Privacy Notice

TARGET HEALTHCARE REIT PLC

PRIVACY NOTICE

Target Healthcare REIT PLC (together with its subsidiary undertakings) (the "Company", "we", "us" or "our") is committed to protecting the privacy of individuals whose data it processes ("you" or "your").

Structure of this notice

1. IMPORTANT INFORMATION AND WHO WE ARE

2. CATEGORIES OF DATA SUBJECTS

(A)        INVESTORS/SHAREHOLDERS AND POTENTIAL INVESTORS/SHAREHOLDERS

(B)        VISITORS TO OUR WEBSITE

(C)        BUSINESS CONTACTS

(D)        DIRECTORS AND PROSPECTIVE DIRECTORS

3. DISCLOSURES OF YOUR PERSONAL DATA

4. INTERNATIONAL TRANSFERS

5. DATA SECURITY

6. YOUR LEGAL RIGHTS

7. CHANGES TO YOUR DATA

8. FURTHER INFORMATION

1. IMPORTANT INFORMATION AND WHO WE ARE

The Company is committed to protecting the privacy of individuals whose personal data it processes.

This privacy notice aims to give you information on how the Company collects and processes your personal data as a controller, including in certain circumstances where you are an investor/shareholder and/or potential investor/shareholder in the Company, through your use of this website (including by signing up to our newsletter), by sending us correspondence and/or providing us with products and/or services, and in certain circumstances, by working at and/or applying to work at the carehome operator of the property owned by the Company or one of its affiliates (the "Group").

In addition, this privacy notice outlines your data protection rights under the General Data Protection Regulation (Regulation 2016/679) (the “GDPR") and/or the GDPR as it forms part of the laws of the UK by virtue of the European Union (Withdrawal) Act 2018 and as amended, including by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the "UK GDPR").

This website is not intended for children and we do not knowingly collect data relating to children. Children should not access or use our website.

The Company has appointed a Privacy Manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this notice or our processing of your personal data, or you wish to exercise your rights under the GDPR and/or UK GDPR, please do so in writing and address this communication to the Privacy Manager at Target Healthcare REIT PLC, 1st Floor, Glendevon House, Castle Business Park, Stirling, FK9 4TZ or by email to info@targetfundmanagers.com.

The Company may from time to time update this notice. Please refer back to this page regularly to see any changes or updates to this notice.

2. CATEGORIES OF DATA SUBJECTS

(A)        INVESTORS/SHAREHOLDERS AND POTENTIAL INVESTORS/SHAREHOLDERS

The following section of this notice sets out how the Company, as controller of personal data supplied by, and collected in relation to, investors/ shareholders and/or potential investors/shareholders in the Company, will process such personal data.

The kind of information we hold about you

We may hold personal data about investors/shareholders and/or potential investors/shareholders in the Company which is provided to us by you directly as a result of your holding, investment and/or potential investment in the Company (including by completing application forms and/or fundraising documents, through our website, telephone calls and/or corresponding with us) or which is provided to us by third parties including the Company's registrar (which is currently Computershare Investor Services PLC), the Company's company secretary, administrator, and investment manager (which is currently Target Fund Managers Limited) or which we obtain from publicly available sources, such as Companies House. The types of personal data that we collect and use will depend on various circumstances, including whether you are a shareholder, investor or potential shareholder or investor.  We may also process personal data about individuals that are connected with you as an investor/shareholder (for example directors, trustees, employees, intermediaries, representatives, beneficiaries, shareholders, investors, clients, beneficial owners, advisers and/or agents). If you provide the Company with personal data relating to another data subject, you agree to provide that data subject with a copy of the Company's privacy notice.

We have grouped together the various types of data we may hold about you or individuals connected with you as follows:

  • Identity data may include names, titles, dates of birth and pronoun preferences and personal identifiers such as your national insurance number and tax file number;
  • Contact data may include addresses, telephone numbers, work and personal email addresses and communication preferences (such as your marketing preferences);
  • Employment data may include your employer, place of work, job title, employment history and department;
  • KYC data may include copies of passports and/or driving licences and utility bills, data received in connection with anti-money laundering and/or due diligence activities (including politically exposed persons and sanctions checks) and data related to any public comments about you by statutory or regulatory authorities (including designated professional bodies);
  • Financial data may include details relating to your investment activity and bank account details; and
  • Correspondence data may include any other data which you provide to us in correspondence, telephone calls and/or documents (including subscription/offer documents and other forms).
    • We do not knowingly collect any sensitive personal data or special categories of personal data about you in your capacity as a shareholder/investor or a potential shareholder/investor of the Company (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor do we collect any information about criminal convictions and offences. You must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.

