Revision 27.01.2024
This GDPR Privacy Notice (“Notice”) has been revised and effective as of the date above and will remain in effect except with respect to future changes to its terms. The Board of the General Partner may amend this Notice at any time. Partners will be notified about material changes, however, they are encouraged to review this Notice periodically, so as to be always informed about how the General Partner is processing and protecting personal data.
VELIGERA CAPITAL OÜ (HEREINAFTER REFERRED TO AS THE “GENERAL PARTNER”) WAS INCORPORATED UNDER THE COMPANIES LAW, COMMERCIAL CODE (CC), RT I 1995, 26, 355, WITH THE REGISTRY CODE 16283885, WITH ITS REGISTERED ADDRESS AT NARVA MNT. 13, TALLINN, 10151, ESTONIA, AND ACCORDING TO THE DECISION OF THE ESTONIAN FINANCIAL SUPERVISION AUTHORITY FROM 09.05.2022, OPERATES AS AN UNLICENSED FUND MANAGER OF THE ALTERNATIVE INVESTMENT FUNDS WITH LIMITED NUMBER OF PERSONS IN THE FORM OF A LIMITED PARTNERSHIP FUND WITH LIMITED NUMBER OF PERSONS, PURSUANT TO THE PROVISIONS OF THE ALTERNATIVE INVESTMENT LAW, INVESTMENT FUNDS ACT (IFA); ALSO PURSUANT TO SECURITIES MARKET ACT (SMA), MONEY LAUNDERING AND TERRORIST FINANCING PREVENTION ACT (MLTFPA), AND INTERNATIONAL SANCTIONS ACT (ISA). ACCORDING TO INVESTMENT FUNDS ACT § 455 (8), THE FINANCIAL SUPERVISION AUTHORITY EXERCISES SUPERVISION IN THE CASE OF UNLICENSED SMALL FUND MANAGERS THAT HAVE REGISTERED THEIR ACTIVITIES IN THE FINANCIAL SUPERVISION AUTHORITY OVER COMPLIANCE WITH THE REGISTRATION OBLIGATION AND SUBMISSION OF INFORMATION.
THE GENERAL PARTNER (“WE”, “OUR”, “US”) IS REGULATED BY THE DATA PROTECTION INSPECTORATE OF THE REPUBLIC OF ESTONIA, COLLECTS AND PROCESSES PERSONAL DATA IN ACCORDANCE WITH THIS PRIVACY POLICY AND IN COMPLIANCE WITH APPLICABLE DATA PROTECTION LAWS AND REGULATIONS, INCLUDING THE GENERAL DATA PROTECTION REGULATION (2016/679) (HEREINAFTER THE "GDPR") AS AMENDED OR REPLACED OR INCORPORATED INTO NATIONAL LEGISLATION, SUCH AS THE ESTONIAN ACT ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA AND ON THE FREE MOVEMENT OF SUCH PERSONAL DATA, HEREINAFTER THE "DATA PROTECTION LAW").
This Notice provides you with the necessary information about your rights and our obligations and explains how, why, and when General Partner processes your personal data.
Please read this Notice carefully, as it becomes legally binding when you interact with General Partner or the Fund. The General Partner takes the privacy and protection of your data very seriously and is committed to handling the personal information of those it engages with responsibly and in a way that meets the legal requirements of the Republic of Estonia.
This Notice applies to you if:
- You are a Natural or Legal Person (“Partner”) subscribing for Shares of the Fund managed by the General Partner – this applies both for Partners who are already subscribed to Shares in the Fund (“Investment Partners”) and for Partners who are willing to proceed with investments in the Shares of the Fund (“Prospective Partners”).
- Your personal data has been provided to the General Partner by another person in connection with an application for subscription for Shares in the Fund, or in the case when you provide or going to provide the General Partner with any services related to the activities of the General Partner or the Fund (for example, if you are a director, partner, trustee, employee, agent or direct or indirect owner of any counterparty).
- General Partner otherwise uses your personal data.
- You are an applicant for a position within the General Partner.
- You are a data subject. The GDPR defines “data subjects” as “identified or identifiable natural person(s)”. In other words, data subjects are only individuals from whom or about whom the General Partner or/and the Fund collects information in connection with its business and its operations.
Information we collect / Information you provide to us
We process your personal data to comply with our legal, statutory, and contractual obligations and to provide you with our products and services. We will never collect unnecessary personal data from you and will not process your data in any way other than as set out in this Notice.
The personal data we collect from you
- Personal Data such as first name, last name, date of birth, photograph, passport details, CV, contact details, bank details, signature, investment history, etc.
- Residential Address Confirmation such as a utility bill, bank statement, or tax bill.
- Forms that include employment details, net worth, annual income, and any information and evidence within the scope of local regulatory requirements for the purposes of interpreting the Economic Profile and Suitability Assessment of Prospective Partners.
- Tax identification number and country of taxation for CRS /FATCA purposes.
We may also process
- Information we collect or generate may include information relating to your (or the Natural or Legal Person you represent) investments in the Fund, emails (and related data), call records, website usage data, and messages sent through our website.
