Effective date: November 2020
About this Policy
This Policy is issued on behalf of Principal Real Estate Europe Limited and its subsidiaries (“Principal”, “we”, “us”, “our”), including Principal Real Estate Limited, Principal Real Estate Spezialfondsgesellschaft mbH, Principal Real Estate Kapitalverwaltungsgesellschaft mbH, Principal Real Estate S.L., Principal Real Estate S.à.r.l., Principal Real Estate SAS, Principal Real Estate B.V., Principal Real Estate GmbH, and Internos Real Estate Limited. The Policy applies to our websites (including principalreeurope.com) and digital applications (together, “Digital Technologies”), as well as to personal information that we collect by other means.
Depending on the nature of our relationship with you, other privacy policies may also apply. This Policy applies to personal information we receive from, or that relates to, our: (a) clients, investors and potential investors; (b) business partners and associates; (c) business contacts; (d) contractual counterparties; and (e) others from whom we collect and use information. Where the personal information relates to your employees, contractors, workers, directors, representatives, agents and other relevant third parties, you should bring the Policy to their attention. References to “you” or “your” include, as applicable, references to individuals within, or associated with, your organization.
Digital Technologies operated by non-Principal related entities may link to and from our website, but they may have different privacy policies from the one described here. We do not have control over, or responsibility for, the content or operation of the website of any non-Principal entity. These other sites may send their own cookies to your device, may independently collect data or solicit personal information, and may or may not have their own published privacy policies. Visitors should read the privacy statements of other websites they visit for information regarding their specific privacy practices.
Please take a few minutes to review this Policy before using our Digital Technologies. To the extent permissible under applicable law, by using our Digital Technologies you are consenting to the collection, use and disclosure of your information as set forth in this Policy. If you do not agree to be bound by this Policy, you may not access or use our Digital Technologies.
Principal collects personal information about you—information that can be used to identify you as an individual. Types of personal information we may collect and use include (but vary depending on region and services provided):
- Contact information – e.g., email address, physical address, telephone/fax number;
- Identity information – your name, date of birth, nationality, gender, photograph, identification number (e.g., passport number, tax number, social security number) or other information contained in identity-related documentation (e.g., passport, driver’s license, or birth certificate);
- Professional information – your occupational history, job title, or other professional information regarding the nature of our business relationship;
- Financial information – your income, assets, liabilities, tax residency, bank details, and other financial information, both current and historical;
- Transactional information – details about your accounts that you have with us and other details of products and services you have purchased from us;
- Contractual information – details about the products and services we provide to you;
- Technical information – details on the devices and technology you use;
- Communications information – information we obtain through letters, emails, telephone calls, conversations, social media interactions, or any other correspondence between us;
- Open Data and Public Records information – details about you that are available in public records or that are openly available on the internet;
- Usage information – information about how you use the products and services we provide to you, or how you use our Digital Technologies, which may include your IP address; details on the devices and technology you use; information on your interactions with our Digital Platforms; geolocation information, survey responses, and feedback.
The personal information collected varies depending upon the nature of your relationship with us, how you use the Digital Technologies, and the type of product or service you have with us. We may collect information from you in the following ways:
- When you or a partner engages us for services;
- By telephone or in person;
- Through email or letter correspondence;
- Via our Digital Technologies;
- In Requests for Proposals, due diligence reviews, and interviews;
- National/Tax identity requests;
- When we enter into an agreement for the exchange of services; and
- In client surveys.
For individuals that login as representatives of a business or corporate account, we may gather information based on your relationship with our organization for the purposes of providing customized online services.
For visitors who provide an email address or volunteer other information, such as contact information and/or site registration, we collect this information. Visitors who provide an email address may also be asked to provide feedback about our website via surveys. Additionally, visitors may receive periodic messages from us about new products and services or upcoming events. If you do not want to receive e-mail or other mail from us, please update your subscription and delivery services or click the “unsubscribe” link in the email correspondence received from us.
Connecting with Principal on social media sites
Information received from third parties
We may receive information about you from third parties such as:
- Companies that introduce you to us;
- Our affiliated companies;
- Funds that we provide investment management services to;
- A client that you are associated with (e.g., your employer, a trust, corporate entity, institutional client);
- A counterparty that you are associated with (e.g., trading partners, distribution partners);
- A business partner that you are associated with (e.g., vendors, suppliers)
- Financial advisors;
- Credit reference, consumer, or other reporting agencies;
- Property management companies or similar;
- Social networks;
- Regulatory, tax or government authorities;
- Fraud prevention agencies;
- Public information, such as information available for public registries;
- Agents working on our behalf;
- Market researchers;
- Government and law enforcement agencies.
