The Policy explains what Personal Information we collect, why we collect it, how we use it internally and under what circumstances we may share it with third parties. THIS POLICY AND OUR COLLECTION, USE AND RETENTION OF PERSONAL INFORMATION IS AT ALL TIMES SUBJECT TO ALL OF OUR OTHER LEGAL, CONTRACTUAL, REGULATORY, RECORD RETENTION AND OTHER COMPLIANCE REQUIREMENTS AND OBLIGATIONS APPLICABLE TO OUR BUSINESS AND SHALL NOT ACT TO AMEND OR MODIFY ANY OF THOSE REQUIREMENTS AND OBLIGATIONS. The Policy also explains how we protect your Personal Information and your choices in managing it.
We encourage you to read this Policy, as well as our Terms and Conditions of Use of this Site (“Terms”), which are incorporated herein by reference. YOUR CLICK-WRAP ACCEPTANCE OR USE OF THIS SITE CONSTITUTES YOUR ACCEPTANCE OF THIS POLICY AND THE TERMS.
Minimum Age to Use this Site
THIS SITE IS INTENDED FOR USERS AGE EIGHTEEN (18) AND OLDER. By using this Site, you acknowledge that you are at least 18 years old. The Site is not intended for children and we do not knowingly collect Personal Information from children. If Berkadia discovers that it has inadvertently collected Personal Information from anyone younger than the age of 18, it will delete that information, unless otherwise required by law, contract and/or our business records retention and other business compliance requirements and obligations.
About the Berkadia Group
The Berkadia Group is presently comprised of several controlled and commonly controlled affiliates, which we refer to in this Policy collectively as “Berkadia” or the “Berkadia Group”, and which collectively operate our Business.
The Berkadia Group includes Berkadia Proprietary Holding LLC, together with the following operating subsidiaries: Berkadia Commercial Mortgage LLC, Berkadia Commercial Mortgage Inc., Berkadia Real Estate Advisors LLC, Berkadia Real Estate Advisors, Inc., Berkadia Affordable Tax Credit Solutions LLC, redIQ LLC and Berkadia Services India Private Limited. Other non-operating entities are included in the Berkadia Group, and we may create, acquire or divest affiliates and operations over time.
The Berkadia Group is an active player in the U.S. Commercial Real Estate (“CRE”) market. Our business lines currently encompass the following areas of activity (our “Business”):
- We arrange CRE mortgage loans and related capital investments, collateralized by CRE and related interests. Some of the property types that are used as collateral are: apartments, seniors housing and healthcare, affordable housing, student housing, manufactured housing, hotels and hospitality, retail, office, land, and other types of commercial properties.
- We generally service the CRE mortgage loans and related capital investments that we arrange, and we also provide similar services to other lenders and holders of CRE mortgage loans and related capital investments for loans and investments that they originate or acquire.
- We represent sellers and buyers of CRE properties of the types noted above.
- We facilitate the syndication of CRE affordable housing tax credit investments.
- We develop software applications (“Applications”) to support our internal Business operations, and to provide software-as-a-service Applications to our clients and potential clients, all of which offer greater efficiencies and actionable insights to our employees, contractors, business partners and clients and potential clients.
- We support a network of start-up and next-stage companies that offer and are developing cutting edge technologies targeting the CRE markets in which we are active.
Your Privacy Rights in Personal Information
You have the right to know about Personal Information collected, used, disclosed or sold, and retained by Berkadia. You have the right to request that Berkadia delete your Personal Information, subject to our legal, contractual, regulatory, record retention and other business compliance requirements and obligations. You have the right to be treated without discrimination in the exercise of your privacy rights.
What is Personal Information (PI)?
For purposes of this Policy, Personal Information (or “PI”) means any information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with a specific individual or household of individuals. More specifically, Personal Information includes…
- Information obtained in connection with our Business and Services from or on behalf of property owners, borrowers, guarantors, purchasers and potential purchasers of CRE, lenders, servicers, investors, other transaction participants, and their affiliates about themselves, their employees, their other representatives, their equity owners, their CRE and other assets (including, but not limited to, information about their tenants, lease applicants and related parties, vendors and other service providers), and their other business activities (which may include information about other third parties).
- Information obtained in connection with our Business and Services from our third-party vendors and data providers.
- Information obtained from other private and public sources in connection with our Business and Services.
- Identifiers such as real name, alias, postal address, unique personal identifier (e.g., cookies, beacons, pixel tags), IP address, device identifier, email address, account name, Social Security Number (SSN) or Taxpayer Identification Number (TIN), driver’s license number, passport number or other similar identifiers.
- Transaction histories and related information, as well as CRE and related personal and other property, products or services purchased, obtained and/or considered by or through the Berkadia Group, as well as transaction histories, preferences and other activities.
