privacy policy

Walker & Dunlop Global Privacy and Cookie Notice

Start Scrolling
Looking up at tall buildings in a city.

This privacy policy and cookie notice discloses the privacy practices and data collection by Walker & Dunlop, Inc., its subsidiaries, and affiliates

Last Updated: April 28, 2026

Please read this Global Privacy and Cookie Notice carefully. It explains how Walker & Dunlop collects, uses, discloses, transfers, retains, and protects personal information, and how individuals may exercise privacy rights under applicable law.

Table of contents

Summary of Key Information

Full Notice

  1. Information on the Applicable Responsible Entity
  2. Your Acceptance Through Use and Relationship to Other Notices
  3. Personal Information We Collect and Sources
  4. Consequences of Not Providing Personal Information
  5. How We Use Personal Information and Legal Bases
  6. Sensitive Personal Information
  7. Deidentified, Aggregated, and Publicly Available Information
  8. Sharing of Personal Information
  9. International Data Transfers
  10. How We Secure Personal Information
  11. How Long We Keep Personal Information
  12. Automated Decision-Making and Profiling
  13. Children's Privacy
  14. Your Privacy Rights
  15. Marketing Communications
  16. Changes to this Notice
  17. EU and UK Representatives under GDPR
  18. Data Protection Officer and Privacy Contacts
  19. Registered Investment Adviser and Broker-Dealer Notices
  20. California Consumer Privacy Policy
  21. Cookie Notice - Automatic Data Collection
  22. Contact Us

Appendix 1 - Responsible Entity Mapping

Summary of key information

Topic Summary
Responsible entity Depending on how and why personal information is collected, the Walker & Dunlop entity responsible for processing may differ. Appendix 1 explains how to identify the applicable responsible entity. When this Notice refers to "Walker & Dunlop," "we," "us," or "our," it refers to the applicable responsible Walker & Dunlop entity.
Scope of this Notice This Notice applies to personal information collected through W&D websites, applications, products, services, events, social media accounts, and professional interactions where this Notice is posted or linked and no more specific notice applies.
Personal information and sources We collect personal information such as contact information, registration data, professional relationship information, business relationship information, job applicant and employment-related information, marketing preferences, social media information, troubleshooting information, and cookie, device, and web analytics data. We collect this information from you, your devices, your employer or company, public sources, business partners, service providers, and other third parties.
Use and legal bases We use personal information to provide and improve Services, manage professional relationships, communicate with you, process job applications and employment/contractor relationships, provide marketing where permitted, secure our systems, comply with law, and establish, exercise, or defend legal claims. Where GDPR or UK GDPR applies, our legal bases include contract, pre-contractual steps, legal obligations, legitimate interests, consent where required, and, for certain sensitive information, the applicable special-category condition.
Sharing We share personal information with other Walker & Dunlop entities, service providers, advisors, business partners and joint ventures where appropriate, cookie and advertising technology providers, legal/regulatory authorities, and parties involved in corporate transactions.
International transfers We are headquartered in the United States and we process information in the United States, the EEA, the UK, and other jurisdictions. If you are located in a non-US jurisdiction, the transfer of personal information is processed in accordance with Appendix 1, which details legitimate interest in processing your personal information if not already provided via consent. These purposes include providing you with the requested Professional Interactions and/or to perform the Services. Where truly required, we use appropriate transfer safeguards such as adequacy decisions, Standard Contractual Clauses, the UK International Data Transfer Addendum or Agreement, or other lawful mechanisms.
Requesting Access to personal information and other Rights Depending on the legal regulations in your country and the applicable laws to which you are subject, you may have all or some of the following rights set out below and may submit a request(s) to exercise any such rights to consumercompliance@walkerdunlop.com. We respond to requests we receive from individuals wishing to exercise their data protection rights.

Please be aware that in order to accommodate some requests, we must verify your identity before we can respond. In certain jurisdictions a fee may be levied in connection with the multiple or excessive requests in a given timeframe.

Depending on which laws apply to your personal information, you may have the following data protection rights:
  • Right to know what of your personal information we collect and process, as well as the types of third parties with whom we disclose your personal information.
  • Right to access or request deletion of your personal information (where your personal information is no longer necessary in relation to the purposes for which we collected it), and to request a copy of your personal information in a portable format.
  • Right to rectification of the accuracy of our records about you, or you make a request to amend the records.
  • Right to restrict processing of your personal information if we are using the personal information for direct marketing purposes. You may have additional rights not to be subject to a decision, which may adversely affect you, which is based on solely automated processing.
  • Right to data portability of any personal information that you have provided to us if we are using consent or necessity in relation to a contract with you to justify our processing, or, in some cases, personal information that has been generated in the course of your association with Walker & Dunlop.
  • Right to opt-out of marketing and promotional e-mails and communications we send you. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing e-mails we send you or by contacting us using the information below. You may further contact us by sending an e-mail at consumercompliance@walkerdunlop.com, including a copy of the e-mail you have received and by typing “Remove” in the subject line of your e-mail, in addition the Contact Information provided in this Notice; or by mail, at:

