Client and Vendor Privacy Notice
Introduction
SF Management is committed to processing
personal information (“PI”), including sensitive personal information (“SPI”),
in accordance with all applicable privacy and data protection laws.
This Privacy Notice sets out the purposes for
which we collect, use and disclose (collectively “processing”) PI and how it is
protected. It also sets out individuals’ rights in relation to the processing
of their PI.
There may be additional terms, conditions and
commitments that also govern how we collect, use and disclose your PI, which
should be read in conjunction with this Privacy Notice.
Contact information
If you have any questions about how we process
your personal information, you can contact us at:
CVR: 38757946
Kalvebod Brygge39, 4th floor
DK-1560 København V
PI we collect
and process
SF Management acts as the data controller for
the personal data we collect and process. SF Management is responsible for
ensuring that your information is processed in compliance with relevant data
protection laws.
PI is information relating to an individual,
which can be used either alone or with other sources of information to identify
that individual. PI does not include information where the identity of the
individual or the specific detail of the information has been removed and is
therefore anonymous. SPI is a sub-category of PI that includes PI relating to
race or ethnicity, religious or philosophical beliefs, sex life, sexual
orientation, political opinions, trade union membership, information about
health and genetic and biometric data.
Unless we
otherwise indicate that the provision of specific PI is optional, any PI we
request is necessary for us to provide you or your organization or entity with
the services requested. If you do not provide the PI requested, we may not be
able to provide those services.
The nature of the information that we collect
will depend on the services we provide and our relationship with you. We may
collect the following types of PI. Please note that the PI listed for each category are non-exhaustive
examples.
Clients, Representatives and Beneficial Owners
Individuals whose PI is processed by SF Management, including clients with direct or indirect relationships (such as those who invest through an intermediary); employees, contingent workers, officers, agents (together “Representatives”); and beneficial owners of an organization or entity in connection with:
· the provision of services to potential and actual clients;
· transactions to which we are party (including those which we effect on behalf of clients); or
· services provided to us by a third-party vendor.
The purpose of
processing this data is managing our relationship, fulfilling contractual
obligations, and ensuring compliance with regulatory requirements. This
includes processing your identification data, contact details, financial
information, and, in some cases, your social security number or national
identification number for due diligence purposes.
Where we provide you with access to our
Investorweb Systems, the purpose of processing your data is to manage and
protect our business, including improving data security, troubleshooting data
and systems, system maintenance and testing, and data hosting
The legal
basis for processing the data of clients, representatives and beneficial owners
includes fulfilling our contractual obligations and administrating our
relation, cf. GDPR art. 6(1)(b), complying with our legal obligations,
including anti-money laundering and anti-terrorism obligations, cf. GDPR art. 6(1)(c),
and our legitimate interest in maintaining business integrity, cf. GDPR art.
6(1)(f). Processing of your confidential personal data is on the legal basis on
Databeskyttelseslovens §11 (2).
We will process your PI for as long as is
necessary to fulfil the purpose for which it was collected or to comply with
legal, regulatory, accounting, reporting, internal policy requirements or for
the establishment or defense of legal claims. Typically, the retention period of client-related data
runs until the end of our contractual relationship. However, it may vary, based
on the purpose and type of data. Accounting records are maintained for 5 years
after the post has been recorded, in compliance with the Accounting Act
(Danish, LBK. 648 af 15/06/2006).
Tenants
If you are a
tenant in one of the properties managed by SF Management, we collect and
process your PI to administer your tenancy and comply with legal and
contractual obligations. This includes processing of your identification data,
contact details, financial information, and, in some cases, your social
security number.
The legal
basis for processing tenant data includes contractual necessity, cf. GDPR art. 6(1)(b),
compliance with legal obligations such as anti-money laundering, cf. GDPR art. 6(1)(c)
and pursuing SF Management’s legitimate interest in administrating our
relation, cf. GDPR art. 6(1)(f). The processing of your confidential personal
data is on the legal basis on Databeskyttelseslovens §11 (2).
We will process your PI for as long as is
necessary to fulfil the purpose for which it was collected or to comply with
legal, regulatory, accounting, reporting, internal policy requirements or for
the establishment or defense of legal claims. The data retention period for tenants is typically 5
years after the end of our contractual relation.
Job applicants
When you apply
for a position at SF Management, we process your personal data as part of our
recruitment process. This includes your identification details, contact
information, CV, cover letter, references and any other relevant documents you
provide.
The purpose of
processing this data is to assess your qualifications, contact you about your
application, and to manage our hiring process.
