Privacy Notice (UK and EU Switzerland)

Privacy Notice (UK and EU and Switzerland)

    Effective Date: August 13, 2024

    KKR respects your privacy and is committed to protecting your personal information. This privacy notice informs you about how we look after your personal information and tell you about your privacy rights and how the law protects you. This notice applies to you only if are based in the United Kingdom, a member state of the European Union the European Economic Area or Switzerland. If you are a resident of California, please see our privacy notice for California residents. If you are a resident elsewhere in the United States of America or located elsewhere, please see our other privacy notices and any other privacy notices on our website from time to time.

    This privacy notice is provided in a format so that you can click the arrows throughout to find further information. Please also use the following table contents to navigate to the specific areas set out below. Alternatively, you can download a pdf version of the full privacy notice here.

    Employees, contractors and other personnel of KKR should note that a separate privacy notice will be made available to them.

      1. IMPORTANT INFORMATION

      KKR respects your privacy and is committed to protecting your personal information.

      This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (“FADP”), as applicable. References to the GDPR as it forms part of the laws of the United Kingdom of England and Wales, Scotland and Northern Ireland (sometimes referred to as the “UK GDPR”).

      This privacy notice applies to:

      • individuals with whom KKR may have had contact for business purposes, either on our own account or on behalf of third parties or organisations;
      • individuals who are employed by or otherwise associated with KKR’s suppliers, vendors or professional advisors;
      • individuals who are involved in transactions or potential transactions which are evaluated or conducted by KKR or any of KKR’s sub-advisors; and
      • individuals who have opted to receive communications from KKR.

      KKR makes available separate privacy notices on the Investor Center here which apply to individuals associated with investors in the funds operated by KKR. This privacy notice does not form part of any contract of services.

      This website is not intended for children and we do not knowingly collect data relating to children.

      About KKR

      The KKR Group is made up of different legal entities; more information can be found here.

      This privacy notice is issued on behalf of the KKR Group so when we mention “KKR”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant entity in the KKR Group responsible for processing your personal information.

      Unless otherwise specified, the designated contact entity in relation to KKR matters in the EU and EEA is KKR Alternative Investment Management Unlimited Company (registered in Ireland with company number 539765). You may contact us at dataprivacyoffice@kkr.com or via the contact details listed for the relevant country below.

      For the purposes of the GDPR and FADP, the KKR company that you have dealings with is the controller of your personal information, for further details of which, please click below as appropriate. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the GDPR and FADP to provide you with the information contained in this privacy notice.

      If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Privacy Team at dataprivacyoffice@kkr.com or using the details set out below for the country relevant to you.

      You have the right to make a complaint at any time to the relevant data protection authority (for details of which please click below). We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

      It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

      We reserve the right to update this privacy notice at any time. We may also notify you in other ways from time to time about the processing of your personal information.

      2. DATA PROTECTION PRINCIPLES

      We will comply with applicable data protection law. This says that the personal information we hold about you must be:

      1. used lawfully, fairly and in a transparent way;
      2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
      3. relevant to the purposes we have told you about and limited only to those purposes;
      4. accurate and to the extent appropriate, kept up to date;
      5. kept only as long as necessary for the purposes we have told you about; and
      6. kept securely.

      3. PERSONAL INFORMATION WE HOLD ABOUT YOU, PURPOSES AND LAWFUL BASIS FOR PROCESSING

      Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

      There are more sensitive types of personal data which require a higher level of protection, known as ‘special categories’ of personal data under the GDPR and FADP. We do not collect any ‘special categories’ of personal data about you except in the context of dietary requirements for events and meetings and limited health data to assist in the control of infectious diseases (such as the virus Covid-19) that you voluntarily provide to us. We do not collect any information about criminal convictions and offences, unless revealed by due diligence conducted to comply with a legal or regulatory obligation, transactional due diligence or as part of our recruitment processes.

      Please click on the relevant section to see the categories of personal information about you that we collect, store, and use, the purposes of processing and our lawful basis for doing so.

      4. COOKIES

      KKR and its third party partners collect certain information, including Personal Data, by automated means, such as cookies, web beacons (including pixels and tags), web server logs, analytics and other technologies (collectively “Cookies”).  We use these Cookies for several purposes, including to ensure our services are functioning correctly and to provide and measure advertisements.  For further information about the Cookies used and your choices regarding such cookies, please see our Privacy and Cookies Notice

      5. DATA SHARING

      We seek to share your personal information with third parties only where we believe it is necessary or consistent with our legitimate interests, including to third-party service providers and other companies in the KKR Group.

      We require third parties to respect the security of your personal information and to treat it in accordance with the law. We use a range of third parties from time to time to provide a wide range of services, including telecoms, IT, courier, HR, security, legal, accountancy, data, and catering services.

      We may transfer your personal information outside the European Union, European Economic Area, Switzerland or the United Kingdom and when we do, you can expect a similar degree of protection in respect of your personal information.

      6. DATA SECURITY

      We have put in place appropriate security measures designed to protect personal information.

      Third parties will only process your personal information held by us where they are obliged to treat the information confidentially and to keep it secure.

      We have put in place appropriate security measures to prevent your personal information from being accidentally or unlawfully lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to access it.

      They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

      We have put in place procedures to investigate any suspected data security breach. In the event of an actual data security breach that affects your data, we will comply with any legal obligations that we have to notify you and/or the applicable regulator(s).

      7. DATA RETENTION

      How long will you use my information for?

      We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

      8. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

      Your duty to inform us of changes

      It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

      Your rights in connection with your personal information

      Under certain circumstances, under applicable data protection law you have the right to:

      • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
      • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
      • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
      • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
      • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
      • Request the transfer of your personal information which you have provided to us in a structured, commonly used and machine-readable format to you or a third party nominated by you.

      If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to you or a third party nominated by you, please contact us via dataprivacyoffice@kkr.com or via the other methods set out above.

      Circumstances where we may charge a reasonable fee or refuse to comply

      You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may, where the relevant law permits, charge a reasonable fee e.g. if your request for access is clearly unfounded or excessive (for example, for repeat copies). Alternatively, we may refuse to comply with the request in such circumstances.

      What we may need from you

      We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

      Your right to withdraw consent

      In the limited circumstances where you may have provided your consent to the collection, processing and/or transfer of your personal information for a specific purpose, you have the right to withdraw your consent to that specific processing at any time. To withdraw your consent, please contact us via email at dataprivacyoffice@kkr.com or via the other methods set out above. The withdrawal of consent does not affect the lawfulness of processing conducted on the basis of consent, prior to its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.