    Walker & Dunlop ATTN: Legal
    7272 Wisconsin Ave
    Suite 1300, Bethesda, MD 20814

with the copy of what you received or information on your request. Please note that even if you opt-out from receiving marketing communications, you might still receive administrative communications from us, such as technical updates of our Services, order confirmations, notifications about your account activities, and other important notices.
  • Right to withdraw consent if we collect and process your personal information with your consent for marketing and profiling purposes, if any. Withdrawing your consent will not affect the lawfulness of any processing we conducted before withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • Right to object or appeal to decisions being made by automated means that has legal effect or to the grounds we present to you to comply, partially comply, or deny a request you make pursuant to this Notice.
  • Right to complain to a data protection authority about our collection and use of your personal information in your home country, in particular with respect to automated decision-making. A list of European Union Data Protection Authorities is available from the European Data Protection Board.
  • Right not to be discriminated against for exercising any of the above rights, though exercise of some of these rights may affect functionality or ability to provide the Services or Professional Interactions
  • For Nevada Residents: Notice provided pursuant to state law. To be placed on our internal do-not-call list, call 855.550.0007. If you would like more information about telemarketing practices, please contact us at the Contact Information below. For more on Nevada law, contact: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; by phone: 1.702.486.3132; or by email: BCPINFO@ag.state.nv.us.
  • For UK or EEA Citizens: For further information on each of those rights, including the circumstances in which they apply, please review the Guidance from the UK Information Commissioner’s Office (ICO) on the individual rights under the General Data Protection Regulation (or other relevant guidance).
Security and retention We use administrative, technical, and physical safeguards designed to protect personal information. We retain personal information for as long as necessary for the purposes described in this Notice, subject to legal, regulatory, audit, tax, accounting, dispute resolution, and business recordkeeping requirements.
Privacy rights Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal information, withdraw consent, opt out of marketing, appeal certain decisions, or complain to us or to a data protection authority.
EU/UK representatives Where required by Article 27 GDPR or Article 27 UK GDPR, we have designated representatives for responsible W&D entities located outside the EEA and UK. Representative details are set out below and should be published after the appointments are formalized.
California and U.S. state notices California-specific disclosures and rights are included in the California Consumer Privacy Policy section. Additional U.S. state rights may be exercised using the contact methods in this Notice.
Cookies We use cookies and similar technologies. You can manage certain cookie choices through our cookie preference tools and browser settings, except for cookies that are necessary for our websites and Services to function.
Contact You may contact us at consumercompliance@walkerdunlop.com or privacy@walkerdunlop.com, by telephone at 855.550.0007, or by mail at Walker & Dunlop, Attn: Legal Department, 7272 Wisconsin Avenue, Suite 1300, Bethesda, Maryland 20814.

Full notice

1. Information on the Applicable Responsible Entity

Depending on the legal regulations in your country and the applicable laws to which you are subject, you may have the right to information on the Walker & Dunlop entity responsible for processing your personal information. This entity may differ depending on how and why your personal information is collected, including whether it is collected through a website or other online service, a professional interaction, an employment or recruiting process, a regulated investment advisory or broker-dealer relationship, or another Walker & Dunlop product or service.

Appendix 1 provides information to help identify the applicable responsible Walker & Dunlop entity. If it is unclear which Walker & Dunlop entity is responsible for processing your personal information, please contact us at consumercompliance@walkerdunlop.com and we will help identify the applicable entity.

Walker & Dunlop may act as a controller, processor, service provider, or other legally defined role depending on the context. Where Walker & Dunlop processes personal information on behalf of a client, investor, employer, borrower, lender, sponsor, property owner, or other customer, we may direct your request to that entity or coordinate with that entity as required by law.

2. Your Acceptance Through Use and Relationship to Other Notices

This Notice describes how Walker & Dunlop collects, uses, discloses, and otherwise processes personal information obtained through our websites, applications, products, services, events, business communications, social media interactions, and other professional interactions where this Notice is posted or linked and no more specific notice is provided.

To the extent permitted by applicable law, your use of the Services or engagement in Professional Interactions with us signifies your understanding and acceptance of this Notice.

A local, product-specific, service-specific, applicant, employee, investor, broker-dealer, investment adviser, or other privacy notice may supplement or replace this Notice. If a specific notice or agreement conflicts with this Notice, the more specific notice or agreement governs to the extent of the conflict.

Third-party websites, platforms, social media services, property listing services, cookies, advertising technologies, and other services that link to or from our Services may have their own privacy practices. This Notice does not apply to those third-party practices, and we encourage you to review their privacy notices.

3. Personal Information We Collect and Sources

Depending on how you interact with Walker & Dunlop, you may be a website visitor, registered user, client or client representative, borrower, lender, investor, sponsor, property owner, buyer, seller, tenant, service provider, consultant, business partner, event attendee, job applicant, employee, contractor, or another individual involved in a Professional Interaction. We collect and process personal information as described below.

a. Information collected directly from you

  • Contact Information, such as name, postal address, email address, telephone number, online handle, alias, and similar identifiers.
  • Registration Data, such as newsletter requests, event and seminar registrations, subscriptions, downloads, account set-up information, username, password, authentication credentials, and preferences.
  • Professional Relationship Information, such as business contact information, employer or company, industry, job title, role, primary Walker & Dunlop contacts, records of interactions with us, investment or service interests, and information you provide to help us serve the business relationship.
  • Business Relationship Information, such as loan origination and servicing documents, investment, transaction, property, operating, ownership, buyer/seller, borrower, sponsor, guarantor, creditworthiness, due diligence, Know Your Customer, anti-money laundering, sanctions, tax, payment, and service-request information.
  • Troubleshooting and Communications Data, such as support requests, call records, call recordings where permitted, chat or email communications, technical support details, and information related to your experience using the Services.
  • Marketing Data, such as event interests, newsletter preferences, communication preferences, service interests, survey responses, and other information about services or offerings in which you may be interested.
  • Social Media Information, such as social media username, profile information, public statements or opinions about Walker & Dunlop or the commercial real estate industry, interactions with Walker & Dunlop-operated accounts, and content you provide through social media channels.
  • Job Applicant Data, such as employment and education history, skills, professional certifications, affiliations, resumes/CVs, online professional profiles, work authorization information, references, interview notes, assessment results where permitted, willingness to relocate, compensation information where permitted, and other application-related information.
  • Employment and Contractor Information, such as onboarding records, payroll, tax, benefits, beneficiary, bank account, emergency contact, right-to-work, system access, training, performance, accommodations, and other information needed to manage an employment or contractor relationship.
  • Sensitive Personal Information, as described in Section 6, where provided by you, your representative, your employer, or another authorized source and where collection and use is permitted by applicable law.