- Internet browsing history, search history, interactions with a web site, application, advertisement or other online activities.
- Geolocation data.
- Biometric information.
- Audio, electronic, visual, thermal, olfactory or similar information.
- Professional or employment-related information.
- Characteristics of protected classifications (e.g., race, religion, sex, national origin, etc.).
- Educational information.
- Inferences drawn to create a profile of an individual reflecting the person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
Personal Information generally does not include publicly available information, that is, information that is lawfully made available from federal, state or local government records.
How We Collect and Use Personal Information
We collect Personal Information in a number of ways, depending on the features of our Site that you use and, if you are a customer or potential customer of Berkadia or otherwise have business dealings with Berkadia, the specific Services or Business which you have engaged or in which you participate and/or the Application(s) that you are using:
The Berkadia.com Public Website:
- When You Use Our Publicly Available Website.
When you engage in certain activities on the Site, the Site may ask you to provide certain information about yourself or your business activities (which may include Personal Information about others) by filling-out and submitting an on-line form. It is completely optional for you to engage in these activities. If you elect to engage in these activities, we may ask you to provide Personal Information. Depending upon the activity, some of the information that you will be asked to provide is identified as mandatory and some as voluntary. If you do not provide the mandatory data with respect to a specific activity, you will not be able to engage in that activity. If you provide Personal Information about others, you must strictly comply with your legal obligations to those whose Personal Information you provide, and you hereby agree to be liable for and indemnify us against any and all claims, losses or damages relating to providing us with, and/or our usage of, any such Personal Information.
We may use Personal Information to: (1) process a transaction that you initiate or in which you are otherwise involved (either directly as a participant, or indirectly as being associated with a participant or related CRE property), (2) provide Services that you request or which otherwise may relate to you (either directly or indirectly, through your association with a client or potential client, a transaction, or a CRE property), (3) engage in our other Business activities that may relate to you, your CRE property, or your business activities or which otherwise may relate to you (either directly or indirectly, through your association with a client or potential client, a transaction, or a CRE property), (4) allow you to participate in Site and Application features we offer, or to provide related customer services, including, without limitation, to respond to your questions, complaints or comments; (5) tailor Site and Application content we display to you; (6) provide you with information, products or Services that you have requested, agreed to receive or may be of interest to you; (7) send you CRE property and market reports and related information, (8) send you marketing materials and other information about us, our clients and potential clients, CRE properties and related businesses, and our third-party business partners; (9) process your registration with the Site and our Applications, including verifying that your e-mail address is active and valid; (10) improve the Site, our Applications, other Services and products, and for internal Business purposes; (11) contact you with regard to your use of the Site and our Applications, in our discretion, changes to the Site and Application policies or functionality; (12) permit other users to contact you, and vice versa, if those features are present in the Site or in our Applications; (13) respond to audit requests and legal processes and otherwise to comply with our legal, contractual, regulatory, record retention and other business compliance requirements and obligations, and (14) for purposes as disclosed at the time you provide information about you or others or otherwise with your consent (as the supplier of such information), and as further described in this Policy.
- Website Usage Information that We Collect.
In addition to any Personal Information that you choose to submit to our Site (whether through our Applications or otherwise), we and our third party service providers, including any third party content providers, may use a variety of technologies that automatically or passively collect certain information whenever you visit or interact with our Site and Applications (“Usage Information“). Usage Information may include the browser and operating system you are using, the URL or advertisement that referred you to our Site, the search terms you entered into a search engine that lead you to our Site (if applicable), all of the areas within our Site that you visit and the Applications, if any, that you use, and the time of day you visited the Site, among other information. We may use Usage Information for a variety of purposes, including enhancing or otherwise improving the Site, our Applications and our other products and Services. In addition, we may automatically collect your IP address or other unique identifier (“Device Identifier“) for any computer, mobile phone or other device (any, a “Device“) you may use to access the Site and our Applications. A Device Identifier is a number that is automatically assigned to your Device used to access a Site and our servers identify your Device by its Device Identifier. Some mobile service providers may also provide us or our third-party service providers with information regarding the physical location of the Device used to access a Site. Usage Information is generally non-identifying, but if we associate it with you as a specific and identifiable person, we treat it as Personal Information.
- The Methods that We Use to Collect Usage Information Include the Following:
Cookies. A cookie is a data file placed on a Device when it is used to visit a Site or otherwise access our online content. Cookies may be used for many purposes, including, without limitation, remembering you and your preferences and tracking your visits to our web pages. A Flash cookie is a data file placed on a Device via the Adobe Flash plugin that may be built-in to or downloaded by you to your Device. Flash cookies may be used for various purposes, including, without limitation, enabling a Flash feature and remembering your preferences. For more information about Flash and the privacy choices Adobe offers, click here. If you choose to disable cookies or to adjust your Flash privacy settings on your Device, some features of the Site may not function properly.
Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site and our Applications, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third-party service provider. It is active only while you are connected to the Site and is deactivated or deleted thereafter.
Web Beacons. Small graphic images or other web programming code called web beacons (also known as “1×1 GIFs” or “clear GIFs”) may be included in our web pages and e-mail messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to the Site and our Applications, to monitor how users navigate the Site and our Applications, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.
We collect Usage Information to support your participation in the features and activities you have selected on the Site and within our Applications. We may also use the information to keep you informed about new or improved Berkadia offerings and those of third parties. We may de-identify or aggregate the data and provide it to third parties for statistical analysis to improve the Site and the use of our Applications. We may also disclose any information as required by law or any governmental agency.
- When You Use Our Website Portal to Communicate with Our Business.
How Our Business Collects and Uses Personal Information:
- OUR CRE MORTGAGE BANKING BUSINESS
What Personal Information Do We Collect? Why? With Whom Do We Share it?
Our CRE Mortgage Banking Business works with the following Personal Information and uses it for the purposes described in this Policy:
Our CRE Mortgage Banking Business uses Personal Information it collects to arrange for CRE mortgage loans and related capital investments collateralized by CRE and related interests. We perform these Services on our own behalf and for the benefit of other lenders and investors. As such, we share all information required with our internal Business units who support these activities, with those other lenders and capital sources who are or may participate in this part of our Business, and our and their third-party vendors whose services are needed in order to arrange for such CRE mortgage loans and related capital investments, and to help us comply with our legal, contractual, regulatory, record retention and other business compliance requirements and obligations, as described above.
- OUR CRE LOAN SERVICING BUSINESS
What Personal Information Do We Collect? Why? With Whom Do We Share it?
Our CRE Loan Servicing Business works with the following Personal Information and uses it for the purposes described in this Policy:
Our CRE Loan Servicing Business uses Personal Information it collects to service CRE mortgage loans and related capital investments collateralized by CRE and related interests. We perform these Services on our own behalf and for the benefit of other lenders and investors. As such, we share all information required with our internal Business units who support these activities, with those other lenders and capital sources who are or may participate in this part of our Business, and our and their third-party vendors whose services are needed in order to service such CRE mortgage loans and related capital investments, and to help us comply with our legal, contractual, regulatory, record retention and other business compliance requirements and obligations, as described above.
- OUR REAL ESTATE BROKERAGE/INVESTMENT SALES BUSINESS
What Personal Information Do We Collect? Why? With Whom Do We Share it?
Our Investment Sales Business works with the following Personal Information and uses it for the purposes described in this Policy:
Our Investment Sales Business uses Personal Information to facilitate CRE purchase and sale and related transactions. We may receive Personal Information about the parties to the transaction and their affiliates and their respective representatives and business associates, as well as the tenants and lease applicants at the related properties (such as tenant and lease guarantor names, addresses, contact information, financial information and other information obtained from third-party vendors). We may share this information among the parties to the transaction and their affiliates and their respective representatives and business associates, their lenders and other capital sources and as otherwise needed to facilitate the closing of each transaction and to help us comply with our legal, contractual, regulatory, record retention and other business compliance requirements and obligations, as described above.
- OUR CRE AFFORDABLE HOUSING TAX CREDIT INVESTMENT BUSINESS
What Personal Information Do We Collect? Why? With Whom Do We Share it?
Our CRE Affordable Housing Tax Credit Investment Business works with the following Personal Information and uses it for the purposes described in this Policy:
Our CRE Affordable Housing Tax Credit Investment Business uses Personal Information to facilitate the flow of capital to help CRE property owners and operators acquire, develop, own and operate CRE affordable housing properties around the U.S. We may receive Personal Information about the parties to the transaction and their affiliates and their respective representatives and business associates, as well as the tenants and lease applicants at the related properties (such as tenant and lease guarantor names, addresses, contact information, financial information and other information obtained from third-party vendors). We may share this information among the parties to the transaction and their affiliates and their respective representatives and business associates, their lenders and other capital sources and as otherwise needed to facilitate the closing of each transaction and to help us comply with our legal, contractual, regulatory, record retention and other business compliance requirements and obligations, as described above.
- OUR SOFTWARE APPLICATION BUSINESS
What Personal Information Do We Collect? Why? With Whom Do We Share it?
Berkadia has developed and may in the future develop Applications that may be made available in a “Software-as-a-Service” computing model accessible from desktop and laptop computers, as well as from mobile devices and apps.
Some Applications are designed solely for internal use by Berkadia to improve our level of automation and to obtain efficiencies in speed and ease of conducting our Business. Other Berkadia Applications may utilize data-driven analytical tools to provide actionable insights into the CRE marketplace to better serve our Business, to support our Services, and to assist our customers and potential customers make better decisions regarding their CRE businesses. For example, Berkadia may improve the efficiency of converting Rent Rolls and Operating Statements for CRE properties from PDFs into digital formats that can be electronically ingested and used in one or more Applications and other software products.
