Managed Entity Data Privacy Notice

This notice is provided in connection with your investment in, or other relationship with, an entity continuing as an entity incorporated under the laws of Jersey (the "Managed Entity"). The Managed Entity is required to comply with the provisions of the Data  Protection  (Jersey) Law 2018 (as amended) and, in respect of any EU data subjects, the EU General Data Protection Regulation (together, the "Data Protection Legislation").

The purpose of this document is to provide you with information on the Managed Entity's use of your personal data in accordance with the Data Protection Legislation.

If you are an individual, this will affect you directly. If you are an institution that provides the Managed Entity with personal data on individuals connected to you for any reason in relation to your investment or other relationship with the Managed Entity, this will be relevant for those individuals and you should transmit this document to such individuals or otherwise advise them of its content.

Your personal data will be processed by the Managed Entity, and by persons engaged by the Managed Entity. Under the Data Protection Legislation, you have rights, and the Managed Entity has obligations, with respect to  your  personal  data. The purpose of this notice is to explain how and why the Managed Entity, and persons engaged by the Managed Entity, will use, store, share and otherwise process your personal data. This notice also sets out your rights under the Data Protection Legislation, and how you may exercise them.

Your personal data

By virtue of making an investment in the Managed Entity (including the initial application and ongoing interactions with the Managed Entity and persons engaged by the Managed Entity) or by virtue of you otherwise providing the Managed Entity with personal information on you or individuals connected with you (for example directors, trustees, employees, representatives, shareholders, investors, clients, beneficial owners or agents), you will provide the Managed Entity with certain personal information which constitutes personal data within the meaning of the Data Protection Legislation.

In particular, you will provide the Managed Entity with personal information within the forms and any associated documentation that you may complete if subscribing for any shares or securities of the Managed Entity; when you provide personal information to the Managed Entity or its service providers in correspondence and conversations (including by email); when you enter into or conduct transactions with respect to the Managed Entity; and when you provide remittance instructions.

The Managed Entity may also obtain personal data on you from other public accessible directories and sources. These may include websites; bankruptcy registers; tax authorities; governmental agencies and departments and regulatory authorities to whom the Managed Entity has regulatory obligations; credit reference agencies; sanctions screening databases; and fraud prevention and detection agencies and organisations, including law enforcement.

This includes information relating to you and/or any individuals connected with you such as: name, residential address, email address, contact details, corporate contact information, signature, nationality, place of birth, date of birth, tax identification, credit history, correspondence records, passport number, bank account details, source of funds details and details relating to your investment activity (if any).

How the Managed Entity may use your personal data

The Managed Entity, as the data controller, may collect, store and use your personal data for purposes including the following:

- As necessary for the performance of a contract, including:

• administering or managing the Managed Entity;
• processing any subscription or investment by you in the Managed Entity, such as entering your information in the register of shareholders or noteholders;
• sending you statements relating to your investment;
• facilitating the continuation or termination of the contractual relationship between you and the Managed Entity; and
• facilitating the transfer of funds, and administering and facilitating any other transaction, between you and the Managed Entity or its affiliates.

- As necessary for compliance with applicable legal or regulatory obligations, including:

• undertaking due diligence including anti-money laundering and counter-terrorist financing checks, including verifying the identity and addresses of the Managed Entity's investors (and, where applicable, their beneficial owners);
• sanctions screening and complying with applicable sanctions and embargo legislation;
• complying with requests from regulatory, governmental, tax and law enforcement authorities;
• surveillance and investigation activities;
• carrying out audit checks, and instructing the Managed Entity's auditors;
• maintaining statutory registers; and
  • preventing and detecting fraud;

- In pursuit of the Managed Entity's legitimate interests, or those of a third party to whom your personal data is disclosed, including:

