PRIVACY POLICY

Effective Date: January 1, 2020

Online Privacy Policy

MREC Management, LLC(“MREC,” “we” or “our”) values your trust and wants you to be familiar with how we collect, use, and disclose information. This Online Privacy Policy describes our practices in connection with information that we may collect, maintain, and use in the course of providing our products and services through our website(s).

Natural persons located in the European Economic Area (“EEA”) should review the General Data Protection Regulation 2016/679 (“GDPR”) privacy notice [HERE].

Residents of California should review our online privacy notice for the California Consumer Privacy Act of 2018 (CCPA) [HERE].

Persons invested in, or managing investments in, MREC funds should review the appropriate notices, available by contacting MREC (see ‘Contact Us’), or for current investors, via MREC’s third-party Administrator’s investor portal.

 

Guiding Principles

MREC will seek to limit it collection of all Customer Personal Information and Nonpublic Personal Information (collectively, “Personal Information”) to that which is reasonably necessary for legitimate business purposes.  We will not disclose Personal Information except in accordance with these policies and procedures, as permitted or required by law, or as authorized in writing by a Customer or Investor.  We will never sell any Personal Information.

With respect to all Personal Information, including Nonpublic Personal Information, we will strive to:

(a) Ensure the security and confidentiality of the information;

(b) Protect against anticipated threats and hazards to the security and integrity of the information; and

(c) Protect against unauthorized access to, or improper use of, the information

 

Personal Information We May Collect

The term Personal Information as used in this policy means any information that identifies you as an individual or relates to an identifiable person, including non-public personal information. The kinds of Personal Information we may collect depends on the nature of the relationship you have with us. This information may include your name,  and contact details, such as your email address. Through the Investment Portal we may require additional information for accountholders or investors as addressed in our Privacy Protection Policy and notice provided annually to investors and available for review per the instructions listed above.

In addition to the information stated above we may collect certain information about your use of our online services, for example we may capture your IP address, operating system, or browser, as explained in greater detail below in our “How We Use Cookies” section of this policy.

 

How We May Collect Personal Information

In most cases, we collect information directly from our Customers, the person or entity with whom we have the relationship (e.g., via account applications, newsletter subscriptions, or general website usage).  We may also receive information about you from other persons engaging our services (e.g., if your name, phone number and/or email address is mentioned by or provided as a reference by another Customer); or third-party service providers (e.g., if a joint marketing partner, broker, or other investment adviser engages our services for your account, we will receive your information for onboarding purposes).

 

How We May Use Personal Information

We require and use this information to understand your needs and provide you with a better service. More particularly, we use information we gather to do the following:

  • to provide the services requested;
  • to communicate with a you(e.g., to deliver any annual or quarterly reports, information on new or additional services or offerings, market updates, etc.);
  • for security (e.g., to authenticate your identity and authority, verify accounts and activity, monitor suspicious or fraudulent activity, etc.);
  • to provide ancillary services and support relating to our services, as applicable;
  • to operate and maintain the services being provided;
  • to process any requests made by you;
  • to protect the Company’s legitimate business interests and legal rights; and
  • with yourconsent (i.e., for any purpose not listed above, we may use your Personal Information where the you have provided the appropriateconsent).

 

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

 

How We Use Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to Customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. Our cookies do not give us access to your computer or any information about you, other than the information you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

 

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the Privacy Policy applicable to the website in question.

 

Controlling Your Personal Information

We do not share your Personal Information with third parties for use in marketing their products and services. However, we may share your Personal Information in the following circumstances:

  • Where we have your permission to do so;
  • With unaffiliated service providers (for example, printing and mailing companies); and
  • With government agencies, other regulatory bodies or law enforcement officials.

Our service providers are obligated to keep the Personal Information we share with them confidential and use it only to provide services specified by MREC.

 

Important Notice to all Non-US Residents

Our servers are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us, including Personal Information, will be transferred from your country of origin. Your decision to provide such data to us, or allow us to collect such data through our services constitutes your consent to this data transfer.

 

Retention Period

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Online Privacy Policy unless a longer retention period is required or permitted by law.

 

Updates to This Privacy Policy

We may change this Online Privacy Policy. The “Effective Date” at the top of this page indicates when this Online Privacy Policy was last revised. Any changes will become effective when we post the revised Online Privacy Policy on the Websites. Your use of the Websites following these changes means that you accept the revised Online Privacy Policy.

