Privacy statement

1 | Introduction

Multi Corporation B.V. (together with its group companies, ‘Multi‘ or ‘we‘) processes your personal data if:

  • you access our website and/or use our application(s);
  • you contact us and/or subscribe to our newsletter(s);
  • you apply for a position and/or attend a recruitment event;
  • you or the organization through whom you are known to us operate(s) as our existing or prospective investor, stakeholder, business partner, tenant, client and/or supplier;
  • you visit our office(s) and/or shopping centre(s);
  • you take part in our marketing event(s) and/or campaign(s).

Multi is strongly committed to protecting the privacy of your personal data. Multi only uses your personal data legitimately and responsibly in line with applicable privacy laws and regulations.

In this Privacy Statement, we describe what personal data we process, who is responsible for processing your personal data, for which purposes we process your personal data, how long we process your personal data, how you can exercise your privacy rights, and all other information that may be relevant to you.

We did our best to provide you with all information in a clear and readable format. However, if you have any questions about our use of your personal data after reading this Privacy Statement, you can of course always contact us by using the contact details set out in paragraph ‘More information?’.

We are continually developing and improving our products and services, which might result in some changes to the way we are processing personal data. We will make sure to reflect these changes in this Privacy Statement. We recommend that you regularly take notice of this Privacy Statement for any modifications. At the bottom of this Privacy Statement you can read when this Privacy Statement has been modified for the last time.

For more information on how we use cookies, you may also want to read our Cookie Statement.

2 | What is personal data?

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

3 | Which personal data do we collect and how?

We process the following categories of personal data, which we either receive directly from you, obtain through external parties or through your use of Multi’s services and/or application(s) or by way of automated decision-making techniques in so far as permitted by law.

Categories of personal data received directly from you

  • Private contact details (such as name, address, postal or email address, telephone number).
  • Business contact details (such as job title, department, name of organization).
  • Demographic data (name, gender, date of birth, age, nationality).
  • Application data (such as curriculum vitae, motivation).
  • Financial data (such as bank account details, credit card number).
  • Company details (such as address, trade register number, tax identification number).

Categories of personal data we obtained from external parties or through your use of Multi’s services

We can receive (additional) personal data, for example with the help of services of external parties or social media websites, in so far as permitted by law. The limits set by law can, for example, require your given consent in advance. We receive personal data from the following external parties:

  • Private contact details (such as name, address, postal or email address, telephone number).
  • Business contact details (such as job title, department, name of organization).
  • Demographic data (name, gender, date of birth, age, nationality).
  • Application data (such as curriculum vitae, motivation).
  • Account details (such as username and password).
  • Marketing details (such as participation details, loyalty details, survey details).
  • (Online) identifiers, surfing data and visitor movement data (such as IP address, cookies, MAC address, browsing behavior on our websites and applications, shopping behavior and location).
  • Data needed for security and fraud prevention (such as official identification details, CCTV recordings).
  • Data needed to comply with anti-bribery and corruption laws and other regulatory requirements (such as suspected and actual criminal behavior, criminal records or proceedings regarding criminal or unlawful behavior).
  • Image data (such as photos, video images).

Automated decision-making techniques

We only make use of such profiling or automated decision techniques based on your consent, whereby we will inform you about the logic involved and the consequences of such techniques. At the same time, we take the necessary measures to safeguard your rights and to make sure that the techniques do not legally or significantly affect you.

4 | Who is responsible for processing your personal data?

For the purposes of this Privacy Statement, Multi Corporation B.V., located at Gustav Mahlerlaan 1025, 1082 MK Amsterdam, the Netherlands, and/or one or more group companies of Multi, depending on your location, is the controller of the processing of all categories of personal data mentioned above.

This Privacy Statement does not apply when Multi Corporation B.V., and/or one or more group companies of Multi, processes personal data as processor in its capacity of asset and/or property manager of a property at the instruction and/or on behalf of an owner of such property (the controller). We refer to the controller’s privacy statement in such case.

5 | For which purposes do we process your personal data?

We process your personal data for the following purposes:

Execution of an agreement

We process your personal data to prepare, effect, perform and (possibly) terminate agreements with investors, stakeholders, business partners, tenants, clients and/or suppliers.