The legal
basis for processing job applicant data is our legitimate interest in selecting
suitable candidates, cf. GDPR art. 6(1)(f). Where applicable job applicants can
consent to retention of their application data beyond the recruitment process,
cf. GDPR art. 6(1)(a). In cases where we collect references from previous
employers, the legal basis is GDPR art. 6(1)(a).
The retention
period for application data is 6 months, unless the applicant consents to an
extended retention period.
Website
visitors
When you visit our website, we may collect certain
data to ensure the security and functionality of the site. This includes
technical data such as your IP address, browser type, operating system, and
interaction with the site.
The purpose of processing our website visitor’s data
is to maintain website security, improve user experience, and ensure compliance
with our regulatory obligations.
The legal basis for processing this data is SF
Management’s legitimate interest in the administration of the website, cf. GDPR
art. 6(1)(f). SF Management does not use third-party tracking cookies for
marketing purposes unless explicit content is provided.
The retention period for website data is typically 1
year, before it gets deleted or anonymized.
To whom we disclose your PI
In connection with one or more of the purposes outlined in the section ‘PI we collect and process’ above, we may disclose PI to:
· professional advisors, third parties, agents or independent contractors that provide services to SF Management (such as IT systems providers, platform providers, financial advisors, brokers, consultants (including lawyers and accountants);
· goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them); intermediaries, brokers, and other individuals and entities that partner with us;
· competent authorities (including any national and/or international regulatory or enforcement body, agency, court or other form of tribunal or tax authority) or their agents where we are required or allowed to do so under applicable law or regulation;
· a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of SF Managements business or companies under asset management;
· any person to whom disclosure is allowed or required by local or foreign law, regulation or any other applicable instrument.
We do not
share or sell your PI to third parties for the third party to use for their own
marketing or other purposes.
Accuracy and Maintenance of Personal Information
To ensure
that the PI we process is accurate and up-to-date, we ask that you inform us of
any changes to your information as soon as possible.
Tenants may
inform us about their updated details by contacting us at udlejning@sf-m.dk.
Otherwise, you can contact us at info@sf-management.dk.
If we
become aware of inaccuracies in the data we hold, we will take steps to correct
it. Maintaining accurate data is essential for ensuring compliance with our
contractual obligations and regulatory requirements.
PI security
We retain
PI only as long as necessary for its intended purpose. We use a range of
physical, electronic and managerial measures to ensure a level of security
appropriate to the risk of PI processing, in compliance with GDPR art. 32.
The
security of data transmitted over the internet (including by e-mail) cannot be
guaranteed and carries the risk of access and interception. You should not send
us any PI by open/unsecure channels over the internet. We endeavor to protect
personal information but cannot guarantee the security of data transmitted to
us or by us.
Data may be
shared with service providers, regulatory authorities, and potential business
partners under strict confidentiality agreements. If data is shared outside the
EU/EEA, we ensure appropriate safeguards, such as Standard Contractual Clauses
(SCCs), in accordance with GDPR art. 46(2)(c).
Your rights
In certain
circumstances you may have the following rights in relation to the processing
of your PI:
Access
To request
a copy of the PI we process in relation to you and to be informed about how we
use and share your PI.
Object
To object
to the processing of your PI if (i) we are processing your PI on the grounds of
legitimate interest or for the performance of a task in public interest
(including profiling); or (ii) if we are processing your PI for direct
marketing purposes.
Correction
To request
that we update the PI we process in relation to you, or to correct PI that you
think is incorrect or incomplete.
Erasure
To ask that
we delete PI that we process in relation to you where we do not have a legal or
regulatory obligation or other valid reason to continue to process it.
Restriction
To request
that we restrict the way in which we process your PI, for example, if you
dispute the accuracy of your PI or have raised an objection which is under
consideration.
Portability
To request
a copy of your PI that you have provided to us in a commonly used electronic
format.
We may need
to request specific information from you to help us confirm your identity and
ensure your right to access the PI requested, or to exercise any of your other
rights. This is to ensure that PI is not disclosed to any person who does not
have authority to receive it. We may also request further information in
relation to your request to help us to locate the PI processed in relation to
you, including, for example, the nature and location of your relationship with
us.
We will
respond to all legitimate requests in line with the timescales set out in
applicable law.
If you have
concerns about our processing of your data, please contact us. Our contact
information is listed within the ‘introduction’ section above.
If you are
unsatisfied with our response, you have the right to file a complaint with Datatilsynet.
Changes to this Privacy Notice
We may
modify or amend this Privacy Notice from time to time and you are advised to
visit our website regularly to check for any amendments. Any material changes
will be communicated to you through an appropriate channel, depending on how we
normally communicate with you.
Copenhagen,
01-03-2025.