Privacy Notice of LGT Capital Partners to existing and potential fund investors

This section describes how the fund in which you invest (or where applicable the management company or AIFM acting on behalf of the fund) (the “Data Controller”), acting as data controller collects and uses personal data of individual investors and individuals associated with non-natural person investors (e.g., directors, trustees, employees, beneficial owners) in connection with who have subscribed to the fund. This section also provides an outline of data protection rights applicable to an investor and the corresponding data protection obligations of the Data Controller towards such investor, in accordance with any applicable national data protection laws (including, but not limited to the General Data Protection Regulation (Regulation 2016/679) (the “GDPR”), any related data protection and privacy laws of EU member states and the United Kingdom (“UK”) (as applicable), as amended from time to time, and in respect of Californian resident Limited Partners the California Consumer Privacy Act, and any amendments thereto or regulations promulgated thereunder (the “CCPA”) (together, the "Data Protection Legislation"). Individual investors who have subscribed to the fund will be affected directly. Institutional investors that provide the Data Controller with personal data of connected individuals for any reason in relation to a Subscription, must advise such connected persons of the contents of this section. A person whose personal data is processed as described below is referred to in this section as a data subject. 

What are the categories of data subjects?

By virtue of making an investment in the fund and any associated interactions (including the recording of electronic communications or phone calls where applicable) or by virtue of an investor otherwise providing the Data Controller and / or its affiliates with personal information of connected individuals (for example directors, trustees, employees, representatives, shareholders, investors, clients, beneficial owners or agents), an investor will provide the Data Controller and / or its affiliates with personal information which constitutes personal data within the meaning of the Data Protection Legislation. Furthermore, the Data Controller may obtain personal data of an investor from third parties, including consumer reporting agencies or other public sources.

What personal data does the Data Controller collect?

Personal data includes the following information relating to an individual investor and/or any connected individuals of an investor that is a legal person: name, residential address, email address, contact details, corporate contact information, signature, nationality, place of birth, date of birth, family status, occupation, names and contact details of persons related to an investor such as employees, directors, representatives or other affiliates of the company or other organization represented by the investor, tax identification, Subscriptions, credit history, correspondence records, passport number, bank account, source of funds, gross income, net wealth, details relating to an investor’s investment activity (incl. current and potential investments) and experience and any such other personal information which the Data Controller is required to record in accordance with any applicable anti-money laundering, counter-terrorist financing and know-your-customer regulations (together “Personal Data”).

Subject to the relevant jurisdictional requirements, the Data Controller may process sensitive personal information. The Data Controller will only use and disclose sensitive personal data for a purpose for which it was originally collected. Unless we request it, we ask that you not send us, or disclose, any sensitive personal data. The sensitive data that may be processed shall include:

  • Information related to racial, ethnic origin, political opinions, religious or philosophical beliefs, or union membership.
  • A social security, driver’s license, state identification card, or passport number.
  • An account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
  • The contents of an individual’s mail, email, and text messages unless the business is the intended recipient of the communication.

For what purposes are Personal Data processed and upon which legal bases?

The Data Controller has collected, stored and used such Personal Data or may do so in the future for such lawful purposes disclosed below:

Performance of the contract

  1. to reflect an investor’s ownership interest and managing and administering its interest on an ongoing basis (i.e. where necessary for the performance of the subscription agreement or to process subscriptions, redemptions, conversion and transfer requests or the payment of drawdown notices or distributions);
  2. for disclosure to parties such as the management company or AIFM, the administrator, the depositary, the auditors, the custodians, the tax advisors and other service providers of the Data Controller, where necessary pursuant to the performance of the subscription agreement;
  3. for disclosure to the general partners or financial sponsors of private equity investments and their duly authorised delegates who process Personal Data for anti-money laundering, counter-terrorist financing and know-your-customer purposes or for compliance with any applicable foreign regulatory and tax requirements, where necessary for the performance of the subscription agreement or any relevant contracts;
  4. for disclosure to third party credit providers on the level of the Data Controller, its intermediate investment vehicles or the private equity investments in order to evaluate the subscription profile of the relevant borrower, the borrowing facility amount or the suitability of collateral, where necessary for the performance of the subscription agreement or any relevant contracts.

Compliance with a legal obligation

  1. for discharging anti-money laundering, counter-terrorist financing and know-your-customer obligations of the Data Controller by verifying the identity of investors (and, if applicable their beneficial owners) or for the prevention of fraud or for regulatory or tax reporting purposes or in response to legal requests or requests from regulatory, tax or other law enforcement authorities (i.e. where this is necessary for compliance with a legal obligation to which the Data Controller is subject to) or any other similar legal obligations;
  2. in certain circumstances the Data Controller and/or its authorised delegates may be legally obliged to share Personal Data and other financial information with respect to investors and their holdings of Data Controller interests with the tax authorities and they, in turn, may exchange this information with foreign tax authorities including tax authorities located outside the European Economic Area (the "EEA") or the UK. In certain circumstances, the Data Controller and/or its authorised delegates may be legally obliged to share Personal Data with law enforcement agencies or governmental authorities, or with other parties to legal proceedings.