b. Information collected automatically

  • Cookie, Device, and Web Analytics Data, such as IP address, device identifiers, mobile advertising identifiers, browser type and settings, operating system, geolocation information derived from device or IP address, referring URLs, page views, interaction data, log data, session data, and information collected through cookies, pixels, tags, SDKs, and similar technologies.
  • Application and System Usage Data, such as app logs, usage statistics, device metadata, access times, authentication events, error reports, system activity, and information about how you use our Services and digital tools.
  • Third-Party Advertising Technical Data, such as IP address, browser type and version, device identifiers, location and time-zone settings, and interactions with advertisements or marketing content that we or our providers place on third-party websites or platforms.

c. Information collected from third-party sources

  • Your employer, company, client, sponsor, borrower, lender, investor, property owner, buyer, seller, service provider, business partner, or other organization involved in a transaction or Professional Interaction with us.
  • Public records, government databases, corporate registries, court records, licensing databases, sanctions and watchlist databases, census and demographic sources, property records, commercial real estate databases, and other publicly available or officially maintained sources.
  • Operators of property listing websites, industry platforms, social media platforms, marketing data providers, event partners, referral sources, and other business partners that collect or provide information for their own independent purposes.
  • Service providers and vendors that support identity verification, cybersecurity, due diligence, fraud prevention, analytics, advertising, communications, recruiting, background checks where permitted, or other operational purposes.
  • Affiliates, subsidiaries, joint ventures, and other entities within the Walker & Dunlop corporate group.
  • Third parties that collect and share personal information with us may be independently responsible for their own collection and use of that information. Please review their privacy notices to understand their practices and how to exercise rights you may have with respect to their processing.

4. Consequences of Not Providing Personal Information

In many cases, providing personal information to Walker & Dunlop is voluntary. However, certain personal information may be necessary for us to provide Services, respond to requests, create or administer accounts, communicate with you, process transactions, evaluate applications, conduct due diligence, comply with legal or regulatory obligations, perform or enter into a contract, or maintain Professional Interactions.

If you choose not to provide personal information that is necessary for a particular purpose, we may be unable to provide the requested Services, complete a transaction, respond to your request, engage in a Professional Interaction, consider your job application, administer an employment or contractor relationship, or comply with our obligations. Where applicable law requires us to state whether providing information is a statutory, contractual, or pre-contractual requirement, we will provide additional information at the point of collection or in a more specific notice.

5. How We Use Personal Information and Legal Basis  - See also, Appendix 1

We use personal information for the purposes described below. Where the GDPR or UK Data Privacy Act applies, we process personal information only where we have a legal basis, such as consent, performance of a contract, steps prior to entering into a contract, compliance with legal obligations, our legitimate interests or those of a third party, consent where required, or another basis permitted by law. Where consent is required, you may withdraw consent at any time as described in this Notice.

To manage and provide the Services and Professional Interactions. We use Contact Information, Registration Data, Professional Relationship Information, Business Relationship Information, Troubleshooting Data, Cookie, Device, and Web Analytics Data, and related information to provide access to websites, accounts, applications, products, services, communications, events, research, insights, tools, support, and other Professional Interactions; to identify and authenticate users; to administer accounts; to process requests; to support transactions; and to personalize or improve user experience. Legal bases may include contract, pre-contractual steps, legitimate interests, legal obligation, or consent where required for certain technologies.

To transact business and maintain professional relationships. We use Contact Information, Professional Relationship Information, Business Relationship Information, Marketing Data, and related information to communicate with you and your organization, respond to inquiries, provide requested information, conduct due diligence, support loan, investment, valuation, advisory, servicing, and other commercial real estate services, manage client and business partner relationships, and maintain accurate business records. Legal bases may include contract, pre-contractual steps, legitimate interests, legal obligations, or consent where required.

To process job applications and recruiting activities. We use Contact Information, Job Applicant Data, communications, assessments where permitted, references, background check information where permitted, and related information to evaluate qualifications and suitability, communicate with applicants, schedule interviews, conduct lawful screening checks, verify work authorization, administer recruiting, and make hiring decisions. Legal bases may include pre-contractual steps, legal obligations, legitimate interests, employment-related obligations, and consent where required for particular checks or sensitive information.

To carry out employment and contractor relationships. We use Contact Information, Employment and Contractor Information, Registration Data, system access records, payroll and benefits information, accommodation information where applicable, and related information to onboard personnel, provide compensation and benefits, manage performance, administer systems and facilities access, comply with employment, tax, benefits, immigration, safety, and other obligations, and protect our workforce and resources. Legal bases may include contract, legal obligation, legitimate interests, employment-related obligations, and consent where required.

To provide relevant marketing and communications. We use Contact Information, Registration Data, Marketing Data, Social Media Information, Third-Party Advertising Technical Data, and Cookie, Device, and Web Analytics Data to send newsletters, event invitations, thought leadership, market insights, advertising, and other promotional communications; to manage subscriptions; to measure campaign performance; and to tailor content and offers. Legal bases may include legitimate interests for business-to-business marketing where permitted, consent where required, and compliance with opt-out obligations.

To maintain and manage Walker & Dunlop's brand and social media presence. We use Social Media Information, Marketing Data, and Third-Party Advertising Technical Data to operate Walker & Dunlop social media accounts, respond to interactions, understand engagement, protect our reputation, and communicate with audiences. Legal bases may include legitimate interests, consent where required, and compliance with platform terms and applicable law.

