Privacy Policy

PRIVACY NOTICE

GB English Version( ) updated as at 26 October 2018 and issued in relation to Niatross Investments
SICAV-SIF (the “Fund”) and Niatross Investments Limited (“the Company”)

 

We first invite you to familiarise yourselves with the few following key players as we will extensively refer to them in this Privacy Notice:

 

  1. Personal data is any information relating to a data subject.
  2. A data subject is a living natural person identified or identifiable in relation to her/his personal data.
  3. An investor is any person (natural or not) investing, soliciting or solicited to invest, in the Fund.
  4. A controller determines the purposes and means of personal data processing.
  5. A joint controller is a controller that determines the purposes and means of personal data processing with another controller.
  6. A processor processes personal data on behalf of, and upon instruction from, one or more controllers.

 

The Fund is in most cases acting as controller for the processing of personal data in the context of the Fund’s and Company’s activities (“we”, “us” or “our”). In the context of the Fund’s activities, we process or outsource the processing of personal data of various categories of data subjects. Insofar as we determine the purposes and means of this processing, we qualify and act as controller. In relation to the distribution of shares of the Fund in Hong Kong, Australia, Singapore, Switzerland, Belgium, United Kingdom, the Fund and the Company act as joint controllers.

1. Categories of data subjects

Categories of data subjectsDescription
Investing PersonsThe Investing Persons category groups the investors who are natural persons, the natural persons (such as beneficial owners or family members) who are associated with investors, as well as the natural persons involved in entities (in particular intermediary companies, trusts or other vehicles) associated with investors.
Fund PersonsThe Fund Persons category groups the natural persons who belong or may belong to the staff, team, governing body, committees or similar body of the Fund; and/or who are (to be) remunerated by the Fund in relation to their activities for the Fund.
Other PersonsOther Persons The Other Persons category groups the natural persons (other than the Investing or Fund Persons) who, directly or within third-party entities, are involved in the Fund’s activities. These third-party entities include among others the Fund’s AIFM, as well as authorities or service providers (such as regulators, depositaries, administration agents, auditors or professional advisers) supervising, assisting and/or contributing otherwise to the Fund’s activities.

The above table uses terms such as “associated”, “involved”, “belong”, “supervising”, “assisting” and “contributing”. As a natural person, you may be so associated, involved, belonging to, assisting and/or contributing in an unlimited number of private, public and/or professional capacities, including – without limitation – as employee or self-employed, client, proxy-holder, authorised signatory, representative, nominee, intermediary, board or committee member, trustee, settlor, agent, officer, delegate, consultant and/or adviser.

2. Categories of personal data

What are the categories of personal data that we process?

As a general rule we reserve the right to process any past, present or future personal data needed to attain the purposes described or referred to in this Privacy Notice. However, in the table below we have listed the main categories of personal data we process together with a few illustrations. Please note that these illustrations are not exhaustive and that certain illustrations may belong to one or more categories of personal data, whether or not we have a contractual relationship with any of them or the entity they represent or work for.

CategoriesIn briefIllustrations
Identification dataThis category groups the personal data used to identify youNames, gender, place/date of birth, identification documentation (passport, ID cards), nationality, civil status, photos, tax identification numbers, login information, physical, vocal and digital signature and identifiers, etc.
Private dataThis category groups the personal data related to your private environmentPrivate/residential physical and digital addresses (e.g. email, IP) and other contact data (e.g. telephone and fax numbers), websites, blogs and social networks, family-related information, centres of interest, contact history, etc.
Professional dataThis category groups personal data related to your professional environmentProfessional physical and digital addresses (e.g. email, IP) and other contact data (e.g. telephone and fax numbers), website, blogs and social networks, professional activities, occupation and organisation, status, position, grade and title, curriculum vitae, professional relationship (e.g. colleagues, assistants, staff, reporting lines,), contact history, etc.
Economic dataThis category groups your personal data of a financial and economic natureAmount, nature and source of salary, income and remuneration, properties, wealth and estate, current and historic placements and cash flows, transaction history, investment preferences and objectives, financial account details (including credit or debit cards), current and historic credit information, etc.
HR dataThis category groups the personal data used for human resources management purposeExperience, qualifications, education and training, assessment and valuation, identifiers (e.g. social security numbers, badges,) and use thereof, working schedules and presence (including remote working and travel history), professional and job history, biographies and curriculum vitae, etc.

The personal data that we process may consist of or result from any use of or activity on computer systems, network and website, and may take any form possible. Personal data that we process may then include all types of electronic support, pictures, images, videos, sounds and voice recordings (such as telephone or online conversation recordings).

 

We process identification data for all categories of natural persons described in Q&A 1 above. In addition, we mainly process private, professional and economic data of Investing Persons; we process all categories of data of Fund Persons; and we mainly process professional data of Other Persons.

 

Please note that the above categories of personal data are without prejudice to all specific or general personal data you have provided or will provide us with from time to time.

 

The so-called “sensitive” personal data referred to in Q&A 3 below may also come in addition to or be part of the above categories of personal data.

3. sensitive personal data

Do we process so-called “sensitive” personal data?

Preamble – “Sensitive” personal data refer to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning health or a natural person’s sex life or sexual orientation, as well as personal data relating to criminal convictions and offences or related security measures. Sensitive personal data are sometimes referred to as “special category data” and “criminal offence data” targeted by Articles 9 and 10 of the GDPR, respectively.

 

We do happen to process such sensitive personal data. However, we do so in only a limited number of instances. We may notably process sensitive personal data (a) which you have manifestly made public; (b) necessary for reasons of substantial public interest; (c) under the control of an official authority; and/or (d) when authorised by applicable law providing appropriate safeguards for your rights and freedoms, (e) necessary for the purposes of carrying out your/our obligations or exercising your/our specific rights in the field of employment and social security and social protection law;.

