This Privacy Policy sets out and governs how the FundRock Group processes and stores Personal Data as Data Controller and where the FundRock Group process and store Personal Data either as joint Data Controller with the board of a Fund or on behalf of a Fund.

This Privacy Policy is divided into two sections: Personal Data relating to the Funds, and Personal Data Relating to the FundRock Group. Each section details the categories of Data Subjects, the Personal Data processed, the legal basis for the processing, and any third party to which the Personal Data may be transferred

Personal Data relating to the Funds

Categories of Data Subject:

  • Investors and prospective investors in a Fund.
  • Representatives and employees of our Delegates.
  • Representatives and employees of Fund service providers.

Personal Data we process and the legal basis for processing

Categories of Data Subject

Personal data Processed

Legal Basis of Processing

Third parties who may have access

Investors and Prospective Investors in a Fund.

  • Name, title, place of employment.
  • Date of birth, nationality, place of residence.
  • Contact information including address, email address, telephone number.
  • Photographic identification (including passports).
  • Bank details.
  • Financial and sanctions records.
  • National insurance number.
  • Signature, both physical and electronic.
  • Content of any inquiry or complaint.
  • Information about holdings in the Funds.
  • Legitimate interest of ensuring the proper management and marketing of the Funds.
  • Satisfying contractual obligations between us and the Data Subject with regards to their subscription in the Funds.
  • Legal obligations imposed on us with regards to AML/KYC.

 

  • The Fund administrator, sponsor and any services providers to the Fund as detailed in the prospectus.
  • Any members of FundRock Group or their delegates and service providers, insofar as the transfer is necessary for the provision of services to the investor or the Fund.
  • Auditors of FundRock Group or the Fund.
  • Data Processors providing security, email security, data governance, archiving and other IT business and support services.
  • Competent authorities including our regulator, tax authorities, courts and bodies as required by law for reporting or as otherwise required by law.
  • Insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Representatives of our Delegates.

  • Name, title, place of employment.
  • Contact information including address, email address, telephone number.
  • Photographic identification (including passports).
  • Signature, both physical and electronic.
  • Legitimate interest of maintaining contacts with our delegates and ensuring the proper management of the Funds.
  • Fulfilment of contractual obligations between us and the delegate.
  • Legal obligations to monitor our delegates and conduct initial and ongoing due diligence.
  • Legal obligations relating to AML/KYC.
  • The Fund administrator, sponsor and any services providers to the Fund as detailed in the prospectus.
  • Any members of the FundRock  Group or their delegates and service providers insofar as the transfer is necessary for the provision of services to the investor or the Fund.
  • Our auditors.
  • Our Data Processors providing security, email security, data governance, archiving and other IT business and support services.
  • Competent authorities including our regulator, tax authorities, courts and bodies as required by law for reporting or as otherwise required by law.

Representatives and employees of Fund service providers.

  • Name, title, place of employment.
  • Contact information including address, email address, telephone number.
  • Signature, both physical and electronic.

 

  • Legitimate interest of contacting service providers.
  • Fulfilment of contractual obligations between the Fund and the service provider.

 

  • The Fund administrator, sponsor and any services providers to the Fund as detailed in the prospectus.
  • Any members of the FundRock  Group, or their delegates and service providers, insofar as the transfer is necessary for the provision of services to the investor or the Fund.
  • Fund auditors.
  • our data processors providing security, email security, data governance, archiving and other IT business and support services.
  • competent authorities including our regulator, tax authorities, courts and bodies as required by law for reporting or as otherwise required by law.

 

In relation to investors or potential investors in our Funds, you have the right to refuse to give us your personal data in which case we may at our discretion: refuse to issue shares or units in a Fund to you, refuse to pay the proceeds of a redemption of shares or units, refuse to pay income on shares or units to you, or compulsorily redeem your holding.

Personal data of an investor or a prospective investor in a Fund will be processed by the “registrar” or “administrator” (as described in the subscription application form and prospectus of a Fund) and other services providers to a Fund. The administrator or other service providers may input Personal Data in a database or matrix. Information on the Fund service providers including the registrar or administrator can be found in the prospectus of the fund or upon request from the FundRock Group.

