Fortress Investment Group LLC and its affiliates (collectively “Fortress”) take your privacy and the security of your personal information seriously. This Privacy Statement is meant to help you understand what personal information we collect on you, how we use and protect such information and the rights and choices you have with regard to such information.
Please read this Privacy Statement carefully. In the event that you have any questions or concerns about the guidelines set forth in this Privacy Statement, please contact us as set out at the end of this Statement.
A. What Information Do We Collect About You?
We may collect personal information that you provide to us directly (for example, your name, title, postal and email address, date of birth and work experience) and we may also collect information about you indirectly (for example, your IP address, browser type and version). Some examples of instances where we collect information about you are provided below.
When You Visit and Browse our Website
We collect general information about the devices you use to access our website and services (such as make, model, operating system, IP address, and browser type) and information about your online behavior. By collecting this information, we learn how to best tailor our website for our current and future visitors. To collect this information, we use technical methods such as cookies, as further explained below.
When You Register For an Account
If this website provides a registration option and you choose to register for an account, we will collect the personal information you provide in order to complete your registration. You may choose to provide us with this information. However, there is no obligation to do so, and your choice will not affect your ability to use our website.
When You Contact Us or When We Contact You
We collect personal information you provide about yourself anytime you contact us about our website or services. You can choose not to provide this information, but then you might not be able to send us requests via our website. We may also use technical methods in HTML e-mails that we send visitors to our website to determine whether such visitors have opened those e-mails and/or clicked on links in those e-mails.
When You Upload a Job Application on Our Website
We collect the information you provide when you voluntarily decide to submit a job application on our website, and you will be able to view our Job Applicant Privacy Notice at that time for further information.
When You Request the Provision of Services
We collect the information you provide when you request the provision of services by Fortress (for example, through “know your client” checks or other transaction-related services).
B. How Do We Use Your Personal Information?
When it is necessary to process your personal information, Fortress will do so: (i) for legitimate business purposes, (ii) to fulfill our contractual obligations to you, (iii) to comply with legal or regulatory obligations imposed on us; and/or (iv) after consent is obtained from you.
Use in Connection with Normal Business Operations
We may use or share some of the personal information we collect about you with our affiliates or third-party entities (i) as part of our normal business operations (such as processing your requests for forms or other literature or information, transactions, to enable you to access our services, or to prepare investor disclosure materials), (ii) to send you administrative communications either about your interactions with us or about features of our website, including any future changes to this Privacy Statement, or (iii) as otherwise permitted by law.
We may also share your personal information with a select group of third-party service providers that carry out certain functions on our behalf. The categories of service provider that we use include companies that: deliver products or services, like a shipping company that delivers a package; improve the functionality of our website; provide analytic services; or help to gather your information or communicate with you. These companies are allowed to gather, receive, and use your information only for the purposes described in this Privacy Statement or as required by law.
We take appropriate steps to ensure that the entities with which we share your personal information (both affiliates and non-affiliated third parties) protect the confidentiality and security of your information and use it only for its intended purpose.
C. Transferring Your Personal Information to Other Countries
The entities with which we might share your personal information may be located outside of the jurisdiction in which the personal information was collected. Where required, we have put in place appropriate safeguards designed to make sure your personal information remains adequately protected when transferred internationally. For instance, the transfer of personal information out of the European Economic Area (including to the UK) or the UK, each to third countries that have not been granted an adequacy decision by the European Commission, will be made pursuant to a valid data transfer mechanism under applicable data protection laws, including on the terms of the European Commission standard contractual clauses.
You may ask for further information on the safeguards that we have put in place, where required, for the transfer of your data outside of the jurisdiction in which it was collected by contacting us as indicated below at “How To Contact Us”.
D. How Long Do We Keep Your Personal Information?
We will retain your personal information for the amount of time necessary to accomplish the purpose for which it was collected. We will also retain personal information that could be relevant to legal proceedings or must otherwise be retained under applicable law or regulations for longer periods.
E. How Do We Protect Your Personal Information?
We have implemented technical, administrative, and physical security measures to protect your personal information from unauthorized access and improper use. We review our security procedures in order to consider appropriate new technology and methods on an ongoing basis. Except as otherwise required by law, only authorized persons will be allowed to view your personal information. Fortress employees receive training about the importance of confidentiality and maintaining the privacy and security of your information.
F. Transparency in Coverage Rule
In response to the federal Transparency in Coverage Rule, machine readable files have been made available here, and include negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted n the JSON file format to allow researchers, regulators, and application developers to more easily access and analyze data.
G. Do Not Track
Do Not Track is a privacy preference that users can set in certain web browsers. We do not currently recognize or respond to browser-initiated Do Not Track signals. Third-parties, such as our analytics providers (such as those of Google Analytics), may collect data that relates to you on our Site. We cannot control third-parties’ responses to Do Not Track signals. Third-parties’ responsiveness to Do Not Track signals is governed by their respective privacy policies. Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application. You can learn more about Do Not Track here.
Your Rights under the EU General Data Protection Regulation
You have the right (subject to certain limitations) to confirm that Fortress is processing your personal information, to access the personal information we keep about you, to restrict or object to the processing of your personal information, and to rectify, erase, and port your personal information.