 

As a matter of illustration, we may process personal data revealing political opinions (which you have not necessarily manifestly made public) or relating to criminal convictions and offences when implementing our “know your customer” obligations. If you are a Fund Person, we may also process personal data concerning your health, or personal data relating to criminal convictions and offences.

 

We may also fortuitously process sensitive personal data when wilfully processing non-sensitive personal data. As a matter of illustration, although we neither require nor need personal data revealing racial or ethnic origin or religious beliefs, nor genetic or biometric data, this information is sometimes disclosed in the official identification documents (such as passport photo pages) we receive for the purpose of implementing our “know your customer” obligations. If you do not want us to process this information and also for the reasons described in Q&A 4 below, we therefore strongly suggest that you carefully black this type of data out in any document sent or drawn to our attention.

4. Unsolicited personal data

What is our responsibility in relation to the processing of “unsolicited” personal data?

Preamble – “Unsolicited” personal data basically refers to personal data which we have no intention, nor interest in processing, mainly because these data are not needed to attain any of the purposes described or referred to in this Privacy Notice. These are personal data which we did not solicit, and which we technically process (e.g. store and/or transfer), sometimes quite fortuitously (as illustrated in Q&A 3 above), but for no specific purpose.

 

What is important for you to be aware of is that, in the absence of proven negligence on our part or unless otherwise so compelled by mandatory rules of law, we assume no obligation nor any liability for any damage suffered directly or indirectly by you or any third party as a result of such a technical processing of unsolicited personal data, including in case of personal data breach.

 

In view of the foregoing, we strongly recommend that you exclusively provide personal data that are expressly required from you, and that you refrain from providing any unsolicited personal data or making it available.

5. Source of personal data

From whom or where do we collect or obtain your personal data?

We collect or obtain your personal data from various sources (and a combination thereof), and we reserve the right to opt at any time for any legally acceptable source. In practice, these sources may vary depending on the categories of natural persons described in Q&A 1 above.

 

Our first source of information is you. We collect your personal data each time we communicate with you. We collect your personal data either directly from you or via third parties representing us or you. In relation to Investing Persons in particular, third parties representing us may typically be our register and transfer agent, our AIFM, certain of our distributors, and other appointed intermediaries. Third parties representing you may include discretionary managers, lawyers and specific proxyholders.

 

We may also obtain your personal data from a variety of third parties who represent neither us nor you. In relation to Investing Persons in particular, these third parties may include certain of our service providers (such as the depositary), certain distributors, your banker, social medias, subscription services and centralised investor database (whether or not they belong to the Fund’s or Company’s group), as well as your or our advisers.

 

If you are a Fund Person and/or an Other Person in particular, these third parties will typically be the organisation you work for, which may well belong to the group to which we are affiliated.

 

Third parties from whom we may obtain your personal data may also be public authorities, bodies or services, including Luxembourg and foreign supervisory and tax authorities.

 

We may also obtain your personal data via any publicly accessible (free or paying) sources such as the internet, public registers (such as the Luxembourg Trade and Companies Register), and/or the press in general. In relation to Investing Persons in particular, we may obtain your personal data via special “know your customer” databases (such as World-Check™).

 

We collect or obtain your personal data from various means (and combinations thereof), and we reserve the right to opt at any time for any legally acceptable means. In the following paragraphs, we would like to draw your attention to a few of them.

 

In relation to Investing Persons in particular, the most obvious means of collection of your personal data is the subscription documentation, including that required to fulfil our “know your customer” or tax transparency obligations (e.g. via self-certification forms). But, we also collect information via your transactional activity or your visits to our website.

 

For all categories of natural persons, we may also obtain personal information via exchanges of correspondence (whether or not in digital form), via telephone conversations (whether or not they are recorded), via contractual or operational documentation, via participation at board or shareholding meetings, and/or in the course of a complaint or litigious procedure.

6. Types of processing

What types of processing do we perform on your personal data?

 

We perform and reserve the right to perform at any time any processing which the GDPR authorises us to perform on your personal data. The processing that we perform or may perform therefore includes any operations (or set of operations) on your personal data (or on sets of your personal data), whether by electronic or other means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

In particular, we or our service providers acting as processors or controllers in their own right may be obliged or wish to record communications (including telephone or online conversations and e-mails). Recordings may be produced in court or other legal proceedings and permitted as evidence with the same value as written documents. The absence of recordings may not in any way be used against us. The purposes, lawful bases and retention periods in this respect are described in Appendix A and Appendix D respectively.

 

Please, also note that processing that we perform or may perform on your personal data may also consist in profiling and solely automated individual decision-making. We have specifically addressed this type of processing in Q&A 10 below.

7. Purposes and lawful bases of processing

For what purposes and on what lawful bases do we process your personal data?

 

We reserve the right to process your personal data for any specified, explicit and legitimate purposes we deem appropriate, provided such processing is based on one or more of the 6 possible lawful (or legal) bases authorised by the GDPR. These lawful bases are related to contract, compliance, vital interests, public interest, legitimate interests, and consent. These lawful bases are more fully described in Appendix A of this Privacy Notice.

 

We process your personal data for several purposes and on several lawful bases. These may vary depending on the category of data subjects (described in Q&A 1 above) to which you belong. In Appendix A, you will find tables listing the purposes of the processing (on the left-hand side column) and the corresponding lawful bases (on the right-hand side column). There is a table for all categories of data subjects, as well as a specific table for each category of data subjects.

 

You should be aware that any of the (initial) purposes listed in Appendix A or otherwise referred to in this Privacy Notice may change over time and lead to a new purpose. If the new purpose is compatible with the initial purpose, we may continue the processing under the original lawful basis (unless this original lawful basis is your consent).

 

Finally, you should also be aware of the following regarding the lawful bases of our processing. When we process sensitive personal data or transfer personal data to third countries, we may do so on specific lawful bases which are more fully described in Q&A 3 and Q&A 9, respectively, and which come in addition to those otherwise described in this Q&A 7 and in Appendix A. Also, when we exceptionally base the processing of your personal data on your consent, you are entitled to withdraw your consent as more fully described in Q&A 15 below.

