Global Third Party Privacy Notice

GLOBAL CLIENT / THIRD PARTY PRIVACY AND CONFIDENTIALITY POLICY

Updated: April 2026

Department: Legal & Compliance

Owner: Chief Privacy Officer

1. STATEMENT OF POLICY

Cushman & Wakefield¹ (together with its group companies, “C&W” or “Company”) is committed to respecting and protecting all information entrusted to us in the course of our business. This includes individuals’ privacy as well as client confidentiality. The Global Client/Third Party Privacy & Confidentiality Policy (“Policy”) describes C&W’s methods regarding the collection, processing, storage, and safeguarding of Confidential Information and Personal Information for business related purposes.

2. GENERAL SCOPE OF POLICY

This Policy is applicable to all of the Company’s directors, officers, partners, employees, temporary employees hired through agencies, brokerage professionals and independent contractors² (collectively “Employees”) globally³.

3. EXCEPTIONS TO POLICY

None.

4. DETAILED PROCEDURE/GUIDANCE

A. DEFINITIONS

1. Confidential Information – Any and all information or data (regardless of format) that is provided to Cushman & Wakefield by clients or third parties in confidential circumstances, which is not publicly known, and which relates to the client or third party, the affairs or business of the client or third party, or an engagement with the client or third party. This can include information or data types governed by other information laws (e.g., inside price sensitive or government protected).
   
   
2. Personal Information – Any and all information or data (regardless of format) that (i) identifies or can be used to identify, contact or locate an individual, or (ii) that relates to an individual, whose identity can be either directly or indirectly inferred, including any information that is linked or linkable to that individual.
   
   
3. Sensitive Personal Information – A subset of Personal Information, which due to its nature has been classified by law, contract, or by C&W policy as requiring additional privacy protections and Enhanced Safeguarding. Sensitive Personal Information may consist of: (i) government-issued identification numbers, (ii) banking and payment information, (iii) health, biometric and medical information, (iv) consumer credit information, (v) data elements revealing race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, genetic data, biometric data (when processed for the purpose of uniquely identifying an individual), and criminal records or allegations of crimes, and (vi) any other Personal Information designated by C&W as Sensitive Personal Information.
   
   
4. Enhanced Safeguarding – The implementation of more stringent physical, technical, and administrative measures against the risk of inadvertent or unauthorized disclosure of Sensitive Personal Information than the safeguards generally required because the inadvertent or unauthorized disclosure of Sensitive Personal Information would create a risk of substantial harm to the individual, including identity theft or financial fraud.
   
   
5. Data subject – The person about whom Personal Information relates.
   
   
6. Chief Privacy Officer – The individual appointed by Cushman & Wakefield for the oversight of C&W’s Global Privacy Program. 
   

B. GOVERNANCE

1. The Chief Privacy Officer is responsible for the oversight of this Policy, the enterprise strategy to address operational and information privacy management risk, and the support of compliance with all data protection, privacy and information security laws and regulations.
   
   
2. Each individual business line and department is responsible for following this Policy in order to address its specific activities involving the collection, use, disclosure, destruction, international transfer, exercise of rights and safeguarding of Confidential Information and Personal Information.
   

C. COLLECTION

1. C&W collects Confidential Information or Personal Information for the purposes of delivering services to clients, managing the infrastructure to support those services, and complying with legal and compliance obligations.
   
   
2. The volume and type of Confidential Information or Personal Information collected depends on what is required or relevant for delivering services to clients. C&W aims to collect only the minimum amount of Confidential Information and Personal Information for delivering services.
   
   
3. Unless otherwise agreed, it is the responsibility of clients to ensure the lawfulness and fairness of any disclosure of Confidential Information and Personal Information to C&W (including ensuring the lawfulness and fairness of any processing of that Confidential Information and Personal Information by C&W). This includes obtaining any necessary consents from the Data Subject.
   
   
4. The obligation to provide any relevant notices (e.g., to a Data Subject) or information concerning C&W’s collection or use of Confidential Information or Personal Information rests on the client or third party. C&W also relies on clients and third parties to provide accurate, complete and consistent Confidential Information or Personal Information.
   
   
5. C&W may also collect Personal Information from publicly available sources, including, but not limited to, public internet websites and databases, public or government sources, and news or open-source reporting.

D. USE

1. C&W complies with its agreements with its client and other third parties in its use of Confidential Information and Personal Information. Such agreements may limit the purposes for which C&W may use the information of the relevant client or third party (often limiting use to providing services to the client or third party).
   
   
2. C&W acts on the instructions of clients when using Personal Information. These instructions can be given orally or in writing, and their form and detail depend on both the services and the requests or requirements of the client. In the context of applicable privacy law, C&W typically acts as a Data Processor/Service Provider to our clients.
   
   
3. An agreement with a client or other third party should be reviewed before using the client’s or third party’s Confidential Information or Personal Information outside of performing services for the relevant client or third party, including for statistical benchmarking, industry intelligence and research purposes. Some agreements may allow C&W to use the relevant Confidential Information and Personal Information as long as C&W takes reasonable measures to anonymize or aggregate the information, but permission for such use should be confirmed before doing so.
   
   
4. Although not a common feature for delivering services, C&W complies with any requirements or restrictions from clients on the use of Personal Information to profile or make automated decisions on individuals.
   
