Who We Are

Green Street Advisors, LLC together with our subsidiaries Green Street Advisors (UK) Ltd, Green Street Advisors (Canada) Ltd., Locatus B.V., Locatus België B.V., Green Street Advisors (Australia) Pty Ltd., and Green Street Solutions (UK) Ltd., collectively “Green Street” provide this privacy policy to supply you with details about how your information is collected and used.

Green Street is a business subject to the California Consumer Privacy Act of 2018 (Cal.Civ.Code § 1798.100 et seq. (“CCPA”), California Privacy Rights Act of 2020 (“CPRA”), the New York “Stop Hacks and Improve Electronic Data Security Act of 2019 (N.Y. Gen. Bus. Laws § 899-bb( “SHIELD Act”), the Data Protection Act of 2018 and the General Data Protection Regulation (Regulation 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC); General Data Protection Regulation (“GDPR”) enacted by the United Kingdom, as applicable, the Personal Information Protection Law of China (2021), and/or the General Law for the Protection of Personal Data of Brazil (Law 13.709), Brazilian General Data Protection Law of 2020 (LGPD), Personal Information Protection and Electronic Documents Act ('PIPEDA') and all other applicable Canadian provincial data privacy laws and any other applicable foreign, federal, state, or local data protection, data privacy, data security, and privacy protection laws that Green Street may fall in scope as they may be enacted or amended (collectively, the “Data Protection Laws”).

Information We Collect

Data collected by Green Street is limited to the information needed to provide the services contracted between Green Street and the customer. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We collect and use various types of information we believe is necessary only to administer our business, and to offer you the best possible customer service. Customer information we collect is categorized into the following types:

• Geolocation data, such as regional IP addresses, are not used for tracking precise consumer location and movements.
• Commercial Information such as purchase or licensing information, including products and services purchased or licensed, obtained, or considered, or related histories or tendencies.
• Other general information we obtain about you that is not assembled for the purpose of opening an account or offering certain products or services that you may request, such as demographic information.
• Audio and visual data generated when you opt-in to video recordings. This is used for the purpose of customer service, customer presentations and training. This is not used for identification.
• Inferences drawn from personal, or customer information is for Green Street commercial use only. Green Street will make inferences based upon customer details as to which of our products may be useful. We do not use automated decision-making technology.
• In the US, Green Street’s Advisory business is a California registered investment adviser regulated by the Department of Financial Protection and Innovation. As a customer of our Advisory business, we are required to obtain, verify, document and retain data that identifies each organization and those there that utilize the regulated products and services. We will ask for the name of your entity, address, tax identification number and other information that will allow us to identify you. We may also ask to see your articles of incorporation, partnership agreement or other identifying documents. Please note, this is for customers of our Advisory services only.

Personal data is data that relates to an identified or identifiable natural person, this means a human being. Anonymous data, where you cannot find out who the data relates to, is not personal data.

Green Street may collect personal data from you, which can be split into the following different types:

1.  Identity Data, which includes your first name, last name, date of birth and gender.
2.  Contact Data, which includes your address, email address and telephone numbers.
3.  Financial Data, which includes your bank account and payment card details.
4.  Technical Data, which includes your IP address, your login data, and your browser type.
5.  Profile Data, which includes your username and password and survey responses.
6.  Transaction Data, which includes details about payments to and from you and other details of products and services you have purchased from
    us.
7.  Marketing and Communications Data, which includes your preferences in receiving marketing from us and our third parties and your
    communication preferences.
8.  Usage Data, which includes information about how you use our website, products, and services.

Personal data does not include:

• Publicly available information from government records.
• De-identified or aggregated consumer information.

We may collect aggregated details about your use of the websites for the purposes of aggregate statistics or reporting purposes. Aggregated data (usage details combined from a number of people’s data) may come from your personal data but if it does not directly or indirectly reveal your identity, it is not considered personal data and falls outside the scope of this Policy. For example, we may combine and analyze your use of the website to work out the number of users accessing a specific feature. However, to the extent that the aggregated information could still be considered personal data, we will continue to process it in accordance with this privacy policy.

