EU & UK Privacy Notice

EU & UK Privacy Notice

This EU and UK Privacy Notice (this “EU and UK Privacy Notice”) applies to the extent that EU and UK Data Protection Legislation (as defined below) applies to the processing of personal data by an Authorized Entity (as defined below) or to the extent that a data subject is a resident of the United Kingdom (the “UK”), the European Union (the “EU”) or the European Economic Area (the “EEA”). If this EU and UK Privacy Notice applies, the data subject has certain rights with respect to such processing of their personal data, as outlined below.

For this EU and UK Privacy Notice, “EU and UK Data Protection Legislation” means all applicable legislation and regulations relating to the protection of personal data in force from time to time in the EU, the EEA or the UK, including (without limitation) the following: (a) Regulation (EU) 2016/679 (the General Data Protection Regulation); (b) the General Data Protection Regulation as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018); and (c) any other national implementing or successor legislation of the European Union or the United Kingdom concerning the protection and processing of personal data, and any amendment or re-enactment of the foregoing. The terms “controller,” “processor,” “data subject,” “personal data”, “process” and “processing” in this EU and UK Privacy Notice shall be interpreted in accordance with the applicable EU and UK Data Protection Legislation.

Unless otherwise defined herein, capitalized terms used in this EU and UK Privacy Notice will have the meanings ascribed to such terms in the Agreement of Limited Partnership (as the same may be amended, restated, supplemented, waived, and/or otherwise modified from time to time in accordance with its terms, the “Partnership Agreement”) of Astira Capital Partners Fund I LP and Astira Capital Partners Fund I-A LP (the “Partnership”).

Please direct any questions arising out of this EU and UK Privacy Notice to the General Partner at privacy@astiracp.com.

Categories of Personal Data Collected and Lawful Bases for Processing

In connection with offering, forming and operating private investment funds for investors, the Partnership, the General Partner, the Management Company, their respective Affiliates and, in each case, their respective administrators, legal and other advisors and agents (the “Authorized Entities”) collect, record, store, adapt and otherwise process and use personal data, either relating to investors or to their partners, officers, directors, employees, shareholders, ultimate beneficial ownerships or affiliates to any other data subjects from the following sources (and all references to “investor(s)” in this GDPR Privacy Notice shall be to such potential or actual investor(s) and, as applicable, any of these other persons as relate to such potential or actual investor(s)):

1. information received in telephone conversations, in voicemails, through written correspondence, via e-mail or on subscription agreements, investor questionnaires, applications or other forms (including any anti-money laundering, identification and verification documentation);
2. information about transactions with any Authorized Entity or other Person; 
3. information captured on any Authorized Entity’s website, fund data room and/or investor reporting portal (as applicable) including registration information and any information captured via “cookies”; and
4. information from public sources, including from:
   1. publicly available and accessible directories and sources;
   2. bankruptcy registers;
   3. tax authorities, including those that are based outside the UK and the EEA if you are subject to tax in another jurisdiction;
   4. governmental and competent regulatory authorities to whom any Authorized Entity has regulatory obligations;
   5. credit agencies; and
   6. fraud prevention and detection agencies and organizations.

Any Authorized Entity may process the following categories of personal data:

1. names, dates of birth and birth place;
2. contact details and professional addresses (including physical addresses, email addresses and telephone numbers);
3. account data and other information contained in any document provided by investors to the Authorized Entities (whether directly or indirectly);
4. information regarding your use of our website, fund data room and investor reporting portal (e.g., cookies, browsing history and/or search history);
5. risk tolerance, transaction history, investment experience and investment activity;
6. information regarding an investor’s status under various laws and regulations, including social security number, tax status, income and assets;
7. accounts and transactions with other institutions;
8. information regarding an investor’s interest in the Partnership, including ownership percentage, capital commitment, income and losses;
9. information regarding an investor’s citizenship and location of residence;
10. source of funds used to make the investment in the Partnership; and
11. anti-money laundering, identification (including passport and drivers’ license) and verification documentation.

Any Authorized Entity may, in certain circumstances, combine personal data it receives from an investor with other information that it collects from, or about, such investor.  This will include information collected in an online or offline context.

One or more of the Authorized Entities are “controllers” of personal data collected in connection with the Partnership.  In simple terms, this means such Authorized Entities: (a) “control” the personal data that they or other Authorized Entities collect from investors or other sources; and (b) make certain decisions on how to use and protect such personal data.

There is a need to process personal data for the purposes set out in this EU and UK Privacy Notice as a matter of contractual necessity under or in connection with the Partnership Agreement and associated Partnership documentation, pursuant to applicable legal obligations and, in the legitimate interests of the Authorized Entities (or those of a third party), to operate their respective businesses.  From time to time, an Authorized Entity may need to process the personal data on other legal bases, including the following: with consent; to comply with a legal obligation; if it is necessary to protect the vital interests of an investor or other data subjects; or if it is necessary for a task carried out in the public interest.

