Global Data Protection Notice

Your privacy is very important to us. This notice (this “Privacy Notice”) is provided by Madison International Realty Holdings, LLC (hereinafter jointly referred to as “Madison” or “We” or “Firm”) and sets forth the policies of the Firm with respect to the collection, sharing and protection of your Personal Data when visiting the web pages under www.madisonint.com. Please read this Privacy Notice carefully to understand what we do.

We collect personal information when you visit the web pages under www.madisonint.com. We also may collect your personal information from other sources, such as affiliates. As noted, we may share your personal information with our affiliates to market to you. You may prevent this type of sharing by emailing us at [email protected].

To protect your personal information from unauthorized access and use, we use security measures that comply with applicable law. These measures include computer safeguards and secured files and buildings.

If you have any questions about this Privacy Notice, email us at [email protected].

General Information

We treat Personal Data in accordance to comply with the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”), the UK Data Protection Act 2018 (“DPA”), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data (United Kingdom General Data Protection Regulation) (together with the DPA, “UK DPR”), the California Consumer Privacy Act of 2018 (the “CCPA”), Personal Data Protection Act 2012 (2020 Revised Edition, as amended) (“PDPA”), and the Data Protection Notice Under the Cayman Islands Data Protection (“CIDP”) Law of 2017.

To help you understand this Global Data Protection Notice, We have provided 1. General Information that applies to any Processing of Personal Data, as well as 2. Specific Information about the Processing of Personal Data when you visit our website, followed by 3. Specific information for California Residents, and 4. Information that may be required under US law for certain Processing.

Definitions

”Controller” means the entity that alone or jointly with others determines the purposes and means of the Processing of Personal Data.

“Data Protection Legislations” means all applicable laws and regulations relating to Personal Data protection or privacy laws, of any jurisdiction, that apply to the Processing of Personal Data including, where applicable, the EU GDPR, UK DPR, PDPA, CCPA, and CIDP;

“Data Subject” means the identified or identifiable individual to whom Personal Data relates.

“Personal Data” means any information relating to a Data Subject that is Processed including where applicable Personally Identifiable Information as described in US privacy law and information security, as information that can be used on its own or with other
information to identify, contact, or locate a single person, or to identify an individual in context.

“Process” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor” means the entity which Processes Personal Data on behalf of the Controller.

Controller

We at Madison are responsible for the Processing of your Personal Data under the applicable Data Protection Legislations.

In the European Union (EU)/ European Economic Area (EEA) We are represented within the meaning of Art. 27 GDPR by:

Madison International Realty GmbH
Taunusanlage 11, 60329 Frankfurt am Main, Deutschland
Tel.: +49 (0) 69 25 66 971 0
Fax: +49 (0) 69 25 66 971 11
E-Mail: [email protected]

In the United Kingdom, we are represented within the meaning of Art. 27 UK GDPR by:

Madison International Realty UK Ltd
53/54 Grosvenor Street, London W1K 3HU, United Kingdom
Tel.: +44 (0) 208 068 1070
E-Mail: [email protected]

In all additional jurisdictions, Madison is represented by:

Madison International Realty Holdings, LLC
300 Park Avenue, 3rd Floor, New York, NY 10019, United States
Tel.: +1 (212) 688 8777
E-Mail: [email protected]

Disclosure of Personal Data

Your Personal Data will not be transferred to third parties for purposes other than those
listed below. We transfer your Personal Data that We have collected via this website to third
parties only if:

  • you have given your express consent for such a transfer in accordance with Art. 6 para. 1 lit a GDPR
  • the transfer is necessary in accordance with Art. 6 para. 1 lit. f GDPR for the establishment, exercise or defense of claims under the law and there is no reason to assume that you have a justified overriding interest in not allowing your data to be transferred
  • if We are legally obligated to transfer the data in accordance with Art. 6 para. 1 lit. c GDPR
  • the transfer is permitted by law and in accordance with Art. 6 para. 1 lit. b GDPR for the handling of contractual relationships with you

Cross-Border Transfer

As part of our business relationships, We may transfer your Personal Data to third countries outside the EU, EEA, Cayman Islands, and US.

If the country of residence of a recipient of your Personal Data has been declared as a potential risk, We will ensure that an adequate level of data protection is established in the recipient country before your Personal Data is transferred. This means that a level of data protection comparable to the standards under the laws of the applicable Data Protection Legislations and is achieved through the standard data protection contracts of those Data Protection Legislations (including additional security measures, if necessary).

