GDPR Privacy Notice
DATA PROTECTION INFORMATION AND DISCLOSURES
In the course of our correspondence and other dealings with you, we will receive information relating to you and/or, where you act as an agent or a representative of a legal person or other entity (rather than a natural person), information relating to other officers, directors, partners, members or employees of that legal person or other entity (such information, “personal information”). If the personal information you provide to us does not relate to you, you agree to provide the disclosures set out below to the individuals whose personal information you have provided.
Personal information is subject to certain legal safeguards specified in the General Data Protection Regulation (2016/679) (“GDPR”) and any secondary and domestic legislation implementing the GDPR (together, the “Data Protection Legislation”). 400 Capital Management Europe Limited (“400CME”), and in certain limited circumstances 400 Capital Management LLC (“400CM” and together with 400CME, “we”, “us” or “our”) are ‘controllers’ of your personal information for the purposes of the GDPR. The Data Protection Legislation prescribes the way in which we may collect, retain and handle personal information. 400CME acts as the EU representative of 400CM, where applicable.
With whom do we share your personal information?
We may share certain of your personal information with the following categories of third parties for the following reasons:
• broker-dealers that provide trade execution services, custodians that provide custody services and other business services providers in connection with investment decisions, with respect to an investment account you hold with us and/or to enable us to provide services and operate our business;
• advisers (e.g. auditors, legal counsel and tax advisers) relating to or in connection with the operation of our business, compliance with our legal, regulatory or contractual obligations and/or your investments with us;
• our affiliates for the purpose of undertaking investment advisory and investment management business;
• law enforcement agencies; regulatory or tax authorities and other governmental or public agencies or authorities in order to comply with our legal or regulatory obligations or at their request in furtherance of their objectives; and
• firms that assist us in servicing your account and have a need for such information such as administrators.
They may in turn use the services of their affiliates or service providers to process your personal information where necessary or appropriate. Where we share your personal information with a third party, we generally take steps to ensure the recipients of that personal information will process it appropriately.
What personal information will we process?
The types of personal information relating to you may include, for example:
• name, business and/or private email address, postal address and/or telephone number, date of birth and gender;
• domicile and other geographic location data;
• bank account details, source of wealth information, accounts and bank statements;
• information relating to regulatory status or eligibility to make investments; and
• copies of passports and other documentation required for identity or address verification purposes.
How do we use your personal information?
We will process your personal information in order to market our investment products, to process queries, undertake normal investment business activities in order to offer our services and manage assets on behalf of clients, and to exercise our rights at law or under contract. We will also use your personal information, where required, in order to comply with our legal and regulatory obligations. This may include, without limitation, establishing investor eligibility, preventing fraud, carrying out money laundering checks or conflict checks, and reporting to national and international regulatory and tax authorities.
We may also process your personal information to manage and administer our business, to analyse and improve relationships with our clients and service providers, and for business development activities
We may share your personal information with third parties (including legal advisors and law enforcement agencies) in order to respond to investigations, court orders, legal process, or to investigate, prevent or take action regarding illegal activities, suspected fraud, or as otherwise required by law.
We may also use your information in order to provide you with information of investments or products you may be interested in. If you object to being contacted in respect of prospective products, please contact us at email@example.com.
Lawful bases for processing your personal information
The lawful bases for processing your personal information are as follows:
Performance of contract: to ensure our ability to perform our obligations under investment contracts and other documents that form the basis for our contractual relationship with you (or, in certain circumstances, another person), and certain required pre-contractual steps. If we cannot process personal information as required, it may not be possible for us to perform our obligations under the relevant contract, and we may be required to terminate the contract.
Legal obligations: we are required to comply with applicable legal and regulatory requirements, including, for example, any regulatory or tax reporting requirements; to carry out money laundering/terrorist financing checks, conflict checks, for purposes of fraud prevention, to comply with any applicable auditing or financial reporting requirements; and to comply with information disclosure requests from regulatory, tax or other governmental or public authorities.