To operate, evaluate, secure, and improve our business. We use Marketing Data, Professional Relationship Information, Business Relationship Information, Cookie, Device, and Web Analytics Data, Troubleshooting Data, system logs, and related information to develop and improve Services, conduct analytics, perform research, test products, optimize websites and applications, maintain quality assurance, monitor performance, prevent fraud, secure systems, and administer our business. Legal bases may include legitimate interests, legal obligations, contract, or consent where required for certain analytics or tracking technologies.

To comply with law, regulation, and policy obligations. We use any relevant personal information to comply with laws, regulations, supervisory authority requests, court orders, subpoenas, legal process, due diligence obligations, Know Your Customer, anti-money laundering, sanctions, licensing, tax, accounting, audit, affordable housing, lending, broker-dealer, investment adviser, employment, and other regulatory requirements; to enforce terms and policies; and to investigate potential violations. Legal bases may include legal obligation, legitimate interests, public interest where applicable, contract, or consent where required.

To establish, exercise, or defend legal claims and protect rights and safety. We use personal information as necessary to establish, exercise, or defend legal rights; manage disputes; protect the rights, property, safety, and security of Walker & Dunlop, our personnel, clients, business partners, and others; and prevent or respond to fraud, malicious activity, or unlawful conduct. Legal bases may include legitimate interests, legal obligations, contract, vital interests where applicable, or legal claims conditions for sensitive information.

6. Sensitive Personal Information

Certain laws distinguish personal information that may present heightened risk if disclosed or misused, including special categories of data under the GDPR and UK GDPR and sensitive personal information under certain U.S. state privacy laws. Depending on the context, information described in this Notice may include sensitive personal information, such as government identification numbers, Social Security numbers, driver's license or passport numbers, financial account information, precise geolocation where applicable, citizenship or immigration status, racial or ethnic origin, religious or philosophical beliefs, sexual orientation, disability or health-related information, criminal history information where permitted, union membership where applicable, and biometric information where permitted and specifically collected.

We collect and use sensitive personal information only as permitted by applicable law and only for appropriate business, employment, legal, compliance, security, contractual, or consent-based purposes. Examples include fulfilling contracts, providing benefits or accommodations, complying with employment and regulatory obligations, completing due diligence and Know Your Customer checks, securing access to systems or locations, preventing fraud, and establishing, exercising, or defending legal claims.

We do not use sensitive personal information to infer characteristics about you except as permitted by applicable law and as necessary for the purposes described in this Notice. We do not use biometric data for any purpose.

7. Deidentified, Aggregated, and Publicly Available Information

We may create, collect, use, share, or disclose aggregated, anonymized, or deidentified information that does not identify and cannot reasonably be linked to a specific individual, subject to applicable law. Where we maintain deidentified information, we will maintain and use it in deidentified form and will not attempt to reidentify it except as permitted by law, such as to test whether our deidentification processes are effective.

Some information used in our Services and Professional Interactions may be publicly available, including information about property ownership, sellers, buyers, borrowers, lenders, investors, sponsors, public officials, corporate entities, government filings, or other information made available by government or official sources. To the extent permitted by applicable law, publicly available, aggregated, anonymized, or deidentified information may not be considered personal information.

8. Sharing of Personal Information

Where permitted by applicable law, we share personal information with the categories of recipients described below for the purposes identified in this Notice. Some recipients may be located in countries that do not provide the same level of data protection as your home country. See Section 9 for more information on international data transfers.

Internally with Walker & Dunlop entities. We share personal information within the Walker & Dunlop corporate group as necessary to provide Services, respond to requests, administer accounts, support transactions, maintain Professional Interactions, manage personnel, operate and secure our systems, comply with law, and otherwise carry out the purposes described in this Notice.

With service providers and processors. We share personal information with vendors and service providers that support information technology, cloud hosting, cybersecurity, data storage, deal management, customer relationship management, communications, marketing, advertising, analytics, website testing, recruiting, background checks where permitted, payroll, benefits, training, audit, compliance, legal operations, and other services. These providers are expected to use personal information only as instructed or permitted by contract and law.

With business partners and joint ventures. We share personal information with business partners, joint venture partners, lenders, investors, borrowers, sponsors, sellers, buyers, property owners, property managers, brokers, advisers, consultants, and other transaction participants where necessary or appropriate for a requested service, transaction, Professional Interaction, due diligence, legal obligation, or other business purpose.

With cookie, analytics, and advertising technology providers. We share information collected through cookies and similar technologies with analytics, advertising, social media, and technology providers as described in the Cookie Notice. Depending on applicable law and the configuration of our websites, certain disclosures may constitute a sale, share, targeted advertising, or cross-context behavioral advertising.

With consultants and advisors. We share personal information with legal counsel, auditors, compliance consultants, insurers, financial advisers, and other professional advisers who assist with legal, regulatory, risk management, audit, insurance, and business operations.

With public authorities and legally compelled recipients. We disclose personal information to law enforcement bodies, regulatory agencies, courts, tax authorities, licensing authorities, government agencies, litigants, and other third parties when required or permitted by law, legal process, subpoena, court order, regulatory request, or other lawful request, or where we believe disclosure is necessary to protect rights, property, safety, or security; prevent fraud; enforce terms; or establish, exercise, or defend legal claims.

With parties to corporate transactions. We share personal information with actual or prospective buyers, sellers, lenders, investors, merger partners, financing sources, underwriters, insurers, advisers, and other participants in connection with any actual or proposed merger, acquisition, financing, reorganization, bankruptcy, transfer, sale, liquidation, or similar transaction involving all or part of our business, assets, or operations.