Legitimate interests

  1. for direct marketing purposes (that is the Data Controller, its services providers and their delegates providing investors with information on products and services or referring to investors as a reference client) or for quality control, business and statistical analysis or for tracking fees and costs or for customer service, training and related purposes (i.e. where this is necessary for the purposes of the legitimate interests of the Data Controller or a third party and such legitimate interests are not overridden by the relevant investor’s or other relevant data subject’s interests, fundamental rights or freedoms and provided that the Data Controller is acting in a fair, transparent and accountable manner and has taken appropriate steps to prevent such activity having any unwarranted impact on the data subject and also noting the investor’s right to object to such uses, as discussed below). for the legitimate interest of complying with foreign laws and regulations and/or any order of a foreign court, government, supervisory, regulatory or tax authority;
  2. for investor relationship purposes, including answering queries, providing information on potential investment opportunities and/or other developments which might be of interest based on our relationship, in line with the legitimate interest of operating the business efficiently;
  3. for recording, maintaining, storing and using recordings of telephone calls (or any other communication) that an investor may make to and receive from the Data Controller, its services providers and their delegates or duly appointed agents and any of their respective related, associated or affiliated companies for processing and verification of instructions, management and administration of investor’s capital account(s) and any other matters related to an investor’s subscription, in the legitimate interest of managing and administering the fund’s business;
  4. for the provision of the proof, in the event of a dispute, of a transaction or any commercial communication as well as in connection with any proposed purchase, merger or acquisition of any part of the fund’s business, to further the legitimate interest of protecting the fund’s business;
  5. for risk management purposes, including responding to and complying with foreign legal obligations (including court orders) to which we are subject, monitoring for and investigating illegal activity including fraud, and otherwise taking steps to safeguard our business, operations and those with whom we interact, including monitoring communications for malicious content, to further the legitimate interest of protecting against, identifying, and preventing fraud and other unlawful activity; and
  6. for disclosures to other third parties such as other investors or technology providers where necessary for the maintenance and operation of IT systems, for the legitimate interest in ensuring a safe and secure IT environment.

Additionally, service providers of the Data Controller (such as the management company or AIFM or administrator)may use Personal Data where this is necessary for compliance with a legal obligation to which it is directly subject (i.e. to comply with applicable law in the area of anti-money laundering and counter terrorist financing, where required for global tax reporting purposes or where mandated by a court order or regulatory sanction). Such service providers, in respect of this specific use of personal data, act as data controller.

In the event the Data Controller wishes to use Personal Data for other specific purposes (including, if applicable, any purpose that requires the investor or other relevant data subject consent), the Data Controller will contact the relevant investor.

With whom and where will Personal Data be shared?

The Data Controller anticipates that the following affiliates and delegates (including their sub-delegates) will process Personal Data on its behalf and this may include certain entities located outside the EEA and the UK (where applicable):

  1. the management companies or AIFMs;
  2. investment advisors;
  3. administrators;
  4. auditors;
  5. custodians and credit providers;
  6. target funds and investment targets in which the fund intends to invest; and/or
  7. tax advisors.

The Data Controller may disclose personal data outlined above for various business, commercial, and legal purposes, and for investors, subject to applicable laws, including:

  • where necessary to comply with legal obligations, including when the Data Controller believes in good faith that disclosure is legally required;
  • to further the Data Controller’s legitimate interest in exercising and complying with its rights and obligations under a regulatory or self-regulatory requirement (such as complying with a subpoena, or responding to court orders or legal investigations);
  • to further the Data Controller’s legitimate interest in managing and administering its business, including protecting data subjects’ safety or security or protecting the safety and security of tangible or intangible property that belongs to the Data Controller or third parties;
  • to further the Data Controller’s legitimate interest in establishing, exercising or defending legal claims;
  • upon consent of an investor to release such information, including authorisation to disclose such information to persons acting in a fiduciary or representative capacity on behalf of the investor;
  • to further the Data Controller’s legitimate interest and/or legal obligations in complying with AML/KYC requirements.

The listed affiliates and delegates, may under their own responsibility, and subject to applicable laws, disclose the Personal Data to their agents and/or delegates (the “Sub-Recipients”), which shall process the Personal Data for the sole purposes of assisting the affiliates and delegates in providing their services to the Data Controller and/or assisting the affiliates and delegates in fulfilling their own legal obligations.

Please note that the Data Controller may be legally or contractually be required to disclose investors’ and other data subjects’ Personal Data to certain counterparties, mentioned above, that are located outside the EEA and the UK (where applicable) and which may in certain circumstances be subject to lower data protection standards than the Data Controller and its delegates. Any transmission of Personal Data by the Data Controller or its delegates, which may be outside the EEA and the UK, in a country that is not recognized by the European Commission as offering an adequate level for the protection of personal data, or by the UK Government as having the appropriate standard of protection required under applicable UK laws, shall be made in accordance with the conditions in the Data Protection Legislation. More specifically, the Data Controller and its duly authorised delegates will (i) enter into standard contractual clauses approved by the European Commission as well as put in place supplementary measures as recommended by the recommendations of the European Data Protection Board, to the extent required or (ii) adopt the UK International Data Transfer Agreement or Addendum, or any other appropriate safeguards available under UK law (as amended from time to time), to the extent required; or (iii) applicable derogations permitted under article 49 of the GDPR, or other legal basis.

