Data protection policy
The protection of your personal data is important to the BNP Paribas Group.
This Data Protection Notice is directed to the potential investors in the investment vehicles managed and/or served by GGP as defined and detailed below and acting through their general partner (the “Funds”) as well as the persons set out in section 2 (“you”).
This Data Protection Notice provides you with detailed information relating to the protection of your personal data by GLOBAL GENERAL PARTNER, 50, avenue J.F. Kennedy, L-1855 Luxembourg, Grand Duchy of Luxembourg, acting as (i) the Fund’s alternative investment fund manager and central administration or (ii) the Fund’s administrative services provider (“GGP”) and by the Funds managed and/or served by GGP (“we”).
We are responsible, as joint controllers, for collecting and processing your personal data in relation to our Fund’s and GGP’s activities (and that of their respective delegates that are acting as sub-processors). The purpose of this Data Protection Notice is to let you know which personal data we collect about you, the reasons why we use and with whom we share such data, how long we keep it, what your rights are and how you can exercise them.
Please be aware that if you fail to provide certain requested personal data or if you erase, restrict, object the use of your personal data or withdraw your consent to such use as mentioned in section 7 below “What are your rights and how can you exercise them?”, this may result in the impossibility to maintain your investment in the Fund and you could be qualified as being a “defaulting investor”, depending of and as defined in the Fund’s legal documentation. Further information may be provided by contacting us (see section 10 below “How to contact us?”).
We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalised products and services.
We may collect various types of personal data about you, including:
- personal identification data (e.g. name, postal address (private and professional), phone number (private and professional);
- official identification data (e.g. ID card and passport numbers, tax ID);
- personal details (e.g. place and date of birth, gender, marital status, nationality);
- data concerning household composition (e.g. family situation, number of children);
- electronic identification data (e.g. e-mail address, IP address, electronic signature, remote connection data);
- banking and financial data (e.g. bank account details, credit or debit card number, financial situation data (income, assets, credit history, debts and expenses, sources of the funds, wealth estimation), transactional data, insurance data, declared investor profile, professional activity);
- data relating to regulatory clearance and reporting: “know your customer” anti-money laundering and tax related information, (e.g. U.S. Tax Identification Number, Global Intermediary Identification Number, establishment in a reportable jurisdiction, status under FATCA and AEOI regime, controlling person);
- education, training and qualification data (e.g. level of education, professional qualification);
- career and employment data (e.g. employment, employer’s name, job title, job history, beginning and termination of your mandate, remuneration);
- data relating to your habits and preferences in term of investments:
o data which relates to your investments in private equity/real estate (PERE) feeder funds domiciled in Luxembourg or in Scotland;
o data from your interactions with us: meetings, e-mails, phone conversations minutes, the beginning and termination of your relationship with the Fund, reasons for termination;
As a general rule, we do not collect personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data concerning your sexual orientation.
We only process data relating to criminal convictions and offences if required through a legal obligation.
The data we use about you may be directly provided by you or obtained from other sources in order to verify or enrich our databases, such as:
- publications/databases made available by official authorities (e.g. the “registre de commerce et des sociétés”);
- our corporate clients or service providers/vendors;
- third parties such as credit reference agencies and fraud prevention agencies or data brokers in conformity with the data protection legislation;
- websites pages containing information made public by you (e.g. your own website or social media);
-databases made publicly available by third parties.
We may collect information about you where you do not have a direct relationship with us. This may happen for instance when your employer, company or another intermediary provides us with information about you or when your contact details are provided by one of our investor if you are for example:
· family members;
· successors and rightholders;
· legal representatives and authorised signatories (power of attorney), trustees;
· ultimate beneficial owners;
· company shareholders;
· representatives, including employees, officers and directors of a legal entity (which may be an investor or a service provider/vendor);
a. To comply with our legal and regulatory obligations
We use your personal data to comply with various legal and regulatory obligations, including:
- asset management and financial regulations in compliance with which we:
- set up security measures in order to prevent abuse and fraud;
- detect transactions which deviate from normal patterns;
- keep proof of transactions;
- define your risk score;
- monitor and report risks that institutions could incur;
- record, when necessary, emails
- reply to an official request from a duly authorised public or judicial authority;
- prevention of money-laundering and financing of terrorism;
- compliance with legislation relating to sanctions and embargoes to prevent any services to persons subject to economic or trade sanctions on an on-going basis;
- fight against tax fraud and fulfilment of tax control and notification obligations such as reporting to the tax authorities under Foreign Account Tax Compliance Act (FATCA), the Common Reporting Standard (CRS);
- categorisation of investors according to legal or regulatory eligibility criteria.
You must answer all questions and requests with respect to your identification and investment in the Fund, FATCA and/or CRS. If you fail to provide relevant personal data requested by us or by our service providers in the course your investment in the Fund, it may result in incorrect or double reporting, prevent you from maintaining your investment in the Fund and may be reported to the relevant Luxembourg authorities.