Your Rights as a Data Subject

EU GDPR/UK GDPR

As a Data Subject, you have the right to:

  • under Art. 15 GDPR to request information concerning your Personal Data Processed by us. In particular, you can request information on the purpose of the Processing, the categories of Personal Data, the categories of recipients to whom your Personal Data has been or will be disclosed, the planned length of time the Personal Data will be retained, your right to the correction, erasure, restriction of Processing, your right to contest, your right to file a complaint, the origin of your data if it was not originally collected by us, and the potential existence of automated decision-making, including profiling, and, if so, reliable information on the details of such Processes
  • under Art. 16 GDPR to demand the immediate correction of incorrect or incomplete Personal Data retained by us
  • under Art. 17 GDPR to demand the erasure of your Personal Data retained by us, unless the Processing of this data is necessary to exercise the right of freedom of expression and information that is required to comply with legal requirements for reasons of public interest or for the establishment, exercise or defense of legal claims
  • under Art. 18 GDPR to demand the restriction of Processing of your Personal Data if you contest its accuracy, the Processing is unlawful and you oppose the erasure of the Personal Data, We no longer need the data, but you require it for the establishment, exercise of defense of legal claims, or you have contested its Processing under Art. 21 GDPR
  • under Art. 20 GDPR to receive your Personal Data that you have provided to us in a structured, standard and machine-readable format or to demand its transfer to another authorized person
  • under Art. 7, para. 3 GDPR, to retract your previously given consent at any time. If you do, We will no longer be able to continue any data Processing that was based on this consent
  • if your Personal Data is Processed on the basis of justified interests in accordance with Art. 6 para. 1 lit f GDPR, under Art. 21 GDPR you can contest the Processing of your Personal Data if grounds exist that are related to your particular situation or your objection is directed toward direct marketing. In the latter case you have a general right to contest Processing of your Personal Data by us without having to describe your particular situation

You also have a general right to file a complaint with the data protection supervisory
authority having jurisdiction for you. To exercise your right to retract your consent or to
contest the Processing of your Personal Data, just send an e-mail to
[email protected] if you are based in the EU/ EEA or if you are based
in the UK to [email protected].

CCPA Rights

California residents have the following rights, subject to certain exceptions as set forth in
the CCPA:

  • Right to Notice. You have the right to be notified which categories of personal data are being collected and the purposes for which the personal data is being used.
  • Right to Access and/or Take Your Personal Information: On receipt of a verifiable request from you, we will disclose:
    • The categories of personal information we have collected about you
    • The categories of sources from which the personal information is collected
    • Our business or commercial purpose for collecting or selling personal information
    • The categories of third parties with whom we share personal information, if any
    • The specific pieces of personal information we have collected about you
    • If we sold or disclosed your personal information for a business purpose:
      • The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold; and
      • The categories of personal information that we disclosed about you for
        a business purpose
    • Right to Say No to the Sale of Personal Data. You also have the right to ask us not to sellyour personal data to third parties. you can submit such a request by sending an email to [email protected].
    • Right to Delete Personal Data: On receipt of a verifiable request from you, subject to certain exceptions permitted under applicable law, we will:
      • Delete your personal information from our records Direct any service providers to
        delete your personal information from their records.
    • Protection from Discrimination: You have the right to not be discriminated against by us
      because you exercised any of the CCPA rights described above. This right includes, but
      is not limited to, protection from discrimination by:

      • Denying goods or services to you
      • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
      • Providing a different level or quality of goods or services to you
      • Suggesting that you will receive a different price or rate for goods or services or a different quality level of goods or services
    • Notwithstanding the foregoing, Madison may charge different prices or rates, or provide a different level or quality of services, if such difference is reasonably related to the value provided to Madison by your data

Cayman Islands Rights

You have certain data protection rights, including the right to:

  • Be informed about the purposes for which your Personal Data are processed
  • Access your Personal Data
  • Stop direct marketing
  • Restrict the processing of your Personal Data
  • Have incomplete or inaccurate Personal Data corrected
  • Ask us to stop processing your Personal Data
  • Be informed of a Personal Data breach (unless the breach is unlikely to be prejudicial to you)
  • Complain to the Data Protection Ombudsman
  • Require us to delete your Personal Data in some limited circumstances

To exercise your rights, just send an e-mail to [email protected].