Personal Data relating to the FundRock Group

Categories of Data Subject:

  • Candidates for employment and employees at FundRock Group.
  • Representatives and employees of our clients.
  • Representatives and employees of our delegates.
  • Representatives and employees of our service providers.
  • Individuals who have a business relationships with FundRock Group.
  • Users of our website.
  • Attendees of our events.
  • Individuals who provided information for the purposes of networking.
  • Individuals who communicate with FundRock Group via email, telephone, and social media.
  • Individuals who have been nominated as an emergency contact.

Personal Data we process and the legal basis for processing

Categories of Data Subject

Personal data Processed

Legal Basis of Processing

Third parties who may have access

Candidates for employment and employees at Fundrock Group.

  • Name, title, place of employment.
  • Date of birth, nationality and place of residence.
  • Contact information including address, email address, telephone number (including both personal and work contact details).
  • Photographic identification (including passports).
  • Employment history, qualifications, educational history.
  • National insurance number.
  • Bank details.
  • Signature, both physical and electronic.
  • Legitimate interest of evaluating the candidates’ suitability for roles.
  • Employees accessing our IT network and systems.
  • Legal obligations to ensure that candidates have the necessary authorisation to work in the location they have applied.
  • Fulfilment of contractual obligations between us and the employee.
  • Fulfilment of payroll.
  • Competent authorities including our regulator, tax authorities, courts and bodies as required by law for reporting or as otherwise required by law.
  • Government agencies for verification of right to work or visa purposes (where applicable).
  • Any members of the FundRock  Group or their delegates and service providers insofar as the transfer is necessary to completely evaluate the candidate’s employment application.
  • Our Data Processors providing security, email security, data governance, archiving and other IT business and support services.

Representatives and employees of our clients.

  • Name, title, place of employment.
  • Contact information including address, email address, telephone number.
  • Photographic identification (including passports).
  • Signature, both physical and electronic.
  • Legitimate interest of maintaining contacts with our clients and ensuring the proper management of the Funds.
  • Fulfilment of contractual obligations between us and the client.
  • Legal obligations relating to AML/KYC.
  • Any members of the FundRock  Group or their delegates and service providers insofar as the transfer is necessary for the provision of services to the investor or the Fund.
  • Our auditors.
  • Our Data Processors providing security, email security, data governance, archiving and other IT business and support services.
  • Competent authorities including our regulator, tax authorities, courts and bodies as required by law for reporting or as otherwise required by law.

Representatives of our Delegates.

  • Name, title, place of employment.
  • Contact information including address, email address, telephone number.
  • Passports, identity documents.
  • Signature, both physical and electronic.
  • Legitimate interest of maintaining contacts with our delegates and ensuring the proper management of the Funds.
  • Fulfilment of contractual obligations between us and the delegate.
  • Legal obligations to monitor our delegates and conduct initial and ongoing.
  • Legal obligations relating to AML/KYC.
  • The Fund administrator, sponsor and any services providers to the Fund as detailed in the prospectus.
  • Any members of the FundRock Group or their delegates and service providers insofar as the transfer is necessary for the provision of services to the investor or the Fund.
  • Our auditors.
  • Our Data Processors providing security, email security, data governance, archiving and other IT business and support services.
  • Competent authorities including our regulator, tax authorities, courts and bodies as required by law for reporting or as otherwise required by law.

Representatives of service providers.

  • Name, title, place of employment.
  • Contact information including address, email address, telephone number.
  • Signature, both physical and electronic.
  • Legitimate interest of ensuring communication with service providers and ensuring services are provided to FundRock Group.
  • Legal obligation to conduct due diligence on certain service providers.
  • Any members of the FundRock Group or their delegates and service providers insofar as the transfer is necessary for the provision of services to FundRock Group.
  • Our auditors.
  • Our Data Processors providing security, email security, data governance, archiving and other IT business and support services.
  • Competent authorities including our regulator, tax authorities, courts and bodies as required by law for reporting or as otherwise required by law.