8. Recipients of personal data

Do we transmit your personal data to third-party recipients? If so, who are these recipients?

 

Preamble – In the context of this Privacy Notice we understand “transmission” (or derived terms thereof) of personal data to a party as including the disclosure, the accessibility or otherwise availability of these personal data to this party.

 

Yes, we also transmit your personal data to a series of recipients or categories of recipients, in particular, but not only, in relation to the processing of personal data belonging to Investing Persons. These include:

 

  •  all our service providers, whether they act as processors and/or controllers in their own rights (which may be the Fund’s AIFM, co-investor, investment adviser, investment manager, bank, depositary and paying agent, administrative agent, registrar and transfer agent, domiciliary agent, corporate agent, distributor and sub-distributors, auditor, legal, financial and other professional advisers, lawyers, consultants, as well as any existing or potential service provider of the Fund and the Company); the recipients may also be any of the foregoing respective representatives, agents, delegates, affiliates, subcontractors and/or their successors and assigns (including information technology providers, cloud service providers, or external processing centres);
  • entities belonging to the Fund’s or the Company’s group;
  • our various counterparties (such as prime brokers and credit institutions);
  • any targeted markets (regulated or not), investment funds and/or related entities in or through which we intend to invest (including without limitation their governing entities, respective general partner, management companies, managers, central administration, investment manager, depositary, and other service providers);
  • any judicial, public, governmental, administrative, supervisory, regulatory or tax bodies or authorities; as well as
  • the Investing Persons, the Fund Persons, and the Other Persons.

 

You should also be aware that:

 

more information about the foregoing recipients (including our processors) may be found in Appendix E and in the Fund’s constitutive and offering documentation;

 

certain of the foregoing recipients (including our processors) may themselves transfer your personal data to other sub-recipients established or operating in and/or outside the European Economic Area. This may notably be the case in the context of exchange of information on an automatic basis with the competent authorities in the United States or other permitted jurisdictions as agreed in FATCA ([1]) and CRS ([2]), at OECD and European levels, or equivalent Luxembourg legislation, as more specifically detailed in Q&A 17;

 

each of the foregoing recipients (including our processors) and sub-recipients may also process your personal data as controllers in their own right, in particular but not necessarily for compliance with laws and regulations applicable to them (such as those relating to “know your customer”) and/or order of any competent jurisdiction, court, governmental, supervisory or regulatory bodies, including tax authorities, and may be established or operating in and/or outside of the European Economic Area. Certain of these controllers have requested us to provide you with their own privacy policy information. In this respect, please, kindly refer to Q&A 17;

 

in the absence of proven negligence on our part or unless otherwise so compelled by mandatory rules of law, we bear no liability for any transmission of your personal data to any third party not authorised by us and, more generally, for any such unauthorised third party receiving knowledge of your personal data.

9. Transfer to third countries

Do we intend to transfer personal data to third countries or international organisations?

Preamble – In the context of this Privacy Notice we understand “transfer” (or derived terms thereof) of personal data to third countries or international organisations as including the disclosure, the accessibility or the otherwise availability of these personal data to or from third countries or international organisations.

 

Yes, we do and will transfer personal data to third countries. And by third countries, we mean countries which do not belong to the European Economic Area and which legislation does not necessarily ensure an adequate level of protection as regards the processing of personal data. At this stage, we do not intend to transfer personal data to international organisations.

 

In Appendix B of this Privacy Notice, you will find a brief description of the available lawful bases for performing transfers of personal data to third countries, as well as a table listing the recipient countries or third-country recipients to which we transfer or may transfer personal data (left-hand side column) together with the corresponding specific lawful bases and, where applicable, additional information (right-hand side column). In this context, you should be aware that:

 

a) Your personal data may be transferred to recipients (including processors and other controllers), which are located in third countries subject to an adequacy decision of the European Commission and/or on the basis of the so-called EU-U.S. Privacy Shield framework. In the table in Appendix B, each of these countries or recipients is referred to as an “adequate country” or an “adequate recipient”, respectively;

 

b) Your personal data may be transferred to recipients (including processors and other controllers), which may be located in third countries which are not subject to an adequacy decision of the European Commission and whose legislation does not ensure an adequate level of protection as regards the processing of personal data. In this case, the transfer of your personal data may be based on one or more of the appropriate safeguards listed and briefly described in Appendix B. In the table in Appendix B, each of the relevant countries or recipient is referred to as a “safeguarded country” or a “safeguarded recipient”, respectively, and earmarked with the relevant appropriate safeguard;

 

c) In the absence of any adequacy decision or appropriate safeguard, your personal data may nevertheless be transferred to recipients (including processors and other controllers) located in third countries whose legislation does not ensure an adequate level of protection as regards the processing of personal data. In this case, a transfer or set of transfers of your personal data may be based on one or more of the derogations listed and briefly described in Appendix B. In the table in Appendix B, each of the relevant countries or recipient is referred to as a “derogatory country” or a “derogatory recipient”, respectively, and earmarked with the relevant derogation;

 

d) We may transfer your personal data to a third country in the event this is required by any judgment of a court or tribunal or any decision of an administrative authority, provided this takes place on the basis of an international agreement entered into between the European Union or another Member State and other jurisdictions worldwide.

 

In addition to the information provided in Appendix B, you should be aware that:

 

  • you have the right to obtain a copy of, or access to, the appropriate safeguards which have been implemented for transferring your personal data to a safeguarded country or a safeguarded recipient by a request addressed to any contact point and by any means mentioned in Q&A 19 below;
  • when the transfer of your personal data to third countries is based on your explicit consent, you are entitled to withdraw your consent as more fully described in Q&A 15 below;
  • in the absence of proven negligence on our part or unless otherwise so compelled by mandatory rules of law, we bear no liability for any transfer of your personal data to any third country or third-country recipient not authorised by us and, more generally, for any such unauthorised third country or third-country recipient receiving knowledge of your personal data.

