PRIVACY POLICY FOR KOREAN RESIDENTS
The purpose of this Privacy Policy for Korean Residents (this “Privacy Policy”) is to protect your personal information and to promptly address issues regarding personal information protection in accordance with the Korean Personal Information Protection Act, as amended.
This Privacy Policy details the obligations that Bridge Investment Group Holdings LLC (together with its affiliates, the “Company”) has with respect to investors (“Investors”) in Company-sponsored funds that are resident in Korea.
ARTICLE 1 (COLLECTION AND USE OF PERSONAL INFORMATION)
-
The Company will use personal information for the below purposes. Personal information will not be used for any other purpose and in the event of any change in the below purposes of use, the Company will implement all required measures, including asking for your consent to the changes.
2. The Company may collect personal information using the following methods:
-
Subscription agreements, investor questionnaires or other forms submitted to us;
-
Contracts you negotiate or enter into with us;
-
Responses to diligence requests, such as for “know your customer” processes;
-
Transactions with us, our affiliates or others;
-
Meetings, electronic communications or telephone conversations with you; and
-
Any other communications from you or your representatives.
ARTICLE 2 (PROVISION OF PERSONAL INFORMATION TO THIRD PARTIES)
-
The Company will process personal information within the scope provided in Article 1 (Collection and Use of Personal Information). The Company will provide personal information to third parties only as permitted under the Korean Personal Information Protection Act, including provision after obtaining your consent or provision in accordance with relevant laws and regulations.
-
After obtaining your consent under reasonable procedures, the Company may provide personal information to third parties as follows:
-
Competent authorities, e.g. tax authorities, courts, regulatory bodies and any affiliated service providers, in order to comply with our legal obligations and for licensing or other regulatory compliance purposes;
-
Third party administrators and service providers for the purpose of transfer agent services and fund administration;
-
Third party service providers in order to perform or fulfil our legal obligations, for example, sanctions laws and to fulfil our KYC and AML obligations;
-
Placement agents, transfer agents, brokerage firms and other similar professionals, in connection with any investment or disposition;
-
Existing investors in a partnership to facilitate communication between investors in certain circumstances;
-
Other Investors, including ultimate beneficial owners, for the purpose of fulfilling our obligations; and
-
Lenders, to enable lenders to perform KYC for the purpose of providing borrowing facilities.
Your personal information is transmitted outside of Korea in the ordinary course of business. By execution of a subscription agreement for investment in a Bridge-sponsored fund you consent to such transfer, provided such transfer is done in accordance with applicable laws.
Our service providers process personal data on our behalf, thus acting as data processors (the “Processors”).
Further entities (also data processors) may process your personal data on our behalf and such service providers, in particular their affiliates and own service providers such as auditors, legal, financial or technical advisors.
The Processors act as data processor on our behalf and, in certain circumstances, as data controller, in particular for managing, testing, securing and optimizing their systems and compliance with their own legal obligations in accordance with applicable laws and regulations (such as anti-money laundering identification) and/or order of competent jurisdiction. Where they act as a data controller, they shall remain solely liable with respect to such processing and further details about their processing of your personal data may be found within their respective privacy policies.
ARTICLE 3 (PERSONAL INFORMATION RETENTION AND USE PERIOD)
-
We will generally retain your personal data that you provide to us until the liquidation of the applicable partnership in which you have invested, and a subsequent period of up to ten (10) years thereafter where necessary to comply with applicable laws and regulations or to establish, exercise or defend actual or potential legal claims, subject to the applicable statutes of limitation, unless a longer period is required by applicable laws and regulations. In any case, your personal data will not be held for longer than necessary with regard to the purposes described in any subscription document and any privacy notice, subject always to applicable legal minimum retention periods.
-
After you have terminated your investment in a partnership, we may store your information in an aggregated and anonymised format.
-
If you owe any obligations to the Company regarding the services provided by the Company or if the Company owes any obligations to you regarding the services provided by the Company, the Company may store your personal information until such obligations are settled.
ARTICLE 4 (DESTRUCTION OF PERSONAL INFORMATION)
-
If the personal information retention period has expired, the purpose of use has been achieved or your personal information is otherwise no longer necessary, the Company will destroy your personal information without delay unless it has a legal obligation to retain such information.
-
If the Company is required to continue to store your personal information under relevant laws and regulations even if the personal information retention period has expired or the purpose of use has been achieved, we will ensure that access to such information will be limited to only those persons that the Company’s compliance department reasonably determines need to access such information for the completion of their jobs and satisfaction of applicable legal requirements.