We may receive Personal Information: (1) internally through those who use our Applications in support of our other Business lines and Services, (2) externally through those who use our Services, those who otherwise interact with us in the course of our Business activities, and those who use our Applications in support of their CRE business activities, and (3) from third-party vendors and other public and private sources of information. Some Personal information may be provided to third parties as required pursuant to our legal, contractual, regulatory, record retention and other business compliance requirements and obligations. When permitted and reasonably practicable, we utilize Blind Data Pools and Derived Data to insulate and protect Personal Information. Please see our separate discussion of Blind Data Pools and Derived Data below.
- OUR START-UP AND NEXT-STAGE COMPANY SUPPORT BUSINESS
What Personal Information Do We Collect? Why? With Whom Do We Share it?
Our Start-Up and Next Stage Company Support Business does not generally use Personal Information to support this line of business activities. To the extent Personal Information is used, it is used in a very limited circumstances and amounts, in order to facilitate the development of the participant companies’ respective products and services. We may receive Personal Information from these companies that they obtain from various sources and we may provide Personal Information to these companies through our various Service and Business activities described in this Policy. In either case, the use of Personal Information is subject to contractual and other legal and regulatory confidentiality and usage restrictions. If we provide Personal Information to these companies, it is limited to certain information about the parties to a CRE transaction and their affiliates and their respective representatives and business associates, as well as the tenants and lease applicants at the related properties (such as tenant and lease guarantor names, addresses, contact information, and other information obtained from third-party vendors). In any event, our use of any Personal Information under these circumstances is done so in accordance with our legal, contractual, regulatory, record retention and other business compliance requirements and obligations, as described above.
How We Disclose Your Personal Information
Berkadia does not sell Personal Information to third parties. If and when we disclose Personal Information to third parties, it is generally in furtherance of (and otherwise subject to) our legal, contractual, regulatory, record retention and other business compliance requirements and obligations, as described above. We may also disclose Personal Information to trusted third party vendors that provide services to Berkadia on a confidential basis in support of our operations. The above discussion of our Business and Services provides detailed information and charts explaining why and to whom we disclose Personal Information. Please visit those topics and click “Read More” for details.
If Berkadia uses Personal Information in external-facing user Applications, it generally first removes such Personal Information by converting it to Blind Data Pools (as described below) or uses it to produce higher-level Derived Data (as described below) that does not expose Personal Information to any user (unless such information is provided by a user). If Personal Information is exposed directly to a user of an Application, it is done so on a limited basis as more fully described below.
We may disclose Personal Information:
- To Customers and Other Participants to Transactions in Which We Participate.
Personal Information received by Berkadia in connection with CRE loan origination, servicing, purchase and sale, and affordable housing syndication transactions are provided to various third parties on a need-to-know basis. Disclosure generally includes certain information about the parties to each transaction and the related CRE properties. CRE property information may include Personal Information about tenants and lease applicants at a property (such as tenant and lease guarantor names, addresses, contact information, financial information and other information obtained from third-party vendors). Parties who may receive such information include third party vendors who provide certain services to transaction participants, other lenders, servicers and investors, affiliates of the transaction participants, rating agencies, regulatory authorities and other parties with a related interest in any such transaction. If and when we disclose Personal Information under the foregoing circumstances, we do so in furtherance of (and otherwise subject to) our legal, contractual, regulatory, record retention and other business compliance requirements and obligations, as described above.
- Amongst Our Various Business Units Within the Berkadia Group (including our affiliate in India).
The Berkadia Group consists of various affiliates, and within those affiliates, various business units that operate our Business. Affiliates may have been established to comply with applicable State or Federal laws or other business requirements, even though they may have similar Business units and share certain corporate services (such as data resources and Applications).
Personal Information collected by one Berkadia Business unit may be shared with another Business unit to carry out our contractual responsibilities, and to identify actionable insights and other opportunities relating to our customers, potential customers, their businesses and CRE properties. For example, Personal Information collected in connection with our CRE Brokerage/Investment Sales Business activities may be shared with our CRE mortgage loan origination unit to arrange for a loan on a property being purchased, which will then be shared with our CRE loan servicing unit to enable them to administer the loan until it is paid in full, sold, or otherwise. Although we generally do not transfer or store your Personal Information outside the United States, we may securely transfer Personal Information in encrypted form to and from our controlled affiliate in India to benefit from their data conversion, data formatting, processing, quality improvement and other services strictly in support of our Business, Services and our Applications.