Contact Us

If you have any questions about this Online Privacy Policy, please contact us via email at: compliance@mosaicrei.com.

 

CCPA Privacy Notice

Last Updated: January 1, 2020

This California Consumer Privacy Act (“CCPA”) privacy notice (this CCPA Notice) is included in our Privacy Policy and applies to MREC Management, LLC(“MREC,” “we” or “our”) processing of “personal information,” as defined in the CCPA, of California residents (collectively, “Consumers,” “you” or “your”). Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them in the Privacy Policy or, if not defined herein or in the Privacy Policy, the CCPA. To the extent of any conflict between this CCPA Notice and the rest of our Privacy Policy, this CCPA Notice shall control only with respect to Consumers and their personal information.

You may find a copy of this Privacy Policy in PDF format [HERE]

 

General

This CCPA Notice provides further detail regarding (a) how we have processed Consumers’ personal information within the past twelve (12) months and (b) your rights under the CCPA.

 

Personal Information We May Collect

We may collect and disclose the following personal information for our business purposes.

Categories of Personal Information Examples Source of Personal Information
Identifiers ·       Name

·       Alias

·       Online identifier

·       Internet Protocol address

·       E-mail address

·       Unique personal identifier

(i.e. – persistent identifier such as device identifier, cookies, beacons, pixel tags, mobile ad identifiers or similar technology; customer number, unique pseudonym or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers)

·       Websites, Cookies, Verbal or Written Correspondence, or Agreements to Engage MREC for any Services (information collected directly from user)

 

Internet or Network Activity ·       Interaction with an internet website, application, or advertisement ·      Websites, Cookies, Verbal or Written Correspondence, or Agreements to Engage MREC for any Services (information collected directly from user)

 

For each of the above categories of personal information, we use your personal information to carry out the following business purposes and any other purpose identified by us at the time the information is collected:

  1. Providing Services and Improving our WebsiteWe use information about you to provide you services and improve our websites and the information we provide.  We might use your personal information to provide new or updated online content to you and/or to customize your experience with us. For example, we may use your personal information to improve our services, our website, our recruiting efforts and our other internal business purposes.
  2. Security and Fraud Prevention and DetectionWe use information for security purposes such as fraud prevention and detection.  We may use personal information to enforce our rights, for fraud prevention, or to protect our company, affiliates, our customers, or our websites, or a third-party website or platform.
  3. Compliance with Laws and to Protect Ourselves: We use your personal information to support auditing, legal and compliance purposes including responding to court orders or subpoenas. We may also share your personal information if a government agency or investigatory body requests. We may also use your personal information when we are investigating potential fraud or other areas of concern or if we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others.
  4. Recruiting and MarketingWe use personal information to inform you about MREC.  For example, we might send you information about MREC and what we offer.  We might tell you about new features or updates. We may also use your personal information to send you information about career opportunities.
  5. Communications:  We use personal information to communicate with you about your account or our relationship.  We may contact you about your account or feedback.  We might also contact you about our Privacy Policy or our website’s Terms of Use.
  6. Debug and Identify Errors: We use your personal information to debug and identify and repair errors that impair existing intended functionality.
  7. Statistical Analysis and Research: We may use your personal information for statistical analysis and research purposes including analyzing performance.

 

Your CCPA Rights

Access

You may request that MREC disclose certain information regarding our use of your personal information over the past twelve (12) months. You may only make such requests twice per twelve (12) months.

Upon verifying your request (see below), we will disclose to you:

  1. The categories of personal information we collected about you.
  2. The categories of sources for the personal information we collected about you.
  3. The specific pieces of personal information we collected about you.
  4. Our business purpose for collecting that personal information.
  5. The categories of third parties with whom we share personal information.

Deletion

You have the right to request that MREC delete any of the personal information collected from you and retained by us, subject to certain exceptions. Once your request is verified (see below) and we have determined that we are required to delete that information in accordance with applicable law, we will delete, and direct our service providers to delete, your personal information from our records. Your request to delete your personal information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA. Please note that a record of your deletion request may be kept pursuant to our legal obligations.

 

Exercising Your Rights

To exercise any of the rights described above, please submit a request to us by either:

Please note that Consumers have a right to not receive discriminatory treatment for the exercise of their rights under the CCPA.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. Your verifiable consumer request must:

  1. Provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal information, or a person authorized to act on your behalf; and
  2. Describe your request with sufficient detail to properly understand and respond to it.