The recipients of this personal data include Green Street employees or those acting on its behalf under contract as outlined in this policy. Data access is granted on a “need-to” basis as necessitated by job function.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How We Collect Personal Data

When you sign up for our services or communicate with us, you may choose to voluntarily give us certain personal data. We use different methods to collect data from and about you, including when you fill out a form or give us personal data via the phone, by post, online, through our website, video conference, by email or otherwise. Other instances where we may collect personal data are when you:

1.  Visit our website or social media (e.g. through cookies);
2.  Create an account with us to use our online portal;
3.  Login to your account and utilize the various features;
4.  Sign up for our mailing list/newsletter or Events;
5.  Enquire about or order products or services through our website or via the phone, fax, email, post or in person;
6.  Create an account on our website;
7.  Provide feedback;
8.  Fill in a form on our website; and/or
9.  Otherwise contact us.

Personal data may be collected by us and by our third-party service providers who assist us in operating the website, including:

Google Analytics

We use Google Analytics to help analyze how visitors access our website. Google Analytics generates statistical and other information about website use by means of cookies. Google will store this information. If you do not want your website visit information reported by Google Analytics, you can install the Google Analytics opt-out browser add-on. For more details on installing and uninstalling the add-on, please visit the Google Analytics opt-out page at https://tools.google.com/dlpage/gaoptout.

We also use Google Enhanced Conversions to provide hashed statistics about the effectiveness of our marketing campaigns. Visitors to our website can opt out of this along with any cookies via the website cookie banner.

HubSpot

We use HubSpot to help track and analyze inbound marketing opportunities. In common with many websites, when you read, browse, or download information from our public website, HubSpot’s system may collect information such as the data and time of your visit, the pages accessed, and any information downloaded. This information is used for sales analysis, client prospecting and marketing campaigns.

Full Story & Amplitude

We use telemetry software to provide the firm with a full session replay of a visitor’s interaction with our website, such as the links clicked, mouse movements, and pages/products visited. We collect this information to assist us in providing a better visitor experience.

Zuora’s Zephr Platform

The IJGlobal website uses Zephr to provide subscriber authentication to login to the website paywall. The service collects and manages customer account information to enable a personalized subscriber journey. Data collected by the platform includes session data, page views, ip addresses, email addresses, passwords, personal data provided by the customer on the form provided.

Advanced Ads & Mail Chimp

For Green Street UK News advertising clients, website ad clicks are tracked using Advanced Ads.  Mail Chimp is used to track ad clicks in daily emails from UK News.

Microsoft Office 365

Green Street utilizes Office365 email and Microsoft Teams to correspond with clients, provide our products and services, education, and client support. These platforms also provide information and support to potential clients. Email is archived by a contracted third-party service provider with limited access rights. Email is reviewed by members of the Compliance team as required by regulatory authorities. Video recording via Teams is authorized by all attendees prior to recording through an opt-in function. Video calls between customers and Green Street sales staff are housed by a contracted third-party vendor and routinely used for internal training purposes. Recorded video calls may be shared between Green Street affiliates located in the U.S. and U.K. 

Copilot

Use of Copilot through Microsoft Teams has been approved for limited Account Management staff to record and transcribe calls for commercial use purposes. These Teams recordings and transcriptions will only be used internally, and only through an opt-in basis.

Big Marker and Cvent

Green Street uses contracted vendors to sign-up and host Green Street events. Contact information and consent is collected through forms on our website. Certain contact data such as generalized title and company name may be utilized for obtaining sponsorships for future events.

Commercial property information we collect is categorized into the following types:

• Information from visitors to our website provided through online forms, such as building information, sales transaction information, and related property or market information;
• Other commercial property information that is directly provided from a client for valuation purposes.
  

Once the commercial property information has been verified, it may be used in an anonymized fashion to enhance our products/services.

We also use internal client information from Salesforce to help us increase the accuracy of our data product. This information is for internal use only and used to supplement deed and tax record data we collect from other third-party sources. This information is not published externally.

Please note, customers are not permitted to upload any PCI, PHI, PII or any sensitive information to our platform. Whether done purposefully or inadvertently, Green Street is not responsible for this data.

Credit Card Processing 

We use a credit card payment and processing service provider to receive certain payment processing data that enables us to accept payment from purchasers/licensees of our products and services. Green Street does not retain credit card information, please see the terms and conditions when purchasing through our on-line portal.

Choosing How We Use Your Personal Data

We understand that you trust us with your personal data, and we are committed to ensuring you can manage the privacy and security of your personal data yourself. Therefore, we will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

1.  Where we need to meet the contractual obligations we are about to enter into or have entered into with you.
2.  Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those
    interests.
3.  Where we need to comply with a legal or regulatory obligation.