-
The Company will physically destroy personal information printed on paper and permanently delete personal information electronically stored, using methods to ensure that personal information may be not restored. “Methods to ensure that personal information may not be restored” refers to methods with reasonable costs, taking into consideration the current technology standards. If processing of personal information to be destroyed has been delegated to a third party, the Company will ensure that the third party can no longer process personal information.
ARTICLE 5 (DELEGATION OF PROCESSING OF PERSONAL INFORMATION)
-
To ensure that personal information is adequately processed, the Company, in part or in whole, delegates processing as follows.
2. Under the Personal Information Protection Act, the Company (i) includes in service provider agreements with delegates provisions on prohibition of processing outside of the scope of the delegated duties, technical and administrative protection measures, restrictions on re-delegation, management and supervision of delegates and liabilities and (ii) ensures that it maintains adequate visibility into the activities of such delegates in order to ensure safe processing of personal information.
3. In the event of any change in the delegates or duties delegated, we will provide updates through this Privacy Policy without delay.
ARTICLE 6 (RIGHTS AND OBLIGATIONS OF INFORMATION SUBJECTS)
-
You may exercise the following rights with regards to personal information protection
(i) Data access rights. In certain circumstances, you have the right to access and receive a copy of information we hold about you, to rectify any personal information held about you that is inaccurate and to request the deletion, portability or suspension of access to such information. Any access request after the first such request by you may be subject to a reasonable fee to meet our costs in providing you with details of the information we hold about you.
(ii) Other rights protected by PIPA. As the PIPA is amended from time to time to create new data protection rights for you, those rights will be afforded to you to the extent applicable. This includes, without limitation, your right to request information from us with respect to any automated decision-making processes, the right to refuse automated decision-making processes, and the right to data portability through which you may request transmission of your personal data.
(iii) Complaints. In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at investorrelations@bridgeig.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with any supervisory authority.
ARTICLE 7 (INSTALLATION AND REFUSAL OF AUTOMATIC PERSONAL INFORMATION COLLECTION)
-
To provide you with an individualized experience, the Company uses cookies to store and retrieve information regarding your use of our website.
-
A cookie is a small text file that the http server used to provide this website sends to your computer browser and may be saved on your computer hard disk.
(i) Purpose of use of cookies: cookies are used to provide you with information tailored to your needs based on user identification, continued log-in, services and websites that you have visited and used, frequent search phrases and secured access.
(ii) Installation and refusal of cookies: you may refuse cookies. If you refuse cookies, you may experience difficulties in using individualized services.
ARTICLE 8 (MEASURES TO ENSURE SAFETY OF PERSONAL INFORMATION)
-
The Company has implemented the following measures to ensure safety of personal information.
(i) Administrative measures: establishment and implementation of internal data management plan, regular employee training;
(ii) Technical measures: restrictions on access to personal information processing system, installation of access restriction system, encryption of personally identifiable information, installation of security programs; and
(iii) Physical measures: restrictions on access to data center and data storage room
ARTICLE 9 (PRIVACY OFFICER)
-
The Company has designated the below Privacy Officer to oversee processing of personal information, address your complaints regarding personal information processing and provide remedies.
2. Please contact the Privacy Officer or Investor Relations team for any questions, complaints or remedies regarding personal information protection for the Company’s services and business. The Company will use its efforts to ensure that we respond to and address your questions without delay.
3. For any other reports or consultation regarding breach of personal information, please contact the below agencies:
(i) Personal Information Dispute Mediation Committee (www.kopico.go.kr): 02-2100-2499
(ii) Korea Internet & Security Agency Personal Information Infringement Report Center (privacy.kisa.or.kr): 118
(iii) Supreme Prosecutor's Office Forensic Science Investigation Department Cyber Investigation Division (www.spo.go.kr): 02-3480-3571
(iv) Korean National Police Agency Cyber Bureau(cyberbureau.police.go.kr): 182
ARTICLE 10 (PERSONAL INFORMATION ACCESS)
You may request access to your personal information retained by the Company by contacting the Investor Relations department. The Company will use its efforts to ensure your requests are promptly processed.
ARTICLE 11 (NOTICE OBLIGATIONS)
-
This Privacy Policy may be amended from time to time, including in the event of amendment of the Personal Information Protection Act or change in governmental authorities’ policies. Any material addition, deletion or modification will be notified without delay via the Company’s website or e-mail.
LAST UPDATE: APRIL 1, 2024