In addition, if you are on another website and you opt-in to receive information from us, that website will submit to us your email address and other information about you so that we may contact you as requested. We may supplement the information we collect about you through our Digital Technologies with such information from third parties in order to enhance our ability to serve you, to tailor our content to you and/or to offer you opportunities to purchase products or services that we believe may be of interest to you.
Cookies are small text files sent to your web browser and stored on your hard drive by a website. Cookies allow your web browser to “remember” specific bits of information about your visits to our site.
Cookies allow you to access secured information, conduct secured transactions, and take advantage of promotional opportunities. They are designed to help you have a better user experience within our website, and we use the information to improve our site content and site functionality. Cookies allow our site to remember your device, remember who you are, and help us to be more efficient. For example, we can learn about what content is important to you, and we can revise or remove web pages that are not of interest.
Types of cookies we use
Our site uses both “session” and “persistent” cookies. Session cookies are temporary and expire when you leave our website or are inactive for a specified length of time. Persistent cookies store your preferences for a site and are read by your browser each time you visit the website.
Our site uses both first-party cookies, which are cookies set by us, and third-party cookies, which are cookies set by other companies to assist our advertising and marketing efforts.
The cookies used by our site fall into the following four categories:
- Strictly necessary cookies. These cookies are necessary for our website to function and can’t be switched off in our systems. They’re set for you behind the scenes when you do things such as log in, fill out forms, make a request for services, or set your privacy preferences. You can set your browser to block or alert you about these cookies, but some parts of our site won’t work without them.
- Functional cookies. These cookies enable our website to work smoothly and in a manner personalized to you. They may be set by us or by third-party providers whose services we’ve added to our pages. For example: downloading a customer service form using PDF. If these cookies are blocked, then some or all of these services may not function.
- Performance cookies. These cookies allow us to count how many times people visit our website, and how they get here, so we can measure and improve its performance. They show us which pages are the most (and least) popular, and how visitors move around on the site when they’re here. If these cookies are blocked, we have less information about how to improve our sites that will be useful to you.
- Marketing Cookies. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. If these cookies are blocked, you will experience less personalized advertising.
Managing your cookie preferences
If you wish to make changes to your cookie preferences, please click on the link below to be directed to the applicable Cookie Preference page.
At this time, Principal does not respond to do-not-track signals or similar technologies sent by a browser setting. Most web browsers allow you to change your browser settings to limit or block certain cookies. Doing so, however, may limit your access to certain sections of our website or otherwise compromise the functionality of the site.
How and why we use information collected
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (i.e., we have a business or commercial reason for using your information) and your interests and fundamental rights do not override those interests, such as:
- Complying with regulations that apply to us.
- Being efficient about how we fulfill our legal and contractual duties.
- Providing high quality customer service.
- Developing products and services, and what we charge for them.
- Defining types of customers for new products and services.
- Seeking your consent when we need it to contact you.
- Developing and improving the network security, efficiency and technical specification of our IT systems and infrastructure.
- Developing and improving how we deal with and manage financial crime.
- Providing our customers with high quality products, services and Digital Technologies features.
- Keeping our products, services and Digital Technologies features updated and relevant.
- Where we need to comply with a legal or regulatory obligation; or
- Where you consent.
We use your personal information for the following reasons:
- To provide and manage our products, services and Digital Technologies (including any online account with us).
- To create, process and deliver the accounts you hold with us or the products or services you receive from us.
- To comply with our legal and regulatory obligations (including verifying your identity and conducting identity and background checks for anti-money laundering, fraud, credit and security purposes) and to exercise our legal rights.
- To process transactions and carry out obligations arising from any contract entered into between you and us.
- To communicate with you and respond to your inquiries, including responding to complaints and attempting to resolve them.
- To exercise our rights in agreements and contracts to which we are a party.
- To administer auditing, billing and reconciliation activities and other internal and payment-related functions.
- To detect, investigate, report, and seek to prevent financial crime and to manage risk for us and our customers.
- To run our business in an efficient and proper way, including in respect of our financial position, business capability, corporate governance, audit, risk management, compliance, product development, strategic planning, marketing, and communications.
- To send you promotional and marketing materials, newsletters or other related communications (including making suggestions and recommendations to you about services that may be of interest to you).
- To conduct research and analysis to improve the quality of our marketing and the experience of and relationships with our customers.
- To administer and protect our business and our Digital Technologies (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
- To develop, manage and improve our products, services and the Digital Technologies (including conducting research and analysis) and to test new products, services, and features of the Digital Technologies.