If you are a shareholder/investor or potential shareholder/investor in the Company, your personal data may be processed by the Company or its sub-processors (or any of their affiliates, agents, delegates or sub-contractors) for the following purposes:

  • to provide you with information on the Company (including performance updates) and invitations to events or meetings;
  • to manage our relationship with you, including to allow us to administer and manage, or assist the appointed administrator and/or registrar with their administration of, your holding in the Company (including fee calculations, obtaining missing documentation and any other information and the payment of dividends);
  • to update and maintain records for the Company, including maintaining statutory registers;
  • for identification purposes for the purposes of anti-money laundering checks and other actions in an attempt to detect, prevent, investigate and prosecute fraud and crime, complying with UK and/ or international sanctions regimes, counter terrorist financing suitability and appropriateness assessments "Know Your Client" and credit-worthiness checks;
  • to assist us in conducting market research;
  • to prepare tax related information in order to report to tax authorities;
  • to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems; and
  • such other actions as are necessary to manage the activities and/or to comply with the legal obligations of the Company, including by processing instructions, monitoring and recording electronic communications (including telephone calls and emails and attachments therein) for quality control, analysis and training purposes and enforcing or defending the rights and/or interests of the Company,.

We will only use your personal data as the law permits. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and the lawful bases for our processing of that personal data. We have also identified what our legitimate interests are where appropriate.

The legal bases we principally rely upon are these:

  • it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
  • it is necessary for the purposes of our legitimate interests, or those of a third party, where such interests are not overridden by your rights or interests; and/or
  • it is necessary for us to comply with a legal obligation on us.

Where such processing is being carried out on the basis that it is necessary to pursue the Company's or a third party's legitimate interests, we will only carry out such processing if such legitimate interests are not overridden by your interests, fundamental rights or freedoms. Such processing may include the use of your personal data for the purposes of sending you electronic marketing communication, in relation to which you can at any time unsubscribe by contacting us at info@targetfundmanagers.com or following the instructions contained in each marketing communication.

Where we need to collect personal data by law or under the terms of a contract to which you are a party and you fail to provide that data when requested, we may not be able to perform the contract or enter a contract with you (and accordingly may be unable to register you as a shareholder/investor, or, if you are a current shareholder/investor, allow you to exercise all of your rights in connection with your investment). We will notify you if this is the case.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at the address above if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.

Purpose / Activity

Type of data

Legal basis for processing

To provide you with information on the Company (including performance updates) and invitations to events or meetings.

Identity data

Contact data

(a)     Our legitimate interests of  implementing our investment objectives and policies and pursuing and developing our business

To manage our relationship with you, including to allow us to administer and manage, or assist the appointed administrator and/or registrar with their administration of, your holding in the Company (including fee calculations, obtaining missing documentation and any other information and the payment of dividends).

Identity data

Contact data

Financial data

KYC data

Correspondence data

(a)   Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

(b)     Compliance with our legal and regulatory obligations

(c)     Our legitimate interests of pursuing and developing our business

To update and maintain records for the Company, including maintaining statutory registers.

Identity data

Contact data

KYC data

Financial data

Employment data

Correspondence data

(a)     Compliance with our legal and regulatory obligations

(b)     Our legitimate interests of ensuring effective and accurate record keeping

For identification purposes for the purposes of anti-money laundering checks and other actions in an attempt to detect, prevent, investigate and prosecute fraud and crime, complying with UK and/or international sanctions regimes, counter terrorist financing, suitability and appropriateness assessments, “Know Your Client” and credit-worthiness checks.

Identity data

Contact data

Employment data

KYC data

Financial data

Correspondence data

(a)   Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

(b)     Compliance with our legal and regulatory obligations

(c)     Our legitimate interests of the prevention of fraud, money laundering, sanctions, terrorist financing, bribery, corruption and tax evasion

To assist us in conducting market research.

Identity data

Contact data

Financial data

Correspondence data

(a)   Our legitimate interests of analysing trends and investigating product sales and performance

To prepare tax related information in order to report to tax authorities.

Identity data

Contact data

Financial data

Correspondence data

(a)   Compliance with our legal and regulatory obligations

To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems.

Identity data

Contact data

Correspondence data

(a)     Our legitimate interests of document retention and IT security

(b)     Compliance with our legal and regulatory obligations (including under data protection law)

Such other actions as are necessary to manage the activities and/or to comply with the legal obligations of the Company, including by processing instructions, monitoring and recording electronic communications (including telephone calls and emails and attachments therein) for quality control, analysis and training purposes and enforcing or defending the rights and/or interests of the Company.