A failure to provide the personal data requested to fulfill the purposes described in this EU and UK Privacy Notice may result in the applicable Authorized Entity being unable to provide the services as contemplated by the Partnership Agreement and/or an investor’s subscription agreement (the “Subscription Agreement”).

Purpose of Processing

The applicable Authorized Entities process the personal data for the following purposes (and in respect of paragraphs (3), (4), (6), (8), (9) and (11) in the legitimate interests of the Authorized Entities (or those of a third party)):

1. The performance of its contractual and legal obligations (including applicable anti-money laundering, know-your-customer and other related laws and regulations), in assessing suitability of investors in the Partnership.
2. The administrative processes (and related communication) carried out between the Authorized Entities in preparing for the admission of investors to the Partnership.
3. Ongoing communication with investors (including the negotiation, preparation and execution of documentation) during the process of admitting investors to the Partnership and execution of the Partnership Agreement and/or Subscription Agreement.
4. The ongoing administrative, accounting, reporting and other processes and communications required to operate the business of the General Partner and/or Partnership in accordance with the Partnership Agreement and other applicable documentation between the parties.
5. To administer, manage and set up investor account(s) to allow investors to purchase their holding (of shares) in the Partnership (and any other funds operated by the General Partner or its affiliates).
6. To facilitate the execution, continuation or termination of the contractual relationship between you and the General Partner and/or the Partnership (as applicable).
7. To facilitate the transfer of funds, and administering and facilitating any other transaction, between you and the Partnership.
8. To enable any actual or proposed assignee or transferee, participant or sub-participant of the Partnership’s rights or obligations to evaluate proposed transactions.
9. information To facilitate business asset transactions involving the Partnership or related investment vehicles.regarding an investor’s citizenship and location of residence;
10. Any legal or regulatory requirement.
11. Keeping investors informed about the business of the General Partner and its affiliates generally, including offering opportunities to make investments other than to the Partnership.
12. Any other purpose for which notice has been provided, or has been agreed to, in writing.

The Authorized Entities monitor communications where the law requires them to do so. The Authorized Entities also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect their respective businesses and the security of their respective systems.

Sharing and Transfers of Personal Data

In addition to disclosing personal data amongst themselves, any Authorized Entity may disclose personal data, where permitted by EU and UK Data Protection Legislation, to other service providers, employees, agents, contractors, consultants, professional advisors, lenders, data processors and persons employed and/or retained by them in order to fulfill the purposes described in this EU and UK Privacy Notice.  In addition, any Authorized Entity may share personal data with regulatory bodies having competent jurisdiction over them, as well as with tax authorities, auditors and tax advisors (where necessary or required by law).

Any Authorized Entity may transfer personal data to a Non-Equivalent Country (as defined below), in order to fulfill the purposes described in this EU and UK Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to enter into, perform and administer the Subscription Agreement and Partnership Agreement, and to implement requested pre-contractual measures. For information on the safeguards applied to such transfers, please contact the General Partner. For the purposes of this EU and UK Privacy Notice, “Non-Equivalent Country” shall mean a country or territory other than (a) a member state of the EEA; (b) the United Kingdom; or (c) a country or territory which has at the relevant time been decided by the European Commission or the Government of the United Kingdom (as applicable) in accordance with EU and UK Data Protection Legislation to ensure an adequate level of protection for personal data.

Retention and Security of Personal Data

The General Partner and its Affiliates consider the protection of personal data to be a sound business practice, and to that end, employ appropriate technical and organizational measures, including physical, electronic and procedural safeguards to protect personal data in their possession or under their control.

Personal data may be kept for as long as it is required for legitimate business purposes, to perform contractual obligations or, where longer, such longer period as is required to comply with applicable legal or regulatory obligations.  Personal data will be retained throughout the life cycle of any investment in the Partnership.  However, some personal data will be retained after a data subject ceases to be an investor in the Partnership.

Data Subject Rights

It is acknowledged that, subject to applicable EU and UK Data Protection Legislation, the data subjects to which personal data relates have the following rights under EU and UK Data Protection Legislation: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data; to access and receive a copy of their personal data; to request rectification of their personal data; to request erasure of their personal data; to exercise their right to data portability; and to exercise their right not to be subject to automated decision-making. Please note that the right to erasure is not absolute, and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, erasure of the personal data requested to fulfill the purposes described in this EU and UK Privacy Notice may result in the inability to provide the services required pursuant to the Partnership Agreement and/or the Subscription Agreement.

In case a data subject to whom personal data relates disagrees with the way in which their personal data is being processed in relation to the Partnership Agreement and/or the Subscription Agreement, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.

A data subject may raise any request relating to the processing of his or her personal data with the General Partner at the contact information provided above.