At your direction or with your consent. We share personal information with recipients you direct, authorize, or consent to, and as otherwise disclosed to you at the time of collection.

9. International Data Transfers

Walker & Dunlop is headquartered in the United States and operates in multiple jurisdictions. Depending on the applicable responsible entity, the Services, the Professional Interaction, and the recipients described in this Notice, personal information may be processed, transferred, stored, or accessed in the United States, the European Economic Area, the United Kingdom, and other countries.

Where personal information is transferred internationally, we protect it as required by applicable data protection laws. If you are located outside the United States, transfer to the United States or another country is necessary to provide requested information, perform requested services, support Professional Interactions, administer contracts, or comply with legal obligations.

For transfers from the EEA, UK, or Switzerland to countries that are not recognized as providing an adequate level of protection, we use appropriate safeguards where required. These safeguards may include the European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum or International Data Transfer Agreement, adequacy decisions, transfer risk assessments, supplementary contractual, technical, and organizational measures, or another lawful transfer mechanism.

You may contact us using the details in Section 22 to request information about the safeguards applicable to transfers of your personal information, including how to obtain a copy of relevant contractual safeguards where required by law.

10. How We Secure Personal Information

We implement administrative, technical, physical, and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. These measures may include access controls, authentication, role-based permissions, encryption in appropriate circumstances, network and endpoint security, monitoring, incident response procedures, secured files, secured facilities, employee and contractor confidentiality obligations, vendor due diligence, and periodic review of security measures.

No method of transmission or electronic storage is fully secure. While we use safeguards designed to protect personal information, we cannot guarantee absolute security. You are responsible for protecting passwords, credentials, and devices used in connection with the Services and should notify us promptly if you believe your credentials or account have been compromised.

11. How Long We Keep Personal Information

We retain personal information for as long as necessary for the purposes for which it was collected, for the purposes described in this Notice, or as otherwise required or permitted by applicable law. We also retain personal information as necessary to comply with legal, regulatory, tax, accounting, audit, employment, benefits, licensing, lending, affordable housing, broker-dealer, investment adviser, dispute resolution, litigation hold, investigation, cybersecurity, and recordkeeping obligations.

The criteria we use to determine retention periods include the nature and sensitivity of the information, the purposes for processing, the duration of our relationship with you or your organization, whether you maintain an account or continue to use Services, applicable limitation periods, legal and regulatory requirements, audit requirements, contractual obligations, the need to resolve disputes or enforce agreements, and whether information can be deidentified, aggregated, or anonymized instead of retained in identifiable form.

For example, for private clients with small balance records and relationships, personal information is retained for 10 years after the loan pay-off or maturity date. Personal information used for marketing purposes is retained unless/until the recordholder requests deletion or removal in which case the record is deleted within 30 days.

12. Automated Decision-Making and Profiling

Some laws provide rights or require additional disclosures when organizations use automated decision-making or profiling that produces legal or similarly significant effects. Walker & Dunlop's decision-making processes that can be automated are overseen by one or more natural persons before deployment.

Unless we provide a specific notice stating otherwise, Walker & Dunlop does not use solely automated decision-making, including profiling, that produces legal effects or similarly significant effects concerning individuals. If we introduce such processing, we will provide information about the logic involved, the significance and envisaged consequences, and rights available under applicable law.

13. Children's Privacy

Our Services and Professional Interactions are not directed to children under 16. We do not knowingly collect personal information from children under 16, and we do not knowingly sell or share personal information of children under 16. If you believe a child has provided personal information to us, please contact us using the details in Section 22.

14. Your Privacy Rights

Depending on your location, relationship with Walker & Dunlop, and applicable law, you may have some or all of the rights below. These rights may be subject to exceptions, verification, limitations, or additional requirements under applicable law.

  • Right to know or be informed about how we collect, use, disclose, sell, share, retain, and otherwise process personal information.
  • Right of access, including the right to request confirmation that we process your personal information and to receive a copy of personal information we process about you.
  • Right to correction or rectification of inaccurate or incomplete personal information.
  • Right to deletion or erasure of personal information, subject to legal exceptions and retention obligations.
  • Right to restrict or limit processing in certain circumstances.
  • Right to data portability, where applicable, to receive information in a structured, commonly used, machine-readable format.
  • Right to object to processing based on legitimate interests or for direct marketing purposes, where applicable.
  • Right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • Right to opt out of sale, sharing, targeted advertising, or certain profiling where applicable under U.S. state privacy laws.
  • Right to limit certain uses or disclosures of sensitive personal information where applicable.
  • Right not to be discriminated against for exercising privacy rights.
  • Right to appeal a refusal or partial refusal of a privacy request where applicable.
  • Right to complain to us and, where applicable, to a data protection authority, supervisory authority, or regulator in your jurisdiction.

To exercise rights, please contact us using the details in Section 22 or use any webform, portal, or request mechanism we make available. We may need to verify your identity, authority, and jurisdiction before responding. We may ask for information reasonably necessary to verify your request, such as name, email address, telephone number, account information, transaction details, or the Walker & Dunlop employee or team with whom you interacted. We use verification information only to verify and respond to your request, maintain request records, and comply with law.

You may authorize another person to submit a request on your behalf where permitted by law. We may require proof of authorization and may require you or the authorized agent to verify identity and authority. If you make a request involving information provided to us by your employer, company, client, or another entity, we may direct you to that entity or coordinate with that entity as legally required.

EEA, UK, and Swiss individuals may have the right to lodge a complaint with a competent supervisory authority. UK individuals may also have the right to make a data protection complaint directly to us. We will handle complaints in accordance with applicable law, including acknowledging complaints and informing complainants of outcomes where required.