We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data using more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Use of Cookies

What are cookies?

Like many websites, our website may use ‘cookies’ from time to time. Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the users with a tailored experience within this website.

What do we use cookies for?

We may use cookies to remember personal settings you have chosen at our website. In no other context do we use cookies to collect information that identifies you personally. Most of the cookies we set are automatically deleted from your computer when you leave our website or shortly afterwards. We use anonymous session cookies (short-term cookies that disappear when you close your browser) to help you navigate the website and make the most of the features. If you log into the website, as a registered user your session cookie will also contain your user ID so that we can check which services you are allowed to access.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by HubSpot, Amplitude, and FullStory which use first-party cookies to track visitor usage. The Green Street News UK website utilizes Advanced Ads to track ad clicks for its advertising clients. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website.

The default settings of browsers like Internet Explorer generally allow cookies, but users can easily erase cookies from their hard-drive, block all cookies, or receive a warning before a cookie is stored. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. Therefore, should users wish to deny the use and saving of cookies from this website onto their computer’s hard drive, they should take necessary steps within their web browser’s security settings to block all cookies from this website and its external serving vendors.

Most of the cookies we set are automatically deleted from your computer when you leave our website or shortly thereafter.

How long do we keep your personal data?

Data collected, used, and retained by Green Street is limited to the information needed to provide the products and services contracted between Green Street and the customer. Consumer data is retained for six years per DFPI and FCA regulatory books and records retention rules. We will keep the remainder of Green Street’s non-regulated business data in line with the regulated business and follow the same retention period.  Destruction of PI records will promptly follow the retention period. Financial records may be kept indefinitely.

Product Feedback

Please note that feedback provided to Green Street regarding our products and services will be shared internally to assist us in making improvements to those products and services.  The information provided is housed internally and is not anonymized.  We will not share this feedback outside of our organization.

International Data Transfers

Green Street is a global organization, and your data may be transferred to or accessed globally in providing products or services to you. Green Street may process your data outside of your country’s jurisdiction. Specifically, we could transfer your data outside of the European Economic Area (EEA), to the United States and/or the United Kingdom.  When we share your data with anyone outside the EEA, where necessary, we put in place the safeguards required by law to ensure that a consistent high level of protection travels with your data. By providing Green Street with your contact data, you are consenting to the processing and transfer of your data only for reasons stated in this privacy policy.

Our organization treats all customer data as confidential data and has information security and cyber security policies and procedures in place to protect your data. Green Street adheres to the Data Privacy Framework of the UK, EU, and Swiss (see Data Privacy Framework section below for further information). We will also sign a Data Privacy Agreement (DPA) when requested under other data privacy laws where needed. If you would like more information about the safeguards in place when transferring your data, please contact compliance@greenstreet.com.

Reasons We Share Information

We do not disclose your personal data without your permission, unless the disclosure is:

1. In accordance with this privacy policy or any agreement you enter into with us;
2. To our related companies (i.e. the GSA Group);
3. To third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets;
4. Required or authorized by law or for security reasons (including to prevent fraud).
5. To third parties, including our third-party service providers, to whom we may disclose, or provide access to, your personal data in connection with the purposes described in the table above.
6. We may also share information with outside accountants, auditors, lawyers, and other outside professional advisers to us, subject to confidentiality obligations.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Disclosing Information in Other Situations

Under certain circumstances, we may be required by law to disclose your personal information. Green Street may also disclose personal information to protect its legal rights or to enforce our Customer Agreement. These may include:

• A disclosure in connection with a subpoena or similar legal process;
• A fraud investigation;
• An audit or examination;
• An inspection by regulatory or self-regulatory authorities;

Data Subject Access Request (DSAR)

A DSAR is a formal inquiry made to a company by a data subject inquiring what of their personal information has been collected, stored, and used.

Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have:

• The right to know and access what personal information is collected, used, shared or sold
• The right to delete personal information held by businesses
• The right to request restriction of processing of your personal data
• The right to request the transfer of your personal data to you or to a third party
• The right to withdraw consent at any time where we are relying on consent to process your personal data
• The right to object to processing
• The right to opt-out of the sale of personal information
• The right to non-discrimination
• The right to receive services on equal terms
• The right to correct inaccuracies
• The right to restrict sensitive personal information
• The right to opt-out of automated decision making
• The right of data portability

Green Street does not:

• Sell customer data
• Collect sensitive personal information as defined under CPRA
• Utilize automated decision-making
• Disclose share personal information to a “third party” as defined under CPRA
• Market or sell to minors

US Federal law gives you the right to limit only:

• Sharing for affiliates’ everyday business purposes
• Affiliates from using your information to market to you
• Sharing for non-affiliates to market to you

State laws and individual companies may give you additional rights to limit sharing.