We will only use the personal information that you have provided in a verifiable consumer request in order to verify your request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.

Making a verifiable consumer request does not require you to create an account with us. We consider a request made through your password-protected account sufficiently verified when the request relates to personal information associated with that specific account.

 

Verifying Your Request

Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child. In all cases, your request must be verified before we take action (and shall take such action pursuant to the timing permitted under the CCPA). Verifying your request may require you to:

  1. Provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal information, or a person authorized to act on your behalf; and
  2. Describe your request with sufficient detail to properly understand and respond to it.

We will only use the personal information that you have provided in a verifiable request in order to verify your request. As stated above, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.

Making a verifiable request does not require you to create an account with us. We consider a request made through your password-protected account sufficiently “verified” when the request relates to personal information associated with that specific account and you have complied with any of our existing authentication practices.

 

Response Timing and Format

We aim to respond to customer requests within forty-five (45) days of receipt. If we are unable to deliver a response to verifiable consumer requests within this timeframe, we will inform you of the reason and estimated extension period in writing.[1]We will deliver a response to your existing account with us, if applicable, or a written response by mail or electronically, at your option.

Any disclosures will cover only the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. Data portability requests will be issued in a format that is readily useable, we do not charge a fee unless your request is excessive, repetitive, or manifestly unfounded.[2]If the request warrants a reasonable fee, we will tell you why and provide you with a cost estimate before completing your request.

 

Fees

Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive, or manifestly unfounded.

 

Changes to this Privacy Statement

If, in the future, we intend to process your personal information for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately (either within this Privacy Policy or elsewhere), and the “Effective Date” at the top of this page will be updated accordingly.

 

Further information

If you have any queries, questions, concerns or require any further information in relation to the Privacy Statement or you wish to exercise any of your rights, please do not hesitate to contact MREC at compliance@mosaicrei.com.

Effective Date: January 1, 2020

GDPR Online Privacy Notice

The scope and purpose of this Privacy Notice

MREC Management, LLC (“we” or “MREC”) is a global company and thus may conduct business and collect Personal Data (as defined below) from individuals and institutions located within the European Economic Area (“EEA”).  This Privacy Notice explains how MREC, in its own capacity (the “General Partner”) and in its capacity as general partner of Mosaic Real Estate Credit Offshore, LP (the “Partnership”, and together with the General Partner, the “Fund Entities“), and their affiliates and/or delegates uses Personal Data that collected from individuals and institutions located within the EEA in accordance with applicable data privacy laws and the General Data Protection Regulation (“GDPR”). Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them in the GDPR. To the extent of any conflict between this Notice and the rest of our Online Privacy Policy, this Notice shall control only with respect to EEA Individuals and their Personal Data, and to the extent of such conflict.  Please see our Online Privacy Policy [HERE].

 

Data Controller

MREC typically acts as the controller of Personal Data collected regarding EEA Individuals through the Websites or Services. This Notice describes our general privacy and security practices in connection with your Personal Data. For our contact information, see the section in our Online Privacy Notice headed “Contact Us”.

 

Personal Data

The term “Personal Data” as used in this Privacy Notice means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

What information do we collect about you, how do we collect it and what do we use it for?

The kinds of Personal Data we may collect depends on the nature of the relationship you have with us. This information may include your name, and contact details, such as your email address. Through the Investment Portal we may require additional information for accountholders or investors as addressed in our Privacy Policy and Procedure provided annually to investors and available for review per the instructions listed above.

In accordance with applicable data privacy laws and the GDPR, we will only process your Personal Data for specific purposes where there is a lawful basis for doing so. The lawful basis, and purposes that we may rely on are:

  • You have consented to us doing so (consent) – in limited circumstances, we may obtain your consent to send you information about our products and services (but, in such cases, you can opt out of receiving such communications at any time through the method provided in the communications themselves or by using the contact information provided below);
  • We need it to perform the contract we have entered into with you (contract) – this includes, but is not limited to, where we have entered into an agreement with you and the Personal Data is needed to ensure that the terms of the contract can be fulfilled;
  • We need it to comply with a legal obligation (legal obligation) – these obligations include, for example, where we have a regulatory obligation to conduct customer due diligence or are required to provide information to tax authorities; or
  • We (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms (legitimate interest) – this includes the provision of services by us and our direct marketing activities. To this end, we will use your Personal Data to deliver services to you and/or to work or act for you. Furthermore, we will also use your Personal Data to inform you about us and our services and to build our relationship with you.

