Privacy Policy
Last updated: June 6, 2023
PRIVACY POLICY
About this Policy
GHG B.V. (“us” or “we”) are dedicated to protecting the privacy of your personal data, which is any information relating to an identified or identifiable natural person. This Privacy Policy describes how we collect, use, store and share information we collect from or about you in connection with the product or service you have requested from us and/or the nature of your interaction with us (the “Services”) including the use of the website located at https://www.ghg.nl/ (the “Website”). Your use of certain Services offered by us may be subject to other terms and conditions or additional privacy notices. This policy also explains your rights related to how your personal data is being processed.
This Privacy Policy does not apply to the practices of companies that we do not own or control, or to people who we do not employ or manage. We cannot guarantee the confidentiality of electronic communication, and as such, you should carefully consider whether to submit sensitive information that you would not want made public, and should recognize that your use of the Services is solely at your own risk. Accordingly, please read this policy carefully to understand our practices with respect to your personal data.
Definitions
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
‘pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Name and contact details of the controller
GHG B.V.
c/o Jamestown Europe Management B.V.
39 Pilotenstraat
1059CH Amsterdam
Netherlands
GHG is managed and owned by Jamestown Europe: www.jamestownlp.com/jteu-imprint
Contact details of the data protection officer
Jamestown Europe GmbH, located in Cologne, Germany, and Jamestown Europe Management B.V., located in Amsterdam, the Netherlands, have appointed an external data protection officer who can be reached through the following contact details.
Postal:
Jamestown Europe GmbH
Attn: Data Protection Officer
Marienburger Str. 17
50968 Cologne
Germany
Email: jteu-privacy@jamestown.de
Postal:
Jamestown Europe Management B.V.
Attn: Data Protection Officer
39 Pilotenstraat
1059CH Amsterdam
Netherlands
Email: jteu-privacy@jamestown.de
Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
Information Collected
In connection with your use of the Services and your interactions with us, we may collect the following information:
- Identifiers (such as your name, address, email address, telephone number);
- Internet or other electronic network activity information when you use our Website, property-specific mobile apps or Wi-Fi network (such as your Internet protocol address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, advertiser ID, and other device identifiers, browser type, hardware type, operating system, Internet service provider, user preferences, and information about the pages you visit, the date and time, the amount of time you spend on each page, and the links you click within the Services); and
- Certain other information, depending on the specific product or service you have requested from us and/or the nature of your interaction with us, as further detailed below.
| Tenants | When signing up for our newsletter, we will collect the following information to provide this service:
|
When you submit a request through our Website, we will collect the following information:
| |
In connection with the leasing or licensing of space in our properties, we may also collect and maintain the following personal data about prospective and current tenants:
| |
| Website Visitors and Guests of our Online services | When signing up for our newsletter, we will collect the following information to provide this service:
|
When subscribing to receive updates about events at the property, we will collect the following information to provide this service:
| |
We may also collect and maintain the following personal data about visitors and guests on our online Services:
|
Purposes of processing and corresponding legal basis
We collect and process such personal data where we have legal basis for doing so under applicable laws and only for specified purposes. The legal basis depends on the Services you use and how you use them. If you have consented to our use of information about you for a specific purpose, you have the right to revoke your consent at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
The purposes for which we process your personal data are the following:
- Providing you with the Services
Legal basis: either because the processing is necessary for the performance of a contract executed with you or because the processing is necessary for the purposes of our legitimate interests in providing the Services to you or to the company you represent;
- Responding to your inquiries or fulfilling requests for us to contact you
Legal basis: since the processing of your personal data is necessary for the purposes of our legitimate interests in answering to any queries submitted by clients, potential clients and the users of our Website; - Acting in compliance with our legal obligations, rights, and interests
Legal basis: either because the processing is necessary for compliance with a legal obligation to which we are subject or because the processing is necessary for the purposes of our legitimate interests in protecting our rights and interests, including defending ourselves in any proceedings; - Sending marketing or promotional communications relating to our business, products or services to you
Legal basis: if we have obtained your consent to send you marketing communications; - Preventing fraud, responding to judicial process and inquiries from the relevant authorities, and complying with applicable laws, as well as regulatory requirements
Legal basis: either because the processing is necessary for compliance with a legal obligation to which we are subject or because the processing is necessary for the purposes of our legitimate interests in protecting the safety and security of the Services, as well as our rights and interests, including defending ourselves in any proceedings; and - Certain other purposes, depending on the specific product or service you have requested from us and/or the nature of your interaction with us, as further detailed below.