Individuals with a business relationship with the FundRock Group.

  • Name, title, place of employment.
  • Contact information including address, email address, telephone number.
  • Signature, both physical and electronic.
  • Legitimate interest for marketing and communication.
  • Legitimate interest of networking and maintaining business contacts.
  • Any members of Fundrock Group.
  • Our Data Processors providing security, email security, data governance, archiving and other IT business and support services.

Users of the website.

  • IP Address.
  • Page view history.
  • Name, title, place of employment.
  • Contact information including address, email address, telephone number.
  • Legitimate interest of collecting data on website use and enhancing the website and user access.
  • Legitimate interest of ensuring functionality of the website and optimization of features.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our website.
  • Our Data Processors providing security, email security, data governance, archiving and other IT business and support services.
  • Any members of the FundRock Group, insofar as the transfer is necessary for the provision of information as requested by the user via the contact us form.

Attendees of events.

  • Name, title, place of employment.
  • Contact information including address, email address, telephone number.
  • Event attended.
  • Legitimate interest of gaging interest for certain events.
  • Consent.
  • Any members of the FundRock Group, insofar as the transfer is necessary for the provision of information as requested by the attendee.

Office visitors.

  • Name, title, place of employment.
  • Contact information including email address and telephone number.
  • Date and time of office visit.
  • Legitimate interest of maintaining a log of in-office visits for security purposes.

 

Individuals who communicate with the  Fundrock Group via email, telephone, and social media.

  • Name, title, place of employment.
  • Contact information including address, email address, telephone number.
  • Legitimate interest of marketing.
  • Consent.
  • Any members of FundRock Group.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our website and social media presence.
  • Our Data Processors providing security, email security, data governance, archiving and other IT business and support services.

Individuals who have been nominated as an emergency contact.

  • Name, relationship to the nominee, contact details.
  • In order to protect the vital interests of another natural person.

 

  • Any members of FundRock Group.
  • Members of an emergency response unit or medical staff.

General Processing Provisions

Personal Data received from other sources

We will combine information from other sources such as information that is in the public domain, with information you give us and information we collect about you. We use all of the information for the purposes set out above (depending on the types of information we receive).

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie policy which is available at https://www.fundrock.com/cookies/

Other uses of your Personal Data

Establishment, exercise or defence of claims

We may process your Personal Data as identified in this Privacy Policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice

We may process any of your Personal Data as identified in this Privacy Policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.

The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

Mergers, Acquisitions and other corporate transactions in the FundRock Group

In the event that we sell or buy any business or assets, in which case we will disclose the Personal Data held by us to the prospective seller or buyer of such business or assets. Furthermore if we are fully or substantially all of our assets are acquired by a third party, we may also disclose the Personal Data held by us about our customers as one of the transferred assets.

In the event that we propose to terminate our mandate as management company/ alternative investment fund manager/ authorised corporate director of a Fund, in which case we may disclose your personal data to the proposed management company/ alternative investment fund manager/ authorised corporate director of the Fund prior to, and at the time of, the transfer in order for the new appointed management company/ alternative investment fund manager/ authorised corporate director of the Fund and their delegates and service providers to make certain preparations for the take of the management of the Fund and your personal data.

Disclosure of your information

We will only share your Personal Data in accordance with Data Protection Laws and with the entities listed in the table above. We will not rent or sell your Personal Data to any other organisation or individual.

Our website may, from time to time, contain links to and from the websites of affiliates, advertisers and partners. If you follow a link to any of these websites, please note that these websites have their own privacy and cookies policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.

International transfers of your Personal Data

Certain service providers to our Funds and certain third parties used by such service providers have offices or are situated in countries or territories outside the European Economic Area or “EEA”. (The EEA means the 27 countries or territories of the European Union, together with Iceland, Liechtenstein and Norway.) Such service providers or third parties may transfer your personal data outside of the EEA and/or to jurisdictions not recognized by the European Commission as providing an adequate level of data protection. If they do so, we will ensure that they do so in compliance with data protection legislation and that the transfers are subject to adequate safeguards, such as the European Commission’s Standard Contractual Clauses or their equivalent.

