Privacy Notice (UK and EU)

We collect information about you through technology. For example, we collect your IP address each time you request a page during a visit to the website. (An IP address is often associated with the portal through which you enter the Internet.) At times, we may also use IP addresses to collect information regarding the frequency with which users browse various parts of the website.

The website will also use other technical methods to track and analyse the traffic patterns on the website, such as the frequency with which our users visit various parts of the website. These technical methods involve the transmission of information either directly to us or to another party authorised by us to collect information on our behalf. We use these technical methods in HTML e-mails that we send our website users and individuals who subscribe to our newsletters to determine whether such recipients have opened those e-mails and/or clicked on links in those e- mails. We may collect the information from use of these technical methods in a form that is personally identifiable, though you may prevent this by use of your browser settings or by opting out of the use of non-essential cookies as set out in the Cookies section below.

During some visits we may use software tools such as JavaScript to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse overs), and methods used to browse away from the page. We may use this information to measure website activity, to develop ideas for improving our websites and for any other purpose to the extent permitted by applicable law.

You are not required to provide any personal information to access public areas of our website, other than parts of the Investor Center.

Please also see the section on Cookies below.

If you sign up to receive our newsletter, we collect your name, email, and job title/role in addition to the information described above regarding opening the e-mail and/or clicking on links in the e-mail. Our legitimate interest for using such personal information is to provide, maintain, and improve our newsletter service, which includes distributing our newsletter and sharing other information that may be of interest to you and individuals that subscribe.

When you visit our offices, we collect the following personal information about you for the following purposes:

1. contact information by completion of the security list of visitors in line with our legitimate interests (security of the building);
2. video images of you in the entry and exit areas from CCTV footage in line with our legitimate interests (security of the building);
3. your name and time of entry to KKR’s offices through a security access system in line with our legitimate interests (maintaining security of our offices);
4. names and dietary preferences for catering purposes in meetings in line with our legitimate interests (respecting visitors’ needs);
5. health data to assist in the control of infectious diseases (such as the virus Covid-19) in line with our health and safety legal obligations;
6. if applicable, health information by completion of the first aid accident book in order to comply with our health and safety legal obligations; and
7. guests’ name and organisation for the purpose of organising events (for example conferences, charity events or student/alumni events) and providing name badges, attendee lists, team lists and table plans.

If you have had contact with KKR, for example through emailing or meeting a representative of KKR, we collect, use and store limited amounts of personal information relating to you, such as your name, job title, employer organisation and contact details. We use publicly available information about you or information you have provided us with to add to KKR’s contact directory. We may also use your contact details and metadata relating to your communications with KKR representatives for business development purposes. If your contacts with KKR also fall within other categories defined below, we will also collect, store and share your personal information as described in those categories.

We will collect and store this personal information for the purposes of:

1. maintaining a directory of contacts and business development activities;
2. organising meetings between you and KKR’s representatives; 
3. general business marketing, including reporting on macro trends and other business and economic insights; and
4. sending you periodic updates about KKR’s business, events, presentations and opportunities, including by email and post; you can opt out of receiving updates at any time by contacting us (including by email at dataprivacyoffice@kkr.com), by asking your KKR business contact, or by clicking the “Unsubscribe” link in any email that you receive.

We will share the personal information we hold about business contacts with:

1. third-party service providers which process personal information on KKR’s behalf,
2. professional advisors, such as accountants, lawyers or other consultants;
3. other companies in the KKR Group;
4. KKR’s auditors; and
5. applicable regulators and other governmental agencies anywhere in the world.

The legal basis for collecting, using and storing personal information about business contacts is that such processing is necessary for our legitimate interests in undertaking business development and promotion.

If you are a supplier or vendor to KKR, or one of our professional advisers, we will collect, use and store limited amounts of personal information relating to you, including your name, job title, qualifications, employer or parent organisation and contact details.

We will collect, use and store this personal information for the purposes of conducting anti-money laundering checks, administering and maintaining records of goods, services or advice we have received, and commissioning further services or procuring further goods.

The personal information we hold about suppliers and professional advisers will be shared with:

1. a wide range of third-party service providers which process personal information on KKR’s behalf, such as providers of telecoms, IT, courier, HR, security, legal accountancy, data and catering services.
2. professional advisors, such as accountants, lawyers or other consultants;
3. other companies in the KKR Group;
4. KKR’s auditors; and
5. applicable regulators and other governmental agencies anywhere in the world.

Our legal basis for collecting, using and storing personal information that you provide to us is that such processing is necessary for our legitimate interests in operating our business.

If you are involved in a transaction or potential transaction relating to KKR business, including as an investor or potential investor in any of our investment products, we collect, use and store personal information relating to you. To the extent appropriate, this includes your business and personal contact details, interest/marketing preferences, professional opinions and judgements, visual images and photographs required for business purposes, log-in details for user accounts, information relating to your financial status and dealings, nationality information (including copies of identity documents, such as a passport), references provided by third parties, and results of other due diligence carried out.

We collect, process and store this personal information for the purposes of:

1. performing conflicts checks;
2. verifying the identity of individuals;
3. undertaking due diligence and performing background checks;
4. conducting anti-money laundering checks;
5. evaluating potential transactions;
6. maintaining records of investments;
7. trade and transaction reporting;
8. administering transactions which are entered into;
9. statistical analysis and market research;
10. maintaining records of investments;
11. billing and invoicing purposes;
12. complying with our regulatory and legal obligations, including assessing and managing risk;
13. identifying and preventing fraud and other unlawful activity;
14. safeguarding our legal rights and interests;
15. seeking and receiving advice from our professional advisors, including accountants, lawyers and other consultants;
16. organising and holding meetings and events;
17. marketing of investment products;
18. general business marketing, including reporting on macro trends and other business and economic insights; and
19. sending you periodic updates about KKR’s business, events, presentations and opportunities.