Changes to this Global Data Protection Notice

We reserve the right to modify or amend this Global Data Protection Notice at any time in accordance with applicable Data Protection Legislations. The current version of this Global Data Protection Notice is always available on our website.

Visiting the Website

Types of Personal Data Processed and Purpose of the Processing

When you visit our website www.madisonint.com, a range of general information is automatically sent to our website server by the browser you are using on your device. This information is temporarily retained in a log file. The information listed below is automatically collected and retained until it is automatically deleted, generally after one week:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the file opened
  • Website from which you accessed our website (referrer URL)
  • Browser used and optionally your computer’s operating system as well as the name of your access provider

We Process the information listed above for the following purposes:

  • to guarantee the establishment of a smooth connection to the website
  • to guarantee easy use of our website
  • to evaluate system security and stability
  • to investigate any suspicious or unauthorized access attempts (DoS/DDoS attacks, among others)
  • for other administrative purposes

The legal basis for Processing the Personal Data contained in the general information is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is consistent with the purposes listed above for which We collect the data. As a rule, We do not use the data We collect to identify you. However, We reserve the right to do so in the event it becomes necessary to investigate unauthorized access to or misuse of our site.

If you have questions of any type, We offer you the opportunity to contact us by telephone and/or via e-mail. For this purpose, We have provided contact information on our website for our office in New York, USA, as well as for the offices of our subsidiaries in Germany, Luxembourg, Singapore and in the United Kingdom.

If you have questions of any type, We also offer you the opportunity to contact us via a contact form provided on the website. Submission of this form requires a valid e-mail address so that We know who sent the inquiry and so that We can respond to it. You can also provide us with additional information so that We can more easily route and respond to your inquiry. If you indicate your name or telephone number, We can contact you personally or by telephone to respond to any questions you may have.

Inquiries received via the contact form are automatically routed to our office in New York, USA, and initially handled there. If your inquiry relates to our subsidiary companies’ offices in Germany, Luxembourg, Singapore or the United Kingdom, We will forward your request to the respective company, namely Madison International Realty GmbH, or Madison International Realty UK, Ltd. Conversely, our subsidiary companies will also forward inquiries that are received there by e-mail or telephone to the appropriate company in our group.

Data provided for purposes of contacting us is Processed in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your voluntarily given consent or for (pre-) contractual inquiries on the basis of Art. 6 para. 1 lit. b GDPR. We have a legitimate interest in the forwarding of your inquiry to the respective company within our group as a result of the organization of our group and such a transfer also contributes to optimal handling of your inquiry (Art. 6 para. 1 lit f GDPR).

We will delete the data We collect and Process in the framework of your contact with us after your inquiry has been handled or after the expiration of the legal retention periods (for example, if you send us a pre-contractual message via the contact form and We then establish a contractual relationship or if your message relates to existing contractual relationships).

Use of Cookies

We use cookies on our page. Cookies are small files automatically created by your browser when you visit our website and stored on your device (laptop, tablet, smartphone, etc.). The cookie contains information, the exact content of which depends on the specific device you are using. However, that does not mean that We thereby receive direct knowledge of your identity. We also use cookies to make our website easier for you to use. For example, We use session cookies to tell us that you have already visited individual pages of our website. These session cookies are automatically deleted after you leave our website. To optimize the user-friendliness of our website, We also use temporary cookies that are retained on your device for a specified period of time. If you visit our website again to use our services, the website automatically knows that you have visited us before and what data and settings you have entered so you do not have to enter them again.

We Process the data collected in the form of cookies on the basis of our justified interests, if the cookies are used only to optimize your visit to our site (Art. 6, para. 1 lit. f GDPR). You can also configure your browser so that cookies are not (or no longer) saved on your computer, or so that a notice always appears before a new cookie is saved. However, if you deactivate all cookies you may not be able to use all the functions of our website.

Analysis Tools:

Although our website allows the use of analysis tools, We currently do not use any analysis tools on our website.

Google Ads

We use Google AdSense Advertising on our website. Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.
https://support.google.com/adwordspolicy/answer/1316548?hl=en.

We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.

Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.

Notice to California Residents

Please take notice that We collect certain information about you if you are an applicant or an employee. For more information on our policies, please refer to Madison’s handbook or it can be provided to you upon application.