If you wish to exercise any of these rights, please contact us as set out below.
You have the right to obtain:
- Confirmation that we process your personal information; and
- Access to the personal information we have about you.
Your Right to Rectification
You have the right to have inaccurate personal information rectified.
Your Right to Erasure
You have the right to have your personal information erased if:
- Your personal information is no longer necessary for the purpose which we originally collected or processed it for;
- We are only relying on your consent to process your personal information, and you decide to withdraw your consent; and
- You object to the processing of your personal information, and we have no overriding legitimate interest or other valid basis to continue the processing of your personal information.
Your Right to Restrict Processing
As an alternative to requesting the erasure of your personal information, you have the right to limit the way we use your personal information in certain circumstances:
- You contested the accuracy of your personal information and we are verifying the accuracy of such information;
- We have unlawfully processed your personal information and you oppose erasure and request restriction instead;
- We no longer need your personal information but you need us to keep it in order to establish, exercise or defend a legal claim; or
- You have objected to us processing your personal information, and we are considering whether we have legitimate grounds to continue processing your personal information.
Your Right to Object to Processing
You have the right to object to certain types of processing of your personal information, namely:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
- Direct marketing (including profiling); and
- Processing for purposes of scientific/historical research and statistics.
Your Right to Data Portability
Under limited circumstances, you have the right to obtain from us and reuse your personal information for your own purposes. This right allows you to move, copy or transfer your personal information easily, without hindrance to usability. If you request it, we may transmit your personal information directly to another organization if this is technically feasible.
Your Rights under the California Consumer Privacy Act
As a California consumer, you have the right to: (i) request that Fortress disclose what personal information it collects, uses, discloses and sells about you, (ii) request deletion of the data you have provided to Fortress, and (iii) be free from discrimination by Fortress as a result of you exercising your rights under the California Consumer Privacy Act (“CCPA”).
- We note that the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication from some of its requirements, such that the rights to access and delete your personal information do not apply with respect to such communications.
- Please note that under the CCPA, these rights do not apply to, and “personal information” does not include, certain categories of information, such as (i) publicly available information from government records, (ii) deidentified or aggregated consumer information, and (iii) information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
If you wish to exercise these rights, you must submit a Verifiable Consumer Request, which can be submitted here, by emailing DSR@fortress.com, or by calling 1-833-459-0090. The procedures Fortress uses to evaluate your request can be found here. Furthermore, in accordance with the CCPA, you can designate a third party agent to exercise your CCPA rights on your behalf by following the procedures that can be found here.
Categories of Personal Information We Collect
Fortress has collected the following types of personal information about consumers in the last 12 months (but, for clarity, not all types of personal information have been collected from all consumers):
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||NO|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||YES|
|K. Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
Sources of Personal Information Collected
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete, such as our Verified Consumer Request Form, or products and services you purchase.
- Indirectly from you. For example, from your agent or a financial intermediary, or from observing your actions on our website.
- From third parties, such as risk management databases.
Disclosures for a Business or Commercial Purpose
In the preceding 12 months, Fortress has disclosed the following types of personal information to its service providers and affiliates for business purposes:
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
- Protected classification characteristics under California or federal law
- Commercial information
- Internet or other similar network activity
- Professional or employment-related information
- Non-public education information
Your Right to Know
You have the right to request the following information regarding Fortress practices regarding your personal information:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information about you was collected;
- The business or commercial purpose for which we collect or sell your personal information;
- The categories of third parties with whom we share your personal information;
- The specific pieces of personal information we have collected about you;
- The categories of personal information that we sold about you, and categories of third parties to whom the information was sold; and
- The categories of personal information that we disclosed about you for a business or commercial purpose.
Your Right to Request Deletion
You have the right to request that Fortress delete the personal information we have collected about you that you provided to Fortress.
Please note that in certain instances we may not be able to process your request, such as (i) due to the existence of a legal obligation, (ii) to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, or (iii) in order to complete a transaction for which your personal information was collected.
Your Right to Opt Out
Fortress has not sold any personal information to third parties in the preceding 12 months.
Fortress does not sell the personal information of minors under 16 years of age without affirmative authorization.
Your Right to Non-Discrimination
You have the right that we not discriminate against you because you exercised your rights under the CCPA.
Please note that you may be charged a different price by Fortress or receive a different level or quality of goods or services where the difference is reasonably related to the value provided to Fortress by your data.
Questions, Concerns, and Complaints
Should you wish to make an inquiry or complaint about Fortress’ use of your personal information, you may contact Fortress as set out below.
You also have the right to lodge a complaint with the appropriate regulatory body/supervisory authority, in particular in the country where you reside, place of work or of an alleged infringement of the law.
How To Contact Us
If you have any questions concerning our privacy practices described in this Notice please contact us at DSR@fortress.com, submit your request here, or call 1-833-459-0090.
Or write to us:
Data Subject Rights
Fortress Investment Group
1345 Avenue of the Americas
New York, NY 10105
Changes to this Privacy Statement
We reserve the right to change our Privacy Statement from time to time as necessary, including due to changes in the law or to our data processing practices or activities.
Last updated January 1, 2021