| Tenants | We may also collect and process personal data of our tenants in connection with:
|
| Website Visitors and Guests of our Online services | We may also collect and process the personal data of visitors and guests on our online Services in connection with:
|
Sources of Information
We generally collect and maintain certain personal data from the following sources:
- Information we receive from you on forms, contracts or that you otherwise submit to us;
- Information about your transactions and interactions with us, our affiliates, and nonaffiliated third parties;
- Information obtained from meetings and telephone conversations with you;
- Information you provide when requesting us to contact you or respond to an inquiry;
- Information obtained automatically about your activity on our internet sites, property-specific mobile apps, or Wi-Fi networks;
- Information obtained from onsite security videos;
- Information obtained from public databases;
- Information obtained from affiliated and non-affiliated third parties;
- Certain other information, depending on the specific product or service you have requested from us and/or the nature of your interaction with us, as further detailed below.
| Tenants | We may also collect and maintain personal data of our tenants from the following sources:
|
| Website Visitors and Guests of our Online services | We may also collect and maintain personal data of visitors and guests of our online Services from the following sources:
|
Information Disclosed/Shared with Third Parties
In order to provide you with the applicable products and services or fulfill our contract with you, we may disclose such personal data to our affiliates and nonaffiliated third parties as permitted by law, for the purposes listed above, including:
- Our affiliates and subsidiaries;
- Service providers to our company, such as accounting, legal, payroll, and tax service providers; and
- Other third party service providers we may engage to provide services such as analytics and marketing, advertising, communications, event management, customer service, payment processing, infrastructure and information technology services, property management services and others as appropriate.
If one of the foregoing service providers needs to access personal data to perform services on our behalf, they are only authorized to collect, use, disclose, and store the personal data as described in our contract with them, including requirements to maintain reasonable security procedures.
We do not sell your personal data to third parties, and we do not rent, or share your personal data with third parties for such third parties’ direct marketing.
Cookies
Cookies are small pieces of text that are transferred to your browser to enable our Services to recognize your device and to help us improve how our Services work. We use first party cookies, which are served directly by us to your browser as well as third party cookies which are served by a third party. We use cookies which allow us to remember your preferences (such as your location or your preferred language) and help our Services to function properly. We use other cookies to remember your recent searches and your interactions with certain ads and websites, and use this information to show you customized content tailored to your interests. The cookies we use include both session cookies, which are deleted after you close down your browser, and persistent cookies, which are more permanent and store certain information about your use of the Services. You can see a list of cookies assigned to each category and detailed information in the cookie declaration.
With your consent, we use optional tools for usage analysis, marketing purposes and to display personalized content on our Website. Your consent also includes the transfer of data to third countries that do not have a level of data protection comparable to the EU. If personal data is transferred there, there is a risk that authorities may collect and analyze it and that your data subject rights may not be enforced. You can revoke your consent to data processing and deactivate tools at any time in the
When you enter the Website, we request your consent to the use of cookies, except if the cookies are essential to the provision of the Services or the functioning of the Website. If you decide to reject cookies that require your consent, we will accept your decision and not use such cookies. If you decide to withdraw your consent, we ensure that your withdrawal is respected when you subsequently visit the Website. Please note that you if reject non-essential cookies, you may not be able to take advantage of all the features and functionality of the Website.
You can find below detailed information on the essential cookie integrations:
- We have integrated the Google Analytics pixel (with anonymization function) on our Website.
Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to Website. A web analysis service collects, among other things, data on which website a data subject came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. A web analysis is mainly used for the optimization of a website and for the cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We use the add-on “gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the person concerned is shortened and anonymized by Google if access to our Website is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
Google Analytics sets a cookie on the information technology system of the data subject. With your consent to the cookie setting for statistical purposes, Google is enabled to analyze the use of our Website. Each time you call up one of the individual pages of this Website operated by Jamestown on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically triggered by the respective Google Analytics component to transmit statistical data to Google for the purpose of online analysis. With your consent of the cookie setting for personalized purposes, the transfer of data to Google Analytics is also used to play out personalized content. As part of this technical procedure, Google obtains knowledge of personal data, such as the anonymized IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.
