Privacy Notice relating to individuals in their own right and via Third Parties (the “Notice”) v2
This Notice was last updated on: 21 April 2023
It is important that you check back often for updates to this Notice.
Purpose of this notice
The Newmark entities in the UK (and their Affiliates and branches to the extent applicable) listed in Annex 1 (the “Firms”) (as updated from time to time), are committed to handling Personal Data securely and in accordance with applicable data protection laws (including the Data Protection Act 2018 (the “Act”) and, the UK General Data Protection Regulation as defined at section 3(10) of the Act (the “UK GDPR”). This privacy notice (“Notice”) sets out important information about how we handle Personal Data in relation to you and/or Third Parties whether in the course of any website, application, product, service or business arrangement by or with us (collectively, “Services”) or otherwise. A Service particularly via one of our websites, may have its own notice.
For the purpose of this Notice:
(a) “Affiliates” means at the relevant date of determination any company, partnership or other entity controlled by, or controlling, or in common control with us and includes any group entity. A company, partnership or other entity shall be deemed to control another company, partnership or other entity if the former company, partnership or other entity possesses, directly or indirectly, the power to direct, or cause the direction of, the management and policies of the other company, partnership or other entity whether through the ownership of voting securities or partnership interests, representation on its board of directors or similar governing body, by contract or otherwise;
(b) “Criminal Offence Data” means Personal Data relating to criminal convictions and offences or related security measures;
(c) “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
(d) “Special Categories” of Personal Data include Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership; genetic data; biometric data (where used for identification purposes); data concerning health, a person’s sex life or a person’s sexual orientation;
(e) “Third Parties” means entities which we engage with and are not part of us or our affiliates. Third Parties may include, but not be limited to, (i) our past, present and prospective corporate customers, clients and counterparties and those corporate entities which provide services to them; or (ii) entities which provide goods and services to us or our affiliates;
(f) “We”, “our” or “us” and similar words means the relevant group entity for whom you or the relevant Third Party might provide or receive Services. Under the Act this entity is a “controller”. A list of such ” controllers” which is current at the time of this Notice is attached in Annex 1.
Although this Notice applies to the Firms, only one entity shall be a “controller” in respect of your Personal Data;;
(g) “You” and “your” relates to individuals whose Personal Data we process during the course of our businesses and our relationships either with such individual or with Third Parties (as defined below); or through your or their use of our website(s). We may not have a direct relationship with you or them but with the Third Party for or with which you or they work or to which you or they provide services. However, where you are an individual, this Notice will apply to you (even if you are a customer or service provider and would otherwise fall under the definition of Third Parties). You are a ‘data subject’ (as defined in the GDPR).
We act as controller for the Personal Data we collect during the course of our dealings with you or Third Parties and may include Personal Data about you and/or your employees, agents, directors and contractors, and those of associated firms (collectively “Staff”). This means that we determine the purposes for and the manner in which we (or our affiliates) process your Personal Data. If you or a Third Party provide us with any Personal Data about your Staff or direct someone to give their Personal Data to us, you must show that person a copy of this Notice so that they understand the manner in which their Personal Data may be used or disclosed.
It is important that you read this Notice, together with any other related notices we may provide on specific occasions when we are collecting or processing Personal Data about you, so that you are aware of how and why we are using such Personal Data.
(a) save to the extent we have expressly agreed in writing by a signed agreement, we will not be a processor or sub-processor for you or any Third Party;
(b) unless we have stated to the contrary in relation to a specific Service, we do not act as a joint controller with you or a Third Party and/or with any Firm or an affiliate of a Firm whether in relation to any of the Services or otherwise;
(c) we have a number of different affiliated firms and therefore if you have a relationship with a different entity in our groups then a different privacy notice may apply to their processing of your Personal Data;
(d) where you are a prospective, actual or past member of staff then it may be more appropriate for you to look at our Staff Privacy Notice or Recruitment Privacy Notice (or such other notices as we may issue from time to time dealing with specific relationships which we have with you).
THE KIND OF DATA WE HOLD ABOUT YOU
In the course of our businesses and our relationships and through your use of our websites, we may collect some or all of the following Personal Data from you or a Third Party (as applicable).
We may collect, use, store and transfer use some or all of the following categories of Personal Data about you (and/or, in certain limited circumstances, your family members) which we have grouped together as follows:
(a) Personal details and identifiers, such as name, title, addresses, telephone numbers, personal email addresses, date of birth, gender or passport number, marital status and dependents, next of kin and emergency contact information, national insurance number, passport number, bank account details, gifts or hospitality that you receive where details of them are provided to us;
(b) Professional details, such as job title, employment start date and end date, location of employment, authorization status;
(c) Identification documentation, such as copies of your passport, driving license, national or work ID card, or other documentation required by law (which may include photographs of your face and shoulders);
(d) Recruitment information, such as CVs, copies of right to work/visa documentation, references and other information provided as part of the application process;
(e) Employment records, such as employment contracts, consultancy agreements, job titles, work, regulatory and disciplinary history, working hours, training records and professional memberships;
(f) Insurance matters, such as accidents, claims or arranging cover, and compensation history;
(g) Security information, such as CCTV footage and other information obtained through electronic means such as swipe-card records;
(h) IT information, such as emails and browser history and voice communications to the extent that it is retained on any of our computers, laptops or systems; relating to your access of our websites and applications, including but not limited to traffic data, location data and other communication data (such as IP addresses) and the resources that are accessed;
(i) Trade information, such as trades executed and authorized in your name where you trade on behalf of a Third Party or on your own behalf;
(j) Relationship and account management information, which may include preferences for types of products or services, marketing events or materials in the context of their employment with you;
(k) Legal and Regulatory information, which may include information relating to opening and maintaining a business relationship with you or those who you work for and discharge of our regulatory and legal obligations particularly where we are a regulated entity;
(l) Recordings, we may track and record voice calls and messages that you make with Firms;
(m) Other information, relating to your activities, interests or private life which you or a Third Party provides to us including where they are part of messages or conversations sent through our systems or networks.]
