This notice sets out the privacy practices of Colliers International Luxembourg (“Colliers”) with respect to the personal data of clients of Colliers (“Clients”). This notice only applies to Clients located in the European Economic Area (the “EEA”). Colliers is considered a data controller (i.e. the company who is responsible for, and controls the processing of, Client personal data) with respect to the specific Client. Contact details for Colliers are set out below.
Data That May Be Collected.
Colliers will process personal data including Client personal data in accordance with applicable privacy and data protection laws and regulations (“Data Protection Requirements”). Colliers may collect certain personal data with respect to Clients, for example, first name, last name, contact details (email address, telephone number and residential address), in case of individuals, or company name, company address, company telephone number, first and last name and contact details of Colliers contact, in case of entities together with financial, including bank account details and any other such related information in accordance with applicable laws.
Use of Client Personal Data.
Colliers will use Client personal data during the course of business for tasks such as property finance and asset management and management of messaging and address books, Colliers may also use Client personal data to communicate with Clients and inform Clients of property updates and client seminars, for instance, and respond to court orders and legal investigations. The provision of personal data by a Client may be necessary in order for Colliers to provide that Client with the requested services, for the performance of any contractual relationship with that Client and for other purposes as set out in this notice where in Colliers’ legitimate interests. Colliers may also require personal data to satisfy legal and regulatory requirements.
Disclosure to Certain Third Parties.
Client personal data may be disclosed to the extent necessary for the above purposes to the following recipients, subject to any local Data Protection
Requirements: (i) to its affiliates and service providers; (ii) to fraud prevention agencies and law enforcement agencies; (iii) to courts, governmental and non-governmental regulators, tax authorities and ombudsman; (iv) to any third party that acquires, or is interested in acquiring all or part of its business, whether by merger, acquisition, reorganization or otherwise; or (v) as required or permitted by law, including to comply with a subpoena or similar legal process or government request, or when Colliers believes in good faith that disclosure is legally required or Colliers has a legitimate interest in making a disclosure, such as where necessary to protect Colliers’ rights and property.
Transfer of Client Personal Data outside the European Economic Area.
Given the global nature of Colliers’ business, Colliers will, for the above listed purposes, transfer Client personal data to other Colliers entities, or to other recipients as referred to above, that are located in countries outside the European Economic Area (the “EEA”) and which are not considered by the European Commission to provide an adequate level of data protection.
Client personal data will only be transferred from the EEA and the Switzerland to a recipient in a country which is not considered to provide an adequate level of data protection when the transfer is in compliance with applicable Data Protection Requirements.
Security and Retention.
Colliers will take reasonable steps to protect Client personal data against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held. We will keep Client personal data for so long as required to keep such data for the applicable purpose it is being used for and until such time as the limitation period for any potential legal claims may expire.
Rights of Clients.
Clients may have certain rights under Data Protection Requirements which may be subject to limitations and/or restrictions. These include the right to: (i) request access to and rectification or erasure of their Client personal data; (ii) obtain restriction of processing or to object to the processing of their Client personal data; and (iii) data portability. Clients who wish to exercise any of these rights should contact us at: firstname.lastname@example.org