Formal Request

If you wish to exercise any of the rights set out above, please contact us (compliance@greenstreet.com). We commit to giving you the ability to do all of the following:

UK and Europe:

• You can verify the details you have submitted to us by contacting our Legal and Compliance Team.  Our security procedures mean that we may request proof of identity before we reveal personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response
• You can also contact us to change, correct, update or delete your personal data held by us at any time.
• You can request a readable copy of the personal data we hold on you at any time. To do this, please contact us (compliance@greenstreet.com).

United States:

 California consumers have the right to make a DSAR request to know, delete, and correct twice in a 12-month period:

• To request how we collect and have used your personal information over the past 12 months.
• To request deletion of any personal information collected. Note, we may deny your request if retaining the information is necessary to provide contractual service, comply with legal obligations, protect against illegal activity, etc.
• To correct any inaccuracies

No fee is usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Time limit to respond

UK and Europe - We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

United States - We will respond to a verifiable consumer written request within 45 days of its receipt. Send requests to:

Green Street
Compliance
100 Bayview Circle, Suite 400
Newport Beach, CA 92660
Email: compliance@greenstreet.com
Call us toll free: 888-640-8780

Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting that personal information.
• The specific pieces of personal information we collected about you (also called a data portability request).
  

No discrimination will be brought against you for exercising these rights, including denial of service, quality of service, or increase price of service.

Upon receipt of a request to delete personal information, a business must delete the information and direct any service providers to delete the information from its records as well unless the business or service provider needs the information to: (1) compute the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer; (2) detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; (3) debug to identify and repair errors existing intended functionality; (4) exercise free speech, ensure the right of another consumer to exercise his/her right of free speech, or exercise another right provided for by law; (5) comply with the California Electronic Communications Privacy Act; (6) engage in public or peer-received scientific, historical, or statistical research in the public interest; (7) to enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business; (8) comply with a legal obligation; (9) otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

Information Security

Green Street has adopted an Information Security Policy as an aggregate of directives, regulations, rules, and practices that describes how the company manages, protects, and distributes information. The security infrastructure is assessed regularly with the goal to protect our customer, employee, and proprietary information. The firm maintains appropriate technical and organizational measures, internal controls, and information security routines intended to protect the data exporter’s personal data. Our third-party service providers are contracted. We have robust training program and policies and procedure that include data privacy and cyber security.

General Data Protection Regulation (GDPR)

For European clients who contract directly with Green Streets Advisors, LLC (A U.S. entity) and UK or European clients that contract with Green Street Advisors UK Limited, we share your personal data within the GSA Group. This will involve transferring your data outside the European Economic Area (EEA).

GDPR applies to organizations, including non-European data controllers and processors, to the extent that they control or process personal data of individuals who are in the EU and/or the UK.

For the purposes of the GDPR, Green Street Advisors, with regard to relevant personal data are the data processor, and the client is the data controller. “Personal data” has the meaning given in Article 4 of the GDPR and relates only to personal data of which we are the data processor and in relation to which we are providing services to our customers.

Green Street will provide the following with respect to the services we provide:

1. We will comply with our applicable obligations as a data processor under the GDPR, including those requirements set out in Articles 28 (Processor), 29 (Processing under the authority of the controller or processor), 31 (Cooperation with the supervisory authority) and 32 (Security of processing) of the GDPR.
2. We will notify you without undue delay after becoming aware of a relevant personal data breach and provide reasonable assistance to you in your notification of that personal data breach to the relevant supervisory authority and those data subjects affected as set out in Articles 33 (Notification of a personal data breach to the supervisory authority) and 34 (Communication of a personal data breach to the data subject) of the GDPR.
3. We will not disclose or use personal data except in accordance with your lawful instructions, to carry out our obligations under, or as otherwise permitted pursuant to the terms of, our agreement(s) with you and to comply with applicable law, including the GPDR.
4. We will only transfer personal data to our affiliates that have executed a data protection agreement containing privacy and security terms that are materially similar to those contained herein.