We may also collect, store and use the following Special Categories of more sensitive Personal Data:
(a) Information about your nationality or ethnicity which may include where we are required to collate this by relevant governmental authorities or in order to comply with our legal and regulatory obligations relating to AML and KYC.
(b) Information about any disability or other health factor(s) that you have, information on your health, including any medical condition, to enable us to make adjustments to the way in which we provide our Services, other health data such as Covid-19 or any other pandemic data to help us ensure the health and safety of the workplace in line with government guidance or in order to follow government guidance.
(c) Information about criminal convictions and offences where required by applicable law or regulation, to comply with our internal compliance requirements or where permitted by applicable law.
(d) Information about your trade union membership, politics or other Special Categories of Personal Data we do not actively search for this information but where it forms part of searches we have undertaken to discharge our regulatory obligations it may be retained.
(e) Information about any disability or other health factor(s) that are applicable to you where you interact with us and which would include where you are a visitor to our premises or guest to an event that we are arranging and have special requirements whether access, dietary or otherwise.
Except where we have referred to it in this section 2, it is unlikely that we will process Special Categories of Personal Data or Criminal Offence Data about you.
How your Personal Data is collected
(a) We collect Personal Data about you and other Staff from the information submitted by you or a relevant Third Party when we consider and process your (including a Third Party’s) request for, provide, manage or administer the receipt or provision of a product or services from or to us and any additional information provided by you or others during the course of us providing or you receiving our Services, we may also collect Personal Data about you from Third Parties and public sources including:
- credit reference providers, registries, Companies House or other organizations that help us and others to reduce the incidence of fraud or in the course of carrying out identity, fraud prevention or credit control checks;
- government, quasi government departments and regulators;
- Third Party vendors who provide information on individuals;
- your employer, clients or family members;
- while monitoring our technology tools and services, including our websites and voice and electronic communications sent to and from the Group; or
- any website or electronic services that we provide or make available to you.
HOW WE WILL USE INFORMATION ABOUT YOU
We collect, use, disclose, transfer and store the Personal Data referred to in section 2 above in connection with the circumstances described in section 1.2 above. We want to be clear about our privacy practices so you can make informed choices about the use of your information.
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
(a) Where it is necessary for us to comply with our legal or regulatory obligations. We rely on this lawful ground:
- to carry out money laundering, financial and credit checks and for fraud and crime prevention and detection purposes;
- to comply with our legal and regulatory obligations and requests anywhere in the world including reporting to and/or being audited by national and international regulatory bodies; and
- to comply with court orders and exercise and/or defend our legal rights, as otherwise permitted or required by any applicable law or regulation.
(b) Where it is necessary for us to perform our contractual obligations under an agreement or business arrangement we have entered into with you or in order to take steps at your request prior to entering into such an agreement or arrangement. For example, where you provide certain services to us as an individual service provider.
(c) Where it is necessary for our legitimate interests (or those of a Third Party) and your interests and fundamental rights do not override those interests. Such legitimate interests include the provision of services to Third Parties, running the Firms’ business and marketing relevant services directly to you. For example:
- to provide the products or perform the services requested by our clients;
- for monitoring and assessing compliance with our policies and standards;
- for promotional and marketing activities (unless you have requested that we should not use your Personal Data for marketing);
- to identify persons as authorized to give instructions on behalf of our clients or other relevant Third Parties; and;
- for administrative purposes in relation to the security and access of our systems, offices, platforms and websites
Some of the above grounds for processing will overlap and there may be several grounds which justify use of your Personal Data.
Change of purpose
We will use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will provide notice thereof and we will explain the legal basis for which we do so, which may include by updating this Notice.
Please note that we may process your Personal Data for additional purposes without your consent, in compliance with the above provisions, where this is required or permitted by law.
Who we share your Personal Data with
We will share your Personal Data with Third Parties and our affiliates where required by law or regulation, where it is necessary to administer our business relationship with you, where we have another legitimate interest in doing so or if you expressly request that we correspond with such Third Parties or affiliates.