10. Profiling and solely automated decision-making

Are you be subject to profiling and/or solely automated (individual) decision-making?

 

Preamble – “Profiling” is an automated processing of your personal data to evaluate personal aspects about you in order to produce your corresponding profile. A “solely automated decision” is an individual decision based solely on automated processing (including profiling), hence without human involvement.

 

You may be subject to profiling and/or to a solely automated decision. In some instances, you may even be subject to a so-called “significant effect solely automated decision” which is a solely automated decision (including profiling) producing legal effects concerning you or similarly significantly affecting you.

 

As a matter of illustration, we perform or plan to perform the types of profiling and/or solely automated decision-making which are listed in the table attached as Appendix C of this Privacy Notice. Where applicable, we indicate (and, where appropriate, further describe) the processing which in our opinion leads to significant effect solely automated decisions.

 

There are a few important rights that you specifically have in relation to profiling and significant effect solely automated decisions. These rights are listed below. You may exercise these rights upon notice to the contact point mentioned in Q&A 19 below.

 

  • As indicated in Q&A 13 below, you have the right to object, on grounds relating to your particular situation, to profiling which is based on your consent or on our interests;
  • As also indicated in Q&A 13 below, you have the unconditional right to object to profiling related to direct marketing;
  • In relation to significant effect solely automated decisions (other than those authorised by applicable law), you have the right to obtain a human intervention on our part, to express your point of view and to contest this solely automated decision.

11. Retention period

For how long will we store your personal data?

Without prejudice to what follows, as a matter of general principle, we take care that your personal data is not held for longer than necessary with regard to the purposes for which they are or have been processed.

 

We hold personal data of Investing Persons at least until the concerned investor ceases to be an investor. We then hold these personal data for a subsequent period of 10 years where necessary to comply with applicable laws and regulations, and/or to establish, exercise or defend actual or potential legal claims.

 

Longer or shorter retention periods may apply where required by applicable laws and regulations, or as a result of applicable statutes of limitation. Some of these laws and regulations are listed in the table of Appendix D to this Privacy Notice.

12. Data subject Rights

What are your rights in relation to our processing of your personal data?

 

In addition to your right of information as well as to rights otherwise described in this Privacy Notice or provided for in the GDPR, the available rights in relation to our processing of your personal data are as listed and briefly described below.

 

The relevant legal provisions of the GDPR describing these rights may in our opinion be read and understood by persons who are not personal data protection professionals. For each of the rights listed below, we have therefore mentioned the applicable key provisions which we invite you to consult for further information.
Under certain circumstances and within the limits set out by the GDPR:

 

  • Right of access (Art. 15 of the GDPR) – You have the right to receive confirmation that your data are being processed by us (or not), to access your personal data, and to receive supplementary information (however, largely corresponding to that provided in this Privacy Notice).
  • Right to rectification (Art. 16 and 19 of the GDPR) – If your personal data are inaccurate or incomplete, you have the right to obtain assurance from us that they will be rectified without undue delay.
  • Right to erasure (Art. 17 and 19 of the GDPR) – The right of erasure is also known as the “right to be forgotten”. The broad principle underpinning this right is to enable you to request us to delete or remove your personal data where there is no compelling reason for our continued processing thereof.
  • Right to restriction (Art. 18 and 19 of the GDPR) – This right allows you to ‘block’ or suppress a specific processing of your personal data. We may still store your data, but may not process them. We can retain just enough information about you to ensure that the restriction is respected in future.
  • Right to data portability (Art. 20 of the GDPR) – This right allows you to obtain and reuse the personal data you have provided us with for your own purposes across different services. It allows you to move, copy or transfer your personal data easily from one IT environment to another.
  • Right to complain to a supervisory authority (Art. 77 of the GDPR) – If you consider that our processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in your EU Member State of your habitual residence, place of work or place of the alleged infringement ([1]).

 

You also have a right to obtain a copy of, or access to, any balancing test that has been conducted when a processing is based on legitimate interests as per Appendix A of this Privacy Notice.

 

You may exercise any of the above rights (other than the right to complain to a supervisory authority) via any contact point and by any means mentioned in Q&A 19 below.

 

There is a last general and important point we wish to draw your attention to. Your rights under the GDPR (including those listed above) are not “absolute” or unconditional. Your rights may then be limited to certain cases or circumstances, conditioned and/or affected by various elements such as the lawful basis of our processing (including the necessity to comply with a legal obligation or our or third party legitimate interest).

13. Right to object

Do you have the right to object to our processing of your personal data?

 

Yes, Article 21 of the GDPR gives you a right to object, but this right is limited and depends on the purpose or lawful basis of our processing.

 

  • Firstly, you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data, including profiling, concerning you which is based on our legitimate interests or on the performance of a task carried out in the public interest or in the exercise of any official authority that we would be vested in. In this case, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
  • Secondly, where your personal data are processed for direct marketing purposes, you have the unconditional right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Finally, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

You may exercise your right to object via any contact point and by any means mentioned in Q&A 19 below.

 

14. Refusal to provide personal data

Can you refuse to provide your personal data? If so, what are the consequences?

 

There are certain cases where the provision of your personal data results from a legal or contractual obligation applicable to you and/or to us, or where the provision of your personal data is necessary for us to enter into, continue and/or implement a professional relationship and/or contract, and/or otherwise deal with you.

 

As a general rule, failure to provide certain requested personal data may result in the impossibility to communicate (or to communicate safely) with you and/or to fulfil certain of our duties, obligations and services.

 

As an Investing Person in particular, failure to provide certain requested personal data may result in the impossibility for you or the investor to invest or maintain an investment in the Fund. Where applicable, this may further result in you or the investor becoming a defaulting investor pursuant to paragraph “Compulsory redemption” at page 26 of the Section 4 of Part III of the offering documentation. It may also result in incorrect or double reporting.

