Part I – Residents of the EEA and Investors in Cayman Island Entities
As required under the Directive (95/46/EC) and the e-Privacy Directive and from May 25, 2018 Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”), if you are resident in the European Economic Area (“EEA”) or if you are not a natural person and your shareholders, directors, officers, members, agents, designees and/or beneficiaries (“Underlying Data Subjects”) are resident in the EEA or have invested into an entity organized under the laws of the Cayman Islands (together or as appropriate in the circumstances, an “EEA Investor”), we are providing the notice as set out in the Appendix hereto in order to inform you of our privacy policies and practices with respect to the processing of personal data for EEA Investors. For the avoidance of doubt, the EEA includes the member states of the European Union plus Iceland, Norway, and Liechtenstein.
Cayman Islands Data Protection
For each entity organized under the laws of the Cayman Islands through which you may have invested, the applicable entity also has obligations to you under applicable data protection laws (each such entity being referred to herein as the “Partnership.” The Data Protection Law, 2017 of the Cayman Islands (the “DPL”) provides similar rights to investors and requires data controllers and processors to implement specific requirements similar to those applicable under the GDPR. The DPL shall apply from September 30, 2019.
- The EEA Investor and the general partner of the applicable Partnership (the “General Partner”), the investment manager of the applicable Partnership (the “Investment Manager”), their respective affiliates or any of their respective directors, officers, managers, employees, partners, members, shareholders, affiliates, advisers, attorneys-in-fact, delegates, representatives or agents (collectively, the “Bridge Persons”, and each, a “Bridge Person”) shall comply with all applicable Data Protection Laws when processing personal data in connection with the investment in the Partnership.
- To the extent the EEA Investor is an individual, the EEA Investor is informed and acknowledges that the documentation and information the EEA Investor provides in relation to any Subscription Document (and in the course of its investment in the Partnership) will be processed in connection with such Subscription Document and any personal data will be processed in accordance with the privacy notice set out in Exhibit A hereto (the “Privacy Notice”).
- To the extent that the EEA Investor is a non-natural person and shares personal data about natural persons relating to such EEA Investor with a Bridge Person (e.g. information relating to its representatives, contact persons, directors, trustees, settlors and beneficial owners), the EEA Investor shall ensure such disclosure of personal data is in compliance with all Data Protection Laws and that there is no prohibition or restriction which would:
- Prevent or restrict it from disclosing or transferring the personal data to a Bridge Person;
- Prevent or restrict a Bridge Person from disclosing or transferring personal data to its affiliates, subcontractors, vendors, credit reference agencies and competent authorities pursuant to its obligations under the applicable Subscription Document;
- Prevent or restrict a Bridge Person, its delegates, affiliates, subcontractors, vendors, credit references agencies and competent authorities from processing the personal data for the purposes set out in the applicable Subscription Document; and
- Ensure that it has provided the Privacy Notice set out in Exhibit A hereto informing the data subjects of a Bridge Person’s processing of such personal data as described in the Privacy Notice to any applicable data subject, including notifying data subjects of any updates to the Privacy Notice. Where required, the EEA Investor shall procure the necessary consents from data subjects to the processing of personal data as described in the Privacy Notice or the applicable Subscription Document.
- The EEA Investor agrees that it will (in addition to, and without affecting, any other rights or remedies that the Partnership and a Bridge Person may have whether under statute, common law or otherwise) indemnify and hold harmless a Bridge Person, on demand from and against all claims, liabilities, costs, expenses, loss or damage incurred by a Bridge Person (including consequential losses, loss of profit and loss of reputation and all interest, penalties and legal and other professional costs and expenses) arising directly or indirectly from (i) a breach of the applicable Subscription Document or applicable Data Protection Laws by EEA Investor or (ii) enforcement by a Bridge Person of any rights under it.
This Privacy Notice details how the General Partner and/or the Partnership as applicable (the “General Partner,” “we,” “us”) processes the personal data received about you (including where you are acting on behalf of an EEA Investor (i.e. as the contact person or ultimate beneficial owner, director, member or officer etc. of an institutional investor)) in relation to the investment in the Partnership, how we process it and your rights and obligations in relation to your personal data during the course of your investment. For the purposes of this Exhibit references to “General Partner” shall be construed to mean any Bridge Person that collects and/or processes your personal data.
DATA CONTROLLER CONTACT DETAILS
The General Partner is a company formed in Delaware with its principal place of business at 111 East Sego Lily Drive, Suite 400, Salt Lake City, Utah 84070 and contact email address firstname.lastname@example.org and is the data controller for the purposes of the GDPR and other applicable Data Protection Laws.
For all data privacy inquiries and any questions or concerns you have about this Privacy Notice, please contact Bridge Investor Relations (“Data Privacy Contact”) at:
Post: 111 East Sego Lily Drive, Suite 400, Salt Lake City, Utah 84070.
WHAT PERSONAL DATA IS PROCESSED?
