The EU General Data Protection Regulation (Regulation (EU) 2016/679) (together with applicable implementing laws, “GDPR”) and the Cayman Islands Data Protection Law, 2017 (together with any associated regulations and guidance, “DPL”) are applicable to undertakings which process personal data in certain circumstances. GDPR and the DPL (together, the “Data Protection Laws”, as applicable) are applicable to the processing of personal data by Lexcor Capital LLP (“Lexcor”), the Fund, the Master Fund and/or various undertakings appointed by them. These notices set out information relating to those activities.
The Fund, the Master Fund, Lexcor and the Alternative Investment Fund Manager
In certain circumstances, each and any of the Fund, the Master Fund, Lexcor and the Alternative Investment Fund Manager (together, the “Fund Entities”) may be engaged in controlling and/or processing personal data for the purposes of the Data Protection Laws. Details of the policies, procedures and purposes applicable to such activities are set out in this section.
The Directors will be the persons responsible on behalf of the Fund for overseeing issues related to the Data Protection Laws and the policies and procedures adopted by it for the purposes of compliance with the Data Protection Laws with the assistance of the Alternative Investment Fund Manager. Lexcor and the Alternative Investment Fund Manager will oversee their own policies and procedures for the purposes of compliance with the Data Protection Laws, where applicable. Any person seeking information with respect to control or processing of personal data by any of the Fund Entities or seeking to exercise any rights afforded to them under the Data Protection Laws should contact contact Lexcor partners Kaveh Sheibani and Nicholas Gourdain at IR@lexcorcapital.com.
Under the Data Protection Laws, any person wishing to is entitled to make a complaint with respect to any of the Fund Entities’ control or processing of personal data. Under GDPR, such a complaint may be made to the Information Commissioner’s Office (“ICO”). The ICO is the UK supervisory authority for data protection issues. Contact details for the ICO may be found at www.ico.org.uk. Under DPL, such a complaint may be made to the Cayman Islands Ombudsman ("Ombudsman"). The Ombudsman is the Cayman Islands supervisory authority for data protection issues. Contact details for the Ombudsman may be found at www.ombudsman.ky.
The policies and procedures adopted by the Fund Entities with respect to the control or processing of personal data may be amended from time to time. Similarly, the purposes for which the Fund Entities may control or process personal data may change from time to time. If any changes would require amendment to the information set out herein, details of such changes will be made available in the current version of this document from time to time.
Summary of Personal Data For the purposes of the Data Protection Laws, personal data means any information about an individual from which that person can be identified. The Fund Entities may collect, use, store and transfer personal information comprising identity data, contact data, financial data, transaction data, technical data related to internet protocol addresses, usage data and information about marketing and communication preferences. The Fund Entities do not anticipate that, in respect of the Fund and the Master Fund, they 2 4831-9597-9951 v1 will process special categories of personal data (which may include details about people’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about people’s health, genetic and biometric data and information about criminal convictions and offences).
Collection of Personal Data The Fund Entities may collect personal data through a range of means. These may include direct interactions (where a person provides personal data to the relevant Fund Entity through correspondence or other direct methods of communication, including applications to invest in the Fund), third-party or publicly available sources (where a Fund Entity receives personal data through a publicly available source such as a website or publicly-available registry).
Use of Personal Data The Fund Entities will only use personal data in circumstances permitted under the Data Protection Laws. These circumstances include those circumstances where the relevant processing relates to a legitimate interest of the relevant Fund Entity and where that processing is necessary for the relevant purpose and not inconsistent with the interests, rights or freedoms of a relevant data subject. Each Fund Entity has determined that the relevant processing of personal data that they undertake relates to the legitimate interest of the Fund Entities carrying out any and all functions necessary to enable the Fund Entities to carry out the investment activities and related functions described in this document. The circumstances will include those where the relevant control or processing is necessary for the purposes of the relevant Fund Entity carrying out its activities relating to investments in the Fund and/or the Master Fund, the administration of the Fund and/or the Master Fund, the investment activities of the Fund and/or the Master Fund or otherwise in furtherance of any contract entered into with respect to the activities of the Fund and/or the Master Fund. In addition, the Fund Entities may also control or process personal data where necessary to comply with legal or regulatory obligations applicable to them.
Fund Entities may from time to time control or process personal data for the purposes of marketing and advertising the Fund and/or other investment vehicles and/or services related to Lexcor and/or the Alternative Investment Fund Manager. Any person who does not wish their personal data to be processed for such purposes may opt out of such processing by notifying Kaveh Sheibani and Nicholas Gourdain at IR@lexcorcapital.com.