 

As a Fund Person, failure to provide certain requested personal data may result in the impossibility for us to give you or maintain a position within our organisation.

 

Please note that we may from time to time and as the case may be on a case-by-case basis indicate whether or not requesting and/or providing this information is mandatory for us and/or for you, respectively, and/or the reasons for which this is mandatory. Where necessary, we may also indicate on such occasions the consequences for your refusal to provide the requested information.

14. Refusal to provide personal data

Can you refuse to provide your personal data? If so, what are the consequences?

 

There are certain cases where the provision of your personal data results from a legal or contractual obligation applicable to you and/or to us, or where the provision of your personal data is necessary for us to enter into, continue and/or implement a professional relationship and/or contract, and/or otherwise deal with you.

 

As a general rule, failure to provide certain requested personal data may result in the impossibility to communicate (or to communicate safely) with you and/or to fulfil certain of our duties, obligations and services.

 

As an Investing Person in particular, failure to provide certain requested personal data may result in the impossibility for you or the investor to invest or maintain an investment in the Fund. Where applicable, this may further result in you or the investor becoming a defaulting investor pursuant to paragraph “Compulsory redemption” at page 26 of the Section 4 of Part III of the offering documentation. It may also result in incorrect or double reporting.

 

As a Fund Person, failure to provide certain requested personal data may result in the impossibility for us to give you or maintain a position within our organisation.

 

Please note that we may from time to time and as the case may be on a case-by-case basis indicate whether or not requesting and/or providing this information is mandatory for us and/or for you, respectively, and/or the reasons for which this is mandatory. Where necessary, we may also indicate on such occasions the consequences for your refusal to provide the requested information.

15. Withdrawal of consent

Can you withdraw the consent given for processing your personal data, and if so, how?

 

Yes, when we base the processing of your personal data on your consent, you have the right to withdraw your consent at any time, yet without affecting the lawfulness of all processing based on your consent before its withdrawal.

 

You must be aware, however, that:

 

  • the withdrawal of your consent may result in your becoming a defaulting investor pursuant to paragraph “Compulsory redemption” at page 26 of the Section 4 of Part III of the offering documentation.
  • we reserve the right to continue the processing for which you have withdrawn your consent if there is another lawful basis to this processing.

 

Your decision to withdraw your consent may be notified to any contact point and by any means mentioned in Q&A 19 below.

16. Further processing

Do we intend to process your personal data for a purpose other than that for which they were collected or obtained?

 

Although we have no intention to do that at the date of issuance of this Privacy Notice, we reserve the right to further process your personal data for a purpose other than that for which they were collected or obtained. If such were the case and prior to that further processing, we would provide you with information on that other purpose and with any relevant further information required by law which is not already contained in this Privacy Notice.

17. Other information

Is there other information we deem appropriate to provide you with in the context of this Privacy Notice?

 

Yes, we believe that the following additional information might be of interest to you.

 

(A) Data protection officer

 

The data protection officer is governed by specific provisions of the GDPR (Articles 37 to 39), but is not defined in the GDPR. It may be described as the person appointed by an organisation to serve as its personal data protection guardian.

 

For your information, our AIFM has appointed a data protection officer whose contact details are as follows: Data Protection Officer, 58, rue Charles Martel, L-2134, Luxembourg.

 

(B) Professional secrecy and confidentiality waiver

 

Any consent that you may give or may from time to time be requested to give in order to waive the professional secrecy or confidentiality duty to which we are subject pursuant to laws and regulations applicable to us is distinct from, and may not be construed as, any consent that you might give in the context of the GDPR.

 

(C) FATCA, CRS and other tax identification legislation to prevent tax evasion and fraud

 

To comply with “know your customer” and tax related laws and regulations such as FATCA and CRS at OECD and European levels or equivalent Luxembourg legislation, we are and our service providers may be obliged to collect and, where appropriate, report certain information in relation to you and your investments in the Fund (including but not limited to name and address, date of birth, U.S. tax identification number (TIN), account number, balance on account, the “Tax Data”) to the Luxembourg tax authorities (Administration des contributions directes) which will exchange this information (including personal data, financial data and Tax Data) on an automatic basis with

 

the competent authorities in the United States or other permitted jurisdictions (including the U.S. Internal Revenue Service (IRS) or other US competent authority and foreign tax authorities located outside the European Economic Area) for the purposes provided for in FATCA and CRS at OECD and European levels or equivalent Luxembourg legislation.

 

In this context, it is mandatory to answer questions and requests with respect to the data subjects’ identification and investment held in the Fund. We reserve the right to reject any application for investment if the required information and/or documentation are not provided or the applicable requirements not complied with. Investors acknowledge that failure to provide the relevant information in the course of their relationship with the Fund may result in incorrect or double reporting, prevent them from acquiring or maintaining their investment in the Fund and may be reported to the relevant Luxembourg authorities.

 

(D) Update of this Privacy Notice and additional information

 

You should first be aware that we reserve the right to amend or modify this Privacy Policy at any time and for any reason, notably in response to changes in applicable data protection and privacy legislation.

 

Any further update of this Privacy Notice as well as any additional information relating to our processing of personal data are accessible via the internet on www.niatrossinvestments.com or upon request to the contact point mentioned in Q&A 19, below. If there are any significant changes, we make these clear either through the website or through another means of contact such as email.

 

Additional information relating to our processing of your personal data and further update of this Privacy Notice may also be found in the constitutive and offering documentation of the Fund, our contractual arrangements, or provided or made available, on an ongoing basis, through additional documentation (such as contract notes or specific notice and reports, whether periodic or not) and/or through any other communications channels, including electronic communication means, such as electronic mail, internet/intranet websites, portals or platform, as deemed appropriate to allow us to comply with our obligations of information according to the GDPR.