Identity data

Contact data

KYC data

Financial data

Employment data

Correspondence data

(a)     Compliance with our legal and regulatory obligations (including under data protection law)

(b)     Our legitimate interests of pursuing and developing our business and monitoring email traffic

(c)     Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

If the Company wishes to use your personal data for purposes which require your consent, you will be asked to provide this and/or we will contact you to request this. In such circumstances, we will provide you with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us at info@targetfundmanagers.com or (in relation to marketing) follow the unsubscribe instructions included in each electronic marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

(B)        VISITORS TO OUR WEBSITE

The following section of this notice sets out how the Company may process personal data (as a controller) about visitors to its website at www.targethealthcarereit.co.uk. We would also note that our website uses cookies to distinguish you from other users of our website. For detailed information on the cookies we use and the purposes for which we use them please refer to our Cookies Policy, available at www.targethealthcarereit.co.uk.

If you are a website user, we may use different methods to collect data from and about you including through:

  • direct interactions with you, including by filling in forms. This includes personal data you provide when you subscribe to our publications (including registering for RNS news through the Company's website) and/or request communications to be sent to you.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
  • Technical data from the following parties:
    • analytics providers based inside or outside the UK or EEA;
    • advertising networks based inside or outside the UK or EEA; and
    • search information providers based inside or outside the UK or EEA.

We have grouped together the various types of data we may hold about you as a website user as follows:

  • Identity data may include names, titles, dates of birth and pronoun preferences;
  • Contact data may include addresses, telephone numbers, personal and work email addresses and marketing and communications preferences;
  • Technical data may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, internet server provider's domain name, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
  • Usage data which includes information about how you use our website, products or services; and
  • User type data which includes information relating to the type of website user you are (for example, institutional investor, journalist, analyst or private investor).

We do not knowingly collect any sensitive personal data or special categories of personal data about you through our website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences through our website You must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.

If you are a website user, your personal data may be processed by the Company or its sub-processors (or any of their affiliates, agents, delegates or sub-contractors) for the following purposes:

  • to send you updates on the performance of the Company, newsletters, invitations to events and other electronic marketing communications;
  • to use data analytics to improve our website, marketing and customer experiences;
  • to comply with legal or regulatory requirements;
  • to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems; and
  • such other actions as are necessary to manage the activities of the Company, including by processing instructions, monitoring and recording electronic communications (including telephone calls and emails) for quality control, analysis and training purposes and enforcing or defending the rights and/or interests of the Company.

We will only use your personal information as the law permits. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

The legal bases we principally rely upon are these:

  • it is necessary for the purposes of our legitimate interests, or those of a third party and where such interests are not overridden by your rights or interests; and/or
  • it is necessary for us to comply with a legal or regulatory obligation on us.

Where such processing is being carried out on the basis that it is necessary to pursue the Company's legitimate interests, we will only carry out such processing if these legitimate interests are not overridden by your interests, fundamental rights or freedoms. Such processing may include the use of your personal data for the purposes of sending you electronic marketing communications, in relation to which you can at any time unsubscribe by contacting us at info@targetfundmanagers.com  or by following the instructions contained in each marketing communication.

Where we need to collect personal data by law or in connection with our website and you fail to provide that information, we may not be able to give you full access to our website. We will notify you if this is the case.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at the address above if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.

Purpose / Activity

Type of data

Legal basis for processing

To send you updates on the performance of the Company, newsletters, invitations to events and other electronic marketing communications.

Identity data

Contact data

User type data

(a)   Our legitimate interests of pursuing and developing our business (for example, where you are an existing or past investor in the Company and were (and continue to be) given an option to opt-out of such communications)

(b)   Your consent

To use data analytics to improve our website, marketing and customer experiences.

Technical data

Usage data

(a)   Our legitimate interests (to understand user behaviour and improve our website)

To comply with legal or regulatory requirements.

Technical data

User type data

(a)   Compliance with our legal and regulatory obligations (including under data protection law)

To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems.

Identity data

Contact data

Technical data

(a)   Our legitimate interests including for document retention purposes and IT security

(b)   Compliance with our legal and regulatory obligations (including under data protection law)

Such other actions as are necessary to manage the activities of the Company, including by processing instructions, monitoring and recording electronic communications (including telephone calls and emails) for quality control, analysis and training purposes and enforcing or defending the rights and/or interests of the Company.

Identity data

Contact data

Technical data

Usage data

User type data

(a)   Compliance with our legal and regulatory obligations

(b)   Our legitimate interests (including by processing instructions and enforcing or defending our rights)

(c)   Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

If we consider it necessary to obtain your consent in relation to the use of your personal data (such as for sending emails to individuals that have not invested in the Company) you will be asked to provide this and/or we will contact you to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us at info@targetfundmanagers.com or (in relation to marketing) follow the unsubscribe instructions included in each electronic marketing communication. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Where the website provides links to other websites, the Company is not responsible for the data protection/privacy/cookie usage policies of such other websites, and you should check these policies on such other websites if you have any concerns about them. If you use one of these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting a linked website and such websites are not governed by this notice. You should always exercise caution and review the privacy notice applicable to the website in question.

