This privacy notice describes how Westchester Group of Europe Limited (including its subsidiaries and affiliates) (“Westchester”) as well as any fund entity managed by Westchester in Europe from time to time) collect and process personal data relating to natural persons being contractors or their representatives (such as members of the board, partners / shareholders, proxies, employees designated to perform the contract or as contact persons etc.).
1. Data Controller
The controller of your personal data is the entity with whom you entered the contract with or you contact on behalf of the contractor you represent, i.e.:
- Relevant asset management company:
- Westchester Group of Europe Limited (UK); or
- Westchester Group of Poland Sp. z o.o. (Poland); or
- Westchester Group SRL (Romania); or
- Relevant fund entity (land owner).
2. Personal Data we Process
The categories of personal data that are processed by the Controller may include:
- identification details (e.g. name, surname, country of domicile and/or your nationality, tax identification number and your passport number or national identity card);
- contact details (e.g. phone number, email address, postal or business address);
- financial information (e.g. your bank account details);
- position and place of employment;
- other information necessary to assess your suitability as our contractor (e.g. your experience in agriculture, your experience in the service that you are offering, money laundering risk, bribery and corruption risk, your connections to politically exposed persons).
- from you directly (e.g. if you are an entrepreneur - a natural person doing business and signing a contract with the Controller, or contacting the Controller on behalf of the contractor you represent);
- from the contractor you represent;
- from other publicly available sources, such as trade registers, tax registries or land registers, to verify the information the Controller holds.
In the event that you enter into a contract with the Controller, providing data is voluntary but necessary for the purpose of the conclusion and performance of the contract. The Controller may be required by law to collect and process certain personal data related to you, or as a consequence of any contractual relationship the Controller has with you. Failure to provide such data may prevent or delay the fulfilment of these obligations.
In the event that you do not enter into a contract directly with the Controller, providing personal data may be your professional duty and be necessary for the proper performance of the contract concluded between the Controller and the contractor you represent. The legitimate interest of the Controller in this case is the need to contact you as the person designated to perform the contract concluded with the Controller.
If you have any doubts about the processing of your personal data in that respect, please contact directly the contractor you represent.
3. Purpose And Basis For Personal Data Processing
If you are the contractor of the Controller your personal data will be processed by us for the following purposes:
- to conclude, perform and manage contracts concluded with the Controller, including to fulfil contractual obligations to you - the basis of processing is the necessity of processing for the conclusion and performance of the contract;
- to comply with legal obligations of the Controller, for example resulting from tax and accounting regulations and, in certain cases, the obligation to know your customer by obtaining proof of your identity to enable the Controller to meet the anti-money laundering obligations - the basis of processing is the necessity of processing to ensure compliance with a legal obligation to which the Controller is subject;
- to pursue legitimate interests of the Controller, including risk management, to prevent fraud and verify your business as the Controller’s contractor (screening) in accordance with the relevant regulations and the ethical principles applicable in Westchester, to maintain and manage the Controller’s business and professional relations, to deal with your complaints, to establish, exercise or defend against legal claims, contact you with opportunities (e.g. to rent, buy or sell land or opportunities in connection with agricultural business) and to maintain security for the Controller’s information technology systems – the basis of processing are the legitimate interests of the Controller;
The Controller may obtain your consent to collect and use certain types of personal data when the Controller is required to do so. If the Controller asks for your consent to process your personal data, the Controller will do so by providing you with reasonable notice ensuring that your consent is granted on an informed basis. Where you have provided consent for our processing of your personal data, you may withdraw your consent at any time, in particular by contacting the Controller using the details at the end of this privacy notice. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
4. Your Rights
You have certain rights regarding your personal data. These include the right to:
- request access to your personal data, including obtaining a copy of the data;
- request rectification of your personal data;
- request erasure of your personal data (in certain situations);
- request restriction of use of your personal data;
- object to the processing of your personal data based on the Controller’s legitimate interests;
- data portability,
The Controller will contact you if any additional information from you will be needed in order to honour your requests.
If you believe that your personal data is being processed unlawfully you can lodge a complaint with a supervisory authority in the relevant country:
- the UK: the Information Commissioner's Office (ICO; https://ico.org.uk/); or
- Poland: Prezes Urzędu Ochrony Danych Osobowych (PUODO; https://uodo.gov.pl/); or
- Romania: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP; https://www.dataprotection.ro/).
5. Categories of Recipients of the Personal Data
The Controller may disclose your personal data with the following categories of recipients:
- TIAA group companies. Westchester and fund entities are owned by TIAA (https://www.tiaa.org/public), so we work closely with other companies that belong to the TIAA group. The Controller may share certain background and performance information about you with TIAA and other TIAA group companies involved in agricultural asset management for internal reporting. For information concerning companies within TIAA group with access to your personal data and the purpose of such sharing please contact the Controller using the details below.
- Service providers, business partners and advisors (including legal, financial and technical advisors, accountants, auditors and IT support). The Controller may share your personal data with service providers, business partners and advisors to obtain their advice or assistance or who perform business operations for the Controller or render different services to the Controller.
- Entities authorized to obtain your personal data on the basis of applicable law, including law enforcement agencies, courts, regulators, government authorities. The Controller may share your personal data with these parties where it is necessary to comply with a legal obligation.
- Asset purchasers. The Controller may share your personal data with any third party that purchases, or to which we transfer, all or substantially all of the assets and business.
6. International Data Transfer
Your personal data may be transferred to a third country (not a member of the EEA) only if the conditions laid down in the provisions of the law are complied with, including:
- the country that the Controller transfer the personal data to is approved by the European Commission as providing an adequate level of protection for personal data;
- the transfer is to a recipient in the United States of America who has registered under the EU/US Privacy Shield;
- the recipient has entered into European Commission standard contractual clauses with the Controller;
- the transfer is necessary for the performance of a contract between the Controller and you or to implement pre-contractual measures taken at your request;
- the transfer is necessary for the establishment, exercise or defense of legal claims;
- you have explicitly consented to the same.
7. Storage Period
The period during which personal data are processed and stored depends on the legal basis on which the processing is based. In any case, the data will be stored by the Controller for the period necessary to achieve the purposes of processing.
Your data will be processed throughout the duration of the contract and for a period not shorter than the limitation period for potential claims.
To the extent specified in separate regulations, your personal data will be processed for the period indicated in them.
8. Contact Us
All inquiries and requests regarding the processing of your personal data can be directed in the following form:
- electronic to the following e-mail address: email@example.com; or
- in writing to the address of our registered office.