 

All the foregoing additional information and updates are deemed to be inserted by reference in and, where applicable, amend, complement, or replace this Privacy Notice.

 

(E) What we expect from you – keeping your personal data up-to-date

 

It is important that the personal data we hold about you is kept accurate. We request that you inform us in writing and without undue delay about changes in the information you provide us about you so that we can keep it up-to-date while you continue to be in relation with us

 

(F) Other privacy information

 

Certain other entities we are dealing with and who are acting as controllers in their own right in relation to your personal data have compelled us to provide you with certain privacy information pertaining to their processing of personal data which may be relevant to you and/or natural persons with whom you are dealing. The privacy information so received is set out in the Schedules to this Privacy Notice. In the absence of proven negligence on our part or unless otherwise so compelled by mandatory rules of law, we bear no responsibility for this privacy information nor for any processing performed by these other controllers.

18. Non-exhaustive information

Is this Privacy Notice exhaustive of all information pertaining to the processing of your personal data?

 

No. Although this Privacy Notice claims to be exhaustive in relation to the information that we must convey to data subjects pursuant to the GDPR, it does not claim to be exhaustive of all information pertaining to the entire processing we perform as controller.

 

In relation to personal data that we did not obtain directly from you, our duty to inform you does not apply insofar as:

 

  • you may already have the information;
  • the provision of certain information may prove impossible or would involve a disproportionate effort, or is likely to render impossible or seriously impair the achievement of the objectives of certain processing;
  • obtaining or disclosure is expressly laid down by Union or Member State law to which we are subject;
  • where the personal data must remain confidential subject to an obligation of professional secrecy regulated by EU or Member State law, including a statutory obligation of secrecy.

19. Contact Point

What are our contact details and how can you contact us?

 

You may contact us for any request, notice or other reasons via:

 

Internet by using the online form available on www.niatrossinvestments.com.

 

Telephone by dialing number +852 3589 5094

 

Email sent to compliance@niatrossinvestments.com

 

Letter sent to the Fund’s registered address: 58, rue Charles Martel, L-2134 Luxembourg and for the attention of Data Protection Officer

 

Letter sent to the Company’s registered address: 1202 Winsome House, 73 Wyndham Street, Central, Hong Kong and for the attention of Data Protection Officer

 

When you contact us, please, kindly provide your complete identification information, and state as clearly and completely as possible why you are contacting us and what you expect from us. Please kindly note that before we are able to revert to you or implement your request, you may be required to provide further identification details, information or clarification. You may also be required to fill out specific forms. All this may be needed for adequately addressing your solicitation, as well as protecting both your and our interests.

APPENDIX A

Purposes and legal basis of the processing

The authorised lawful bases under the GDPR

 

Our processing of your personal data shall be lawful only if and to the extent that at least one of the following applies:

 

  • Contract = our processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract
  • Compliance = our processing is necessary for compliance with a legal obligation to which we are subject
  • Public interest = our processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
  • Legitimate interests = our processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data
  • Vital interests = our processing is necessary in order to protect your vital interests or those of another natural person.

 

Our processing of your personal data for one or more specific purposes shall also be lawful if you have given your consent to this processing for this or these specific purposes.

We process personal data of all categories of persons

For
based on
general and global purpose of communication, which involves each respective identification and the exchange of information and documents among relevant partiescompliance, contract, legitimate interests of all parties concerned to ensure the identity of her/his/its intended correspondent
complying with the general prudential duties imposed by laws and regulations applicable to us; and which may involve acting honestly, with due skill, care and diligence and fairly in conducting the Fund’s and Company’s activities, acting in and promoting the best interests of the investors and the integrity of the market, and managing and preventing conflicts of interestsCompliance
reporting to and/or cooperating with supervisory and regulatory bodies, and/or other authorities pursuant to applicable laws and regulationscompliance (when acting pursuant to EU law or the Member State law applicable to us), our legitimate interests and that of the Investment Manager (ie the Company), the AIFM, the Domiciliary Agent, Corporate Agent, Administrative Agent, Registrar and Transfer Agent, the Depositary and Paying Agent, the Auditor or another service provider of the Fund to avoid being in breach of applicable regulatory and legal obligations (otherwise)
complying with, and providing (or causing the provision of) the services contemplated, in the Fund’s constitutive and offering documentation, as well as regulatory compliance monitoring and managing risks (including those related to personal data and their processing) compliance, contract
general, specific and/or periodic reporting and or providing of information to investors and other stakeholders of the Fund (including certain counter parties of the Fund)
processing and verifying instructions received and transactions, as well as record-keeping as proof of such an instruction or transaction or related communication in the event of a disagreementcompliance, contract, our legitimate interests and that of the Investment Manager, the AIFM, the Domiciliary Agent, Corporate Agent, Administrative Agent,
conducting and handling enquiries, escalation, complaints, disputes, litigation and audits of all nature (including in relation to security incidents and/or data breach), all at any stage and levelRegistrar and Transfer Agent, the Depositary and Paying Agent, the Auditor or another service provider of the Fund and the Company to organise the defence and protection of our/their interests, enforce our/their rights, and/or as the case may be help maintain service quality and train staff to deal with complaints and disputes
complying with any of the contractual obligations, duties and liabilities agreed upon with any third party with whom we are dealing in the context of the Fund’s and Company’s activitiesour legitimate interests to avoid being in breach of a contract to which we are a party
seeking professional advice, including legal, accounting, and other adviceour legitimate interests and that of the Investment Manager (ie the Company), the AIFM, the Domiciliary Agent, Corporate Agent, Administrative Agent, Registrar and Transfer Agent, the Depositary and Paying Agent, the Auditor or another service provider of the Fund and the Company to act in accordance with the laws and regulations and/or with due skill, care and diligence

In addition to what is provided for in the first table above, we process personal data of Investing Persons

