Ares Commercial Real Estate Corporation
Website Privacy and Cookies Policy
Last Updated: January 1, 2020
Ares Management LLC and its affiliates, including its UK affiliate Ares Management Limited (“Ares”, “we” “us” or “our”), value your privacy rights whether you participate interactively or simply view the www.aresmgmt.com website (the “Website”). We are an LLC established in the United States with our registered office at 2000 Avenue of the Stars, 12th Floor, Los Angeles, CA 90067 and for the purpose of the General Data Protection Regulation (the "GDPR"), we are the data controller.
If you wish to contact Ares regarding your Personal Information (as defined below) or this policy, please contact [email protected]. Where the General Data Protection Regulation (the “GDPR”) applies you may also contact our representative in the EU: Ares Management Limited at 5th Floor, 6 St Andrew Street, London, EC4A 3AE.
This policy only governs your activities on the Website, and it does not govern activities that are “offline” or unrelated to the Website. Please take a moment to review our policies and practices described below.
By visiting our Website, you accept these policies and practices.
1. Personal Information
“Personal Information” means information, regardless of the media in which is contained, that is or can be uniquely associated with an identified or identifiable individual, such as name, email address or phone number, account number or account information.
Ares will collect Personal Information about you through our Website or other means (using direct email, an email notification or information request, the Contact Us page or when applying for an open role) and submit such information. For example, you may provide your name, company name, address, institution, city, state, zip/postal code, country, email address, phone number, fax number, and any other information that you choose to provide to us in your subject line and message.
Registered investors and representatives of investors may access our investor portal, which is a private section of our Website.
We also collect information from applicants for the positions described in the “Careers” section of the Website that is subject to the privacy notice and terms provided when you log in to our recruitment portal. Our service provider collects this information and shares it with us. For more information, please see here.
Where you sign up to receive email notifications from us on our Website, we will send the communications that you have requested (including information about corporate events, press releases, presentations and company documents). You can opt-out of receiving such communications at any time by contacting us as detailed under section 10 below.
2. Gathering and Use of Technical Usage and Personal Information
Like most website operators, we gather technical usage information that web browsers, depending on their settings, make available. As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organisation, we will use the information collected from our users to:
- personalise our Website for you to ensure content from the Website is presented in the most effective manner for you and your device;
- allow the user to navigate or browse through the Website quickly and efficiently;
- improve user experience, such as by personalizing content to the user’s interests;
- monitor and analyse trends, usage and activity in connection with our Website and services to improve the Website;
- administer the Website and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
- keep the Website safe and secure;
- measure and understand the effectiveness of the content we serve to you and others, including developing reports regarding pages visited. In this case, Personal Information is used in aggregate form, and does not reveal the Personal Information of a particular user;
- verify the user’s eligibility to access the restricted areas of our Website; and
- provide users with customer support.
We also collect information relating to whether you have accessed this Website before and the time of your last visit. We accomplish this through cookies placed on your computer.
What are cookies?
A cookie is a piece of information that a website stores on a user’s computer, and that the user’s browser provides to the website each time the user submits a query to the website using that browser.
When you access our Website, we place cookies on your computer. A cookie allows us to determine that a visit has occurred within our site, as well as which pages were viewed. Through cookies, we collect your Internet Protocol (“IP”) address, operating system and browser type, and the locations of the web pages you view right before arriving at, while navigating and immediately after leaving the Website.
How can I manage cookies?
You can decide if and how your computer will accept cookies by configuring the preferences option within your web browser, using the instructions provided in your browser. If you choose to decline cookies, however, some of the functionality of this Website might be impaired.
We use the information collected through cookies to see how users move around the website, see which pages you view, information you search for, the average time spent on our Websites, and statistical information about Website visits to better understand our audience and its interests, and to increase the functionality and user- friendliness of our site. You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/.
We use Google Analytics, which is a web analytics tool that helps us understand how users engage with our Website. Like many services, Google Analytics tracks your movement through our site (i.e. the pages you have seen and the links you have clicked on) and helps us measure how you interact with the content we provide. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting your use of our site. For more information on opting out of Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
Further, if you log into the private section of our Website, through the Investor Portal, we separately track your navigation with a session identification number within that section of our Website through use of an additional cookie.