By means of the cookie, some personal information, such as the access time, the place from which an access originated and the frequency of visits to our Website by the data subject, is stored. Each time our Website is visited, this personal data is transmitted to Google in the United States of America. Google may pass on this personal data to third parties.
Further information and the applicable data protection provisions of Google can be found at https://policies.google.com/privacy and https://www.google.com/analytics/terms/de.html.
- We use different web fonts such as myfonts.net and jtfontshost on our Website to optimize its optics and performance. Myfonts.net is operated by Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801 USA, who record your IP address to deliver the desired font file. The APIs with this provider are designed to limit the collection, storage, and use of end-user data to only what is needed to serve fonts efficiently. For more information on data processing and use, please see their privacy policy at https://www.monotype.com/legal/privacy-policy/contractual-privacy-statement and https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy.
Security
To protect your personal data from unauthorized access and use, we use security measures that comply with applicable law and industry standards. These measures include computer safeguards and secured files and buildings. We restrict access to personal data to those employees, affiliates, agents, and third parties who have a need to know the information to perform a business purpose. We maintain physical, electronic, and procedural safeguards reasonably designed to protect the personal data while it is within our control.
Data Retention and Disposal
The personal data may be stored in our technology systems or those of our service providers, or in paper files. We will delete your personal data when it is no longer reasonably required for the uses described herein, or when you withdraw your consent or request erasure, to the extent that we are not legally required or otherwise permitted to continue to hold such data. Since we maintain our applications and systems to protect against accidental or malicious loss and destruction, residual copies of your personal data may be retained in our backup and archival systems for a limited period of time, after which the information will be automatically deleted or made unusable where deletion is not possible.
How to Access and Control your Information
We may send you marketing materials in which we believe you may have interest, and will comply with your request to stop sending any such further communications. You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link in such email communications.
Where appropriate and where applicable by law, we shall provide you with the following individual rights with respect to your personal data:
- The right to access – You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, request copies of your personal data. Exceptionally, we may charge you a small fee for this service, if we consider that your request is manifestly unfounded or excessive.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The right to not be subjected to automated decision making – We do not subject you to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- The right to lodge a complaint – You have the right to lodge a complaint with supervisory authorities regarding the processing of your personal data. Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the appropriate supervisory authority as follows:
The supervisory authority responsible Jamestown Europe Management B.V. is:
Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ Den Haag
Phone: +31 70 888 85-00
Fax: +31 70 888 85-01
Email: info(at)autoriteitpersoonsgegevens.nl
You can exercise your rights with respect to your personal data by contacting us via email or postal through the contact details shown at the beginning of policy. To the extent we are processing the personal data based on your consent, you may withdraw such consent at any time, provided that such personal data is not required by a legal obligation. You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link in such email communications.
We require certain information to provide our Services to you. For example, we must collect certain personal data from investors, tenants and vendors to comply with legal obligations. We also require certain personal data to provide you with access to certain websites, apps and networks. If you do not wish to share such required personal data, we may not be able to provide you with certain Services.
International Data Transfers
We have personnel and affiliates internationally, including in the United States, which means Information we collect is processed by us in the U.S., where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the European Union. When transferring data outside of the European Union, we endeavor to apply suitable safeguards to protect the privacy and security of your personal data, such as by enter into data processing agreements and model clauses whenever feasible and appropriate.
With your consent, we use optional tools for usage analysis, marketing purposes and to display personalized content on our Website. Your explicit consent may be requested to the transfer of data to third countries that do not have a level of data protection comparable to the EU. If personal data is transferred there, there is a risk that authorities may collect and analyze it and that your data subject rights may not be enforced. You can revoke your consent to data processing and deactivate tools at any time in the
Changes to Policy
We may periodically modify this Privacy Policy and will promptly post an updated Privacy Policy on https://ghg.nl/privacy-policy showing the date of the update. Please check regularly for the most recent version of our Privacy Policy. If you disagree with any changes made to this Privacy Policy you will need to stop using the Services. We will keep prior versions of this policy which you may request via email to jteu-privacy@jamestown.de.