You also acknowledge and accept that, if it is relevant, we (or our service providers) will report any relevant information in relation to your investment in the Fund to the Luxembourg tax authorities (Administration des Contributions Directes) which will exchange this information on an automatic basis with the competent authorities in the United States of America or other permitted jurisdictions as agreed in the FATCA Law, CRS, the CRS Law, at Organisation for Economic Co-operation and Development and European levels or equivalent Luxembourg legislation.
b. To perform a contract with you or to take steps at your request before entering into a contract
We use your personal data to enter into and perform your contract with the Fund, including to:
- managing your account(s) with the Fund ;
- performing any related services on an on-going basis (e.g. processing subscription, drawdowns, distributions, transfers , updating and maintaining records and fee calculation, maintaining the register of shareholders, providing financial and other information to the shareholders in relation to their investments in the Fund);
c. To fulfil our legitimate interest
We use your personal data in order to deploy and develop our products and services, to improve our risk management and to defend our legal rights, and as well to:
- perform behavioural and transactional analysis in order to detect fraud;
- cooperation and reporting to public authorities;
- ensure the security of persons and property;
- perform IT management, including infrastructure management (e.g. shared platforms) & business continuity and IT security;
- establish aggregated statistics, tests and models, for research and development, in order to improve the risk management of our group of companies or in order to improve existing products and services or create new ones;
- manage and develop our relationship with you and with our service providers, including in relation with the performance of their services and optimization of their internal organisation;
- perform client satisfaction and opinion surveys;
- assist you and answer your requests;
- personalise and improving the quality of our services.
d. To respect your choice if we request your consent for specific processing
In some cases, we require your consent to process your data, for example:
- where the above purposes lead to automated decision-making, which produces legal effects or which significantly affects you. At that point, we will inform you separately about the logic involved, as well as the significance and the envisaged consequences of such processing;
- if we need to carry out further processing for purposes other than those outlined in section 3, in particular for other marketing activities, we will inform you and, where necessary, ask for your consent separately.
e. Electronic communications recordings
We may record communications with you (including, e-mails):
- for record keeping as proof of a transaction or related communication in the event of a disagreement;
- for processing and verification of instructions;
- for investigation and fraud prevention purposes;
- to enforce or defend our interests or rights.
We record communications with you only to the extent necessary:
- for compliance with our legal and regulatory obligations;
- for the performance of a task carried out in the public interest;
- to pursue our legitimate interests as listed above.
We will not be released such recordings to third parties, except in cases where we are compelled or entitled by applicable laws or regulations or court order to do so. Such recordings may be produced in court or other legal proceedings and permitted as evidence with the same value as a written document and will be retained for a period of 10 years starting from the date of the recording.
In order to fulfil the aforementioned purposes, we communicate your personal data to:
- any third party service provider in charge of whole or part of certain central administration functions and processes, as more specifically detailed in the Issuing Document as applicable;
- paying agents (if requested by the applicable law of your country of residence) and the BNP Paribas Group entity acting as the relevant Fund’s distributor and through which you have invested in the Fund and other potential service providers;
- independent agents, intermediaries auditors, financial institutions, banking and commercial partners with which we have regular relationship (e.g. banks);
- if relevant, any target entities, and/or their related entities (including without limitation their respective general partner and/or management company and/or central administration/investment manager/service providers) in or through which we intend to invest;
- supervisory, financial, taxation, administrative or judicial authorities, state agencies or public bodies, in Luxembourg or in various jurisdictions, to the extent permitted by law, in particular those jurisdictions where (i) the Fund is or is seeking to be registered for limited offering of shares, (ii) the shareholders are resident, domiciled or citizens or (iii) the Fund is, or is seeking to, be registered, licensed or otherwise authorised to invest;
- certain regulated professionals such as lawyers, notaries or auditors;
- certain BNP Paribas Group entities (e.g. in case of consolidated management of the risks);
- any of the above listed respective entities’ agents, delegates, service providers, processors, affiliates, and/or companies of the group to which they belong, and/or their successors and assigns.
In case of international transfers originating from the European Economic Area (EEA) to a non-EEA country, the transfer of your personal data may take place where the European Commission has decided that the non-EEA country ensures an adequate level of data protection. Such country would be (i) the one where the BNP Paribas Group entity acting as the Fund’s distributor and through which you have invested in the Fund is located (ii) and, if requested by the applicable law, your country of residence where the relevant Fund’s paying agent is located, or, (iii) where the Fund, via its relevant Compartment, intends to invest.