Communication, marketing and personalisation purposes

We process your personal data for the purpose of managing relationships and marketing such as maintaining and promoting contact with existing and prospective parties, account management, service and support, and development, execution and analysis of market surveys and marketing strategies.

Quality and management purposes

We process your personal data to monitor and improve the quality of our products and services, financial management, mergers, acquisitions and divestitures, implementation of controls, management reporting, analysis, internal audits and investigations.

Health, safety and security

We process your personal data to ensure the safety of our visitors and for the prevention and detection of crime.

Law and regulations

We process your personal data to counter fraud, bribe and corruption, to perform audits, to comply with law and regulations and to take the necessary legal action to enforce our rights.

6 | On which legal basis do we process your personal data?

Multi processes personal data on the following legal grounds:

The performance of a (service) agreement

We process your personal data, which is necessary for our performance under an agreement with you.

Compliance with a legal obligation

We are legally obliged to process your personal data in order to comply with our legal obligations.

Legitimate interests

We use your personal data for our legitimate interests, such as:

  • to improve the quality and effectiveness of our services and products;
  • to protect the interests of our business, visitors and stakeholders;
  • to detect health, safety and security incidents;
  • to defend ourselves in legal proceedings;
  • to comply with law and regulations.

Your consent

If we cannot process your personal data on the previous three (3) legal grounds, we can only process your personal data with your prior consent. You may always withdraw your consent. Please bear in mind that you can only withdraw once you have given your consent and such withdrawal has no retrospective effect.

Multi processes personal data it has collected for the purposes as identified above on the following legal grounds:

7 | To whom do we provide your personal data?

We can provide your personal data covered by this Privacy Statement to the following categories of recipients.

Group companies

We may share personal data with one or more group companies of Multi depending on your location.

Authorities

We may provide your personal data to competent public authority, government, regulatory or fiscal agency:

  • to comply with a statutory obligation, court order or law and regulation; or
  • if this is necessary to prevent, trace or prosecute (criminal) offences; or
  • if this is necessary to enforce our (internal) policies, or to protect the rights and freedoms of others.

Business service companies

We may provide your personal data to our agents, service providers and/or subcontractors.

Other

Each external party to which we provide your personal data with your consent, and/or each other company, which forms part of us now or in the future as a result of a restructuring, merger or acquisition.

8 | Are your personal data being transferred outside the European Union?

Your personal data might be transferred outside of the European Union. To ensure a proper level of protection we make sure your data is only transferred if subject to one of the following safeguards:

Adequacy decision

Based on a so-called ‘adequacy decision’, a decision of the European Commission that decides that the country in question ensures an adequate level of protection with regard to personal data.

EU-US Privacy Shield

The recipient or data processor guarantees an adequate level of data protection under the U.S. Privacy Shield framework.

EU Standard Contract Clauses and Governance

Appropriate safeguards provided by us and the recipient or data processors through Multi’s governance rules and our standard data protection clauses to which we agree upon with parties to which we transfer personal data.

9 | How long do we store your personal data?

Your personal information is kept as long as necessary for the purpose for which the personal data are processed or as long as allowed by law. Hereinafter, your personal data will be deleted or made anonymous.

10 | How can you exercise your privacy rights?

You have the right to request access to an overview of your personal data, and under certain conditions, rectification and/or erasure of personal data. In addition, you also have the right of restriction of processing concerning your personal data, the right to object to processing as well as the right to data portability.

To invoke your right of access, rectification, and/or erasure of personal data, your right of restriction of processing, and/or your right to object to processing as well as to invoke your right to data portability, please contact us by using the contact details set out above and in paragraph ‘More information?’.

Please keep in mind that we may ask for additional information to verify your identity.

11 | More information?

If you have any issues, queries or complaints regarding the processing of your personal data please contact our data protection officer at:

MULTI CORPORATION B.V.
Gustav Mahlerlaan 1025
1082 MK Amsterdam
The Netherlands

T +31 (0)20 25 88 100
E privacy@multi.eu

You can lodge a complaint with the relevant data protection supervisory authority if, for example, you believe that we do not process your personal data carefully, or because you have sent us a request to access or rectification of your personal data and you are not satisfied with our reply, or we did not reply in a timely manner.

12 | When was the last modification made to this Privacy Statement?

This Privacy Statement applies since 25 May 2018. The last modifications to this Privacy Statement were made on 28 August 2019.