(C)        BUSINESS CONTACTS

Service Providers

The following section of this notice sets out how the Company may process personal data (as a controller) about its business contacts including contractors and representatives of current, previous and/or potential service providers, suppliers, fund managers/business partners, tenants/operators/agents/vendors/advisers, individuals subject to and/or participating in internal and/or external investigations; and data subjects that have provided a business card to, or have corresponded with the Company.

We may collect, use, store and transfer different kinds of personal data which you provide to us (including through correspondence with you or if you provide us with a business card); when it is provided to us by third parties, including (if you are an employee of one of our service providers) from your employer; and from publicly available sources, such as LinkedIn or Companies House. The types of personal data that we collect and use will depend on various circumstances, including the nature of our relationship with you. We have grouped together the various types of data we may hold about you or individuals connected with you as follows:

  • Identity data may include names, titles, dates of birth, pronoun preference and national identification number;
  • Contact data may include addresses, telephone numbers and personal or work email addresses;
  • Financial data may include bank account details and other financial information;
  • Employment data may include place of work and job title, employment history and department; and
  • Correspondence data may include any other data which you provide to us in correspondence (including emails), telephone calls and/or documents.

We do not knowingly collect any sensitive personal data or special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. You must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.

Your personal data may be processed by the Company or its sub-processors (or any of their affiliates, employees, agents, delegates or sub-contractors) for the following purposes:

  • to hold your personal data on our system and to contact you (including in connection with using the services that you provide);
  • in respect of suppliers, to allow us to process payments and orders in respect of any goods and services provided;
  • to send you updates on the performance of the Company, newsletters, invitations to events and other communications;
  • to comply with legal or regulatory requirements;
  • to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems; and
  • such other actions as are necessary to manage the activities of the Company, including by processing instructions, monitoring and recording electronic communications (including telephone calls and emails) for quality control, analysis and training purposes and enforcing or defending the rights or interests of the Company.
    • We will only use your personal information as the law permits. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. The legal bases we principally rely upon are these:
  • it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
  • it is necessary for the purposes of our legitimate interests, or those of a third party, where such interests are not overridden by your rights or interests; and/or
  • it is necessary for us to comply with a legal or regulatory obligation on us.
    • Where such processing is being carried out on the basis that it is necessary to pursue the Company and/or a third party's legitimate interests, we will ensure that such legitimate interests are not overridden by your interests, fundamental rights or freedoms. You can find out about your right to object to our processing of your personal data when we rely on our or a third party's legitimate interests below.
    • Where we need to collect personal data by law or under the terms of a contract to which you are a party and you fail to provide that data when requested, we may not be able to perform the contract or enter a contract with you (and accordingly may not be able to continue our relationship with you and (if you are a service provider) we may not be able to pay you). We will notify you if this is the case.
    • Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at the address above if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.

Purpose / Activity

Type of data

Legal basis for processing

To hold your personal data on our system and to contact you (including in connection with using the services that you provide).

Identity data

Contact data

(a)   Our legitimate interests, including in connection with using the services that you provide

In respect of suppliers, to allow us to process payments and orders in respect of any goods and services provided.

Identity data

Contact data

Financial data

(a)   Our legitimate interests, including in connection with using the services that you provide

(b)   Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

To send you updates on the performance of the Company, newsletters, invitations to events and other communications.

Identity data

Contact data

(a)   Your consent

(b)   Our legitimate interests of pursuing and developing our business (for example, where you are an existing or past investor in the Company and were (and continue to be) given an option to opt-out of such communications)

To comply with legal or regulatory requirements.

Identity data

Contact data

Employment data

Financial data

Correspondence data

(a)   Compliance with our legal and regulatory obligations (including requirements to monitor our IT systems to comply with data protection law)

To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems.

Identity data

Contact data

Employment data

Financial data

Correspondence data

(a)   Our legitimate interests including for document retention purposes and IT Security

(b)   Compliance with our legal and regulatory obligations (including under data protection law)

Such other actions as are necessary to manage the activities of the Company, including by processing instructions, monitoring and recording electronic communications (including telephone calls and emails) for quality control, analysis and training purposes and enforcing or defending the rights or interests of the Company.