The CCPA and the CPRA provide California applicants and employees with certain rights:

  • Knowledge of information collected
  • Deletion of information collected
  • Opt-out of information collected
  • Opt-in of information collected
  • Correction of information collected
  • Go to court
  • Limit use of information collected
  • Not to be discriminated or retaliated against for exercising rights under the law

Where We Get Your Information From

We collect information about you from the following sources: 1) you; 2) prior employers, references, recruiters, job-related social media platforms; 3) third-party sources of demographic information; 4) third-party companies, such as background check companies, drug testing facilities; and 5) claim administrators and investigators. Depending on the Madison’s interactions with you, We may or may not collect all of the information identified about you.

The Personal and Sensitive Personal Information That We Are Collecting

We are collecting the following information:

  • Identifiers, such as name, government-issued identifier (e.g., Social Security number), and unique identifiers (e.g., employee ID)
  • Personal information, such as real name, signature, SSN, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, passport number, federal identification authorizing work in the United States, access and/or passcodes, insurance policy number, education, employment, employment history, bank account number, other financial information, medical information, or health insurance information
  • Characteristics of protected classifications under California or federal law, such as age, marital status, gender, sex, race, color, disability, citizenship, primary language, immigration status, military/veteran status, disability, request for leave, and medical conditions
  • Commercial information, such as transaction information and purchase history (e.g., in connection with travel or other reimbursements [or purchases from Company]);
  • Internet or network activity information, such as browsing history and interactions with our online systems and websites and any personal information that you provide while accessing the Company’s computer systems, such as personal credit card information and passwords
  • Geolocation data, such as device location from usage of Madison’s devices
  • Biometric information related to access to Madison’s secured access points
  • Audio, electronic, visual, and similar information
  • Professional or employment-related information, such as work history and prior employer
  • Non-public education information
  • Inferences drawn from any of the Personal and Sensitive Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

How Your Personal and Sensitive Personal Information is Used

We may use Personal and Sensitive Personal Information:

  • To operate, manage, and maintain our business
  • For hiring, retention, and employment purposes
  • To otherwise accomplish our business purposes and objectives, including, for example:
    • Emergency services
    • Conducting research, analytics, and data analysis
    • Maintaining our facilities and infrastructure
    • Quality and safety assurance measures
    • Conducting risk and security controls and monitoring
    • Protecting confidential and trade secret information
    • Detecting and preventing fraud
    • Performing identity verification
    • Performing accounting, audit, and other internal functions, such as internal investigations
    • Complying with the law, legal and regulatory process, and internal policies
    • Maintaining records
    • Claims processing
    • Responding to legal requests for information and subpoenas
    • Exercising and defending legal claims
  • Any other purposes authorized by the California Privacy Protection Agency, California or Federal law

We may or may not have used Personal and Sensitive Personal Information about you for each of the above purposes.

Sharing of Personal Information

We only share your information with the following third-party entities:

  • Technology and Data Storage Providers
  • Technology and Security Service Providers
  • Travel Services Providers
  • Accounting and Financial Services
  • Legal and Professional Service Consultants

Data Retention

We retain the information We receive about you for a period of ten (10) years, unless a shorter or longer period is required by California or Federal law.

For Inquiries and/or to Submit Requests for Information, Deletion or Correction

For inquiries about Madison’s policy, or to submit your requests for information, deletion,
or correction, please contact either:

Madison International Realty
300 Park Avenue, 3rd Floor
New York, NY 10022
E-Mail: [email protected]

Or:

Tel.: 212-688-8777

Further Notice Required under US law

To the extent that the following laws apply to certain Processing, the following applies.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of Data Protection Legislations around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect Personal Data.

In order to be in line with the Fair Information Practices We will take the following responsive action, should a data breach occur:

We will notify you via e-mail within 7 business days. We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and Processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data Processors.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial e-mail, establishes requirements for commercial messages, gives recipients the right to have e-mails stopped from being sent to them, and spells out tough penalties for violations.

We collect your e-mail address in order to send information, respond to inquiries, and/or other requests or questions.

To be in accordance with CANSPAM We agree to the following:

  • Not use false or misleading subjects or e-mail addresses
  • Identify the message as an advertisement in some reasonable way
  • Include the physical address of our business or site headquarters
  • Monitor third-party e-mail marketing services for compliance, if one is used
  • Honor opt-out/unsubscribe requests quickly
  • Allow users to unsubscribe by using the link at the bottom of each e-mail

If at any time you would like to unsubscribe from receiving future e-mails, you can e-mail us at [email protected] and We will promptly remove you from ALL correspondence.