Consent

Where the FundRock Group process your Personal Data on the basis that you have provided your consent for us to do so, you may withdraw your consent to this processing at any time by contacting us at frmc_gdpr@fundrock.com or contacting us on the details below under “Our Details”.

If you do withdraw your consent, we may still be able to process some of the Personal Data that you have provided to us on other grounds and will notify you of these.

Retaining and deleting your Personal Data

In relation to our Funds, the Fundrock Group and our Affiliates, delegates, or service providers will retain your personal data for the duration of your contractual relationship in relation to a Fund and for as long as required for the Fund or for us or our Affiliates, delegates, or service providers to perform the contractual services in relation to the Fund, or to perform any investigations, or as otherwise required under Data Protection Laws. Following the termination of your contractual relationship we or our Affiliates, delegates or service providers may keep your Personal Data for the maximum period of time permitted under Data Protection Laws. In this regard, following the termination of our contractual relationship we will review what Personal Data we hold and whether we have a legitimate business purpose and/or legal requirement to continue to hold it; where we do not we will securely delete this Personal Data. Where there is a lawful reason for continuing to hold this Personal Data post termination we will at least annually review and assess whether we should continue to hold this Personal Data.

We shall not keep your Personal Data that we process for any purpose or purposes for longer than is necessary.

We may nevertheless retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject to, or in order to protect your vital interests or the vital interests of another natural person.

Rights of Individuals

As an individual, you have certain rights under Data Protection Laws. Data Subject may contact the DPO directly with regards to all issues relating to their Personal Data which is processed by the FundRock Group. Some of the rights are complex and only apply in specific circumstances. You should read the relevant laws and guidance from the relevant regulatory authorities in your jurisdiction for a full explanation of these rights.

Your principal rights under Data Protection Laws are set out below:

  • right of access.
  • right to rectification.
  • right to erasure.
  • right to restrict processing.
  • right to object to processing.
  • right to data portability.
  • right to complain to a supervisory authority.
  • right to withdraw consent.

Right of access

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

Right to rectification

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

Right to erasure

Also known as ‘the right to be forgotten’, the broad principle underpinning this right is to enable an individual to request the removal or deletion of personal data where there is no reason for its continued processing. The right may apply when: the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of Data Protection Laws; the processing is for direct marketing purposes; or the personal data has been unlawfully processed.

However, we can refuse to comply with a request for erasure in certain circumstances, which will be communicated to you when you make an erasure request.

Right to restrict processing

You have the right to ‘block’ or suppress the processing of your personal data including where: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require the personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection.

Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Right to object to processing

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). We will cease processing your personal data upon making such request.

Right to data portability

To the extent that the legal basis for our processing of your personal data is:

  1. consent; or
  2. that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract and such processing is carried out by automated means.

You have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

Right to complain to a supervisory authority

If you consider that our processing of your Personal Data infringes Data Protection Laws, you have a legal right to lodge a complaint with our DPO. If you are unhappy with the response to your complaint, you may refer the matter to a supervisory authority responsible for data protection in your jurisdiction or the place of the alleged infringement.

Right to withdraw consent

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may exercise any of your rights in relation to your personal data by written notice to us using the contact details under ‘Our details’ below.

Our Details

If you have any questions, comments or requests regarding this Privacy Policy, you can contact us through our DPO:

  1. by post, to any of our locations listed on our website.
  2. by email, to frmc_gdpr@fundrock.com or the email address published on our website from time to time.

FundRock Group has appointed a DPO on a voluntary basis.

A summary description of the Policy is made available to the investors on FRMC’s website.

Details of the actions taken on the basis of the Policy is made available to investors on their request.

Review and update

This Privacy Policy may change from time to time and if it does, we will publish a new version on our website which will become effective immediately. Please check this page occasionally to see any updates or changes.

Get in touch

Contact Us