Any Fund Entity will only use personal data for the purposes that it has been collected for, unless they reasonably consider that they need to use it for another reason and that reason is compatible with the original purpose of the control or processing. Any person requiring information with respect to any additional purpose for which personal data may be controlled or processed may obtain such information from Kaveh Sheibani and Nicholas Gourdain at IR@lexcorcapital.com. If a Fund Entity needs to control or process personal data for an unrelated purpose, the relevant Fund Entity will use its reasonable endeavours to notify affected persons and to explain the basis on which they are permitted to undertake the same.
Each Fund Entity may control and process personal data without the knowledge or consent of data subjects to whom such personal data relates in compliance with their policies and procedures from time to time where this is permitted by law.
Disclosure of Personal Data Each Fund Entity may share personal data with certain third parties for the purposes set out above. The relevant third parties with whom such personal data may be shared include, but shall not be limited to, entities appointed to provide services to the relevant Fund Entity and their affiliates, and regulatory, legal and tax authorities. Details of the third parties with whom personal data may be shared are available on request from Kaveh Sheibani and Nicholas Gourdain at IR@lexcorcapital.com. Wherever possible, personal data will only be disclosed by a Fund Entity to a third party in circumstances where that third party has agreed to respect the security of personal data and treat it in accordance with applicable law. Third parties to whom any personal data may be disclosed will not be permitted to use personal data for their own purposes and they will only be permitted to process personal data for specified purposes and otherwise in accordance with the instructions of the relevant Fund Entity.
Transfer of Personal Data outside the European Economic Area or the Cayman Islands The activities of the Fund Entities and their control or processing of personal data are such that it may be necessary for personal data to be transferred and/or processed outside the European Economic Area (the “EEA”) or the Cayman Islands.
In circumstances where a Fund Entity transfers personal data outside the EEA or the Cayman Islands, they will seek to ensure a similar degree of protection is afforded to it by ensuring that personal data is transferred only to persons in countries outside the EEA or the Cayman Islands in one of the following circumstances.
To persons and undertakings in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or the Ombudsman, as applicable.
To persons and undertakings to whom the transfer of such personal data is made pursuant to a contract that is compliant with the model contracts for the transfer of personal data to third countries from time to time approved by the European Commission, or the Ombudsman, as applicable.
In the case of the GDPR, to persons and undertakings based in the United States if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the United States
Further information on specific mechanisms utilised by Fund Entities transferring personal data outside the EEA or the Cayman Islands and the countries to which such transfer may be made (which may include, but are not limited to the Cayman Islands, EEA member states and the United States) may be obtained from Kaveh Sheibani and Nicholas Gourdain at IR@lexcorcapital.com.
Data Retention Each Fund Entity will retain personal data for as long as necessary to fulfil the purposes for which it has been collected. This will include any period of retention required to satisfy any legal, regulatory, taxation, accounting or reporting requirement applicable to the relevant Fund Entity
In determining the appropriate retention period for any personal data, the relevant Fund Entity will consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purpose for which the relevant data is being processed, the extent to which the purposes for which the relevant data is being processed can be achieved by other means and any applicable legal requirements. Without prejudice to the generality of the foregoing, the Alternative 4 4831-9597-9951 v1 Investment Fund Manager has determined that it will retain records for at least five years, in accordance with the rules, requirements and guidance of the UK Financial Conduct Authority and with the DPL.
Details of retention periods applicable to personal data under the Data Protection Laws are available upon request from Kaveh Sheibani and Nicholas Gourdain at IR@lexcorcapital.com. In some circumstances, a person may request that a Fund Entity delete any personal data retained by them. Further, in some circumstances, a Fund Entity may anonymize personal data for research or statistical purposes, in which case such information may be retained and utilised indefinitely without further notice.
Rights of Persons Under the Data Protection Laws, persons whose data is processed and/or retained by a Fund Entity will have certain rights. These rights may include the right to access personal data, the right to require correction of personal data, the right to require erasure of personal data, the right to object to processing of personal data, the right to restrict processing of personal data, the right to require a transfer of personal data and the right to withdraw any consents provided to the use of personal data. Any person seeking to exercise any such right should contact Kaveh Sheibani and Nicholas Gourdain at IR@lexcorcapital.com. In certain circumstances, the relevant Fund Entity may charge reasonable fees if any such request is clearly unfounded, repetitive or excessive.