4. To What Third Parties Do We Disclose your Personal Information?
We share your information with selected recipients. These categories of recipients include:
- Business Partners such as Intralinks located and storing your Personal Information in the United States, providing support from Europe, Chile, Brazil, Mexico, the UAE, China, India, South Korea, Singapore, Australia and Japan, for the purpose of administering the investor portal;
- Recruitment providers including Oracle Taleo and Enterprise Cloud Service located in the United States and consultants that use your Personal Information to assist us in candidate recruitment; and
- Where you have asked to be notified of corporate events, email management services including S&P (formerly SNL) located in the United States, providing support from Canada, India, Pakistan and the Philippines.
- Service providers to perform certain services on our behalf such as:
- to process and store data, including your Personal Information;
- to track, analyze, and modify our website;
- for marketing, advertising, and distribution;
- to assist us in providing you with customer support; and
- to support our IT and security efforts.
We may disclose user information when we believe disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity; to protect the safety, rights, or property of the company, and of its users, or others; or to exercise or protect legal rights or defend against legal claims.
Law Enforcement and Litigation
To the extent permitted by law, any information collected over our Website or concerning its use may be disclosed to government authorities or third parties pursuant to a legal or regulatory request, subpoena, or other legal process. We may also use or disclose your information as permitted by law to protect the rights or property of Ares, our customers, our Website, its users, or third parties, or when we otherwise believe in good faith that the law requires it.
Change in Corporate Control
If Ares incurs a corporate change in control resulting from, for example a sale to, or merger with, another entity, or if all or a portion of its assets are sold, Ares reserves the right to transfer your Personal Information to the new party in control or the party acquiring assets.
5. Links to Third Party Sites
6. How Do We Protect Information Collected on This Site?
We consider the Personal Information we collect to be confidential. If you submit your e-mail address or other Personal Information to us via our Website while requesting information or contacting someone at Ares, or by registering and logging in to the private section of the Website, we will use this information only to the extent necessary to respond to your request(s) and as discussed below.
We have established certain reasonable electronic and administrative safeguards and take reasonable precautions to protect the Personal Information in our possession from loss, misuse, and unauthorized access, disclosure, alteration and destruction. Ares does not warrant or represent that this level of
security meets or exceeds any particular standard. You should keep in mind that no Internet transmission is ever 100% secure or error- free due to the inherent nature of the Internet as an open global communications vehicle and we cannot guarantee that information, during transmission through the Internet or while stored on our system or otherwise in our care, will be absolutely safe from unauthorized intrusion by third parties, such as hackers.
While we strive to protect visitors’ Personal Information, we cannot ensure or warrant the security of any information visitors transmit to us, and visitors do so at their own risk.
7. Where do we store your Personal information?
Where the GDPR applies, you should be aware that this Website is hosted, and some Ares companies and contractors who process your Personal Information are located, in the United States and other countries noted above. These countries do not always provide the same level of protection for your information. In these circumstances, your Personal Information is transferred on the basis of one of the mechanisms set out below:
Adequacy Decision: Your Personal Information will be transferred to, and stored at/processed in Canada which was found to have an adequate level of protection for personal data under Commission Decision 2002/2/EC of 20 December 2001.
Model Clauses: The Personal Information is transferred within the Ares group by way of the European Commission’s model contracts for the transfer of Personal Information to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC. Further, Personal Information is transferred to our providers by way of the European Commission’s model contracts for the transfer of Personal Information to third countries (i.e., the standard contractual clauses), pursuant to Decision 2010/87/EU. Such staff are engaged in, among other things, the provision of support IT and Recruitment. A copy of the Model Clauses may be obtained on your request to [email protected].
Privacy Shield: Your Personal Information will be transferred to Intralinks and Oracle Taleo who will process your Personal Information in the United States. Intralinks and Oracle Taleo comply with the US Department of Commerce’s EU-US Privacy Shield and have certified that they adheres to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.
8. How long do we store your Personal Information?
We will retain your information as follows:
- If you give us your Personal Information via the Contact Us page, we will keep your data on the Ares exchange e-mail system for seven (7) years.
- Personal Information from cookies using Google Analytics will be kept for two (2) years. We retain information from other cookies for 24 hours.
9. Notice to European Residents
Where the GDPR applies, you have the following rights in respect of your personal information:
- Data rights. In certain circumstances, you have the right to access and receive a copy of information we hold about you, to rectify any Personal Information held about you that is inaccurate and to request the deletion of Personal Information held about you. Any access request after the first such request by you may be subject to a reasonable fee to meet our costs in providing you with details of the information we hold about you. You can exercise your rights by contacting us at [email protected].