Client contracts will be subject to model clauses which cover the following:

• Data exporter – Client, which purchases services from data importer and authorizes data importer to process data exporter’s personal data for purposes of providing the services.
• Data importer – Green Street, which processes data exporter’s personal data upon the instruction of the data exporter.
• Data subjects – Client employees

Categories of data - Business contact information

• Name
• Title
• Company Name
• Company Type
• Address
• Telephone Number
• Email Address
• Web Usage History

Processing operations - Processing will be undertaken to the extent necessary for data importer to provide services to data exporter.

The data importer has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect the data exporter’s personal data. Please note, these procedures may also be applicable to data privacy regulations in other foreign jurisdictions. For additional information please see the link below:

https://www.greenstreet.com/uploads/EuropeanPoliciesandDisclosures.pdf

If you would like to receive contractual clauses relevant to your relationship with us, please send a request to:

compliance@greenstreet.com or you may call us toll free: 888-640-8780.

Data Privacy Framework (DPF)

Green Street Advisors, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Green Street has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Green Street has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Green Street commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Green Street at:

Green Street
Compliance
100 Bayview Circle, Suite 400
Newport Beach, CA 92660
Email: compliance@greenstreet.com
Call us toll free: 888-640-8780

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Green Street commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

The Federal Trade Commission has jurisdiction over Green Street’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Green Street is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

An Individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Additional information can be found in Annex I located at: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

Green Street may transfer personal information to third parties acting as a controller. Green Street shall remain liable under the DPF Principles if personal information is processed in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

For California Consumers - California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

We have described above our methods for collecting and using the information necessary to operate our business and to provide the best possible customer service. In accordance with CCPA and CPRA, listed below are the categories of personal information relating to California residents we collect and how the data is used.

• Personal Identifiers, Information we receive from you on forms or through email communication, telephone or in-person interviews, such as your name, address, phone number and title. This information is used to communicate with clients and potential clients.
• Personal identifiers, including those listed in California statutes, such as full name, contact names, alias, address, unique personal identifier, online identifier IP address, email or account name. This also includes email addresses for your company employees or contact persons that you provide to us. This is needed to administer our business, to provide you with the best possible customer service and personalize the research and website content you receive. We also use this information to notify you of changes to our products or website along with any other relevant company updates. Customer records and professional information such as name, signature, address, telephone number, job title, business email address, that are used to bill for services, provide products and services, and customer contracts. Company and employee names will also be used to run an OFAC search.
• Commercial Information such as purchase or licensing information, including products and services purchased or licensed, obtained, or considered, or related histories or tendencies.
• Internet or other electronic network activity such as information from visitors to our website provided through online forms, site visitor data and online information collecting devices such as “cookies.” Green Street also collects and retains interactive user session data, such as pages visited and links clicked, browsing and search history, or other interaction with our website and password-protected library of data and products. This information is used to better understand your use of the site and improve our products, services, and user experience.
• Geolocation data, such as regional IP addresses, are not used for tracking consumer location and movements.
• Sensory data, Audio and visual data generated when you opt-in to video recordings. This is used for the purpose of customer service, customer presentations and training. This is not used for identification.
• Professional or employment- related information, we track when a user moves companies to deactivate their subscription and/or prospecting purposes.
• Inferences drawn from personal, or customer information is for Green Street commercial use only. Green Street will make inferences based upon customer details as to which of our products may be useful. We do not use any automated decision-making technology.

Green Street does not collect, or process customers’ sensitive data as defined under CPRA. Data collected by Green Street is limited to the information needed to provide the services contracted between Green Street and the customer.

Please see your rights under the CCPA/CCPR listed above under the heading Your Legal Rights and Data Subject Access Request (DSAR)

Keeping Current with our Privacy Policy

Green Street will provide notice of our privacy policy annually, as long as you maintain an ongoing relationship with us. If, at any time in the future, it is necessary to disclose any of your nonpublic personal information in a way that is inconsistent with this policy, we will give you advance notice of the proposed change so that you may have the opportunity to opt out of such disclosure. Additionally, since this policy may change from time to time, you can always review our current policy by contacting us for a copy at: (949) 640 - 8780 or visiting our website at www.greenstreet.com.

Contact Details

Robyn Francis, Chief Compliance Officer, and Data Protection Officer is responsible for the maintenance and update of this privacy policy and Green Street’s data privacy efforts. Should you have any questions in relation to this privacy policy, please contact Compliance in the US by email compliance@greenstreet.com or call us at (949) 640-8780. Contact UK compliance at compliance-uk@greenstreet.com or by calling our UK office at +44 (0)203 793 7000. These contact details are that of the controller if Green Street should process in that capacity.