We may share your data with third parties and affiliates as set out below for the purposes set out in section 4 above:
(a) Third Parties and affiliates that provide services to us including information management services, compliance and regulatory reporting, markets, venues and exchanges where necessary to provide the services to you or relevant Third Parties; or credit reference agencies or other organizations that help us and others reduce the incidence of fraud or in the course of carrying out identity, fraud prevention or credit control checks.
(b) Third Parties and affiliates which act on your or the Third Party’s behalf such as agents or clearers or those who we are requested to correspond with before, during our provision or receipt of services or thereafter.
(c) Our clients and their personnel where necessary to facilitate your or your organization’s provision or receipt of Services to them or by them or where you or your organization are their counterparty.
(d) Third Parties and affiliates for legal reasons such as, to comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence, in the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer or other disposition of all or any portion of our or an affiliates’ or a Third Party’s business, assets or stock (including in connection with any bankruptcy or similar proceedings) or to protect our, our Affiliates’ or any Third Party’s rights, users, systems and services.
The Firms’ businesses are supported by a variety of teams and functions. We may make Personal Data available to them if necessary for the provision of services, account administration, sales and marketing, customer and technical support. Our members of staff are required to follow our data privacy and security policies when handling Personal Data. For information about international transfers, see Section 6.
TRANSFERING INFORMATION OUTSIDE THE UK
In some cases, your Personal Data may be accessed by or transferred to Staff, affiliates or Third Parties in countries outside of the UK where such Staff, affiliates or Third Parties reside, perform their services or maintain any technical connection necessary for the provision of such services or relevant relationship. In those cases, except where the relevant country has been determined to ensure an adequate level of data protection by the UK Government, we will ensure that such transfers of Personal Data have appropriate safeguards in place to protect the Personal Data in accordance with the requirements of the Act and GDPR which may include the use of Standard Contractual Clauses in the form laid down by the GDPR.
How long your Personal Data will be kept
We will retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
Under certain circumstances, you have the right to:
(a) Request access to your Personal Data (commonly known as a “data subject access request”). If you request access to your Personal Data, we will comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee for providing you with a copy of your data (except where this is not permissible under local law).
(b) Request correction of the Personal Data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
(c) Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no longer a compelling legitimate reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, this is not always possible due to legal requirements and other obligations and factors.
(d) Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a Third Party) and there is something about your particular situation which makes you want to object to processing on this ground. In some cases, we may be able to demonstrate compelling legitimate grounds to continue to process your information. You also have the right to object where we are processing your personal data for direct marketing purposes (see section 10 below).
(e) Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in certain scenarios, such as if you want us to establish its accuracy or the reason for processing it.
(f) Request the transfer of your Personal Data to you or to another party in certain situations. This applies to Personal Data on which we have carried out automated processing. If we make such a transfer to a Third Party we will not be responsible for that Third Party’s use and/or onward disclosure of your Personal Data nor will we provide any details to you as to that Third Party’s use of security measures. You will therefore need to contact the Third Party directly for such details.
Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you would like to exercise any of the rights set out above:
(a) email our Head of Privacy and Data Protection at DPM@nmrk.com;
(b) provide us with enough information to identify you e.g. the entity and desk(s) you trade with or receive services from or provide them to or have a relationship with;
(c) where relevant, provide us with proof of your identity and address (a certified copy of your driving licence or passport and a recent utility or credit card bill or a certified copy of your authority); and
(d) provide us with the information to which your request relates, including any account or reference numbers, if you have them.
Where appropriate, we will respond to your requests relating to your Personal Data in writing or by email. If you require our response in a different format, please let us know. Please note that upon receipt of such a request, we may come back to you requesting clarification or further information where we require this to consider and/or act upon your request.
You may notify us if you no longer wish to receive marketing materials in the manner we designate in any relevant communication or by emailing us at DPM@nmrk.com or your usual relationship contact (if applicable) stating which material you would like to unsubscribe from. We shall endeavour to do so promptly, however it may take a number of days to action.
We provide services and products to professionals and our Services are not aimed at children. We do not knowingly collect Personal Data from individuals under the age of 18 during the course of providing our services or receiving services from you or Third Parties. In the event that we learn that we have collected such information in such circumstances from any individual under the age of 18, the information will be deleted as soon as reasonably possible.
Changes to this privacy notice
We may change this Notice from time to time. You should check this Notice to ensure you are aware of the most recent version.
How to contact us and complaints
If you have any questions or concerns about this privacy notice or how we process your Personal Data, please contact our Head of Privacy and Data Protection at DPM@nmrk.com.
We hope that our Head of Privacy and Data Protection can resolve any query or concern you raise. If you feel we have not handled your query or concern to your satisfaction you can contact the Information Commissioner’s Office (“ICO”), the UK’s supervisory authority for data protection issues. The ICO can be contacted by telephone on 0303 123 1113, or via the ICO’s live chat facility, which you can access via your browser by clicking here.
The Firms include:
- Newmark Holdings Limited
- Newmark Holdings (Europe) Limited
- Knotel UK Limited
- K OSH LDN Limited
- Newmark HDH Holdings Limited
- Newmark HDH Limited
- Newmark BH2 LLP
- NGE Holdings LP Limited
- NGE Holdings GP Limited
- Newmark GE Services LLP
- Gerald Eve LLP