- Marketing. You have the right to ask us not to process your Personal Information for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at [email protected].
- Complaints. In the event that you wish to make a complaint about how we process your Personal Information, please contact us in the first instance at [email protected] and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to raise a complaint with the supervisory authority.
For the purpose of the GDPR, we are the data controller.
10. Notice to California Residents
Do Not Track
California Law requires that we disclose how we respond to a “Do not track” signal. Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. The “Do Not Track” feature of these browsers sends a signal that inform operators of services online that they do not want certain information about their online activities to collected over time and across websites or online services.
However, the Internet industry has not yet agreed on a definition of what “Do Not Track” means, how compliance with “Do Not Track” would be measured or evaluated, or a common approach to responding to a “Do Not Track” signal. Consequently, due to the lack of guidance, we have not yet developed features that would recognize or respond to browser-initiated Do Not Track signals. In the meantime, we suggest that you consider using the opt-out features provided by Network Advertising Initiative and the Digital Advertising Alliance by visiting the following website:
- Network Advertising Initiative (http://www.networkadvertising.org/)
- Digital Advertising Alliance (http://www.aboutads.info/consumers)
California residents have the right to request in writing from a business, (i) a list of the categories of Personal Information, such as name, address, email address, and the type of services provided, that a business has disclosed to third parties (including Independent Affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties' direct marketing purposes, and (ii) the names and addresses of all such third parties. Contact [email protected] to make your request.
This section only applies to individuals who are residents of California under the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws (together “California Laws”).
- Personal Information Collected: Under California Laws, we must disclose the categories of Personal Information we’ve collected in the preceding 12 months, the reason we collect your Personal Information, where we obtain the Personal Information we collect about you, and the third parties with whom we share your Personal Information. We collect Identifiers, Personal Information under California Civil Code section 1798.80, Protected Classifications under California and Federal Law, Commercial Information, Electronic network activity information, Geolocation data, Employment-related information, and Inference data as defined and outlined in California Laws. We collect this information for the purposes outlined in the “Personal Information Use” section above. Information may be shared with third parties, such as our service providers, as described in the section titled “Personal Information Transfers” above.
- California Residents Privacy Rights: Under California Laws, California residents have the following rights (“Rights”) listed below. Your Right to Access and Right to Deletion are not absolute and are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us, or the security of our systems of networks.
- Disclosure & Access Rights: California residents have the right to request that we disclose to them (i) the categories of Personal Information we have collected about them, (ii) the categories of sources from which Personal Information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared Personal Information, and (v) the specific pieces of Personal Information we hold about an individual.
- Deletion Rights: California residents have the right to have their Personal Information deleted, unless the Personal Information is necessary for the business or service provider to:
- complete a transaction for which the Personal Information was collected, provide a good or service requested by the residents or otherwise perform a contract between the business and the residents;
- detect security incidents;
- protect against malicious, deceptive, fraudulent or illegal activity (or prosecute those responsible);
- debug to identify and repair functionality errors;
- exercise or ensure the right of another to exercise free speech or another legal right;
- comply with the California Electronic Communications Privacy Act, which compels the production of or access to electronic communication information or electronic device information with a search warrant;
- engage in research in the public interest (if the individual has provided informed consent);
- to enable solely internal uses aligned with the individual's expectations given their relationship with the business;
- comply with a legal obligation;
- otherwise use the information internally in a lawful manner compatible with the context in which the individual provided it.
- Do Not Sell: Californian residents have the right to opt-out of having their Personal Information sold. We do not sell Personal Information.
California residents can exercise their privacy rights by contacting us at [email protected].
Response Time. We will address any requests to exercise the rights described above under Applicable Laws in California. When a request is made, we may verify your identity to protect your privacy and security. We will respond to written rights requests within 45 days following receipt at the email or mailing address stated above. Please note that we are only required to respond to an individual twice per 12-month period.
This Website is not intended for users under the age of 16. We do not knowingly collect any Personal Information from children under 16. If we become aware that an individual submitting information is under 16, we will attempt to delete the information as soon as possible.
13. How Can You Contact Us?
If you would like to contact us about this policy or our Website, please reach out to us via the Contact page. You can also write to our privacy lead at [email protected].