Please note that you can opt out of receiving marketing updates or change your preferred method(s) for receiving them (e.g. email, post) at any time by contacting us (including via email at dataprivacyofficer@kkr.com), asking your KKR contact or by clicking the “Unsubscribe” link in any email that you receive.

The personal information we collect, use and store about our counterparties with whom we conduct business may be shared with:

1. third-party service providers which process personal information for us;
2. credit reference agencies;
3. financial intermediaries;
4. professional advisors, such as accountants, lawyers or other consultants;
5. other persons who have an interest or involvement in, or who are considering an interest or involvement in, a transaction upon which KKR is advising, including co-investors, other providers of finance and investors in KKR;
6. other companies in the KKR Group;
7. KKR’s auditors; and
8. applicable regulators and other governmental agencies anywhere in the world.

Our legal basis for collecting, using and storing personal information about you is that such processing is necessary for our legitimate interests in running our business, including by advising on potential transactions. If we enter into a transaction that you are involved in, it will also be necessary for us to process your personal information for the purpose of performing that contract and to comply with our regulatory and legal obligations.

We collect, use and store personal information about our public shareholders and other investors for the purposes of:

1. communicating with investors in relation to their holdings;
2. complying with our regulatory and legal obligations;
3. facilitating the payment of dividends and/or other distributions; and
4. sending you periodic updates about KKR’s business, activities and opportunities, including by email and post; you can opt out of receiving updates at any time by contacting us (including via email at dataprivacyofficer@kkr.com), asking your KKR contact or by clicking the “Unsubscribe” link in any email that you receive.

We share the personal information we hold about our public shareholders and other investors with:

1. companies which process personal information for us;
2. professional advisors, such as accountants, lawyers, proxy advisers or other consultants;
3. other companies in the KKR Group;
4. our auditors; and
5. applicable regulators and other governmental agencies anywhere in the world.

Our legal basis for collecting and storing personal information about our shareholders and other investors is that such processing is necessary for our legitimate interests in running and operating our business and ensuring effective communications with shareholders.

We collect personal information about candidates through the application and recruitment process, either directly from candidates or sometimes from third parties (including recruitment agencies, former employers and credit reference agencies). Recruitment agencies which collect and use your personal information, including for the purpose of introducing you as a candidate to KKR, act as the controller of your personal information for that purpose and so are subject to a separate privacy notice provided by the agencies to you.

Please see below a list of the categories of personal information about you that we collect, store, and use:

• personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
• date of birth;
• gender;
• nationality;
• current salary, annual leave, pension and benefits information;
• current notice period;
• desired start date with KKR;
• desired location of employment or workplace;
• passport number and driver’s license;
• recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
• employment records (including job titles, responsibilities, work history, working hours, language capabilities, training records, appraisal and fitness and propriety records and professional memberships);
• compensation history; and
• visual images and photographs required for business purposes.

Most commonly, we will use your personal information in the following circumstances:

1. to take steps prior to entering into a contract with you (for example your employment contract, consultancy contract or partnership agreement);
2. where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
3. where we need to comply with a legal or regulatory obligation.

Should you be successful in your application, we will only transfer personal information to your employment record if it is relevant to your ongoing working relationship with KKR.

Should you be unsuccessful in your application, we will securely destroy your application details but will keep on file your name, any additional identifiers required to distinguish candidates of the same name and the position for which you applied for future recruitment purposes unless you specifically request that this should not be the case.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a candidate of KKR we will not keep any personal information about you for any longer than is necessary for the purposes for which the personal information is processed and will securely destroy it after this point.

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances (each a lawful basis):

1. where we need to perform the contract we are about to enter into or have entered into with you;
2. where it is necessary for our legitimate interests (as further explained in the relevant section applicable to you above) and your interests and fundamental rights do not override those interests; or
3. where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data.

If you fail to provide certain information when requested, we may not be able to perform any contract we may have entered into with you, or we may be unable to deal with you.

We will only use your personal information for the purposes for which we collected it or as otherwise described in this privacy notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so. “Third parties” includes third-party service providers (including contractors) and other companies within the KKR Group worldwide.

All our third-party service providers and other companies in KKR Group are required to take appropriate security measures to protect your personal information in line with the GDPR. Except where needed for their own direct relationship with you or where they otherwise act as a controller of your personal information, we do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will share your personal information with other companies in the KKR Group and with KKR Capstone for internal administrative purposes on the lawful basis of our legitimate interests.

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business or an audit. If needed to comply with law and regulations, we will also need to share your personal information with a regulator, governmental agency or otherwise.

We share your personal data within the KKR Group. This will involve transferring your personal information outside the European Economic Area (EEA).

Many of our third-party service providers are based outside the EEA so their processing of your personal information will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is applied to it by implementing at least one of the following safeguards:

1. We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
2. We use specific contracts approved by the European Commission which give personal information the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
3. We will use a data transfer mechanism approved by the European Commission or the UK authorities, as appropriate, such as an equivalent to the Privacy Shield or updated Model Contracts approved by the EU Commission or the UK government.

Please contact us (preferably via email at dataprivacyofficer@kkr.com) if you would like further information on the specific mechanism used by us when transferring your personal information out of the EEA.