Identity data

Contact data

Employment data

Correspondence data

Financial data

(a)   Compliance with our legal and regulatory obligations

(b)   Our legitimate interests of pursuing and developing our business

(c)   Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

If we consider it necessary to obtain your consent in relation to the use of your personal data (such as for sending emails to individuals that have not invested in the Company), you will be asked to provide this and/or we will contact you to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you  do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us at info@targetfundmanagers.com or (in relation to marketing) follow the unsubscribe instructions in each electronic marketing communication. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Operators

In addition to the business contacts listed above, the Company may process personal data (as a controller) about the current and/or former employees, contractors and representatives of the managers or operators of the carehomes or other properties owned by the Group.

We may collect, use, store and transfer different kinds of personal data which you provide to us or one of our affiliates or advisers, including: through correspondence with you, telephone calls, interviews and application forms; from your employer, our investment manager; and from publicly available sources, such as LinkedIn or Companies House. The types of personal data that we collect and use will depend on various circumstances, including the nature of our relationship with you. We have grouped together the various types of data we may hold about you or individuals connected with you as follows:

  • Identity data may include names, titles, dates of birth, nationality, national ID number, gender, gender identity and pronoun preference;
  • Contact data may include addresses, telephone numbers and personal or work email addresses;
  • Employment data may include current and former place of work and job title, employment history functions, departments, and organisations, CV, performance appraisals, evaluations, ratings, time and attendance, individual development plans, commendation/awards, disciplinary documents, individual competencies, succession planning data, next positions planned and development actions foreseen, training history, employment, severance, and confidentiality/non-disclosure agreements, contract or assignment type, past, present, and proposed future salary information, bonus and other payment information, educational and professional qualifications and classifications, employee number, photograph, information regarding an employee's work authorisation and/or residency status, tax information, company car, computer and other company property information, social, health and other insurance benefit information, data concerning pensions or early retirement benefits, and data provided in connection with internal and/or external investigations;
  • Criminal offence data may include criminal convictions and offences data; and
  • Correspondence data may include any other data which you provide to us in correspondence (including emails), telephone calls and/or documents.

Your personal data may be processed by the Group and investors in the Group which own the carehome property and/or their sub-processors (or any of their affiliates, employees, agents, delegates or sub-contractors) for the following purposes:

  • Overseeing the (i) operation of the carehomes or other properties owned by the Group and (ii) the manager of the property, including in relation to investor approval in relation to the extent that any issues or activities require investor approval;
  • Addressing employee performance, employee relations issues and/or approval of the appointment and/or remuneration of key personnel of the operator;
  • Supporting the employee initiatives and programs of the operator;
  • Analysing and reporting on the composition of the workforce of the operator;
  • Overview and approval of the recruitment and placement of key personnel and members of the management team at the operator;
  • Administration of employee benefits and compensation of the operator; and
  • Planning, coordinating and administering training and development for personnel of the operator.
    • We will only use your personal information as the law permits. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. The legal bases we principally rely upon are these:
  • it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
  • it is necessary for the purposes of our legitimate interests, or those of a third party, where such interests are not overridden by your rights or interests; and/or
  • it is necessary for us to comply with a legal or regulatory obligation on us.
    • Where such processing is being carried out on the basis that it is necessary to pursue the Company's and/or a third party's legitimate interests, we will ensure that such legitimate interests are not overridden by your interests, fundamental rights or freedoms. You can find out about your right to object to our processing of your personal data when we rely on our or a third party's legitimate interests below.
    • Where we need to collect personal data by law or under the terms of a contract to which you are a party and you fail to provide that data when requested, we may not be able to perform the contract or enter a contract with you (and accordingly may not be able to appoint you to a role). We will notify you if this is the case.
    • Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at the address above if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.

Purpose / Activity

Type of data

Legal basis for processing

Overseeing the (i) operation of the carehomes or other properties owned by the Group and (ii) the manager of the property, including in relation to investor approval in relation to the extent that any issues or activities require investor approval.

Identity data

Contact data

Employment data

(a)   Our and/or the operators' legitimate interests of ensuring the properties are operated effectively, pursuant to the development of our and/or their business

Addressing employee performance, employee relations issues and/or approval of the appointment and/or remuneration of key personnel of the operator.

Identity data

Employment data

Criminal offence data

(a)   Our and/or the operators' legitimate interests of ensuring high quality, suitable employees work for the operators, managing employee issues at the properties so as to minimise disruption and ensure continuity, both pursuant to the development of our and/or their business

(b)   Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

Supporting the employee initiatives and programs of the operator.

Identity data

Employment data

(a)   Our and/or operators' legitimate interests of ensuring high quality employees work for the operators, managing employee issues at the properties so as to minimise disruption and ensure continuity, both pursuant to the development of our and/or their business

(b)   Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

Analysing and reporting on the composition of the workforce of the operator.