Failure to provide personal information
Where we need to collect personal information by law or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Change of purpose
We will only use your personal information for the uses and purposes set out above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes. If we need to use your personal information for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
We may share your personal information to the following categories of recipient:
- With group companies and affiliates. Principal Real Estate Europe Limited is part of the Principal Financial Group. We may share the information we collect about you with other member companies of Principal Financial Group, including Principal Life Insurance Company, Principal National Life Insurance Company, Principal Global Investors, LLC, Principal Financial Services, Inc., Principal Securities, Inc., Principal International, LLC, and their affiliates for a variety of purposes. For example, we share information to assist us in providing service and account maintenance, to help us design and improve products and to offer products and services that may be of interest to you.
- With our service providers. We may disclose information to third party service providers that perform services for us in the processing or servicing of your account, or with third parties that perform marketing, research or other services on our behalf. Third parties with whom we may have joint marketing agreements include financial services companies (such as insurance companies, banks or mutual fund companies).
- With third parties as permitted or required by law. This includes disclosing your information to regulators, law enforcement authorities, tax authorities and credit bureaus. This information is only disclosed as required or permitted by law, and in accordance with established company procedures. We may transfer and disclose the information we collect about you to comply with a legal obligation, including responding to a subpoena or court order, to prevent fraud, to comply with an inquiry by a government agency or other regulator, to address security or technical issues, to respond to an emergency, or as necessary for other legal purposes.
- With our carefully selected business partners. We may share information with third parties that offer products or services that we believe may be of interest to you. Before we do so, we will provide you the opportunity to “opt out” or “opt in,” as required by applicable law so that you can say “no” to such sharing.
- As part of business transitions. In relation to an ongoing or proposed business transaction your information may be transferred to a successor organization. If such a transfer occurs, the successor organization’s use of your information will still be subject to this Policy and the privacy preferences you have expressed to us.
- With third party social media platforms and applications. We may provide functionality on our Digital Technologies that allows you to automatically post information to a third-party social media platform (such as LinkedIn, Facebook, Twitter, or Pinterest). If you choose to take advantage of this functionality, people with access to your profile on the third-party platform will be able to see your post. Thus, you should have no expectation of privacy in those actions. Further, if you choose to link your profile on our Digital Technologies with an account on a third-party social media platform, we may share the information in your profile with that third- party platform. We cannot control dissemination of personal information you post on or through our Digital Technologies using any social networking tools we may provide, and you should have no expectation of privacy in respect of such information. We may also use third party social media platforms to offer you interest-based ads. To offer such ads, we may convert your email address into a unique value which can be matched by our partner company with a user on their platform. Although we do not provide any personal information to these platform vendors, they may gain insights about individuals who respond to the ads we serve.
- Agents and advisers who we use to help run your accounts and services, collect what you owe, and explore new ways of doing business;
- Fraud prevention agencies;
- Any party linked with you or your business’s product or service;
- Companies we have a joint venture or agreement with;
- Organizations that introduce you to us;
- Companies that we introduce you to;
- Investment brokers, proxy voting servicers, or custodial banks;
- Companies you ask us to share your data with.
In addition, we may share non-personal (anonymized) information, such as aggregate data and Usage Information with other third parties.
How we protect your information
We understand the importance of appropriately safeguarding information you provide to us. It is our practice to protect the confidentiality of this information, limit access to this information to those with a business need, and not disclose this information unless required or permitted by law.
We have security practices and procedures in place to protect data entrusted to us. These procedures and related standards include limiting access to data and regularly testing and auditing our security practices and technologies.
All employees are required to complete privacy, security, ethics and compliance training. We also offer a wide variety of other training to all employees and temporary workers to help us achieve our goal of protecting your information.
Ultimately, no website, mobile application, database or system is completely secure or “hacker proof.” While no one can guarantee that your personal information will not be disclosed, misused or lost by accident or by the unauthorized acts of others, we continuously review and make enhancements to how we protect customer information.
Retention of data
It may not always be possible to completely remove or delete all of your information from our databases without some residual data because of backups and other reasons. We will retain your information for as long as your information is necessary for the purposes for which it was collected. For example, we may retain your personal data if it is reasonably necessary to comply with any legal obligations, meet any regulatory requirements, resolve any disputes or litigation, or as otherwise needed to enforce this Policy and prevent fraud and abuse. If requested by a law enforcement authority, we may also retain your personal data for a period of time.
To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data, whether we can achieve those purposes through other means, and the applicable legal requirements.