15. Marketing Communications

You may opt out of marketing and promotional emails by following the unsubscribe or opt-out instructions included in those communications or by contacting us at consumercompliance@walkerdunlop.com or privacy@walkerdunlop.com with "Remove" in the subject line and, where helpful, a copy of the communication you received. You may also contact us by mail at the address in Section 22.

Opting out of marketing communications will not necessarily opt you out of non-marketing communications, such as transactional, account, service, legal, security, compliance, or administrative messages. Your cookie and targeted advertising choices are described in the Cookie Notice and California Consumer Privacy Policy sections.

16. Changes to this Notice

We may update this Notice from time to time to reflect changes in law, technology, Services, Professional Interactions, business practices, or privacy practices. If we make material changes, we will update this page and the "Last Updated" date. Where required by law, we will provide a more prominent notice or obtain consent.

17. EU and UK Representatives under GDPR

Where Walker & Dunlop is required to designate a representative in the European Union under Article 27 of the GDPR, Walker & Dunlop has designated the following representative for responsible Walker & Dunlop entities located outside the EEA that process personal information subject to the GDPR:

Representative in the EU (Article 27 GDPR)

GeoPhy B.V.
Zuid-Hollandlaan 7
2596 AL Den Haag
The Netherlands

In case of questions, please contact: consumercompliance@walkerdunlop.com or David Keithley.

Where Walker & Dunlop is required to designate a representative in the United Kingdom under Article 27 of the UK GDPR, Walker & Dunlop has designated the following representative for responsible Walker & Dunlop entities located outside the UK that process personal information subject to UK data protection law: Walker & Dunlop PVT LTD. In case of questions, please contact: consumercompliance@walkerdunlop.com.

Representative in the UK (Article 27 UK GDPR)

Walker & Dunlop PVT LTD
49 Grosvenor Street, Ste. 401
London W1K 3HP
United Kingdom

In case of questions, please contact: consumercompliance@walkerdunlop.com.

18. Data Protection Officer and Privacy Contacts

Unless a local or service-specific notice identifies a data protection officer, privacy officer, or other local contact, questions about this Notice or Walker & Dunlop privacy practices may be directed to consumercompliance@walkerdunlop.com, privacy@walkerdunlop.com or to the mailing address in Section 22. Where applicable law requires us to identify a DPO or local privacy contact, we will provide the relevant contact details in the applicable local or service-specific notice or upon request.

19. Registered Investment Adviser and Broker-Dealer Notices

Different privacy rules may apply when you interact with Walker & Dunlop Investment Partners, Inc. or its affiliates acting as a registered investment adviser, or with Zelman Partners, LLC acting as a broker-dealer. Separate privacy notices apply to those regulated services and Professional Interactions. If you would like to change your preferences or limit sharing of information for registered investment adviser or broker-dealer purposes, please use the contact information in separate notices. See, WDIP Privacy Notice or Zelman Partners Privacy Notice.

Because certain information is collected to complete due diligence, fulfill a contract, or comply with applicable law, privacy choices or opt-outs may be limited in regulated or transactional contexts.

20. California Consumer Privacy Policy

This California Consumer Privacy Policy supplements the information above for individuals who are residents of California. It applies to personal information subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"). Certain information may be exempt from the CCPA, including publicly available information, deidentified or aggregated information, information covered by federal privacy laws such as the Gramm-Leach-Bliley Act or Fair Credit Reporting Act, and information processed in certain regulated contexts.

a. Categories of personal information collected

In the preceding 12 months, depending on your interactions with Walker & Dunlop, we may have collected the following CCPA categories of personal information:

  • Identifiers, such as name, alias, postal address, email address, telephone number, online identifier, IP address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
  • Customer records information, such as contact details, signature, government identification, financial information, bank account information, due diligence records, loan or transaction records, and other information described in California Civil Code Section 1798.80.
  • Characteristics of protected classifications under California or federal law, such as age, citizenship or immigration status, race, ethnicity, sex, disability, or other protected information where collected for employment, compliance, due diligence, accommodations, or legal purposes and where permitted by law.
  • Commercial information, such as products or services purchased, obtained, or considered; records of Services; transaction history; property interests; investment or financing interests; event registrations; subscriptions; downloads; and preferences.
  • Internet or other electronic network activity information, such as browsing history, search history, interaction with websites, applications, advertisements, emails, or online content, and device and log data.
  • Geolocation data, such as approximate location derived from IP address or device settings and, where permitted and enabled, more precise location information.
  • Audio, electronic, visual, thermal, olfactory, or similar information, such as call recordings, voicemail, video conferencing, photographs, and security footage where applicable.
  • Professional or employment-related information, such as employer, job title, work history, professional credentials, references, performance information, and recruiting information.
  • Education information that is not publicly available personally identifiable information, such as degrees, transcripts, certifications, and training records where collected in recruiting or employment contexts.
  • Inferences drawn from other personal information, such as preferences, interests, predispositions, behavior, attitudes, service interests, marketing segments, or similar profiles.
  • Sensitive personal information, as described in Section 6, where collected and used for permitted purposes.

b. Sources, purposes, and disclosures

The sources of personal information are described in Section 3. The purposes for collection, use, and disclosure are described in Section 5. The categories of recipients to whom we disclose personal information are described in Section 8. For each category of personal information above, we may disclose information for business purposes to service providers, processors, affiliates, subsidiaries, business partners, joint venture partners, professional advisers, legal and regulatory authorities, transaction participants, and other recipients described in this Notice.

c. Sale, sharing, targeted advertising, and Global Privacy Control

Walker & Dunlop does not sell or share personal information for monetary value but may share for targeted advertising as those terms are defined under the CCPA.