In addition to the above lawful bases for processing your personal information, your personal information will also be processed on the basis of our legitimate interests:
• to exercise and comply with our rights and obligations at law or under regulation, where such obligations are set out under the laws of countries outside the European Economic Area (“EEA”), or under a contract to which we are a party;
• to manage and administer our business and to analyse and improve our business relationships;
• to communicate with you in respect of any products offered by us;
• to undertake risk assessment and operational control exercises; for statistical and trend analysis; for systems administration, operation, testing and support and to manage and ensure the security of our information systems;
• to help detect, prevent, investigate, and prosecute fraud and/or other criminal activity;
• to disclose information to a governmental, tax or regulatory body, financial market, broker or other intermediaries, counterparties, court, auditors or other third parties and to undertake compliance activities, when this is in our interests, or in the interests of any of our clients, including where the laws of the European Union or a member state of the European Economic Area do not require us to do the same;
• to establish, exercise or defend legal claims; and in order to protect and enforce our or our clients’ rights, property, or safety or to assist our clients or investors or others to do the same;
• to investigate and respond to any complaints about us and our business or any incidents relating to us and to help maintain quality and to deal with complaints and disputes; and
• to make certain assessments about you in order to assess your investment objectives, risk tolerance, and understanding of investment risk to assess the suitability of an investment in any investment product offered by us.
When processing your personal information, we will comply with the relevant requirements under the GDPR as applicable to us.
Transfers of your personal information outside Europe
Your personal information is held by 400CM in its offices in the United States, and may be shared with advisers, service providers, and disclosed to regulatory, tax or other governmental or public authorities outside the EEA, as described above. Such transfers may be made at least to the following jurisdictions: the United States.
Where we share your personal information with persons outside the EEA we will, to the extent practicable, take appropriate steps to ensure your personal information is subject to safeguards in compliance with the requirements of applicable law. We require third party recipients to protect the confidentiality of your personal information. Where necessary and practicable, 400CME may seek to achieve this by entering into appropriate data transfer agreements with third party recipients of your personal information which may set out the standard contractual clauses approved by the European Commission governing the transfer of personal data outside the EEA, where possible. Please contact us at firstname.lastname@example.org if you would like a copy of the standard contractual clauses.
How long is your personal information retained?
We will not retain your personal information for longer than is necessary in relation to the purposes for which your personal information is processed and in accordance with regulatory requirements. Generally, we will retain your personal information concerning your investments for 5 years after the end of any relevant contractual relationship. Personal information may be retained for longer if it is required by law, or by a tax or regulatory authority, a law enforcement agency or other governmental or public body, or considered necessary in order to allow us to act in accordance with a specific set of circumstances, for example, in light of an actual or a potential legal action or a regulatory investigation.
Where do we collect your Personal Information?
We may collect personal data through a range of means. These may include direct interactions (where a person provides personal data to us through correspondence or other direct methods of communication, including communications relating to investments), third-party or publicly available sources (where the Fund receives personal data through a publicly available source such as a website or publicly-available registry).
Your rights in relation to the personal information we process about you
You have various rights under Data Protection Legislation in relation to the personal information relating to you. These include:
• the right to request access to your personal information;
• the right to have your personal information rectified;
• the right to have your personal information erased in certain circumstances;
• the right to request that your personal information is only used for restricted purposes;
• (if the lawful basis for processing your personal information is the legitimate interest of the Fund/ the Investment Manager) the right to object to your personal information being processed, for example, for marketing purposes;
• (in some circumstances) the right to require certain of your personal information to be transferred to you or a third party; and
• the right to lodge a complaint with the relevant data regulator in your jurisdiction.
You can seek to exercise any of these rights by contacting us at email@example.com.
Questions or complaints
If you have any questions or complaints regarding the processing of your personal information, please contact us directly at firstname.lastname@example.org.
Complaints regarding our processing of your personal information may also be made directly to the relevant data protection regulator in the EU. In the UK this is the Information Commissioner’s Office at www.ico.org.uk.