Privacy Policy

Last updated: February 9, 2023

About this Policy

GHG B.V. (“us” or “we”) are dedicated to protecting the privacy of your personal data, which is any information relating to an identified or identifiable natural person. This Privacy Policy describes how we collect, use, store and share information we collect from or about you in connection with the product or service you have requested from us and/or the nature of your interaction with us (the “Services”) including the use of the website located at https://www.ghg.nl/  (the “Website”). Your use of certain Services offered by us may be subject to other terms and conditions or additional privacy notices. This policy also explains your rights related to how your personal data is being processed.

This Privacy Policy does not apply to the practices of companies that we do not own or control, or to people who we do not employ or manage. We cannot guarantee the confidentiality of electronic communication, and as such, you should carefully consider whether to submit sensitive information that you would not want made public, and should recognize that your use of the Services is solely at your own risk. Accordingly, please read this policy carefully to understand our practices with respect to your personal data.

Definitions

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;

‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

‘pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Name and contact details of the controller

GHG B.V.

c/o Jamestown Europe Management B.V.

39 Pilotenstraat

1059CH Amsterdam

Netherlands

GHG is managed and owned by Jamestown Europe: www.jamestownlp.com/jteu-imprint

Contact details of the data protection officer

Jamestown Europe GmbH, located in Cologne, Germany, and Jamestown Europe Management B.V., located in Amsterdam, the Netherlands, have appointed an external data protection officer who can be reached through the following contact details.

Postal:

Jamestown Europe GmbH

Attn: Data Protection Officer

Marienburger Str. 17

50968 Cologne

Germany

Email: jteu-privacy@jamestown.de

Postal:

Jamestown Europe Management B.V.

Attn: Data Protection Officer

39 Pilotenstraat

1059CH Amsterdam

Netherlands

Email: jteu-privacy@jamestown.de

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

Information Collected

In connection with your use of the Services and your interactions with us, we may collect the following information:

  • Identifiers (such as your name, address, email address, telephone number);
  • Internet or other electronic network activity information when you use our Website, property-specific mobile apps or Wi-Fi network (such as your Internet protocol address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, advertiser ID, and other device identifiers, browser type, hardware type, operating system, Internet service provider, user preferences, and information about the pages you visit, the date and time, the amount of time you spend on each page, and the links you click within the Services); and
  • Certain other information, depending on the specific product or service you have requested from us and/or the nature of your interaction with us, as further detailed below.
Tenants

When signing up for our newsletter, we will collect the following information to provide this service:

·       Email address

When you submit a request through our Website, we will collect the following information:

·       Name (first and last);

·       Email address;

·       Company and industry (if you act as a representative of a company); and

·       Information about what you are looking for in a unit and other information relating to your request.

In connection with the leasing or licensing of space in our properties, we may also collect and maintain the following personal data about prospective and current tenants:

·       Identifiers (date of birth, tax identification number);

·       Other information (financial account information, copy of government issued identification);

·       Commercial information (lease or license information, car details for parking registration);

·       Data relating to your access to our offices; and

·       Electronic, visual or similar information (including security cameras at the property).

Website Visitors and Guests of our Online services

When signing up for our newsletter, we will collect the following information to provide this service:

·       Email address

We may also collect and maintain the following personal data about visitors and guests on our online Services:

·       Aggregated, statistical and summary information of the general behavior and characteristics of users visiting or participating in our online Services.

Purposes of processing and corresponding legal basis

We collect and process such personal data where we have legal basis for doing so under applicable laws and only for specified purposes. The legal basis depends on the Services you use and how you use them. If you have consented to our use of information about you for a specific purpose, you have the right to revoke your consent at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

The purposes for which we process your personal data are the following:

  • Providing you with the Services
    Legal basis: either because the processing is necessary for the performance of a contract executed with you or because the processing is necessary for the purposes of our legitimate interests in providing the Services to you or to the company you represent;
  • Responding to your inquiries or fulfilling requests for us to contact you
    Legal basis: since the processing of your personal data is necessary for the purposes of our legitimate interests in answering to any queries submitted by clients, potential clients and the users of our Website;
  • Acting in compliance with our legal obligations, rights, and interests
    Legal basis: either because the processing is necessary for compliance with a legal obligation to which we are subject or because the processing is necessary for the purposes of our legitimate interests in protecting our rights and interests, including defending ourselves in any proceedings;
  • Sending marketing or promotional communications relating to our business, products or services to you
    Legal basis: if we have obtained your consent to send you marketing communications;
  • Preventing fraud, responding to judicial process and inquiries from the relevant authorities, and complying with applicable laws, as well as regulatory requirements
    Legal basis: either because the processing is necessary for compliance with a legal obligation to which we are subject or because the processing is necessary for the purposes of our legitimate interests in protecting the safety and security of the Services, as well as our rights and interests, including defending ourselves in any proceedings; and
  • Certain other purposes, depending on the specific product or service you have requested from us and/or the nature of your interaction with us, as further detailed below.
Tenants

