaining and protecting the security of our IT systems, databases, websites or other digital infrastructure, preventing and detecting security threats, fraud or other criminal or malicious activities;
  • Solving disputes, enforcing our contractual agreements, including foreclosure of asset-related security or collateral, and to establish, exercise or defend legal claims.

We will not use your personal data for any purpose inconsistent with this Privacy Notice without your permission.

Categories of personal data processed

Promontoria processes the personal data that is required in view of the purposes set out above which may, depending on the nature of our business relationship with you or your organization and your place of residence, include the following categories of personal data:

  • Personal and contact information, such as full name, gender, age, date of birth, nationality, address, city and country of residence, telephone and fax number, signature, marital status, dependants, occupation, email address, copy of ID, citizen service number (Burger Service Nummer, BSN), or other government issued ID, data concerning previous employment;
  • Financial data such as bank account number, utility bill details, data in relation to income (including salary, benefits and pensions) and liabilities and obligations;
  • Data generated from our business relationship with you or your organization, including data in relation to loan, real estate and other assets and related security or collateral which Promontoria owns or has an interest in, such as principal loan amount, interest, default or penalty interest and payment history;
  • Information from publicly available resources, including data obtained from credit agencies;
  • Data required for regulatory purposes, including data from compliance screening or procedures under AML, KYC or related diligence such as information about your status as a politically exposed person, relevant litigation or other legal proceedings against you or a third party related to you;
  • Data generated from your use of our website or other online services such as mobile device unique identifier and IP address;
  • Special categories of personal data. In certain circumstances, where required by law or where you have permitted us to do so, we may collect special categories of your personal data which are specifically protected under data protection law.

Legal basis

We will process your personal data for the purposes set out above only:

  • Where it is necessary for the performance of a contract with you, or your organization, or in order to take steps at your request prior to entering into such a contract;
  • Where it is necessary for our or a third party's legitimate interests, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. Our "legitimate interests" may include our commercial interests in operating our business in a professional, sustainable manner, in accordance with all relevant legal and regulatory requirements;
  • For compliance with our legal and regulatory obligations;
  • Where we have obtained your specific or, where necessary, explicit consent to do so. We will in each case inform you about the processing of your data and your related rights prior to obtaining your consent.

The legal bases for processing of your personal data are set forth in Article 6 of the GDPR.

From which sources we collect your personal data

We will collect your information (i) from you or your organization directly; (ii) from your nominated financial institution or other representative (i.e. solicitor acting on your behalf); (iii) where you act as a representative on behalf of an entity, from that entity or (iv) where required from third parties including from AML, KYC or due diligence service providers, publicly available resources or credit agencies.

Sharing data with third parties

We may share your personal data as required for the purposes set out above as follows:

  • With our affiliates within Promontoria and the Cerberus Group if, and to the extent required, for the purposes as outlined above and as legally permitted. In such cases, these entities will use your personal data for the above purposes only and under the same conditions as outlined in this Privacy Notice.
  • With CCM for purposes of compliance with anti-money laundering, sanctions or other legal, compliance or regulatory obligations and for portfolio management purposes.
  • With third parties that are engaged in providing financial, legal, IT and other administrative services to Promontoria. These service providers will act as data processors. Some of these service providers will have access to and process your personal data on behalf of and under the instruction of Promontoria for the purpose of performing loan servicing and administration services in respect of the loans. These services include the collection of all sums due in relation to the loan and, if necessary, enforcement actions. Promontoria will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
  • With courts, regulators, law enforcement or other competent authorities as required or permitted under applicable law to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
  • With credit reference agencies and other companies for use in credit decisions, for fraud prevention and to collect debts.
  • With third parties if we sell or buy any loan, real estate or other assets or asset holding entities, including in connection with the due diligence undertaken by the prospective seller or buyer and its professional advisers.

Protection of your personal data

We take seriously the obligation to safeguard your personal data.  Your personal data held by us will be kept confidential in accordance with applicable policies and procedures. We will use all reasonable efforts to ensure that all personal data is kept secure and safe from any loss or unauthorized disclosure or use.  All reasonable efforts are made to ensure that any personal data held by us are stored in a secure and safe place, and accessed only by authorized users, and according to applicable policies and procedures.

Where we process your personal data

We may transfer your personal data to locations outside your home country in order to provide our services to you as outlined in this Privacy Notice.

This transfer may include a transfer of your personal data outside the European Economic Area (“EEA”), for example, if your personal data is transferred to CCM, it will be transferred to the United States. The level of personal data protection in countries outside the EEA may be less than that offered within the EEA. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data, in particular by entering into data transfer agreements which are in the form of EU Standard Contractual Clauses which are available  here  or ensuring that data recipients are certified under the EU-US Privacy Shield framework.

Data Retention

We will hold your personal data for at least as long as it is necessary in order to fulfil our contractual, regulatory and statutory obligations, and to provide the services, products or information you have requested and to administer your business relationship with us. If you have asked us not to communicate with you, we will hold this information as long as required to comply with your request.

Exercising your rights

Subject to certain legal conditions, you may request access to, rectification, erasure, or restriction of processing, of your personal data. You may also object to processing or request data portability. Additionally, you have the right to request a copy of the personal data that we hold about you. If your request is unfounded or excessive, we may make an administrative charge for this. Please refer to Articles 15-22 of the GDPR for details on your data protection rights.

If you have given us your consent for the processing of your personal data you can withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the personal data where there is another legal ground for the processing.

For any of the above requests, please send a description of your personal data concerned stating your name, account information, and if applicable, your date of birth as proof of identity to the contact details below. We may require additional proof of identity to protect your personal data against unauthorized access. We will carefully consider your request and may discuss with you how it can best be fulfilled.

If you have any concerns about how your personal data is handled by us or wish to raise a complaint on how we have handled your personal data, you can contact us at the contact details below to have the matter investigated. You can also complain to the competent data protection supervisory authority in your country. For example, if you are from The Netherlands, you may contact the Autoriteit Persoonsgegevens via their website (www.autoriteitpersoonsgegevens.nl). Alternatively, if you are from Ireland, you may contact the Data Protection Commission via their website (www.dataprotection.ie).

Changes to the Privacy Policy

Promontoria may make changes to this Privacy Policy from time to time. Promontoria advises you to refer to this Privacy Policy on a regular basis, so that you are aware of these changes.

Contacting Promontoria

Your loans or other assets relating to you or your organization are typically administered by a third party service provider who is acting on behalf of Promontoria. This service provider already is or, if the relevant loan or other asset  has just been acquired by Promontoria, will shortly be in contact with you. The service provider will be happy to assist you with any requests, complaints or enquiries relating to you or your organization’s business relationship with Promontoria. If you have any questions about this Privacy Policy or in case you want to assert your data protection rights, please do not hesitate to contact us.

Cerberus Global Investments B.V.

Oude Utrechtseweg 32 3743 KN Baarn

+ 31 (0)35 548 8710

dataprotection@promontoria.nl