1. Home
  2. EEA UK Website Privacy Notice

EEA UK Website Privacy Notice

Website Privacy Notice for EEA and UK Residents

Last updated: December 2025

Printer Friendly Version (PDF)

1. Introduction

This Website Privacy Notice for EEA and UK Residents (“Notice”) provides additional information for individuals located in the European Economic Area (“EEA”) and the United Kingdom (“UK”) when you visit or use our Website, Services or if you are an Applicant..

This Notice should be read together with the Kennedy Wilson Privacy Policy (our main global privacy policy). Terms not defined in this Notice will have the meaning given in the Kennedy Wilson Privacy Policy. Where this Notice conflicts with the main Privacy Policy for EEA/UK visitors, this Notice will govern.

2.  Our Website – Categories of Personal Data We Process

The table below describes the categories of personal data we collect from and about you through our Website.

Personal Data DescriptionSource

Identity and Contact Data such as your name, home address, email address and telephone number.

Directly from you (online or offline)

Indirectly from you

Third parties

Account Data such as your login information (email and password) and profile information (contact details including your name, surname, country, occupation, email address).

Directly from you

Communications Data such as your feedback on our services or the performance of our Website and other communications with us, any queries you raise, chat, email or call history on the website or with third party service providers.  This will include information as to how you contact us and the channel of communication that you use or any information that you send to us.

Directly from you

Indirectly from you

Third parties

Advertising and Marketing Data such as your interests based on your use of our Website and other websites and online services, your preferences in relation to receiving marketing materials from us, communication preferences, your interest in attending events, your requests for information about us, a property, an investment, or other services we provide.

Directly from you

Indirectly from you

Third parties

CCTV Data collected at our premises to prevent theft and fraud and more generally to protect our property and assets, employees, tenants, vendors and visitors.

Indirectly from you

Device Data collected from (or as a result of your using) your device (including by means of cookies and similar tracking technology), including your IP address, your ISP, and the browser you use to visit our Website, device type, unique device identification numbers or other identifiers.

Indirectly from you

Website Usage Data such as activity and website page interaction, information that we capture using cookies and similar technologies (see the "Cookies – Targeted Advertising, Analytics and Google Services" section in the Kennedy Wilson Privacy Policy).  This will include page views and searches, log-in information, clicks, operating system, information about content viewed, watched or downloaded for offline access, length of visits to certain pages, length of website use and other functional information on website performance (for example, application version information, diagnostics, and crash logs).

Indirectly from you

Location Data collected using WiFi access points / and/or GPS from which we can identify your precise geographic location, e.g., technical information that associates your location to your use of the website.

Indirectly from you

We do not intentionally seek to collect special categories of personal data (such as information about health, religion, or political opinions) via general Website contact forms. Please do not submit such information through the Website unless we specifically ask for it.

3. Our Website - Purposes and Legal Bases for Processing

The following table provides more details on our purposes for processing your personal data and the related legal bases in relation to our Website. The legal basis under which your personal data is processed will depend on the data concerned and the specific context in which we use it.

Purpose/ActivityType of Personal DataLawful basis for processing including basis of legitimate interest

Register your account on our Website, to manage and administer your account.
 

Identity and Contact  Data

Account Data

  • Necessary for our legitimate interests to operate, provide and improve our organisation, including our Website, to promote our services.

Respond to your communications regarding our services, support and administrator messages, respond to your enquiries, requests or complaints.

Identity and Contact Data

Account Data

Communications Data

  • Necessary for our legitimate interests (to operate, provide and improve our organisation and to communicate with you.

Marketing/ Prospecting: communicating with you about properties, investments, services, events, or news; sending investor updates; and maintaining and updating contact information.

Identity and Contact Data

Account Data

Communication Data

Advertising and Marketing Data

Website Usage Data

  • Consent (where required under applicable law).
  • Otherwise our legitimate interests (to operate, provide and improve our organisation; to communicate with you and to develop marketing activities and promote our products and services).

Operating and improving our Website and Services: operating, managing, administering, and improving our websites and online tools; customizing content; and analyzing usage.