We may also collect and process personal data of our tenants in connection with:

·       Maintaining logs of access badges, parking registration; and

·       Maintaining safety and security.
Legal basis: because the processing is necessary for the purposes of our legitimate interests in providing access to the building and parking, and in ensuring the safety and security of the property.

Website Visitors and Guests of our Online services

We may also collect and process the personal data of visitors and guests on our online Services in connection with:

·       Operating and improving our Services, maintaining the integrity of our network, addressing security issues, investigating or taking action regarding complaints, violations or suspected violations of law or our terms of service
Legal basis: either because the processing is necessary for compliance with a legal obligation to which we are subject or because the processing is necessary for the purposes of our legitimate interests in protecting the safety and security of the Services, as well as our rights and interests, including defending ourselves in any proceedings; and

·       Communicating with you about upcoming events or other products and services offered by us, our affiliates or others (such as tenants in our properties or providers of services to tenants or visitors in our properties) in which we believe you may have an interest
Legal basis: either because the processing is necessary for the purposes of our legitimate interests in sending these communications to you or because we have obtained your consent.

Sources of Information

We generally collect and maintain certain personal data from the following sources:

  • Information we receive from you on forms, contracts or that you otherwise submit to us;
  • Information about your transactions and interactions with us, our affiliates, and nonaffiliated third parties;
  • Information obtained from meetings and telephone conversations with you;
  • Information you provide when requesting us to contact you or respond to an inquiry;
  • Information obtained automatically about your activity on our internet sites, property-specific mobile apps, or Wi-Fi networks;
  • Information obtained from onsite security videos;
  • Information obtained from public databases;
  • Information obtained from affiliated and non-affiliated third parties;
  • Certain other information, depending on the specific product or service you have requested from us and/or the nature of your interaction with us, as further detailed below.
Tenants

We may also collect and maintain personal data of our tenants from the following sources:

·       Information we receive from you on sign-up forms for newsletters, information or events, other forms, or that you otherwise submit to us;

·       Information we receive from you on lease or license agreements, guarantees, financial statements, waivers, other forms, or that you otherwise submit to us or contracts that you enter into with us;

·       Information about your access to our offices; and

·       Information obtained from third parties, including property management, leasing brokers, third party diligence services.

Website Visitors and Guests of our Online services

We may also collect and maintain personal data of visitors and guests of our online Services from the following sources:

·       Information we receive from you on sign-up forms for newsletters, information or events, other forms, or that you otherwise submit to us; and

·       Information obtained from third parties, such as from digital marketing and public relations service providers.

Information Disclosed/Shared with Third Parties

In order to provide you with the applicable products and services or fulfill our contract with you, we may disclose such personal data to our affiliates and nonaffiliated third parties as permitted by law, for the purposes listed above, including:

  • Our affiliates and subsidiaries;
  • Service providers to our company, such as accounting, legal, payroll, and tax service providers; and
  • Other third party service providers we may engage to provide services such as analytics and marketing, advertising, communications, event management, customer service, payment processing, infrastructure and information technology services, property management services and others as appropriate.

If one of the foregoing service providers needs to access personal data to perform services on our behalf, they are only authorized to collect, use, disclose, and store the personal data as described in our contract with them, including requirements to maintain reasonable security procedures.

We do not sell your personal data to third parties, and we do not rent, or share your personal data with third parties for such third parties’ direct marketing.

Cookies

Cookies are small pieces of text that are transferred to your browser to enable our Services to recognize your device and to help us improve how our Services work.  We use first party cookies, which are served directly by us to your browser as well as third party cookies which are served by a third party. We use cookies which allow us to remember your preferences (such as your location or your preferred language) and help our Services to function properly.  We use other cookies to remember your recent searches and your interactions with certain ads and websites, and use this information to show you customized content tailored to your interests. The cookies we use include both session cookies, which are deleted after you close down your browser, and persistent cookies, which are more permanent and store certain information about your use of the Services. You can see a list of cookies assigned to each category and detailed information in the .