- Information we receive from other sources, such as information we receive for the purposes of our Know Your Client (KYC) procedures (which include anti-money laundering, counter-terrorist financing, counter-proliferation financing procedures, and politically exposed person and sanctions checks), information from public websites and other public sources and information we receive from your advisers or intermediaries.
Personal data is defined under the GDPR as any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The Data Protection Act defines personal data in a similar way.
Any personal data collected by us during the interaction between you and us will be processed in accordance with the GDPR (and the relevant regulatory framework incorporating the GDPR domestically) and, where applicable, Data Protection Law.
How we collect the information
- Through the documents and forms provided by Prospective Partners to us.
- In face-to-face meetings with Prospective Partners, where applicable.
- Electronic and hard copies, in plain written form or certified/notarized/apostilled.
- From third parties with whom we have a contractual relationship.
- We only ask for personal information that we are required to collect by our legal obligations and that is relevant to your specific requests to provide our services.
- Further details are contained in our full Personal Data Protection Policy.
You are required to provide true, complete, and accurate information and to keep it up to date. If you doubt your personal information, please feel free to contact us with any preferable way to outline the issue. We will take all reasonable steps to ensure that any inaccurate data relating to the purposes for which it is processed is deleted or rectified without delay.
We may retain information and data relating to your bank account, credit/debit card details, or other payment account information in accordance with the requirements of the law.
How we use your personal data
We take your privacy very seriously and will never disclose, share, or sell your data without your consent unless required to do so by law. We only retain your data for as long as necessary and for the purpose(s) specified in this Notice. If you have given your consent to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.
The purposes and reasons for processing your personal data
- We collect, store, and process your personal data for the purposes of assessing and processing applications for subscriptions for any Shares of the Fund, including carrying out know-your-client procedures, issuing and redeeming Shares, receiving payments from, and making payments to the Partners, calculating the Net Asset Value and monitoring these processes.
- We collect, store and process your personal data to perform an agreement with us or for any interaction with us.
- We collect, store and process your personal data as part of our legal obligations for business accounting, tax purposes, audit purposes, and any legal or regulatory obligations or industry standards arising from our licenses or registrations as regulated entities.
- We may occasionally send marketing information to you that we have deemed to be beneficial to you as a customer and in our interests. Such information will not be intrusive and will be processed based on legitimate interests for the purpose of properly monitoring and updating customer information in accordance with local legislation and providing better quality services.
Your rights
You have the right to access and request information about any personal data we process about you:
- The personal data we hold about you.
- The purposes of the processing.
- The categories of personal data concerned.
- The recipients to whom the personal data has been/will be disclosed.
- The time period we intend to retain your personal data.
- If we have not collected the data directly from you, information about the sources.
If you believe that we have incomplete or inaccurate information about you, you have the right to ask us to correct and/or complete the information and we will endeavor to do so as soon as possible unless there is a good reason not to do so, in which case you will be notified.
You also have the right to request the erasure of your personal data or to restrict processing (where applicable) in accordance with data protection laws; similarly, you may object to any direct marketing from us. Where applicable, you have the right to data portability of your data and the right to be informed about any automated decision-making we use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before we comply with the request; this is to ensure that your data is protected and kept secure.
Sharing and Disclosure of Your Personal Information
We will not share any of your personal information without your consent, except for the purposes set out in this Notice or where there is a legal obligation to do so. If necessary, we may share your personal information with third parties to conduct the working process or if required by law. When we share personal information, we do so in accordance with data protection laws.
Sharing your personal information with third parties may result in the transfer of your personal information outside of the European Union.
We use third parties to provide the services and business functions set out below; however, any processors acting on our behalf will only process your data in accordance with our instructions and will fully comply with this Notice, Data Protection Laws, and all other relevant confidentiality and security measures. Neither party (Data Subject and/or Data Controller and/or Data Processor) will disclose any information unless strictly necessary in accordance with the law or business operations.
Personal information may be disclosed to
- Affiliates (such as brokers, accountants, legal advisors, consultants, tax advisors, etc.) for the purpose of providing services, fulfilling regulatory and legal requirements, and increasing the quality of services provided.
- Regulated banking institutions with whom we work to provide services to Partners.
- Regulatory authorities and agencies, including but not limited to Estonian Financial Supervision and Resolution Authority (Finantsinspektsioon), tax authorities, etc. for the purpose of complying with applicable laws and regulations.
- For Partners, we may provide information to our appointed custodian for purposes of compliance with applicable laws and regulations.
MLTFPA Purposes
Under section § 48 of the MLTFPA, the processing of personal data for the purposes of the MLTFPA is subject to the provisions of the Processing of Personal Data Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 04.05.2016, pp 1–88), and such data must not be additionally processed in a manner that does not meet the purpose, for instance, for marketing purposes.
Thus, personal data submitted for the purposes of the MLTFPA shall be processed exclusively for the purposes of the MLTFPA.