For
based on
assessing potential and existing investors and checking their eligibility, which includes verifying the information received, conducting credit and financial due diligence, and monitoring investors’ solvency, liquidity risks and cash flowscompliance, contract, our legitimate interests and that of the other investors to ensure investors’ solvency, prevent adverse liquidity risk materialisation and facilitate the Fund’s investments (including related financings)
general holding, maintenance, management and administration of:

  • the Fund’s registers and, where applicable, capital or similar accounts

  • each investor’s position in the register and, where applicable each investor’s capital or similar account



in the context of the foregoing and among other things:

  • processing issues, subscriptions, redemptions, conversion, similar corporate events, and related operations

  • making capital calls and drawdowns

  • allocating and distributing income and liquidation proceeds, including handling and recording of orders, paying agency services and settlement

  • billing, accounting, record-keeping and valuation, including producing and issuing all reporting (including financial and other periodic reporting)

  • performing domiciliation and corporate trust function, including convening, holding and handling meetings of investors


compliance, contract
complying with all tax-related obligations applicable to us or data subject (including those resulting from FATCA and/or CRS), and reporting to and/or cooperating with supervisory and regulatory bodies, and/or other authorities accordingly
compliance, public interests (when acting pursuant to EU law or the Member State law applicable to us)

our legitimate interests and that of the Investment Manager, the AIFM, the Domiciliary Agent, Corporate Agent, Administrative Agent, Registrar and Transfer Agent, the Depositary and Paying Agent, the Auditor or another service provider of the Fund and the Company to avoid being in breach of applicable regulatory and legal obligations (otherwise)

to avoid being in breach of applicable regulatory and legal obligations (otherwise)
complying with all “know your customer” obligations (including anti-money laundering and counter terrorism checks and assimilated checks such as tracking persons subject to economic and trade sanctions, e.g.), and reporting to and/or cooperating with supervisory and regulatory
bodies, and/or other authorities accordingly
record keeping as proof of transactions or related communications in the event of a disagreement, processing and verification of instructions, investigation and fraud prevention purposes, enforce or defend our or others interests or rights in compliance with any legal obligation to which we or they are subject to and quality, business analysis, training and related purposes to improve our business relationship with you
helping to detect, prevent, investigate, and prosecute fraud, third-party malfeasance and/or other criminal activity (including bribery and corruption), and reporting to and/or cooperating with supervisory and regulatory bodies, and/or other authorities accordingly
preventing late trading and market timingCompliance
assessing and evaluation of the existing investors base and composition, including conducting market research and analysisour legitimate interests and that of third parties such as the Fund’s group and the other investors to improve quality business and training, and implement product development and distribution policy and strategy
processing relationship with the investors in general
marketing the Fund to new and existing investorscontract, our legitimate interests to promote investment in the Fund, and that of investors to access the Fund
ensuring fair treatment of investorscompliance, our legitimate interests and that of the Investment Manager, the AIFM, the Domiciliary Agent, Corporate Agent, Administrative Agent, Registrar and Transfer Agent, the Depositary and Paying Agent, the Auditor or another service provider of the Fund and the Company to comply with contractual obligations

In addition to what is provided for in the first table above, we process personal data of Fund Persons

For
based on
recruiting and acquiring human resources, as well as implementing all related procedures, that are necessary for the proper performance of the Fund’s activitiescompliance, our legitimate interests to ensure adequacy, quality and trustworthiness of relevant human resources
performing the obligations, duties and liabilities set out in our employment, self-employed and other mandates contractual arrangementsContract
complying with our obligations under labour law in general (including social security, tax and social protection laws), and exercising our or your rights in this fieldCompliance
managing human resources in general, including organisation of work and planning, as well as Management of access to premises and working timecontract, compliance, our legitimate interests to ensure efficient working environment, as well as internal security
the administration of personal human resources files, including managing working time, leave, training and formation, accounting, payment of salaries and expenses, appraisal, and career planningcontract, compliance
safety at work including managing accidents at workcompliance, contract, vital interest
managing corporate information technology resources put at disposal for professional use (including mobile devices) and monitoring of all correspondence sent and received using these resourcesVital interest, our legitimate interests and that of Function Eight to protect business information and have access to key information relevant to our activities
assessing, recruiting, and handling the administration of, and the prudential requirements related to, board and committee members as well as self-employed team memberscompliance, contract, our legitimate interests to ensure adequacy, quality and trustworthiness of relevant members
performing domiciliation and corporate trust function, including convening, holding and handling board and committee meetingscompliance, contract
inviting you to events and presentations organised by the Fund’s and Company’s group [ and/or associated parties]our Legitimate interests and that of third parties such as the Fund’s and Company’s group to promote and/or improve our activities, image and/or collaboration
whistleblowing managementcompliance, our legitimate interests of being informed of internal wrongdoings
preventing inside trading and related illegal trading activitiesCompliance

In addition to what is provided for in the first table above, we process personal data of Other Persons

For
based on
assessing and hiring service providers, as well as effectively supervising delegated or otherwise outsourced services and activitiescompliance, our legitimate interests and that of third parties such as the investors to ensure adequacy, quality and trustworthiness of human resources and management team in services providers
managing our relationship with service providers (including their remuneration)compliance, contract
inviting you to events and presentations organised by the Fund’s and Company’s group and/or associated partiesour legitimate interests and that of third parties such as the Fund’s and Company’s group to promote and/or improve our activities, image and/or collaboration
performing due diligence of target investmentscompliance, our legitimate interests and that of third parties such as the investors to ensure adequacy, quality and trustworthiness of governance and management of target entities

APPENDIX B

Transfers to third-countries

Appropriate safeguards

 

As indicated in Q&A 9, we only consider the following appropriate safeguards when your personal data are to be transferred to a recipient located in a third country which is not subject to an adequacy decision. These appropriate safeguards may be provided for by:

 

  • BCR = binding corporate rules
  • EU contractual clauses = standard data protection clauses adopted by the European Commission
  • National contractual clauses = standard data protection clauses adopted by a supervisory authority and approved by the European Commission
  • Private contractual clauses = contractual clauses between us and the controller, processor or the recipient of the personal data in the third country (subject to authorisation by competent supervisory authority)
  • Code of Conduct = an approved code of conduct with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards your rights
  • Certification = an approved certification mechanism together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards your rights

 

Appropriate safeguards may also be provided for by a legally binding and enforceable instrument between public authorities or bodies, and (subject to authorisation by competent supervisory authority) by provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights.