Children’s privacy online
Our Digital Technologies are not directed toward children. We do not knowingly collect, use or post personal information from children under the age of 16. If we determine upon collection that a user is under this age, we will not use or maintain his or her personal information without parent or guardian consent. If we become aware that we have unknowingly collected personal information from a child under the age of 16, we will make reasonable efforts to delete such information from our records.
Under certain circumstances, you have rights under EU and UK data protection laws in relation to your personal information:
- Right to withdraw consent at any time: This applies where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Request access to your personal data: This enables you to request a copy of the personal data we hold about you and certain information about the data, such as the purposes for which the data are being processed and the categories of recipients to whom the data have been disclosed. This is not, however, an absolute right, and the interests of others may restrict your right of access. For additional copies requested by employees, we may charge a reasonable fee based on administrative costs.
- Object to processing of your personal data: This enables you to object to processing of your personal data where we are relying on a legitimate interest to process the data and there is something about your particular situation which makes you want to object to processing on these grounds. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override the objection. You also have the right to object where we are processing your personal data for direct marketing purposes. We will provide you with appropriate choices to opt-in or opt- out as set out above in our Policy.
- Request correction of your personal data: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no lawful basis for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure, in which case we will notify you of the specific reasons in our response to your request.
- Request transfer of your personal data: This enables you to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Request restriction of processing: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right not to be subject to a decision based solely on automated profiling: This applies where the automated processing produces legal effects on you or similarly significantly affects you. Note, it does not apply if the decision: (a) is necessary for the performance of a contract between you and us; (b) is authorized by applicable law; or (c) is based on your explicit consent. However, where (a) or (c) applies, you have the right to obtain human intervention. You also have the right to be informed of the logic involved in such processes.
- Make a complaint: You have the right to make a complaint at any time to the relevant data protection supervisory authority in the EU member state in which you reside.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request if it is clearly unfounded, repetitive or excessive.
We require that your request be in writing. In addition, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you of a 60-day extension, explaining why the extension is necessary.
You can exercise these rights here.
You have the right to make a complaint to the relevant data protection supervisory authority in the EU member state in which you reside. We would, however, appreciate the chance to deal with your concerns before you approach your supervisory authority. You can contact us at one of the following:
- Compliance Department. Principal Global Investors Europe, 1 Wood Street, London, EC2V 7JB, United Kingdom, email: DataPrivacy@Principalreeurope.com, TEL: +44 207 710 0269
- For Germany only – Scheja und Partner Rechtsanwälte mbB (FAO Jens Heidemann), Adenauerallee 136, D-53113 Bonn (Germany), email: https://www.scheja-partner.de/en/contact/contact.html, Tel: +49 228 227226-0
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) and United Kingdom (“UK”).
We share your personal data within the Principal Financial Group which will involve transferring your data outside the EEA/UK. Furthermore, many of our external third parties are based outside the EEA/UK so their processing of your personal data will involve a transfer of data outside the EEA/UK.
Where we transfer personal data to a destination outside the EEA/UK, the local data privacy laws may not be of an equivalent standard to those in Europe or the UK, so we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- For certain transfers, we may use specific contractual provisions approved by the European Commission that provide protection for personal data. For further details, see European Commission: Standard Contractual Clauses (SCC).
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Effective date and changes to this Policy
We are continually improving and adding to the features and functionality of our website and the services we offer through our Digital Technologies. As a result of these changes (or changes in the law), we may need to update or revise this Policy. Accordingly, we reserve the right to update or modify this Policy at any time, without prior notice, or providing any notice required under applicable law, by posting the revised version of this Policy behind the link marked “Privacy” at the bottom of each page of this website and as may otherwise be made available on our Digital Technologies. To the extent permissible under applicable law, your continued use of our Digital Technologies after we have posted the revised Policy constitutes your agreement to be bound by the revised Policy. However, we will honor the terms that were in effect when we gathered data from you.
For your convenience, whenever this Policy is changed, we will update the Effective Date at the top of this policy. Be sure you check the Effective Date to see if this Policy has been revised since your last visit. We recommend that visitors to our site review our online privacy policies from time to time to learn of new privacy practices and changes to our policies.
If you have any questions about this Policy, or about how we collect and use your personal information or if you would like to exercise any rights you may have in relation to your personal information, please contact us at one of the following:
- Compliance Department, Principal Global Investors Europe,1 Wood Street, London, EC2V 7JB, United Kingdom , email DataPrivacy@Principalreeurope.com, TEL: +44 207 710 0269
- For Germany only – Scheja und Partner Rechtsanwälte mbB (FAO Jens Heidemann), Adenauerallee 136, D-53113 Bonn (Germany), email: https://www.scheja-partner.de/en/contact/contact.html, Tel: +49 228 227226-0