Identity data

(a)   Our and/or the operators' legitimate interests of pursuing and developing our and/or their business

Overview and approval of the recruitment and placement of key personnel and members of the management team at the operator.

Identity data

Employment data

Criminal offence data

(a)   Our and/or operators' legitimate interests of ensuring high quality, suitable employees work for the operators pursuant to the development of our and/or their business

Administration of employee benefits and compensation of the operator.

Identity data

Contact data

Employment data

(a)   Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

Planning, coordinating and administering training and development for personnel of the operator.

Identity data

Contact data

Employment data

Correspondence data

Financial data

(a)   Our and/or the operators' legitimate interests of ensuring high quality employees work for the operators pursuant to the development of our and/or their business

If we consider it necessary to obtain your consent in relation to the use of your personal data, we or the carehome operator will contact you to request this consent. In such circumstances, you will be provided with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us at info@targetfundmanagers.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so.

Processing of information about criminal convictions

We envisage that we will process information about criminal convictions. We will collect information about your criminal convictions history in connection with offering you the work or a position with the operator (conditional on checks and any other conditions, such as references, being satisfactory). We will only collect and use information about criminal convictions if it is appropriate given the nature of the role and where we have a lawful basis to do so. For example, we may use information relating to criminal convictions in relation to legal claims, where regulatory requirements relating to unlawful acts and dishonesty apply, to prevent fraud and to prevent and detect unlawful acts, to protect the public against dishonesty, or where you have already made the information public.

We do not knowingly collect any sensitive personal data or special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. You must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

(D) DIRECTORS AND PROSPECTIVE DIRECTORS

The following section of this notice sets out how the Company may process personal data (as a controller) about directors and/or prospective directors of the Company. We collect this personal data from a variety of sources, including from you (including through application forms, questionnaires and/or corresponding with us); from third parties (including due diligence service providers); and from publicly available sources, such as Companies House.

The types of personal data that we collect and use will depend on various circumstances, including whether you are a director or a prospective director. We may also process personal data about individuals that are connected with you as a director (including Family Data (as is defined below)). We have grouped together the types of data we may process about you as follows:

  • Identity data may include names, titles, sex, gender, gender identity, pronoun preferences, dates of birth, nationality and citizenship;
  • Family data may include marital status and details of other relatives or persons closely associated with you including family connections (including dependents which may be under the age of 18);
  • Contact data may include addresses, work or personal email addresses, telephone numbers and contact sheets;
  • Financial data may include tax residency, financial dealings, banking details, beneficiaries, the number of shares legally and beneficially held by you or any person closely associated with you in the Company and any such holdings in any other securities related to the Company;
  • KYC data may include copies of passports and/or driving licences and utility bills, details of any disqualifications as a director or disqualifications from acting in company management or from conduct of company affairs, data relating to insolvency proceedings involving you or entities you have been or are connected with, data received from due diligence activities (such as anti-money laundering, politically exposed persons and sanctions checks) and data related to any public criticisms of you by statutory or regulatory authorities (including designated professional bodies) and fraud enquiries (for example, information from police reports);
  • Employment and directorship data may include places of work, job title, national insurance number and other tax details, signed contracts with you, biographies, job history, qualifications and CV, current and/or former directorships and attendance and voting records at board meetings;
  • Sensitive/special category data may include details of your socio-economic background and certain data considered more sensitive (which may include details of criminal convictions, ethnicity, age, sexual orientation, religion and beliefs, health (including any physical or mental impairment), socio-economic background and native language); and
  • Correspondence data may include any other data which you provide to us in correspondence (including emails), telephone calls (which we may record) and/or documents.

If you are a director or prospective director of the Company, your personal data may be processed by the Company or its processors (or any of their affiliates, agents, delegates or sub-contractors) for the following purposes:

  • to hold your personal data on our system and to contact you;
  • to appoint (or consider appointing) you as a director and to administer our relationship with you as a director. We may process personal data to carry out background and reference checks or to assess your skills and qualifications, to consider your suitability for the role of director. We may also need to communicate with you about the appointment process and to keep records relating to our hiring process;
  • to administer/perform the contract we have entered into with you, including arranging the payment of directors' fees and the reimbursement of expenses;
  • to seek to improve transparency on the diversity of our board and benefit both corporate governance and decision making by us;
  • to comply with legal or regulatory requirements;
  • to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems; and
  • such other actions as are necessary to manage the activities of the Company, including by processing instructions, monitoring and recording electronic communications (including telephone calls and emails) for quality control, analysis and training purposes and enforcing or defending the rights or interests of the Company.