With your consent, we use optional tools for usage analysis, marketing purposes and to display personalized content on our Website. Your consent also includes the transfer of data to third countries that do not have a level of data protection comparable to the EU. If personal data is transferred there, there is a risk that authorities may collect and analyze it and that your data subject rights may not be enforced. You can revoke your consent to data processing and deactivate tools at any time in the .

When you enter the Website, we request your consent to the use of cookies, except if the cookies are essential to the provision of the Services or the functioning of the Website. If you decide to reject cookies that require your consent, we will accept your decision and not use such cookies. If you decide to withdraw your consent, we ensure that your withdrawal is respected when you subsequently visit the Website. Please note that you if reject non-essential cookies, you may not be able to take advantage of all the features and functionality of the Website.

You can find below detailed information on the essential cookie integrations:

  1. We use different web fonts such as myfonts.net and jtfontshost on our Website to optimize its optics and performance. Myfonts.net is operated by Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801 USA, who record your IP address to deliver the desired font file. The APIs with this provider are designed to limit the collection, storage, and use of end-user data to only what is needed to serve fonts efficiently. For more information on data processing and use, please see their privacy policy at https://www.monotype.com/legal/privacy-policy/contractual-privacy-statement and https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy.

Security

To protect your personal data from unauthorized access and use, we use security measures that comply with applicable law and industry standards.  These measures include computer safeguards and secured files and buildings.  We restrict access to personal data to those employees, affiliates, agents, and third parties who have a need to know the information to perform a business purpose.  We maintain physical, electronic, and procedural safeguards reasonably designed to protect the personal data while it is within our control.

Data Retention and Disposal

The personal data may be stored in our technology systems or those of our service providers, or in paper files.  We will delete your personal data when it is no longer reasonably required for the uses described herein, or when you withdraw your consent or request erasure, to the extent that we are not legally required or otherwise permitted to continue to hold such data.  Since we maintain our applications and systems to protect against accidental or malicious loss and destruction, residual copies of your personal data may be retained in our backup and archival systems for a limited period of time, after which the information will be automatically deleted or made unusable where deletion is not possible.

How to Access and Control your Information

We may send you marketing materials in which we believe you may have interest, and will comply with your request to stop sending any such further communications.  You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link in such email communications.

Where appropriate and where applicable by law, we shall provide you with the following individual rights with respect to your personal data:

  • The right to access– You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, request copies of your personal data. Exceptionally, we may charge you a small fee for this service, if we consider that your request is manifestly unfounded or excessive.
  • The right to rectification– You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
  • The right to erasure– You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing– You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing– You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability– You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to not be subjected to automated decision making – We do not subject you to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • The right to lodge a complaint – You have the right to lodge a complaint with supervisory authorities regarding the processing of your personal data. Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the appropriate supervisory authority as follows:

The supervisory authority responsible Jamestown Europe Management B.V. is:

Autoriteit Persoonsgegevens

PO Box 93374

2509 AJ Den Haag

Phone: +31 70 888 85-00

Fax: +31 70 888 85-01

Email: info(at)autoriteitpersoonsgegevens.nl

You can exercise your rights with respect to your personal data by contacting us via email or postal through the contact details shown at the beginning of policy. To the extent we are processing the personal data based on your consent, you may withdraw such consent at any time, provided that such personal data is not required by a legal obligation.  You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link in such email communications.

We require certain information to provide our Services to you. For example, we must collect certain personal data from investors, tenants and vendors to comply with legal obligations.  We also require certain personal data to provide you with access to certain websites, apps and networks.  If you do not wish to share such required personal data, we may not be able to provide you with certain Services.

International Data Transfers

We have personnel and affiliates internationally, including in the United States, which means Information we collect is processed by us in the U.S., where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the European Union. When transferring data outside of the European Union, we endeavor to apply suitable safeguards to protect the privacy and security of your personal data, such as by enter into data processing agreements and model clauses whenever feasible and appropriate.

settings
Changes to Policy

We may periodically modify this Privacy Policy and will promptly post an updated Privacy Policy on https://ghg.nl/privacy-policy/ showing the date of the update.  Please check regularly for the most recent version of our Privacy Policy. If you disagree with any changes made to this Privacy Policy you will need to stop using the Services.  We will keep prior versions of this policy which you may request via email to jteu-privacy@jamestown.de.

We may periodically modify this Privacy Policy and will promptly post an updated Privacy Policy on https://ghg.nl/privacy-policy/ showing the date of the update.  Please check regularly for the most recent version of our Privacy Policy. If you disagree with any changes made to this Privacy Policy you will need to stop using the Services.  We will keep prior versions of this policy which you may request via email to jteu-privacy@jamestown.de.