 

Derogations

 

As indicated in Q&A 9, we only consider the following derogations when we have to make a transfer or a set of transfers of your personal data to a recipient located in a third country which is not subject to an adequacy decision and where there is no appropriate safeguard. Such a transfer or a set of transfers may take place only on one of the following derogatory conditions:

 

  • Consent = you have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards;
  • Contract with you = the transfer is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request;
  • Contract in your interest = the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;
  • Public interest = the transfer is necessary for important reasons of public interest;
  • Legal claim = the transfer is necessary for the establishment, exercise or defence of legal claims;
  • Vital interests = the transfer is necessary in order to protect your vital interests or those of other persons, where the relevant person is physically or legally incapable of giving consent;
  • Public register = the transfer is made from a register which according to EU or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case;
  • Compelling interests = where necessary and under specific conditions for the purposes of compelling legitimate interests pursued by us.

 

We may transfer personal data to
as it is or they are
assessing and hiring service providers, as well as effectively supervising delegated or otherwise outsourced services and activitiescompliance, our legitimate interests and that of third parties such as the investors to ensure adequacy, quality and trustworthiness of human resources and management team in services providers
managing our relationship with service providers (including their remuneration)compliance, contract
inviting you to events and presentations organised by the Fund’s and Company’s group and/or associated partiesour legitimate interests and that of third parties such as the Fund’s and Company’s group to promote and/or improve our activities, image and/or collaboration
performing due diligence of target investmentscompliance, our legitimate interests and that of third parties such as the investors to ensure adequacy, quality and trustworthiness of governance and management of target entities

APPENDIX C

Profiling and solely automated decision-making

Profiling/Solely automated decision-making
Description
Eligibility to invest in the FundProfiling – We may determine if you are a well-informed investor (“investisseur averti”) and therefore if you are eligible to invest in the Fund based on (at least partly) automated processing. If this profiling determines that you are not eligible, you will be prevented from investing in the Fund and your subscription request will be refused.

Solely automated decision – The decision to accept you as an eligible investor may result from a solely automated decision. This may notably be the case when you subscribe and provide information online.

Significant effect – Considering its possible effect (refusal of your subscription because of non-eligibility), this decision qualifies as a “significant effect solely automated decision” (within the meaning of Q&A 10) which is necessary for entering into, or performance of, a contract between you and us/which is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests/which is based on your explicit consent.

APPENDIX D

Specific retention periods

Without prejudice and subject to retention periods that are imposed by applicable laws, regulations and court orders, the following retention periods should apply to personal data.

Relevant data, laws and regulations
Retention period
Personal data processed for the purpose of the administration and payment of salaries (of any nature)3 years starting from the termination of the employment contract
Personal data processed for the purpose of recruitment2 years starting from the termination of the employment contract
Personal data processed for the purpose of evaluation and career planning3 years starting from the termination of the employment contract
Personal data processed for the purpose of monitoring of information technology resources made available for professional use, including mobile devices6 months on a rolling basis during employment and for 6 months starting from the termination of the employment contract, unless monitoring resulted in finding evidence or suspicions of irregularities or misuse of our information technology resources
Personal data related to healthMay be kept after termination of employment contract where necessary, for the appropriate duration, notably with regard to the establishment, exercise or defence of legal claim(s) or in the case of control performed by the labour inspectorate
Data related to accounting and corporate documentation10 years starting from the end of the financial year concerned
Customer identification and transaction5 or 10 years starting from termination of relationship with customers or from execution of the transaction (for AML purposes where applicable)
Recordings of communications10 years starting from the date of the recording

APPENDIX E

(Categories of) recipients of personal data

Service Provider / ActivityRetention periodLocation
AIFMAsset management servicing
portfolio management servicing
risk management servicing
valuation servicing
marketing servicing
Luxembourg
Investment managerAsset management servicingHong-Kong
Depositary and paying agentAsset management servicingLuxembourg
Administrative agentAsset management servicing
accounting and portfolios administration servicing
transfer agency servicing
corporate secretarial servicing
due diligence servicing
Luxembourg
Registrar and transfer agentAsset management servicingLuxembourg
Domiciliation agentDomiciliation, accounting and corporate services
DistributorAsset management servicing, financial and insurance servicesLuxembourg
Sub-DistributorAsset management servicing, distribution servicingHong-Kong
Maitland Group South Africa Limited Asset management servicing
subscriptions, redemptions, repurchases, transfers, switches and reporting
FATCA and CRS servicing
due diligence servicing
South Africa
AuditorAuditLuxembourg
Legal, financial and other professional advisers, lawyers, consultantsProfessional servicesLuxembourg, Hong Kong
Function Eight
Microsoft Azure
Veritas/Symantec
Information technology providers, cloud service providers, or external processing centres
Information technology services
Cloud service provider
Email Archive Solution
Hong Kong

SCHEDULES

(Categories of) recipients of personal data

I. Privacy information received from UBS Europe SE, Luxembourg Branch

 

The contact details and privacy information received from UBS Europe SE, Luxembourg Branch can also be found on its website:  https://www.ubs.com/data-privacy-notice-luxembourg

 

II. Privacy information received from MS Management Services S.A. for the Mailtand’s group

 

The contact details and privacy information received from MS Management Services S.A. for the Maitland’s group can also be found on its website: https://www.maitlandgroup.com/about-us/governance/data-protection