Where we use your Personal Data to inform you about us and our services, we will ensure that these are targeted and proportionate.

We have entered into written agreements with the third parties that process your Personal Data on the Partnership’s behalf. These agreements require third parties to act only on the Fund Entities’ instructions and to implement appropriate technical and organizational measures against unauthorized or unlawful processing of your Personal Data and against accidental loss or destruction of, or damage to your Personal Data, consistent with the DPL.

The Fund Entities, acting through the General Partner, will seek to ensure that third parties to whom any personal data may be disclosed will not use personal data for their own purposes.

Please note that we may use or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

What might we need from you?

We may need to request specific information from you to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This security measure is designed to ensure that Personal Data is not disclosed to any person who has no right to receive it.

Accuracy of information

It is important that the Personal Data we hold about you is accurate and current. Please let us know if your Personal Data changes during your relationship with us.

What if you do not provide the Personal Data we request?

It is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to accept an engagement from you, to provide all or some of our services, to enter into a contract with you or to send you information about us (e.g. marketing materials).

Change of purpose and anonymization

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

In some circumstances, and where it is attributable to a lawful basis, we may anonymize your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.

With whom will we share your information?

When using your Personal Data for the purposes and on the legal basis described above we may share your Personal Data with vendors that we work with. Depending on the nature of your relationship with MREC these other vendors may include, but are not limited to, accountants, tax advisors, payroll agents, auditors, lawyers, regulatory advisors, insurance brokers and IT providers. We may also have to share your Personal Data with regulators, public institutions or courts. MREC will not sell your Personal Data nor will we distribute, disseminate or disclose your Personal Data to third party sales or marketing agencies. When sharing your Personal Data with others, we will ensure that we have an appropriate legal basis to do so and will take all reasonable steps to ensure that your Personal Data is treated in a manner that is consistent with applicable laws and regulations.

Will your information be stored outside of the EEA?

MREC is a California corporation and the bulk of our operations are based in the United States. For the purposes described above, your Personal Data will likely be stored outside of the European Economic Area (“EEA”). In such cases, we will always ensure that there is a legal basis and a relevant safeguard method for such data transfer. In circumstances where the Fund Entities, acting through the General Partner, transfers personal data outside the EEA, they will seek to ensure a similar degree of protection is afforded to it by ensuring that personal data is transferred only to persons in countries outside the EEA in one of the following circumstances.

  • To persons and undertakings in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • To persons and undertakings to whom the transfer of such personal data is made pursuant to a contract that is compliant with the model contracts for the transfer of personal data to third countries from time to time approved by the European Commission.
  • To persons and undertakings to whom the transfer of such personal data is made pursuant to a contract that is compliant with the model contracts for the transfer of personal data to third countries from time to time approved by the European Commission.

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected, used and otherwise processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. For retention of data, we abide by applicable law related to the services we provide to you in the jurisdictions where we provide them.

Your rights in relation to your information

You have rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights are to:

  • Request access to your Personal Data (commonly known as a “data subject access
    request”) and request certain information in relation to its processing;
  •  Request rectification of your Personal Data;
  •  Request the erasure of your Personal Data;
  • Request the restriction of processing of your Personal Data;
  • Object to the processing of your Personal Data.

Please note, some of the above rights may only be exercised in specific circumstances ‐ they are not absolute. In addition, you may also have the right to make a complaint at any time to the   competent supervisory authority of an EU member state.

Right to withdraw consent

You may withdraw consent at any time where consent is the lawful basis for processing your Personal Data. Should you withdraw consent for processing or otherwise object to processing that impedes our ability to comply with applicable laws and regulations, you may be unable to avail yourself of the services we provide.

How long will we retain your information?

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you would like to know more information about our retention practices, please contact us using the information provided below.

In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data. Upon expiry of the applicable period we will destroy your Personal Data in accordance with applicable laws and regulations.

Fees

You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Online Privacy Notice. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Changes to this Privacy Notice

MREC reserves the right to update this Privacy Notice at any time and, in such cases, we will make an updated copy available on our website, or where required by law, we will contact you directly, and update the “Effective Date” at the top of this page will be updated accordingly.

Further information

If you have any queries, questions, concerns or require any further information in relation to the Privacy Statement or you wish to exercise any of your rights, please do not hesitate to contact compliance@mosaicrei.com.

[1]The response period may be extended up to forty-five (45) additional days where necessary, taking into account the complexity of your request.