The data subject's right of access to personal data relating to him or her may be partially or completely restricted if such restriction will:
- Enable the Company or Estonian Financial Intelligence Unit (FIU) to fulfill its tasks properly for the purposes of the MLTFPA; or
- Avoid obstructing official or legal inquiries, analyses, investigations, or procedures for the purposes of the MLTFPA and to ensure that the prevention, investigation, and detection of money laundering and terrorist financing is not jeopardized.
Measures to protect your data
We take your privacy seriously and take all reasonable steps and precautions to protect and secure your personal information. We work hard to protect you and your information from unauthorized access, alteration, disclosure, or destruction and have several layers of security measures in place, including restricted access to paper files and electronic files, firewalls, and anti-virus/anti-malware software.
Transfers outside the EU
We use some products or services (or parts thereof) that may be hosted/stored in the EU and/or in non-EU countries. Transfers of personal data to non-EU countries may be necessary for the performance of our activity and the interaction between you and us, or for the performance of pre-contractual measures taken at your request. This means that we may transfer the data you provide to countries outside the European Economic Area ("EEA"), including to a jurisdiction that is not recognized by the European Commission as providing an adequate level of data protection, for the purposes of electronic storage of your personal data, brokerage services, operational services, legal services, marketing services.
Thus, when you provide us with your personal data and/or use our website and/or send us an email and/or sign up for our newsletter etc., the personal data you provide may be stored on servers hosted in the EU and/or non-EU countries. Where this is the case, we will take steps to ensure that these providers use the required level of protection for your data and adhere to the strict agreements and measures set out by us to protect your data and comply with relevant data protection legislation.
Consequences of not providing your data
You are not obliged to provide us with your personal data. However, the provision of personal data is a requirement necessary to enter into a contract with us. Partners have a statutory and contractual obligation to provide and keep up-to-date and accurate personal data they provide to us. Failure to provide such data will not allow us to commence or continue the business relationship, as compliance with our legal obligations will be deemed impossible.
Legitimate Interests
As mentioned in the "How we use your personal data" section of this Notice, we may process your personal data on the legal basis of legitimate interests. Where this is the case, we have carried out a thorough Legitimate Interests Assessment (LIA) to ensure that we have balanced your interests and any risk to you against our own interests to ensure that they are proportionate and appropriate.
Personal data is processed in accordance with all applicable laws and regulations of the Republic of Estonia, and the European Union. We are obliged to process personal data fairly and lawfully, for specified, explicit, and legitimate purposes and to the extent that is relevant, proportionate, and not excessive in relation to the purposes of the processing.
We use legitimate interests as the legal basis for processing your personal data for the purpose of sending you the marketing information that we have determined to be beneficial to you as a customer and in our interest and have determined that our interests are to properly monitor and update customer information in accordance with local legislation and to provide better quality services.
How long we keep your data
We retain personal data for the duration of the business relationship with a Partner and for five (5) years after the termination of the business relationship unless otherwise requested by a competent authority, in line with the provisions of the applicable legislation.
We may keep personal data for longer if we cannot delete the data for legal or regulatory reasons. In particular, the retention of data is not limited in time in the case of pending legal proceedings or an investigation initiated by a public authority, provided that in
each case the Company has been informed of the pending legal proceedings or the investigation initiated by a public authority within the retention period described hereinabove.
We only ever retain personal data for as long as required by applicable laws and regulations and we have strict review and retention policies in place to comply with these obligations. Your data will be retained in electronic or paper format or both. When no longer required, it will be deleted or destroyed in accordance with applicable laws and regulations.
If you have consented to the use of your data for direct marketing, we will retain that data until you inform us otherwise and/or withdraw your consent.
Marketing
We may occasionally send you information about products and services related to our activity, or to interaction between you and us, by email and/or post which has been identified as being beneficial to our Partners and in our interests. Such information will be relevant to you and will not be intrusive. You will always have the option to unsubscribe at any time using the opt-out/unsubscribe options or contacting us directly.
Submitting a complaint
We will only process your personal data in accordance with this Notice and in compliance with relevant data protection laws. However, if you wish to lodge a complaint about the processing of your personal data or are dissatisfied with the way we have processed your data, you have the right to lodge a complaint with the supervisory authority (Data Protecting Inspectorate of the Republic of Estonia).
Details can be found on the following website:
https://www.aki.ee/et/teenused-poordumisvormid/esita-sekkumistaotlus
Data protection officer
The GDPR requires the appointment of a data protection officer. The data protection officer is responsible for educating us and our employees about compliance, training staff involved in data processing, and conducting regular security audits. The data protection officer also serves as the point of contact between us and any supervisory authorities that oversee activities related to personal data. In addition, the data protection officer maintains comprehensive records of all data processing activities conducted by us and interfaces with data subjects to inform them about how their data is being used, their right to have their personal data erased, and what measures we have put in place to protect their personal data.
The data protection officer is reachable by the following contact details:
Tel.: +372 613 8888
Email: [email protected]
Address: Narva mnt 13-30, Tallinn, 10151, Estonia.