EU Data Protection Policy

Heitman LLC is a Delaware limited liability company that is headquartered in Chicago. It has operating affiliates located in various regions throughout the world, including the European Union. This Privacy Notice (“Notice”) applies to Heitman LLC and its affiliates collectively referred to as “Heitman”, “we”, “us”, and “our”.

This Notice describes the types of personal data we may collect from you or that you may provide, the legal basis for processing, and how we use your personal data to provide products and services to you.

We collect certain personal data which you may be personally identified directly or indirectly. This may include your name, address, email address, and other information. We collect personal data directly from you, for example, when you use our website, inquire about products or services, or apply for a job. The types of personal data collected will depend on the purpose for which is collected.

Where we provide our services or products to entities, such as corporations, pensions, or trusts, we collect personal data for individuals connected with those entities, such as directors, trustees, or beneficiaries.

We may revise this Notice at any time by amending this page without notice to you. You should check this page from time to time to take notice of any changes and to see the current Privacy Notice that is in effect.

Information we collect through our website:
Contact Form:
When you fill out the contact form on our website, we collect contact Information, including your name, company, phone number, email address, and any other information you may provide that could be considered personal data. We use this data to respond to inquiries and messages. We may also use this information to provide communications which we think will be of relevance to you.

Job Application:
If you apply for a position with us, you may provide us with information about yourself, such as your full name, date of birth, education and qualification details, photograph, home address and telephone number, mobile telephone number and other details set out in your application and CV.

Cookies:
Cookies are small text files that may be stored on your computer or other device when you visit a website. Generally, cookies are used to help websites recognize a user that has previously visited the website, such as remembering the user’s language preference. Most web browsers accept cookies automatically; however, you may have the ability to set your browser to warn you before accepting cookies, or set it to refuse them. For more information about cookies, including how to set your internet browser to refuse cookies, please go to www.allaboutcookies.org.

Disabling cookies may impact your experience on our website.

We may use cookies to:

  • distinguish different users;
  • improve the use and functionality of our website;
  • retain your language preference for future visits;
  • analyze how our website is used and compile anonymous and aggregate statistics

Cookie information provided to aid in the reporting of user behavior is used to analyze and provide an improved user experience. We also use third party cookies provided on behalf of trusted third party service providers, such as Google Analytics, to help us analyze the use of our website. Google Analytics generates statistical information about our website use through cookies, which are store by users’ internet browsers on their computer. For more information about Google’s use of information collected from Google Analytics, click here.

Other than through our website:
Services:
We may also collect personal data from you in the course of providing services to you. This may be to perform our contract with you and to support and maintain that relationship. Additionally, some services require us to collect and process personal data because we are legally required to do so, such as to confirm your identity for Anti-Money Laundering (“AML”) or other regulatory purposes.

Other Sources:
We may collect personal data about you via other sources, such as when you meet with us or request business materials or proposals from us. In addition, we may receive personal data not provided directly from you from public databases, the entity we provide services to, and from other sources.

We collect and use personal data from you for specific business purposes included above, which are in our legitimate interests. Please note that any personal data we may collect to meet our legal and regulatory obligations related to AML and counter-terrorist financing is processed only for those purposes, unless otherwise agreed. We may (but usually do not) rely on other grounds for processing your personal data, including consent (which you may withdraw at any time by contacting us below) or for the performance of a contract.

From time to time, you may receive marketing or other information from us in relation to our products and services. We pay careful attention to make sure that we only send you relevant and useful content, and most of our messages will provide you with the option to unsubscribe if you are not interested in receiving more communications. We would like to continue to share this content with you. If you would rather not receive information from us or would like to be taken off our database, just let us know by contacting us using the information set out below.

Your personal data may be shared with other service providers:
Your personal data may be collected and processed for the purposes above by any of the Heitman entities or by a third-party service provider engaged by us for these purposes, such as regulatory or government agencies and entities that provide marketing or investment administration services. These entities and service providers will differ based on the services that are being provided and may be based in countries outside of the European Economic Area (“EEA”) that may have different standards of protection for personal data. Recipients will be made subject to conditions of confidentiality, security, and any other means to protect your information in accordance with applicable data protection laws.

Security:
Heitman has instituted physical and electronic policies, practices, and systems designed to safeguard such information from unauthorized access and/or disclosure. Heitman will never sell your personal information to anyone, nor will Heitman ever disclose any personal information unless one of the following conditions is met: Heitman receives your prior written authorization, consent, or direction to disclose the information to the recipient; or Heitman is either permitted or required by law to disclose the information to the recipient. To protect your personal and non-public information from unauthorized access and/or disclosure, Heitman limits access to those Heitman employees who require such information in order to perform their job duties.

How long personal data is retained:
We will retain personal data for as long as necessary or as permitted by the purpose(s) for which it was collected. The retention period may be determined by the length of time of an ongoing relationship with a client, the length of time services are provided, and/or whether there is a legal or regulatory obligation to which we are subject. Personal data will be securely disposed of when it is no longer required in accordance with our record retention policies.

Data transfers:
Personal data which you provide to us may be stored and processed in any country where we have offices or where we retain third-party service providers. As such, personal data may be transferred to countries outside of the country in which the personal data was first provided. Where these countries have not been considered to provide an adequate level of data protection by the European Commission, we have put in place adequate measures, such as standard contractual clauses and/or any other measures that have been adopted by the European Commission, to protect personal data. A copy of these measures are available here.

Transfers may also be carried out pursuant to your interests or at your request.

Your rights:
Under applicable data protection law, and subject to certain limitations on certain rights, you may contact us using the details below to:

  • Request access to your personal data and/or to provide your personal data in a structured, commonly used and machine-readable format
  • Request to update or correct your personal data
  • Request to delete your personal data
  • Request to restrict our use of your personal data
  • Object to the processing of your personal data and/or object to automated decision making and profiling
  • Withdraw your consent at any time where we rely on consent to use or process your personal data

More information about your data protection rights can be found by contacting the Information Commissioner’s Office (“ICO”) or other relevant data protection authority or by accessing the following website: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.

Contacting us:
If you have questions about this Notice or if you wish to exercise your data protection rights, change your preferences to receive marketing communications, or update or correct your personal data, please contact us as set out below. You also have the right to lodge a complaint with the competent data protection supervisory authority in the relevant Member State (e.g., the place where you reside or of an alleged infringement of the GDPR).

Data Protection Officer:
Attn Data Protection Officer
Heitman LLC
191 N Wacker Drive
Suite 2500
Chicago, IL 60640

E:  GDPR@heitman.com
T:  +1 312-855-5700