We will only use your personal information as the law permits. By law we are required to tell you the legal bases upon which we rely in processing your personal information. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. The legal bases we principally rely upon are these:

  • it is necessary for the purposes of our legitimate interests or those of a third party and where such interests are not overridden by your rights or interests;
  • it is necessary for us to comply with a legal or regulatory obligation on us; and/or
  • it is necessary for the performance of a contract between you and the Company or in order to take steps at your request prior to entering into such a contract.

Where such processing is being carried out on the basis that it is necessary to pursue the Company's or a third party's legitimate interests, we will ensure that such legitimate interests are not overridden by your interests, fundamental rights or freedoms. You can find out about your right to object to our processing of your personal data when we rely on our legitimate interests below.

Where we need to collect personal data by law or under the terms of a contract to which you are a party and you fail to provide that data when requested, we may not be able to perform the contract or enter a contract with you (and accordingly may be unable to appoint you as a director). We will notify you if this is the case.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at the address above if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.

Purpose / Activity

Type of data

Legal basis for processing

To hold your personal data on our system and to contact you.

Identity data

Contact data

(a)   Our legitimate interests of appointing you (or considering appointing you) as a director and pursuing and developing our business

To appoint (or consider appointing) you as a director and to administer our relationship with you as a director. We may process personal data to carry out background and reference checks or to assess your skills and qualifications, to consider your suitability for the role of director. We may also need to  communicate with you about the appointment process and to keep records relating to our hiring process.

Identity data

Contact data

Family data

KYC data

Financial data

Employment and directorship data

Sensitive/special category data

Correspondence data

(a)   Performance of a contract to which you are a party or in order to take steps prior to entering into such a contract

(b)   Compliance with our legal and regulatory obligations (including under the FCA Listing Rules and Disclosure Guidance and Transparency Rules)

(c)   Our legitimate interests of appointing you (or considering appointing you) as a director and pursuing and developing our business

(d)   In relation to special category data, on the additional basis set out below in the "Special Category Data" section.

To administer/perform the contract we have entered into with you, including arranging the payment of directors' fees and the reimbursement of expenses.

Identity data

Contact data

Financial data

Employment and directorship data

Correspondence data

(a)  Performance of a contract to which you are a party or in order to take steps prior to entering into such a contract

To seek to improve transparency on the diversity of our board and benefit both corporate governance and decision making by us.

Identity data

Contact data

KYC data

Employment and directorship data

Sensitive/special category data

(a)   Compliance with our legal and regulatory obligations (including under the FCA Listing Rules and Disclosure Guidance and Transparency Rules)

(b)   Our legitimate interests of improving transparency and diversity on our board

(c)   In relation to special category data, on the additional basis set out below in the "Special Category Data" section.

To comply with legal or regulatory requirements.

Identity data

Family data

Financial data

Contact data

Employment and directorship data

KYC data

Sensitive/special category data

Correspondence data

(a)   Compliance with our legal and regulatory obligations

(b)   In relation to special category data, on the additional basis set out below in the "Special Category Data" section.

To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems.

Contact data

Correspondence data

(a)   Our legitimate interests including for document retention purposes and IT Security

(b)   Compliance with our legal and regulatory obligations under data protection law

Such other actions as are necessary to manage the activities of the Company, including by processing instructions, monitoring and recording electronic communications (including telephone calls and emails) for quality control, analysis and training purposes and enforcing or defending the rights or interests of the Company.

Identity data

Family Data

KYC data

Contact data

Financial data

Employment and directorship data

Correspondence data

(a)   Compliance with our legal and regulatory obligations

(b)   Our legitimate interests of pursuing and developing our business

(c)   Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

If the Company wishes to use your personal data for purposes which require your consent we will contact you to request this. In such circumstances, we will provide you with  details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us at info@targetfundmanagers.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so.

Special category data

We may hold special category data if it is necessary for us to comply with legal and regulatory obligations (see further details below).

Where we process special category data, we ensure that such processing satisfies one of the additional conditions required for processing special categories of personal data. We may process special categories of personal data in the following circumstances:

  • with your explicit written consent;
  • we may use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during the interview. This is being carried out for the purposes of carrying out obligations in the field of employment law (in particular, our obligation to make reasonable adjustments under the Equality Act 2010); and/or
    • where it is needed in the public interest, such as for equality of opportunity or treatment or racial and ethnic diversity at senior levels of organisations.

Other than as set out above, we do not knowingly or intentionally collect special category data from individuals, and you must not submit special category data to us (other than for the purposes set out above). If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process that special category data for the purposes of deleting it.