Other Business units may use Personal Information to decide whether customers, potential customers and other CRE industry participants should be provided with property and market reports. In all circumstances, all Personal Information stored and used among our various Business units are done so subject to our legal, contractual, regulatory, record retention and other business compliance requirements and obligations, as described above.
- To Run Our Applications.
Our Applications use and analyze data that Berkadia obtains from various sources, some of which include: data that we own resulting from our Business operations, and data that we purchase or otherwise acquire from third party sources. Some of our Applications also allow their users to input data to help personalize the user experience. In the process of ingesting data for Application analysis, Personal Information (generally related to CRE property) may be uploaded into Berkadia’s systems. To the extent this occurs, such data may be stored on Berkadia’s systems, but not used by the Applications. If such data is used by any Applications, it will be: (1) displayed only for internal Business purposes, or (2) if viewed externally, only by the user(s) who uploaded such information or with their permission, by other external users. All other Personal Information used by our Applications is either converted to Blind Data Pools or used to produce higher-level Derived Data, all as further described in this Policy.
- To Third Party Service Providers and Vendors Under Contract with Us.
Berkadia may share Personal Information with third party service providers and vendors that have entered into written agreements with Berkadia to perform or support various Business units within the Berkadia Group. For example, we may share Personal Information with property appraisers, inspectors, lenders, loan servicers, attorneys, accountants, order processors, fulfillment services and others. Our vendor agreements typically contain contractual protections for the proper use and protection of Personal Information and other confidential information.
- To Other Registered Users of Our Services and Applications.
In order for us to fulfill our Service obligations, it may be necessary for us to share Personal Information provided by you or on your behalf. Additionally, certain features of our Applications may involve the sharing of Personal Information at your request or with your consent or incidental to carrying out the functions for which you are subscribed. For example, if you apply for a CRE loan and/or use our Applications to apply for a loan or other Service, we may share your Personal Information with credit bureaus, lenders and other transaction participants. If you request us to share Personal Information about you or your CRE property with potential buyers or investors, we may share it for that purpose. The documents used by our Business will have additional disclosures, permissions and instructions specific to the purpose.
- To Support Third Party Analytics Providers and Ad Servers.
Although the Site currently does not display ads from third parties, Berkadia works with network advertisers, ad agencies, third party traffic measurement services and other vendors to provide us with information regarding traffic on the Site, to serve our advertisements on other web sites, within third party applications, and across the internet, and to provide us with information regarding the use of the Site and the effectiveness of our advertisements. For example, if you clicked on a Berkadia advertisement or other link that led you to our Site, our service provider(s) may be able to tell us which Berkadia advertisement or link you clicked and where you were viewing the advertisement or link. In connection with providing analytics and advertisement services, our service providers may collect certain information about your visits to this or other web sites. We do not share Personal Information with these service providers, but they may set and access their own tracking technologies on your Device (including cookies and web beacons) and may otherwise collect or have access to information about you (such as your general interest in real estate and Usage Information). Cookies and web beacons, including those set by third party network advertisers, may be used to, among other things, target advertisements, prevent you from seeing the same advertisements too many times and to conduct research regarding the usefulness of certain advertisements to you. We may share Usage Information about visitors with third party advertising companies, analytics providers and other vendors for similar purposes.
- To Maintain Our Business Records and to Fulfill Your Specific Requests.
We may collect and maintain Personal Information (e.g., your name, contact information and other personal data) within our Business contacts databases. Based on your profile, we may use such Personal Information to send you information you have requested, to notify you about specific CRE opportunities or to provide you with reports and other information that may be of value to you. Specifically, we may notify you of upcoming seminars or programs sponsored by Berkadia, about Applications that we believe could benefit you or other offerings. You can generally avoid receiving such communications either by not subscribing to them (e.g., an email list) or by opting-out later. For example, our email newsletters contain an “unsubscribe” link at the bottom of each email that you can use to manage your subscription to that newsletter.
- For Data Analytics and Site Improvements.
We gather data about your use of our Site, Applications and Services in order to perform data analytics and to improve our Service and other Business offerings. In some cases, we may use third party data analytics services to assist us with data gathering and analysis. For example, we may gather data about the web pages you visit, how long you visit them, whether you disengage from a specific page and other metrics that allow us to improve our offerings. Third party analytics services are subject to contractual restrictions consistent with this Policy.
- For Legal Obligations and Compliance, Law Enforcement and Public Safety Purposes.
We may also use Device Identifiers, including IP addresses, to identify users, and may do so in cooperation with copyright owners, internet service providers, wireless service providers or law enforcement agencies in our discretion. These disclosures may be carried out without notice to you.
- In the Event of an Actual or Contemplated Sale of Berkadia or a Business.