Identity and Contact Data

Account Data

Communications Data

Device Data

Website Usage Data

  • Consent (where required under applicable law – see cookie consent tool on our Website).
  • Otherwise our legitimate interests to operate, provide and improve our organisation, including our Website, to improve our Website or use the insights to improve or develop marketing activities and promote our products and services.

Business operations and investor relations – Managing relationships with investors, tenants, property managers, lenders, vendors, and other counterparties; conducting due diligence; and managing contracts and transactions.

Identity and Contact Data

Account Data

Communications Data

  • Necessary for our and our third parties' legitimate interests (to operate and provide our organisation, including our Website and Services and/or to manage our investors, tenants, property managers, lenders, vendors and other counterparties.

IT operations: operating and securing our IT systems; monitoring for fraud and misuse; and conducting security audits

Identity and Contact Data

Account Data

Device Data

Website Usage Data

  • Necessary for our and our third parties' legitimate interests (to operate, provide and improve our organisation, including our Website to prevent Illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure).

Financial management: sales; finance; corporate audit; and vendor management

Identity and Contact Data

Account Data

Communications Data

Device Data

Website Usage Data

  • Necessary for our and our third parties' legitimate interests (to operate and provide our organisation, including our Website; to detect or prevent illegal activities (e.g. fraud) and/or to manage our vendors.

Security: physical security of our premises (including records of visits to our premises and CCTV recordings); electronic security (including login records and access details to our electronic systems, if applicable) and Website security

Identity and Contact Data

Account Data

Communications Data

CCTV Data

Device Data

Website Usage Data

Location Data

  • Necessary for our and our third parties' legitimate interests (to operate and provide our organisation, including our Website; to detect or prevent illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure, and the safety and security of our employees, tenants, vendors, and visitors).

Manage our use of tracking technologies such as cookies (including enabling you to manage your cookie preferences) and analyse collected data to learn about our Website, to improve our Website, and to develop new products and services. This includes website analytics, identifying browsing trends and patterns and evaluating this information.

Account Data

Device Data

Website Usage Data

Location Data

  • Consent (where required under applicable law – see cookie consent tool on our Website).
  • Otherwise (for strictly necessary cookies) our legitimate interests to operate, provide and improve our organisation, including our Website, to improve our Website or use the insights to improve or develop marketing activities and promote our products and services.

Legal, compliance, and risk management: complying with legal and regulatory obligations; responding to legal process and government requests; performing audits; and managing risk; and fraud prevention.

Identity and Contact Data

Account Data

Communications Data

Advertising and Marketing Data

CCTV Data

Device Data

Website Usage Data

Location Data

  • Legal obligation.
  • Otherwise our legitimate interests to protect our organisation interests.

Legal proceedings: establishing, exercising, and defending our legal rights.

Identity and Contact Data

Account Data

Communications Data

Advertising and Marketing Data

CCTV Data

Device Data

Website Usage Data

Location Data

  • Our legitimate interests to protect our organisation interests.

4.  Applicants – Categories of Personal Data We Process

The table below describes the categories of personal data we collect from and about you through our application and recruitment process.

Personal Data Description

Source

Contact Data: Name or alias, home address, personal telephone number and personal email address.

Directly from you

Application Information, Professional and Academic Data: Position applied for, age, date of birth, marital status, gender, pronouns, existing and/or desired compensation and salary data, eligibility for and participation in benefit schemes, CV/résumé information such as previous roles, job descriptions, experience, responsibilities and assignments, years of service, security clearance status, education history and academic/professional qualifications.

Directly from you

Interview and Selection Notes: Notes made by interviewers or other staff in connection with your application.

Directly from you

Third parties

Sensitive Personal Data: Information that reveals your racial or ethnic origin, religious, political or philosophical beliefs, information about your health (including mental health and any disability) or sexual orientation.

Directly from you

Background Checks: Criminal records data, results of reference checks and screening such as verification of education and employment history, screening checks such as against politically exposed persons registers, professional practising checks and other searches relevant to the role for which you are applying.  This information will only be requested from you or obtained from third parties at the end of the recruitment process, once the offer has been made and you have accepted the position you applied for.