For the purposes of this Privacy Notice, the “EEA Investor” is the person or entity that is making an investment in the Partnership.
Where the EEA Investor is an individual, you will be providing your personal data by completing the subscription forms and associated documentation and by registering for and accessing our investor portal or by communicating with us by phone, e-mail or otherwise.
Where you are acting on behalf of an EEA Investor (i.e. you are a contact person, ultimate beneficial owner director, officer etc. of an institutional investor), the EEA Investor may provide your personal data to us by completing the subscription forms and associated documentation (including by way of satisfying applicable AML/KYC checks) and by accessing our investor portal or by the EEA Investor or the relevant Underlying Data Subject communicating with us by phone, e-mail or otherwise. The rights and obligations applicable under the DPL apply based on your investment into the Partnership.
In both cases, we process the following personal data about you:
- Contact information such as first name, last name, telephone number, email address, and physical/mailing address;
- Personal information such as date of birth and job position/title;
- Government issued identifiers such as passport number, national insurance number or driving licence number (and copies of supporting documents of the same);
- Bank details, beneficial ownership in the EEA Investor (if applicable) and the source of the funds for your investment; and
- Financial information such as credit history or credit checks.
If the personal data referable to you or an applicable Underlying Data Subject changes, please let us know by contacting email@example.com at the earliest opportunity so that our records can be updated. Any delay in notification is likely to delay our ability to communicate with you and administer your investment in the Partnership. Any losses created thereby shall not be our responsibility.
WHAT IS THE PURPOSE FOR PROCESSING THE PERSONAL DATA?
We process your personal data in reliance upon the legal basis and for the purposes set out below.
HOW WILL PERSONAL DATA BE SHARED?
- Disclosures and transfers with third parties
We share your personal data with selected third parties. The categories of recipients include:
- Competent authorities, e.g. tax authorities, courts and any affiliated service providers, in order to comply with our legal obligations and for licensing or other regulatory compliance purposes;
- Third party providers including SS&C Technologies, Inc. located in the United States and SS&C Fund Services (Cayman) Ltd. located in the Cayman Islands (together, “SS&C”) for the purpose of fund administration;
- Third party service providers in order to fulfil our legal obligations, for example, sanctions laws and to fulfil our KYC and AML obligations;
- Existing Investors in the Partnership to facilitate communication between investors in certain circumstances;
- Other EEA Investors, including ultimate beneficial owners, for the purpose of the General Partner fulfilling its obligations; and
- Lenders, to enable lenders to perform KYC for the purpose of providing borrowing facilities.
With respect to US FATCA and/or CRS, please note that (i) your personal data may be processed and transferred to a local tax authority who may transfer such data to the competent foreign tax authorities, only for the purposes provided for in the FATCA and CRS rules as well as to service providers for the purpose of effecting the reporting on our behalf and (ii) for each information request sent to the EEA Investor, addressing such information requests as are mandatory (including where failure to respond may result in incorrect or double reporting). We also use SS&C to provide our investor portal.
Where the General Partner or the Partnership is under an obligation to do so by law, it will disclose your personal data to regulators, courts, the police or tax authorities, or in the course of litigation. In some cases, in accordance with applicable law, it may not be possible to notify you in advance about the details of such disclosures.
- Safeguarding personal data
Where a Bridge Person transfers your personal data to group entities that are outside the European Economic Area (the “EEA”) or the Cayman Islands, this will be done under the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC.
Where we transfer your personal data to our third-party service providers and partners outside the EEA, these recipients are required to execute the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses) or be certified as complying with the EU-US Privacy Shield.
Please contact firstname.lastname@example.org should you wish to receive a copy of these standard data protection clauses. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.
You have certain rights in relation to the personal data we hold about you, which we detail below.
Please note that we will require you (or any applicable Underlying Data Subject) to verify identity before responding to any requests to exercise your rights by providing proof of identity, such as a copy of a passport/driving licence and proof of address (such as a recent bank or building society statements (no more than three months’ old)). We must respond to a request by you to exercise those rights without undue delay and at least within one month, (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please direct all queries, complaints and comments: email@example.com.
- Data access rights. In certain circumstances, you have the right to access and receive a copy of information we hold about you, to rectify any personal information held about you that is inaccurate and to request the deletion, portability or suspension of or access to personal information held about you. Any access request after the first such request by you may be subject to a reasonable fee to meet our costs in providing you with details of the information we hold about you. You can exercise your rights by contacting us at firstname.lastname@example.org.
- In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at email@example.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the supervisory authority.
FOR HOW LONG IS PERSONAL DATA RETAINED?
We will retain your personal data that you provide to us for seven years from the date of provision, or longer, where required pursuant to contractual obligations.
After you have terminated your investment in the Partnership, we may store your information in an aggregated and anonymised format.
CHANGES TO THIS POLICY
This Privacy Notice may be amended from time to time, at our discretion. You will be notified of any changes to these terms.