We may share Personal Information within the Berkadia Group, primarily for business and operational purposes. We also reserve the right to disclose and transfer all information related to our Business, our Services, the Site, and our Applications, including Personal Information: (i) to a subsequent owner, co-owner or operator of our Business, our Services, the Site, and any Application; or (ii) in connection with a corporate merger, consolidation, restructuring, the sale of certain of our ownership interests, assets, or both, or other change of ownership, including, without limitation, during the course of any due diligence process in connection with a potential sale transaction.
- To Support Corporate Users.
If your company has provided you with access to our Site or an Application, we may share any and all information about your use of the Site and our Applications, including your Personal Information and Usage Information, with your company and its representatives or agents.
How We May Use Blind Data Pools and Derived Data in Applications to Protect Your Personal Information
Our Applications are designed to deliver actionable insights and the best customer experience, while protecting Personal Information. Berkadia uses Applications to support our Business and to offer useful services to the CRE marketplace. To accomplish these goals, the Berkadia Group has been moving away from “silos” of data accumulated by its departments and toward a centralized data repository to support the Berkadia Group’s Business as a whole and to enable new innovations in Applications. We expect that trend to continue. As noted in this Policy, we use data security and may employ Derived Data and Blind Data Pools in the development of certain Applications, particularly in external offerings that would be made available to third parties. Derived Data and Blind Data Pools do not reveal your Personal Information. Conversion of Personal Information into Blind Data Pools and Derived Data is considered an irreversible deletion of such information and removes it from the scope of this Policy.
Derived Data results from calculations, manipulations, analyses and processes performed by Berkadia’s Applications on Personal Information and other data (for example, Derived Data may include an average aggregate rent for a particular zip code obtained from a column of actual unit rents for a sample of specific properties). Derived Data reflects data aggregates and does not reveal Personal Information. Berkadia uses technical and business process constraints such as minimum size data samples in its Applications to limit an external user’s ability to construct queries that “drill down” or extract elements of Personal Information. Once Derived Data is generated, it may continue to be used in that form even if your Personal Information is later deleted from our system and your account is closed.
Blind Data Pools: Berkadia may de-identify and anonymize Personal Information (for example, by removing an individual’s name, email address, tax ID or other identifiers) and may collect data into a Blind Data Pool that can be used to generate actionable insights in a way that does not disclose your Personal Information to other users. Blind Data Pools may be enriched by data from third party data vendors and from publicly available sources (e.g., census data) to support a rich data-set, while respecting individuals’ privacy interests. An Application that offers subscribers access to features utilizing a Blind Data Pool may condition such access on the subscriber participating in the Pool by contributing its own data. Once your data is contributed to a Blind Data Pool, the decision cannot be revoked with respect to data already contributed, even if your account is closed. A subsequent decision to opt-out of further participation can only stop future contributions of data to the Blind Data Pool. Berkadia has implemented technical and business process safeguards so that once data is contributed to a Blind Data Pool, it cannot be reversed engineered to re-identify Personal Information and is therefore deemed outside the scope of this Policy.
OTHER POTENTIAL SOURCES AND USES OF PERSONAL INFORMATION
Personal Information Received from Outside of the United States
If you access or use our Site, Applications or Services from locations outside the United States, you consent to all data transfers and usage rights specified in this Policy and you agree to be solely responsible for compliance with your local laws and regulations with respect to any Personal Information you may transfer to or from the United States. We note that the data protection and privacy laws in the United States may offer a different level of protection than in your country or region.
Employment Applications, Records and Related Information
If you apply for a position at Berkadia or we receive your information in connection with a potential role at Berkadia from a third-party recruiter or job website, we may use your submitted information to evaluate your candidacy and to contact you. If we consider you for a role at Berkadia and if you are hired as an employee or engaged as an independent contractor, we may use and provide Personal Information to outside vendors (such as background checking and payroll processing companies and applicable regulators) in connection with those activities. If you are a candidate or are offered a position with Berkadia, you may receive more details about how we handle your Personal Information in each of those circumstances.
OTHER IMPORTANT POLICY ISSUES RELATED TO PERSONAL INFORMATION
Legal Basis for Processing Your Personal Information
This Policy grants us permission to collect, use, process and transfer Personal Information in accordance with this Policy. We may also obtain your consent indirectly through various contracts and other agreements that we enter into with you or other third parties in connection with our Services and other Business.