Information Commissioner’s Office (ICO)

For more information or to make a complaint in the UK regarding your rights and data protection, please contact your local supervisory authority at www.ico.org.uk

European Union and European Economic Area Data Protection

Green Street processes the personal data of individuals in the European Union and European Economic Area and appoints our Locatus B.V. Netherlands office as our Data Protection Representative for the purposes of GDPR. If you would like to raise a question to Green Street or otherwise exercise your rights in respect to your personal data, you may contact our Netherlands office by email at compliance-uk@greenstreet.com quoting Green Street Advisors (UK) Ltd in the subject line.

Inquiries may also be mailed and addressed to the following address:

Compliance Department
c/o Locatus B.V.
Green Street Advisors (UK) Ltd
Creative Valley, Stationsplein 32
3511 ED Utrecht, Netherlands

DataRep

Green Street processes the personal data of individuals in Switzerland and has appointed DataRep as its Data Protection Representative for the purpose of FADP. If you would like to raise a question to Green Street or otherwise exercise your rights in respect to your personal data, you may contact DataRep by email at datarequest@datarep.com quoting Green Street Advisors (UK) Ltd in the subject line. You may also visit the DataRep website here: www.datarep.com/datarequest.

Inquiries may also be mailed and addressed to DataRep at the following address:

DataRep (Swiss FADP)
Leutschenbachstrasse 95
ZURICH, 8050, Switzerland

*It is essential that you mark your letters for ‘DataRep’ and ensure that in the correspondence you refer to Green Street Advisors (UK) Ltd.

** DataRep does not represent TA Associates and Welsh, Carson, Anderson & Stowe

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Green Street Affiliated Companies

The following is a list of all companies affiliated with Green Street to which this policy applies:

• Green Street Advisors (UK) Limited
• TA Associates
• Welsh, Carson, Anderson & Stowe

Cyber Security

Green Street makes Cyber Security a top priority to ensure protection for both its customer information and proprietary data. Our policy has been structured by considering risk, business operations, IT infrastructure and critical information for the prevention of business breaches. Industry practices are followed as it relates to IT processes and procedures for prevention and action plans. Recurring security tests are performed on IT infrastructure and business dependencies to achieve maximum protection against threats. Testing is done by external vendors to ensure the latest threats and vulnerabilities are evaluated against the business. Testing is intrusive at all levels of hardware and software for both internal and external facing equipment. Green Street’s staff also performs reviews of infrastructure on a scheduled basis. Real-time monitoring is in place for IT related systems to ensure action can be taken promptly. Latest software releases and patches are applied to systems as they become available. If a cyber-attack were to occur, our procedures are tailored to stop, contain, maintain business operations, escalate to authorities and reevaluate security practices.

General Disclosure

While Green Street offers some regulated investment advisory services through its U.S. and U.K. companies, the U.S. and Canada Research, Data, and Analytics, the U.K. Data products, and Green Street global News products are not provided in the capacity of an investment advisor or a fiduciary. The organization maintains information barriers to ensure the independence of its non-regulated businesses from the regulated services provided by Green Street. 

Advisory Services Disclosure

Green Street US Advisory Services is a California registered investment adviser regulated by the Department of Financial Protection and Innovation. Green Street Advisors (UK) Ltd., is authorized and regulated by the Financial Conduct Authority (FRN 482269). Services are only offered to clients or perspective clients where Green Street and its advisory services representatives are properly licensed or exempt from licensure. 

Green Street, at times, assists Eastdil Secured, a real estate brokerage and investment bank, when Eastdil Secured provides investment banking services to companies in Green Street’s Research coverage universe. Green Street is never part of the underwriting syndicate or the selling group, but Green Street may receive compensation from Eastdil Secured for consulting services that Green Street provides to Eastdil Secured related to Eastdil Secured's investment banking services. Green Street does not control, have ownership in, or make any business or investment decisions for, Eastdil Secured.

Green Street does not directly engage in investment banking, underwriting or advisory work with any of the companies in our research coverage universe. However, Green Street’s investment advisory practice services investors seeking to acquire interests in publicly traded companies. Green Street may provide such valuation services to prospective acquirers of companies which are the subject(s) of Green Street’s research reports.