Where required by applicable law and technically feasible, Walker & Dunlop will honor browser-based opt-out preference signals as a request to opt out of sale or sharing for the browser or device that sends the signal. You may also use our cookie preference tools or contact us as described in this Notice.

d. Sensitive personal information

We use sensitive personal information only for purposes permitted by applicable law, including to provide requested Services, comply with law, perform contracts, process employment or contractor relationships, conduct due diligence, ensure safety and security, prevent fraud, and establish, exercise, or defend legal claims.

e. California rights

California residents may have the right to know, access, correct, delete, obtain a portable copy of, opt out of sale or sharing of, limit certain uses and disclosures of sensitive personal information, and not be discriminated against for exercising CCPA rights. To exercise California rights, contact us using the details in Section 22, call 855.550.0007, or use any webform or request portal we make available. Please state that you are a California resident and describe the right you wish to exercise.

We will verify requests as required by law. You may authorize an agent to submit a request on your behalf. We may require proof of authorization and may also require you to verify your identity directly with us, unless the agent has a valid power of attorney under California law.

f. Retention for California residents

We retain each category of personal information for the periods described in Section 11 or as otherwise disclosed at the time of collection. For additional information on data retention, please reach out to privacy@walkerdunlop.com.

g. Shine the Light

California residents may request information regarding categories of personal information disclosed to third parties for their own direct marketing purposes during the preceding calendar year, if applicable. To make a request, contact us using the details in Section 22 and include "California Shine the Light Request" in your request.

21. Cookie Notice - Automatic Data Collection

We use cookies and similar tracking technology (collectively, "Cookies") in certain Services and Professional Interactions, including our websites. These are small text files that a website stores on your personal computer, telephone or other device, with information about your navigation on that website. Cookies serve various purposes, such as allowing you to navigate between pages efficiently, remembering your preferences, analyzing the use of the Services or Professional Interactions, and ensuring that advertisements you see online are more relevant to you and your interests. A Cookie contains the name of the server it came from, the expiry of the Cookie, a value (usually a randomly generated unique number) as well as other data relating to your use of our Services or your Professional Interactions. Depending on the applicable data protection law, such information and data may qualify as personal information.

We use cookies, pixels, tags, SDKs, local storage, web beacons, and similar technologies on our websites, applications, emails, advertisements, and other digital Services. These technologies help us operate the Services, remember preferences, understand usage, improve performance, analyze interactions, support security, and provide or measure marketing and advertising.

a. What is a cookie?

A cookie is a small text file stored on your computer, phone, or other device. Cookies can help a website remember information about your visit, such as your preferences, login status, navigation, and interactions. Similar technologies may store or access information on your device or collect information about your use of the Services. Depending on applicable law, information collected through cookies and similar technologies may be personal information.

b. Types of cookies and similar technologies we use

Essential or Required Cookies. These technologies are necessary for websites, applications, and Services to function, such as enabling navigation, security, authentication, account access, load balancing, fraud prevention, and remembering privacy or cookie preferences.

Functional Cookies. These technologies allow us to provide enhanced functionality and personalization, such as remembering preferences, language, font size, region, video playback settings, or social media integration.

Analytics Cookies. These Cookies track information about website visitors and their user behavior (e.g., how many people watched a podcast, how effective was this communication). Google Analytics (GA) Cookies are one of the most common analytics Cookies set by websites. We use Google Analytics to better understand how visitors use our Services by using Cookies that Google or its affiliate DoubleClick recognize when you visit other websites and applications. For more information about how Google collects, uses, and shares your information, including information collected through our Services and Professional Interactions, please visit the Google Privacy Policy — Partners website at https://policies.google.com/technologies/partner-sites  or see Google’s own Privacy Policy at https://policies.google.com/privacy.  

Advertising Cookies. These technologies help us and our advertising or social media partners provide, measure, and improve advertising, understand campaign performance, and make advertisements more relevant to you on our Services or on third-party websites and platforms. We may use third party marketing Cookies to help deliver ads relevant to your interests. These include: LinkedIn — you can learn more about LinkedIn Cookies and how you can control them at https://www.linkedin.com/legal/cookie-policy; Google/YouTube — you can learn more about Google Cookies and how you can control them at https://policies.google.com/technologies/cookies ; and DemandBase — you can learn more about Demandbase Cookies and how you can control them at https://www.demandbase.com/cookie-policy/.

c. Managing cookie choices

Where required by law, we will obtain consent before using non-essential cookies or similar technologies. You can manage certain cookie choices through our website cookie preference tools or by reaching out to consumercompliance@walkerdunlop.com and through your browser settings. You will need to set preferences for each device and browser you use. If you delete cookies, reset your browser, or use a different browser or device, you may need to reset your preferences.

Most browsers allow you to block, delete, or manage cookies through settings or preferences. Blocking or deleting Required Cookies may cause the Services to not function properly. Additional information about cookies is available at www.allaboutcookies.org.

Some browsers or extensions offer opt-out preference signals, such as Global Privacy Control. Please see the California Consumer Privacy Policy section for more information and bracketed implementation notes.

'Do not track' signals

Do Not Track (“DNT”) is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. We have taken steps to recognize or respond to browser initiated DNT signals, also known as Global Privacy Control signals (“GPCs”). As the Internet industry is still working towards defining exactly what DNT means, or whether GPCs will be the common approach to responding to DNT requests, our steps may not recognize or respond to all DNT requests.

Updating your consent choices

Our websites provide you ways to make choices regarding our use of Cookies on our websites, with the exception of Essential Cookies. You can also contact us as provided in this Notice or if you would like to make Cookie choices for Services or Professional Interactions other than our websites. You will need to set your preferences from each device and each web browser from which you wish to opt out. Also, if you clear your Cookies in your browser settings, this will remove all Cookies including the opt-out Cookies set to honor your previously made Cookie choices. In those cases, you will need to reset your preferences on our websites and elsewhere.