Personal Information collection, storage and use activities may be governed by contracts you enter into with a Berkadia Business (e.g., a property listing agreement, a loan application, commitment and related loan documents, a non-disclosure agreement). We may also have permission indirectly through contracts that Berkadia enters into with third parties (such as contracts or subcontracts for loan origination, servicing or sub-servicing, agreements with banks or other lenders, contracts with other brokers to help buy or sell a specific property, property appraisal or inspection contracts, or contracts with other CRE market participants acting on your behalf or on behalf of other participants in a transaction who have an ongoing business or other relationship with you). For example, if you are the borrower on a particular loan, we may enter into a servicing agreement with your lender to carry out various servicing responsibilities on your loan. Our collection use and distribution of your Personal Information and the Personal Information of others related to your loan will be governed in all circumstances by your loan documents and our servicing agreements. In addition to and without modifying your loan document obligations, in some cases we will ask for your additional consent to process your Personal Information at the data entry or processing point on our Site. You may indicate your consent in a number of ways, including, as permitted by law, ticking a box (or the equivalent action) to indicate your consent when (a) providing us with your Personal Information through our Services or a form (including enrolling in email lists or promotions); or (b) registering or creating an account with us.
How We Protect Your Personal Information
Berkadia uses data security procedures and practices to protect your Personal Information that we believe are reasonably appropriate given the level and nature of the risks associated with such information.
Important Notice. No system can be made completely secure from unauthorized access or hacker attack. The transmission and storage of Personal Information by Berkadia may not be entirely secure and third parties could compromise Berkadia’s systems even if Berkadia uses reasonable data security measures to protect them, as described below.
Berkadia maintains a comprehensive information security management system (the “ISMS”) which includes administrative, technical and physical safeguards designed to: (a) protect and secure Personal Information from unauthorized access, use or disclosure; and (b) protect against anticipated threats or hazards to the security or integrity of Personal Information. The ISMS is documented and kept current by Berkadia based on changes to industry standard information security practices and legal and regulatory requirements applicable to us.
Standards. Processor’s ISMS will, at a minimum, adhere to applicable information security practices as identified in International Organization for Standardization 27001 (ISO/IEC 27001) (or a substantially equivalent or replacement standard) or other authoritative sources (e.g. SSAE 18, SOC1, SOC2).
Independent Assessments. On an periodic basis, Berkadia has an independent, suitably qualified third party organization conduct an independent assessment consisting of a Report on Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality and/or Privacy (SOC2 Type II) or such other comparable assessment at its sole discretion (e.g. ISO 27001 Certification).
Information Security Policies. Berkadia’s information security policies address appropriate protection against such risks. These information security policies, at a minimum, include: organization of information security; asset management; human resources security; physical and environment security; communications and operations management; access control; information systems acquisition; development and maintenance; information security incident management and business continuity management.
Access Controls. In accordance with the ISMS, Berkadia maintains appropriate access controls (physical, technical, and administrative) to its facilities and its systems.
Encryption. Berkadia uses industry best practices to encrypt highly sensitive Personal Information at rest within its systems. For such Personal Information in transit to and from the Berkadia’s systems, Berkadia uses encryption unless you use a method of transmission or feature which does not support encryption (such as unencrypted FTP, email, etc.).
Network and Host Security. Berkadia has network intrusion detection and firewalls in place. In accordance with its ISMS, Berkadia uses commercially reasonable efforts to ensure that its operating systems and applications that are associated with Personal Information are patched or secured to mitigate the impact of security vulnerabilities in accordance with Berkadia’s patch management processes.
Data Management. In accordance with its ISMS, Berkadia has information security infrastructure controls in place for Personal Information obtained, transported and retained by Berkadia for the operation of its Business.
Audit Logging and Monitoring. Berkadia implements controls for audit logging and monitoring of events in its systems.
Facility and Equipment Security. Berkadia implements physical and environmental security measures to protect its computing environment and equipment.
Training. Berkadia provides regular training (or requires regular training to be provided) for its employees and contractors on security and privacy requirements applicable to their roles. Such training occurs at least annually and upon initial employment.
Business Continuity and Disaster Recovery. Berkadia implements and maintains business continuity and disaster recovery capabilities designed to minimize disruption of its Business in the event of a disaster or similar event.
Subcontractors. Berkadia makes reasonable efforts to ensure that subcontractors are under contractual obligations that meet Berkadia’s security and privacy standards, to the extent applicable to their scope of performance, including contractual requirements that all persons authorized to perform services on behalf of Berkadia have agreed to an appropriate obligation of confidentiality.
Background Checks. Berkadia conducts background checks on personnel where legally permitted and in accordance with local law and custom.
Cyber Liability Insurance. Berkadia maintains cyber and privacy liability insurance protection which it deems appropriate to the level of risk for its Business and computer operations.
How Long Do We Keep Your Personal Information?
Different operating units within our Business may have specific data retention requirements which in some cases are imposed by law, rule or regulation based on their specific activity. Generally, we only retain Personal Information for so long as is necessary to carry out the purpose for which we collected it and for other purposes permitted by this Policy or as required by law. For example, Personal Information related to a CRE mortgage loan that we originate and service may need to be retained and used, at a minimum, over the life of the loan and perhaps longer, in order to comply with our regulatory, compliance and business records retention requirements.