If you have invested in the Fund through a BNP Paribas Group entity acting as a Fund’s distributor located in a non-EEA country and if a Fund’s paying agent has been appointed as requested by the applicable law in such non-EEA country, or, where the Fund, via its relevant Compartment, intends to invest in any non-EEA target entity for the transfers to such non-EEA country where the level of data protection has not been recognised as adequate by the European Commission, meaning that such country might not provide for a data protection supervisory authority and/or data processing principles and/or data subjects rights, which situation might lead to potential increased risks for you rights and freedoms, we will implement, to the extent necessary, standard contractual clauses approved by the European Commission (as amended or replaced from time to time) to ensure the protection of your personal data. Such countries could be Monaco, Singapore, Hong-Kong, Dubai, Qatar, and Bahrein.
In case of delegation or sub-delegation of certain central administration functions and processes as more specifically detailed in the Issuing Document as applicable, personal data may be transferred to service providers located in (i) the United Kingdom and/or the Isle of Man, countries whose level of personal data protection has been recognised by the European Commission as equivalent to that applicable in the European Union and/or (ii) to the Philippines where the level of data protection has not been recognised as adequate by the European Commission, meaning that such country might not provide for a data protection supervisory authority and/or data processing principles and/or data subjects rights, which situation might lead to potential increased risks for you rights and freedoms. To cover the foregoing transfers to the Philippines, we will ensure that, to the extent necessary, standard contractual clauses approved by the European Commission (as amended or replaced from time to time) will be implemented.
To obtain a copy of these standard contractual clauses or details on where they are available, or further information on how we ensure the safeguarding of your personal data, you can send a written request to us as set out in section 9.
In certain specific situation, and to the extent permitted, we may rely on a legal derogation to transfer your personal data to a non-EEA country which is not subject to an adequacy decision of the European Commission for instance where such transfer is necessary:
- for performing our service;
- for our service providers to perform services rendered in your interest;
- for important reasons of public interest;
- for the establishment, exercise or defence of legal claims;
- for achieving our compelling legitimate interests;
Such transfer of your personal data may also take place:
- where it is made from a public register;
- in the event it is required by any judgment of a foreign court or tribunal or any decision of a foreign administrative or supervisory authority: we will transfer your personal data on the basis of an existing international agreement;
- under exceptional circumstances, on the basis of your explicit consent. In such a case, we will inform you and ask for your consent separately.
We will retain your personal data for the longer of the period required in order to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper Fund’s shareholder’s account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests. For instance, most client information is kept for the duration of the contractual relationship with the Fund as defined in the Fund’s legal documentation and for 10 years after the end of the said contractual relationship. In any case, we will not retain your personal data for longer than necessary with regard to the purposes for which we collect and process such personal data (see section 3 above “Why and on which basis do we use your personal data?”).
In accordance with and within the limits of applicable laws and regulations, you have the following rights to:
- access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
- rectify: where you consider that your personal data is inaccurate or incomplete, you can require that such personal data be modified accordingly.
- erase: you can require the deletion of your personal data, to the extent permitted by law.
- restrict: you can request the restriction of the processing of your personal data.
- object: you can object to the processing of your personal data, on grounds relating to your particular situation and to extent permitted by law. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
- withdraw your consent: where you have given your consent for the processing or transfer of your personal data, you have the right to withdraw your consent at any time, but without prejudice to the lawfulness of the processing or data transfers carried out before you withdraw such consent.
- data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
If you wish to exercise the rights listed above, please send a letter or an e-mail to the address set out in section 9. Please include a scan/copy of your identity card for identification purpose.
Please, be perfectly aware that if you fail to provide certain requested personal data or if you erase, restrict, object the use of your personal data or withdraw your consent to such use as mentioned above, this may result in the impossibility to maintain your investment in the Fund and you could be qualified as being a “defaulting investor”, depending of and as defined in the Fund’s legal documentation. Further information may be provided by contacting us (see section 10 below “How to contact us?”).
In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the data protection laws and regulations (i.e. in Luxembourg, the “Commission Nationale pour la Protection des Données” (cnpd.lu).
If you provide us with personal data concerning other individuals than yourself (in particular if you are not a natural person), it may become very cumbersome for us to directly get in touch with each one of such other individuals to inform them about our processing of their personal data and about their related rights. Therefore, we ask you to circulate this Data Protection Notice to all individuals about whom you provide personal data to us so that we can ensure that they are adequately informed about the processing of their personal data and about their related rights.
In a world of constant technological changes, we will update this Data Protection Notice regularly.
You can always request the latest version of this notice by calling +352 42 42 75 72, upon request addressed by e-mail or by post using the contact details mentioned below (see section 10 “How to contact us”). This notice is available in both paper and e-format. We will inform you of any material changes through our other usual communication channels.
If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact us by letter to Global General Partner at 50, avenue J.-F. Kennedy, L-1855 Luxembourg, Grand Duchy of Luxembourg or by e-mail to email@example.com