Directly from you

Third parties

Nationality, Citizenship and Right to Work Information: Nationality and country of birth, citizenship and right to work information, government identification documents (including passports and residency permits) and, where relevant, visa information.

Directly from you

Communication Data: Communications between us and you in relation to your application and the application process.

Directly from you

Automatic collection

IT Data Information collected through our Website such as IP addresses, log files and login information. IT Data may also include inferred location based on your IP address or activities, device identifiers associated with your computer or device, mobile carrier and related information and activity logs generated when you navigate our Website.

Automatic collection

Security and Access Data Closed-circuit television (CCTV) footage in public or common areas in our premises and near our premises (such as in car parking areas and in which case footage may include vehicle licence plates).

Where you visit our premises, physical or electronic guest book information containing name, photograph, vehicle licence plate and person(s) you are visiting.

Automatic collection

Third parties (where used for CCTV, security and access systems)

5. Applicants - Purposes and Legal Bases for Processing

  • We use the personal data that we collect about you only for the purposes described in this Notice.  The following table provides more details on our purposes for processing your personal data and the legal basis that we rely on to lawfully process your data for each purpose.

Our purpose for processing your personal data

Personal data categories (defined in the table above) that we process for this purposeOur legal basis

Process and evaluate an Applicant’s application, qualifications, and credentials for employment with us

Contact Data

Application Information, Professional and Academic Data

Interview and Selection Notes

Communication Data

  • Legitimate interests of managing applications for positions with us.

To contact Applicants regarding the status of their application for employment

Contact Data

Communications Data

IT Data

  • Legitimate interests of managing applications for positions with us.

Assist with the onboarding of an Applicant into employment

Contact Data

Application Information, Professional and Academic Data

Interview and Selection Notes

Background Checks

Nationality, Citizenship and Right to Work Information

Communication Data

  • Legitimate interests of managing applications for positions with us.
  • To take steps to enter a contract with successful Applicants.

To conduct internal research

Contact Data

Application Information, Professional and Academic Data

Interview and Selection Notes

Background Checks

Nationality, Citizenship and Right to Work Information

Communication Data

IT Data

  • Legitimate interest of reviewing and updating our application process.

To conduct criminal record and background checks

Background Checks

  • Legitimate interests of managing applications for positions with us.
  • Consent (where required by applicable local law).

To monitor our recruitment initiatives

Contact Data

Application Information, Professional and Academic Data

Interview and Selection Notes

Background Checks

Nationality, Citizenship and Right to Work Information

Communication Data

IT Data

  • Legitimate interest of reviewing and updating our application process.

To monitor our equal opportunity policies

Sensitive Personal Data: Specifically, to the extent required or permitted by local law, information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, philosophical beliefs, disability, age and other diversity markers.

  • Legal obligations
  • Public interest
  • Consent

In relation to Sensitive Personal Data:

  • To comply with employment obligations (if required by applicable law), or in the substantial public interest or otherwise with your consent

To determine an Applicant’s need for special accommodations.

Contact Data

Sensitive Personal Data

  • Legal obligations
  • Consent (where required)

In relation to Sensitive Personal Data:

  • To comply with employment obligations (if required by applicable law), or otherwise with your consent

To evaluate an Applicant’s legal ability or capacity for employment

Nationality, Citizenship and Right to Work Information

  • Legal obligation.

Physical and system security, (to detect security incidents, protect against malicious, deceptive, fraudulent, or otherwise illegal activity)

Security and Access Data

IT Data

CCTV images and records of use of swipe and similar entry cards / systems if you visit our premises, such as to attend an interview.

  • Legitimate interests in ensuring the safety and security of our premises and systems.
  • Legal obligations.

To determine the terms of an Applicant’s potential employment with us

Contact Data

Application Information, Professional and Academic Data

Interview and Selection Notes

Communication Data

  • Legitimate interests of managing applications for positions with us.
  • To take steps to enter a contract with successful Applicants.