Disabling & preventing further use of cookies

As stated above, you may also restrict, block or delete the Cookies from our websites at any time by changing the configuration of your browser. You can find out how to do this, and find more information on Cookies, at https://www.allaboutcookies.org/. In addition, while each browser has different settings and configurations, cookies settings can typically be adjusted in the "Preferences" or "Tools" menu of your browser. Your browser’s "Help" menu may provide additional information. Note, however, that deleting or blocking Required Cookies will cause the Services to not function properly.

22. Contact Us

If you have questions or concerns about this Notice or our privacy practices, want to exercise privacy rights, want to make a privacy complaint, or want to opt out of marketing communications, please contact us using one of the methods below:

If you are located in the UK, EU or AMEA, then please refer to the contact information above in Section 17.

Appendix 1 - Responsible Entity Mapping & Legitimate Interest Matrix

The following table is intended to help identify the Walker & Dunlop entity responsible for processing personal information. If it is unclear which entity is responsible, contact consumercompliance@walkerdunlop.com. For most website interactions, the controller is Walker & Dunlop, Inc.

Processing activity Responsible Walker & Dunlop entity
A. Personal information collected through the main Walker & Dunlop website, including general inquiries, public website interactions, content downloads, newsletter subscriptions, and cookie/device data. Walker & Dunlop, Inc.
7272 Wisconsin Avenue, Suite 1300
Bethesda, Maryland 20814
Telephone: 301.215.5500
Email: consumercompliance@walkerdunlop.com
B. Personal information collected through local, product-specific, application-specific, or service-specific sites or digital tools. The Walker & Dunlop entity that operates or provides the relevant website, application, product, or service, unless a local or service-specific notice identifies a different responsible entity.
C. Personal information collected through Professional Interactions other than the main public website, including transaction, loan, investment, valuation, advisory, servicing, event, business development, or client relationship interactions. The Walker & Dunlop entity with which you, your company, employer, client, sponsor, borrower, lender, investor, or other organization has the Professional Interaction, unless a separate notice, agreement, or local law identifies a different responsible entity.
D. Personal information collected through Walker & Dunlop-operated social media accounts. The Walker & Dunlop entity identified on the applicable social media account or, if no entity is identified, Walker & Dunlop, Inc. for general corporate accounts, subject to the privacy practices of the relevant social media platform.
E. Job applicant, employee, and contractor personal information. The Walker & Dunlop entity to which you apply, with which you are employed or engaged, or that otherwise administers the relevant recruiting, employment, or contractor relationship, unless a separate applicant, employee, or contractor notice identifies a different entity.
F. Registered investment adviser services. Walker & Dunlop Investment Partners, Inc. or the applicable affiliate identified in the relevant investment adviser notice, agreement, or client documentation.
G. Broker-dealer services. Zelman Partners, LLC or the applicable broker-dealer entity identified in the relevant broker-dealer notice, agreement, or client documentation.
H. Processing where Walker & Dunlop acts on behalf of a client, customer, employer, borrower, lender, investor, sponsor, property owner, seller, buyer, or other third party. The relevant third party may be the controller or business responsible for the personal information. Walker & Dunlop may act as processor, service provider, or similar role and may direct requests to the relevant third party as required or permitted by law.

Lawful Basis for Processing: Legitimate Interest Matrix + Regulatory Obligation (GDPR)

We process your personal data where necessary for our legitimate interests, including maintaining and developing client relationships, promoting our services to business contacts, operating and improving our services, and protecting our business from fraud and legal risk.

A. Business Development & Client Relationship Management

Purpose Data Legitimate Interest
Maintaining client/prospect database Contact, professional info Managing and growing client relationships in B2B environment
Outreach to prospective clients Contact, marketing data Promoting services to relevant professionals
Relationship tracking (CRM) Interaction history Ensuring continuity and quality of client service

B. Marketing

Purpose Data Legitimate Interest
Sending B2B marketing emails Contact, preferences Keeping clients informed of relevant market opportunities
Event invitations Contact, professional info Promoting industry engagement and services
Market reports & insights Contact, engagement data Demonstrating expertise and maintaining relationships

C. Deal Execution & Transaction Management

Purpose Data Legitimate Interest
Managing transactions (loans, sales, leasing) Contact, financial, property data Operating core CRE business and facilitating transactions
Due diligence (KYC, AML checks) ID, financial data Preventing fraud and ensuring regulatory compliance (note: alternative basis for processing is legal obligation/requirement)
Communications during deals Contact, correspondence Efficient transaction execution

D. Platform/Website Operation

Purpose Data Legitimate Interest
Website analytics IP, usage data Improving website performance and user experience
Security monitoring Device, log data Protecting systems and preventing fraud (note: alternative basis for processing is legal obligation/requirement)
Account management Login, usage Ensuring secure access and service delivery

E. Business Operations & Improvement

Purpose Data Legitimate Interest
Internal analytics & reporting Aggregated + personal data Improving services and business strategy
Training & quality assurance Calls, communications Maintaining service standards
Product development Usage data Enhancing offerings

F. Corporate Governance & Risk

Purpose Data Legitimate Interest
Fraud detection Transaction + behavioral data Preventing fraud and protecting assets
Legal claims Relevant personal data Establishing, exercising, defending claims
Corporate transactions (M&A) Client/employee data Facilitating business transfers

G. Recruitment

Purpose Data Legitimate Interest
Reviewing applications CVs, profiles Hiring suitable candidates
Talent pooling Candidate data Future hiring needs

Services

Our comprehensive CRE platform offers you both entity-level and property-level finance and advisory services.

Learn more

Specialties & Sectors

Affordable, multifamily, industrial, and more…you name it and we have the skills and expertise to handle it.

Learn more