Data subjects may request a copy of the safeguards put in place in respect of transfers of personal data, by contacting the email provided below.

The investors hereby acknowledge, and non-natural person investors agree, that the Data Controller will, for AML/KYC purposes, transfer some types of Personal Data to companies in which the fund intends to invest that are strictly necessary to allow such entities to comply with their legal obligations.

The affiliates and delegates, as well as the Sub-Recipients may, as the case may be, process the Personal Data as data processors (when processing the Personal Data on behalf of and upon instructions of the Data Controller and/or affiliates/delegates), or as distinct data controllers (when processing the Personal Data for their own purposes, namely fulfilling their own legal obligations).

Processing of Personal Data by AI tools

Personal Data may be processed using artificial intelligence (“AI”) technologies, including but not limited to generative AI. The Data Controller has taken steps, which it deems appropriate, to procure that such technologies are operated in compliance with applicable regulations such as the GDPR and the European Union Artificial Intelligence Act (Regulation 2024/1689) (“EU AI Act”). The use of AI aims to optimize processes, create efficiency gains, enhance quality, improve client experiences, and support decision-making across various business areas. While the Data Controller uses AI to assist in various processes and analyses, the latter ensures that no fully automated decision-making that significantly affects individuals is conducted without meaningful human oversight. The Data Controller maintains a "human in the loop" approach to ensure compliance with the relevant regulations. The Data Controller informs you separately about the deployment of AI technologies where required by law.

Data breaches notification

The Data Controller shall notify investors of any personal data breach which the Data Controller becomes aware of and which affects investors or other relevant data subjects and is likely to result in a high risk to the rights and freedoms of the investors or other relevant data subjects.

The data subjects’ rights

The investors and other data subjects have certain rights regarding the use of Personal Data summarised as follows, each subject to the provisions of the Data Protection Legislation:

  1. the right to access Personal Data (in an easily readable form), including, where appropriate, the categories of sources from which the Personal Data is collected; the business or commercial purpose for collecting such Personal Data; categories of third parties or persons with whom the Personal Data is shared and if so, the categories of personal information that each recipient obtained and the specific pieces of Personal Data collected;
  2. the right to rectify Personal Data where it is incorrect or incomplete;
  3. the right to data portability;
  4. the right to restrict the use of Personal Data;
  5. the right to withdraw any consent given to the processing of Personal Data (where applicable);
  6. the right to receive information regarding any entities the Data Controller discloses Personal Data to;
  7. the right to lodge a complaint with the competent supervisory authority in relation to data protection.
  8. All Californian investors, have the right to opt-out of the sale of Personal Data or the sharing of Personal Data for cross-context behavioral advertising noting that the fund does not sell or share Personal Data for the purpose of cross context behavioral advertising as defined under the California Privacy Rights Act (CPRA) of 2020.

The investors and other relevant data subjects have the right to object to the processing of Personal Data where the Data Controller has considered this to be necessary for the purposes of its legitimate interests. Notwithstanding the above, the right for Personal Data to be erased (the "right to be forgotten") that applies in some contexts is not likely to be applicable to most, if not all, of the Personal Data the Data Controller may hold, given the specific nature of the purposes for which the Data Controller uses the data, as described above.

How long will Personal Data be retained?

The Data Controller and its duly authorised delegates may retain the Personal Data for any such period as required for the purpose of their processing, subject to any limitation imposed by law, i.e. the longer of:

  • until the end of the duration of any contractual relationship between the investor and the fund;
    • until the end of any minimal retention period imposed by applicable laws and regulations; and/or
    • until the end of any applicable statutory limitation period during which time the Data Controller is required, in the event of a complaint or lawsuit, to keep the personal data on file for the purposes of its defence.

Thereafter, the Data Controller and its affiliates and delegates will refrain from collecting any further Personal Data and shall take appropriate steps to dispose of any records containing Personal Data, to the extent this is operationally feasible and proportionate.

Miscellaneous

Failure to provide Personal Data, may result in the Data Controller being required to discontinue its business relationship with the investor, if the relevant Personal Data are necessary for the fund’s compliance with its legal obligations.

The investors or other relevant data subjects who are legal persons undertake and guarantee to process Personal Data and to supply such Personal Data to the Data Controller in compliance with the Data Protection Legislation, including, where appropriate, informing the relevant data subjects of the contents of the present section, in accordance with Articles 12, 13 and/or 14 of the GDPR.

In respect of Californian investors, the requirements of California Civil Code §1798.125 will be adhered to and any investor who exercises the rights as set forth herein will not be discriminated. Additionally, investors have the right to appoint an authorized agent to exercise your rights on your behalf. If you would like to do so, please contact your usual contact at the fund or by email at .

The Data Controller is not required to designate a data protection officer. Queries in respect of the Data Protection Legislation or concerns regarding investors’ or data subjects’ data protection rights, may be placed with your usual contact at LGT Capital Partners or by email at .