Important Information about Procedures for New Advisory Customers

To help the government fight the funding of terrorism and money laundering activities, along with Green Street’s Customer Identification Program we are required to obtain, verify, and record information that identifies each new customer.

What this means for you: the Advisory Services Group will ask for information that will allow us to identify you. We will request articles of incorporation, a business license, partnership agreement or a W-9. We will also compare your information against government contact lists such as the Office of Foreign Assets Control (OFAC).

ADV Part 2

Green Street’s Form ADV Part 2 is available in hard copy or electronic form upon request. Alternatively, you can obtain a copy at http://adviserinfo.sec.gov under ‘Part 2 Brochures’.

Complaints

If you have any complaints, please send them to:

Green Street
Attention: Compliance
100 Bayview Circle, Suite 400
Newport Beach, CA 92660
949-640-8780

Conflicts of Interest Disclosure

Management of Conflicts of Interest: Conflicts of interest can seriously impinge the ability of Green Street employees to do their job. In that spirit, Green Street adheres to the following policies regarding conflicts of interest:

• Green Street employees are prohibited from actively trading the shares of any company in our coverage universe.
• Green Street employees do not serve as officers or directors of any of our subject companies.
• Neither Green Street nor its employees/analysts receive any compensation from subject companies for inclusion in our research.
• On occasion, Green Street analysts may be contacted by companies within the firm’s coverage universe regarding potential employment opportunities. Additional disclosure will be made when appropriate.

A number of companies covered by Green Street research reports pay an annual fee to receive Green Street’s research reports. Green Street may periodically solicit this business from the subject companies. In the aggregate, annual fees for Green Street US and Green Street UK research reports received from subject companies represent approximately 3% of each of Green Street US’s and Green Street UK's respective total revenues.

Green Street publishes research reports covering issuers that may offer and sell securities in an initial or secondary offering.

Green Street US generally prohibits research analysts from sending draft research reports to subject companies. However, it should be presumed that the analyst(s) who authored this report has(/have) had discussions with the subject company to ensure factual accuracy prior to publication and has(/have) had assistance from the company in conducting due diligence, including visits to company sites and meetings with company management and other representatives.

Business Continuity Policy

Green Street has developed a Business Continuity Plan to address how we will respond to events that could significantly disrupt our business whether the disruption is due to weather, health or some other unforeseen circumstance. Since the timing and impact of disasters and disruptions are unpredictable, we will be flexible in our approach to actual events as they occur. With that in mind, we are providing you with this general information on our Business Continuity Plan.

Contacting Us

During a significant business disruption, you can contact us via email or by phone at (949) 640-8780. Green Street will also post relevant updates on its website www.greenstreet.com as information becomes available.

Our Business Continuity Plan

We plan to quickly recover and resume business operations after a significant business disruption and respond by safeguarding our employees and property, making financial and operational assessments, protecting the organization’s proprietary information, and allowing our customers access to our platform. In short, our business continuity plan is designed to permit our organization to resume operations as quickly as possible, given the scope and severity of the disruption.

Our business continuity plan addresses data backup and recovery, mission critical systems, financial/operational assessments, regulatory reporting and alternative communications with customers, employees, regulators, critical suppliers, and third-party service providers.

Varying Disruptions and Pandemics

Significant business disruptions can vary in their scope, such as an event that only impacts Green Street, a single building housing one of our office locations, the business district where one of our offices may be located, a city where we house a location, or the whole region. Within each of these areas, the severity of the disruption can also vary from minimal to severe. If the disruption is localized to Green Street, we will operate remotely and expect to resume business as soon as possible. If a disruption affects our business district, city, or region, our employees will work remotely. In the event of a pandemic illness, Green Street will follow the guidelines set forth by the CDC or other relevant authority regarding spread prevention, travel restrictions and alternative working arrangements. If employees are ill or have been exposed to the specific virus (illness), they are required to stay home and self-quarantine. The health of our employees is of the utmost importance and Green Street will consider whether it is in their best interest to temporarily close any given location. Green Street’s Senior Leadership Team will make these necessary determinations should this situation arise. In all situations, Green Street will make IT infrastructure a top priority to support our staff that may need to work remotely for a prolonged period.

For more information

If you have questions about our business continuity planning or need additional information regarding the plan in its entirety, you may contact Robyn Francis, Chief Compliance Officer (949) 640-8780 or via email at compliance@greenstreet.com.

Please note that our Business Continuity Plan is subject to modification – updates will be posted as needed.