To maintain your Applicant record

Contact Data

Application Information, Professional and Academic Data

Interview and Selection Notes

Background Checks

Nationality, Citizenship and Right to Work Information

Communication Data

  • Legitimate interests of managing applications for positions with us.

Disputes and legal proceedings

Contact Data

Application Information, Professional and Academic Data

Interview and Selection Notes

Background Checks

Nationality, Citizenship and Right to Work Information

Communications Data

IT Data

Security and Access Data

We will also process any other information relevant or potentially relevant to a dispute or legal proceeding affecting us.

  • Legitimate interests in managing disputes and legal proceedings to which we are party
  • Legal obligation

In relation to Sensitive Personal Data:

  • To establish, make or defend legal claims

6. International Transfers

  • As we operate internationally, in some cases, where your personal data is transferred to another Kennedy Wilson company or third party, it is processed in countries other than the country in which you are resident.  These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
  • Specifically, our group companies are based in the UK, Ireland and the USA.  Our third-party service providers and partners operate are primarily located within the EEA and UK but may also operate around the world.  This means that when we collect your personal data we will process it in any of these countries.
  • Where we transfer your personal data to countries and territories outside of the European Economic Area and the UK, which have been formally recognised as providing an adequate level of protection for personal data, we rely on the relevant “adequacy decisions” from the European Commission and “adequacy regulations" (data bridges) from the Secretary of State in the UK. For example, we are able to transfer personal data between the UK and Ireland based offices on the basis of the mutual EU and UK adequacy decisions.
  • Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to ensure that your personal data will remain protected in accordance with this Notice and applicable laws. The safeguards we use to transfer personal data in the case of our group companies are the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 under Article 46(2) for controller to controller, transfers, including the UK Addendum, permitted under Article 46(2) of the UK GDPR for the transfer of data originating in the UK.
  • The safeguards we use to transfer personal data are in case of our in case of our third party service providers and partners, are the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 under Article 46(2) for controller to controller and controller to processor transfers, including the UK Addendum permitted under Article 46(2) of the UK GDPR for the transfer of data originating in the UK.

 

7. Your Rights (EEA/UK)

Subject to the conditions and exceptions in applicable law, you have the following rights regarding your personal data:

  • Right of access – To obtain confirmation as to whether we process your personal data and to receive a copy of that data.
  • Right to rectification – To have inaccurate personal data corrected and incomplete data completed.
  • Right to erasure – To request deletion of your personal data in certain circumstances (for example, where it is no longer needed for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis for processing).
  • Right to restriction – To request we restrict processing of your personal data in certain situations (for example, while we verify accuracy or consider an objection).
  • Right to data portability – To receive certain personal data in a structured, commonly used, machine-readable format and transmit it to another controller, where technically feasible.
  • Right to object – To object, on grounds relating to your particular situation, to our processing of your personal data based on legitimate interests.
  • You have the right to opt-out of marketing communications we send you at any time.  If you wish to withdraw your consent to receive marketing materials, this can be done by:
    • updating your preferences on your online account, if you have one
    • clicking on the unsubscribe link on any emails we send you; or
    • emailing us at privacy@kennedywilson.com.
  • Right to withdraw consent – Where we rely on consent, you may withdraw it at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • Rights regarding automated decision-making – Where applicable, to request human review of decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise your rights, please contact us at privacy@kennedywilson.com and indicate that your request relates to GDPR/UK GDPR. We may need to verify your identity before fulfilling your request and will respond in accordance with applicable law.

You also have the right to lodge a complaint with your local data protection authority. Contact details for EEA authorities are available here, and the UK supervisory authority is the Information Commissioner’s Office (ICO) available here.  Certain supervisory authorities will require that you exhaust our own internal complaints process before looking into your complaint.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

8. Changes to This Notice

We may update this Notice from time to time to reflect changes in our practices, technologies, or legal requirements. Any changes will be posted on the Website with an updated “Last updated” date and, where required, we will provide additional notice (for example, by displaying a banner or sending a communication).