Processing of information about criminal convictions

We envisage that we will process information about criminal convictions as part of the Company's director onboarding/appointment processes and on an ongoing basis. We carry out a criminal records check where permitted by law to seek to review your suitability for the role. We will only collect and use information about criminal convictions if it is appropriate given the nature of the role and where we have a lawful basis to do so. For example, we may use information relating to criminal convictions in relation to legal claims, where regulatory requirements relating to unlawful acts and dishonesty apply, to prevent fraud and to prevent and detect unlawful acts, to protect the public against dishonesty, or where you have already made the information public.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

3. DISCLOSURES OF YOUR PERSONAL DATA

We will not disclose personal information we hold about you to any third party except as set out below and where we have a lawful basis for doing so.

We may disclose your personal data to other affiliates in the Group, to the boards, managers, employees, agents, sub-contractors and agents of the Company, to investors/shareholders in the Company, to suppliers of the Company, to the company secretary, to third parties who are providing services to us, including IT or other third party service providers, financial institutions, event management, PR and marketing service providers, providers of background, compliance, sanctions, shareholder register analysis, anti-money laundering check and/or credit reference services, other processors of the Company (including printers, brokers, analysts, registrars, administrators, investment managers, proxy service companies), pension plan institutions, depositaries, auditors, tax advisers, telephone service providers, document storage and execution providers, consultants, professional advisors, backup and disaster recovery service providers and to Governmental, judicial or regulatory authorities or bodies

We may also disclose personal data we hold to third parties in the following circumstances:

  • in the event that we sell any business or assets, in which case we may disclose personal data we hold about you to the prospective and/or actual buyer of such business or assets; and/or
  • if we are permitted by law to disclose your personal data to that third party or are under a legal obligation to disclose your personal data to that third party (for example, to tax authorities or courts).

Where we disclose your personal data to third parties, those third parties may in certain circumstances require to process your personal data for purposes and means which they determine. For example, they may need to use your information to comply with their own legal obligations, including under anti-money laundering legislation. In those cases, the relevant third party will be acting as a controller in respect of your personal data, and its use of your personal data will be subject to its privacy policy (which they are required by law to make available to you).

4. INTERNATIONAL TRANSFERS

Whenever your personal data is transferred out of the UK or the European Economic Area ("EEA") by us, we ensure a similar degree of protection is afforded to it by ensuring either of the following safeguards is implemented:

  • the country or territory outside the UK or EEA that we send data to has been deemed to provide an adequate level of protection for personal data by the UK Secretary of State or European Commission (as applicable); or
  • we have put in place specific standard contracts approved by the European Commission or the UK Secretary of State (as applicable) which give personal data the same protection it has in the EEA or the UK (as applicable).

Please contact us if you want further information on the specific mechanism used when transferring your personal data out of the UK or EEA..

5. DATA SECURITY

The Company has put in place measures designed to ensure the security of the personal data it collects and stores about you. It will use its reasonable endeavours and comply with law in its approach to protecting your personal data from unauthorised disclosure and/or access, including through the use of network and database security measures, but it cannot guarantee the security of any data it collects and stores.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those agents, contractors and other third parties who need to know. They will only process your personal data (as a data processor) on our instructions.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6. YOUR LEGAL RIGHTS

In certain circumstances, by law you have the right to:

  • request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  • request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
  • request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
  • object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
  • request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
  • request the transfer of your personal information to another party; and
  • withdraw your consent. If we are processing your personal data on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communications, please contact us at info@targetfundmanagers.com or following the unsubscribe instructions included in each electronic marketing communication. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you wish to exercise any of the rights set out above, please contact the Privacy Manager at Target Healthcare REIT PLC, 1st Floor, Glendevon House, Castle Business Park, Stirling, FK9 4TZ in writing or at info@targetfundmanagers.com.

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

7. CHANGES TO YOUR DATA

The personal data we hold about you needs to be accurate and up-to-date in order to comply with data protection law. Please let us know of any changes to your personal data so that we can correct our records.

8. FURTHER INFORMATION

If you have any queries about this notice or our processing of your personal data, or you wish to exercise your rights under the GDPR and/or the UK GDPR, please do so in writing and address this communication to the Privacy Manager at Target Healthcare REIT PLC, 1st Floor, Glendevon House, Castle Business Park, Stirling, FK9 4TZ or by email to info@targetfundmanagers.com.

Target Healthcare REIT PLC is a company incorporated in England and Wales with registered number 11990238 and its registered office address is - Level 4, Dashwood House, 69 Old Broad Street, London EC2M 1QS. It has its principal place of business at 1st Floor, Glendevon House, Castle Business Park, Stirling, FK9 4TZ.

© 2023 Target Healthcare REIT PLC. All rights reserved. Privacy Notice -  Last updated April 2023