• complying with a legal, tax, accounting or regulatory obligation to which we or the third party are subject;
• assessing and processing requests you make;
• sending updates, information and notices or otherwise corresponding with you in connection with any investment in, or other relationship with, the Managed Entity;
• investigating any complaints, or pursuing or defending any claims, proceedings or disputes;
• providing you with, and informing you about, investment products and services;
• managing the Managed Entity's risk and operations;
• complying with audit requirements;
• ensuring internal compliance with the Managed Entity's policies and procedures;
• protecting the Managed Entity against fraud, breach of confidence or theft of proprietary materials;
• seeking professional advice, including legal advice;
• facilitating business asset transactions involving the Managed Entity or related entities;
• monitoring communications to/from the Managed Entity (where permitted by law); and
• protecting the security and integrity of the Managed Entity's IT systems.

The Managed Entity will only process your personal data in pursuit of its legitimate interests where the Managed Entity has considered that the processing is necessary and, on balance, its legitimate interests are not overridden by your legitimate interests, rights or freedoms.

The Managed Entity continues to be a data controller even though it may have engaged an administrator (the "Administrator") and/or other third parties to perform certain activities on the Managed Entity's behalf.

Sharing your personal data

The Managed Entity may share your personal data with its affiliates and delegates. In certain circumstances the Managed Entity may be legally obliged to share your personal data and other financial information with respect to your interest in the Managed Entity with relevant regulatory authorities such as the Jersey Financial Services Commission or Revenue Jersey. They, in turn, may exchange this information with foreign authorities, including tax authorities and other applicable regulatory authorities.

The Managed Entity’s affiliates and delegates may process your personal data on the Managed Entity's behalf, including with the Managed Entity's banks, accountants, auditors and lawyers which may be data controllers in their own right. Additionally, a service provider may use your personal data where this is necessary for compliance with a legal obligation to which it is directly subject (for example, to comply with applicable law in the area of anti- money laundering and counter terrorist financing or where mandated by a court order or regulatory sanction). The service provider, in respect of this specific use of personal data, acts as a data controller.

In exceptional circumstances, the Managed Entity will share your personal data with regulatory, prosecutory and other governmental agencies or departments, and parties to litigation (whether pending or threatened) in any country or territory.

Sending your personal data internationally

Due to the international nature of the Managed Entity's business, your personal data may be transferred to jurisdictions that do not offer equivalent protection of personal data as under the Data Protection Legislation. In such cases, the Managed Entity will process personal data or procure that it be processed in accordance with the requirements of the Data Protection Legislation, which may include having appropriate contractual undertakings in legal agreements with service providers who process personal data on behalf of the Managed Entity.

Retention and deletion of your personal data

The Managed Entity will keep your personal data for as long as it is required, for example, in pursuit of its legitimate business purposes, to perform its contractual obligations, or where law or regulation obliges it to. The Managed Entity will generally retain your personal data throughout the lifecycle of the transaction you are involved in with the Managed Entity. Some personal data will be retained after your relationship with the Managed Entity ends. The Managed Entity expects to delete your personal data (at the latest) once there is no longer any legal or regulatory requirement or legitimate business purpose for retaining your personal data.

Automated decision-making

The Managed Entity will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of your personal data, unless it has considered the proposed processing in a particular case and concluded in writing that it meets the applicable requirements under the Data Protection Legislation.

Your rights

You have certain data protection rights, including the right to:

• be informed about the purposes for which your personal data are processed;
• access your personal data;
• stop direct marketing;
• restrict the processing of your personal data;
• have incomplete or inaccurate personal data corrected;
• ask the Managed Entity to stop processing your personal data;
• be informed of a personal data breach (unless the breach is unlikely to be prejudicial to you);
• complain to the Jersey Office of Information Commissioner (https://oicjersey.org); and
• require the Managed Entity to delete your personal data in some limited circumstances. 

Contact

The Managed Entity is committed to processing your personal data lawfully and to respecting your data protection rights. If you have any questions about this notice or the personal data the Managed Entity holds about you, please contact dpo@hawksford.com marking your communication "Data Protection Enquiry".