Your Right to Know About Personal Information Collected, Used or Disclosed by Berkadia
You have the right to ask Berkadia to disclose to you what Personal Information we collect, use, disclose or sell. This Policy is designed to answer most of those questions. With respect to your online password-protected accounts, you can view and manage that information yourself simply by accessing your account through the log-in process. For some requests, Berkadia may provide automated features that point you to places within this Policy that answer your questions. For other information, you may submit a verifiable request directly to Berkadia. In considering such requests, Berkadia will not discriminate against you. In some cases, you may be asked for certain information reasonably needed to verify your identity and to validate your request.
PRIVACY INFORMATION REQUEST PROCEDURES
Please click Contact Us to submit your privacy information requests with Berkadia. In some cases, we will point you to relevant provisions of this Policy. In other cases, we will direct your communication to a Privacy Officer at Berkadia for an individualized response. Depending on the nature of your request, we may require that you verify your identity.
PRIVACY GRIEVANCE PROCEDURES
To submit a privacy grievance to Berkadia, please click Contact Us. We will respond as quickly as reasonably possible but in no event later than 30 days from receipt of (a) a plainly written statement identifying the specific provisions of this Policy or applicable law that you allege we have violated and the factual evidence for your allegation, and (b) reasonable proof from which Berkadia can validate your identity as the owner of such Personal Information. You irrevocably agree not to file a formal grievance with any court or government agency until you have complied with these procedures and Berkadia has had a reasonable opportunity to respond. If you do file a formal claim pertaining to this Policy or Berkadia’s privacy practices against any member of the Berkadia Group, you agree, to the maximum extent allowed by applicable law, to submit it as an individual claim (without joinder of other claims) to binding arbitration exclusively in Montgomery County, Pennsylvania (USA). Any question as to the arbitrability of your claim shall also be submitted to such arbitration.
If you cannot use the online portal to submit an information request or file a grievance with Berkadia, please contact us as follows:
By Toll-Free Telephone: 888-708-2727. Note: Calls will go to a voice mailbox. The VM will then be routed as an email attachment to: Berkadia.Privacy@berkadia.com
By U.S. Mail: 323 Norristown Road, Suite 300, Ambler, PA (USA) 19002. Attn: Risk Compliance Officer.
Unsubscribing to Certain User-Requested Content. Certain content that relies on Personal Information given to us, such as email Newsletters, allow you to unsubscribe or opt-out by clicking a link at the bottom of any email that you receive. Doing so should remove your email address from the mailing list.
Limitations on Disclosures to You: Berkadia will generally not disclose to you the specifics of certain highly sensitive information, such as a Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password or security questions or answers. We may deny a request for other reasons, for example, if needed to comply with State or Federal law.
Your Request to Delete Personal Information is Subject to Certain Exceptions
You may request Berkadia to delete your Personal Information held by Berkadia. Once Personal Information is added to a Blind Data Pool or is used to create Derived Data, it is considered “deleted” for purposes of this Policy because it cannot later be re-identified. A request to delete Personal Information is also subject to important exceptions if Berkadia needs the Personal Information to perform its contractual, legal or regulatory responsibilities. As a practical matter, it may not be feasible to delete Personal Data contained in offline storage or other bulk archives until the entire archive segment is destroyed according to our document retention policy, which may require retention for an additional period. If you contributed content to a public community forum, it may not be possible for you or Berkadia later to delete the posting.
Exceptions to Deletion Requests: Berkadia may not act on your request to permanently delete Personal Information if retention and use of Personal Information is required to: (a) carry out a transaction or contractual relationship for which the Personal Information was collected; (b) protect against security incidents, illegal activity or enforcement activities; (c) perform debugging or maintenance work on our systems; (d) exercise or protect free speech rights; (e) engage in bona fide research where you have consented; (f) enable internal use by Berkadia consistent with our relationship or (g) comply with a legal obligation or regulatory requirement.
Links to Third Party Websites
Europeans, Canadians and Persons from other Countries
The Site is operated within the United States. If you are located in the European Union, Canada or elsewhere outside the United States, please be aware that information we collect will be transferred to and processed in the United States. By using the Site, or providing us with any information, you consent to this transfer, processing and storage of your information in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen.
Changes to this Policy
Berkadia is a rapidly evolving enterprise actively developing Services and Applications to serve its Business and the CRE marketplace in new and better ways. We will continue to assess this Policy against new technologies and procedures and make adjustments as relevant privacy laws evolve or circumstances require. We reserve the right to change this Policy and will post a revised Policy on our Site with the effective date. In addition, we may use contact information you have provided to deliver enhanced forms of notice (e.g., notice by email or pop-up website banners with click-wrap acceptance) if this Policy changes in significant ways. Some changes to our Policy may require you affirmatively to make privacy choices (e.g., opt-in or opt-out) to accept or decline a new or different privacy practice.