    

E. RETENTION

1. Where C&W provides the client with the facility to access and delete Confidential Information and Personal Information processed on the client’s behalf, the client is responsible for deleting the Confidential Information and Personal Information when no longer required. In other cases, C&W will delete Confidential Information and Personal Information at the end of any retention period agreed with the client, or in accordance with the client’s instructions in fulfilling Data Subject rights. Each party’s responsibilities should be set forth in the agreement with the client.
   
   
2. C&W may generally retain copies of Confidential Information and Personal Information to comply with legal requirements or for compliance or record-keeping purposes, in which case C&W will retain such Confidential Information and Personal Information for as long as required by those legal requirements or to fulfil those purposes. 
   
   
3. In relation to Confidential Information and Personal Information held in backups or archives, C&W operates a programmed destruction cycle, and selective deletion is not feasible. C&W continues to safeguard the information throughout and in accordance with this Policy. Confidential Information and Personal Information held in backups or archives is not subject to any further processing.

F. DISCLOSURE

1. Unless otherwise set forth in the agreement with the relevant client or other third party, Confidential Information and Personal Information of such client or other third party is only shared within C&W with those individuals and departments who need to know. Disclosure depends on the nature of the information and the services being delivered.
   
   
2. C&W only discloses Confidential Information or Personal Information to outside organizations in the course of, or for the purposes of, delivering services to clients, and if such disclosure is in compliance with the agreement with the individual client or third party. C&W may also disclose to third parties where required to by law or for compliance purposes, but such disclosures should consider the agreement with the individual client or third party.
   
   
3. Such recipients include other C&W group entities and affiliates, C&W’s insurers and professional advisers, other advisers, or other third parties as instructed by clients, or organizations that provide C&W with various outsourced business functions and technology.
   
   
4. When C&W discloses Confidential Information or Personal Information to a third party, the third party is authorized to use and further disclose the related Confidential or Personal Information only as necessary to provide their services to C&W or as required by law.
   
   
5. C&W shall take appropriate actions to ensure that a third party protects Confidential and Personal Information that C&W discloses to it. This includes the use of appropriate contracts and information security measures providing essentially equivalent levels of protection to those agreed to with our clients.
   
   
6. If permitted by law and regulation, C&W shall inform the relevant client or third party where it proposes to disclose Confidential or Personal Information as required by law or to respond to a government request.


7. C&W does not sell or share client Personal Information.

G. INTERNATIONAL TRANSFER

1. C&W and its clients operate across the globe, and the subject matter of services provided to a client may be located in one or more jurisdictions. In order to deliver the services, C&W may receive or transfer Confidential Information and Personal Information within a country or across borders. 
   
   
2. Where C&W needs to transfer Personal Information internationally, it does so in accordance with any agreement from and as permitted by the client or in compliance with applicable privacy laws.


3. C&W has an inter-group data transfer agreement across its C&W legal entities and relies upon legally valid mechanisms of international transfer, such as EU and UK Standard Contractual Clauses, to internationally transfer Personal Information to third parties.

H. EXERCISE OF RIGHTS

1. In the event that a person other than a client wishes to exercise any rights (such as of access or correction) under applicable privacy laws as regards to Personal Information, C&W will promptly notify the client so that the client can respond.
   
   
2. If C&W receives a complaint about the collection, processing or sharing of Personal Information or a request from a regulatory authority responsible for compliance with privacy laws, C&W will, to the extent permitted by law, promptly notify the client so that the client can respond
   
    

I. SAFEGUARDS

1. C&W collects, processes, maintains, shares (internally and externally), and destroys Personal Information in a manner that appropriately limits the risk of loss, theft, misuse, or unauthorized access.
   
   
2. All C&W Employees are contractually required to safeguard Confidential Information and Personal Information. In addition, certain Employees may be subject to additional professional obligations on compliance with laws and confidentiality.
   
   
3. Where there has been a serious loss, misuse or other breach to the integrity and confidentiality of Personal Information likely to cause serious harm, C&W shall comply with the requirement to notify the client either as agreed with the client or under applicable laws. 
   
   
4. C&W raises awareness of the matters in this Policy through communications and training, and puts measures in place to ensure the reliability of Employees who access Confidential and Personal Information.
   
    

Interpretations of this Policy should be submitted to the Chief Privacy Officer.  The Chief Privacy Officer will be responsible for interpreting any portions of this Policy as they may apply to specific situations. 

^{1 The term “Cushman & Wakefield” is used broadly herein to cover Cushman & Wakefield Ltd. as well as all global affiliates, subsidiaries, and business or corporate functions, including entities that hire employees or engage independent contractors, as applicable.
2 Independent contractors are those independent vendors who assist the Company in the development and carrying out of business on a strategic basis. Independent contractors shall abide by this policy as part of the obligations assumed under their respective agreement with the Company. Should the independent contractor be a legal entity and not an individual, then such independent contractor shall cause and direct its associates linked to the services provided to the Company, if requested by the Company, to acknowledge and abide by this policy.   
3 Compliance with this policy shall not be construed or interpreted as creating an employment relationship between an Employee and a particular Company entity where none otherwise exists. Compliance with this policy by an independent contractor or an officer or associate of such independent contractor shall not be construed or interpreted as creating an employment relationship between such independent contractor, or officer or associate of such independent contractor, and the Company.}