1. Data Controller and Data Protection Officer;
The sole data controller (hereinafter "Data Controller
") for the data processing within the meaning of the data protection laws is:
address: Kurfürstendamm 12, 10719 Berlin, Germany
phone: +49 30 7675 975 69
2. Subject of data protection
Data protection laws cover the protection of personal data. Personal data includes all information relating to an identified or identifiable natural person (so-called data subject), such as information about name, postal address, e-mail address or telephone number. Furthermore, this includes information that necessarily arises in the course of the investment relationship, such as banking details of the Investor, invested amount and holdings in the Fund (hereinafter “Personal Data”).
3. Purposes and legal grounds of data processing
Hereafter the Data Controller provides the Investor with an overview of the purposes and legal grounds of processing the Investor’s Personal Data in the context of the Investor’s investment in the Fund and the Data Controller’s role as legal adviser of the Fund Manager and the Fund.
a. Purpose: Participation as limited partner in the Fund
Insofar as required for the participation of the Investor as limited partner of the Fund, the Data Controller processes Personal Data of the Investor in particular for advice and support to the Fund with regard to:
- The acceptance of the Investor as limited partner, including the investor’s capital contribution;
- Handling of communication processes, internally and externally (e.g. correspondence);
- Administrative tasks such as drawdown and distribution notices;
- General investor relations;
- Tax and regulatory filings/ reports.
Additional and more detailed particulars of the purposes of the processing of the Investor’s Personal Data may result from documents that are provided to the Investor as part of the Investor’s subscription for a limited partner interest in the Fund and the Investor’s admission as limited partner.
The legal basis for the processing of Personal Data for the purpose of the Investor’s participation as limited partner of the Fund is Article 6(1)(b) GDPR. Accordingly, the Data Controller only processes the Personal Data necessary for the participation of the Investor as limited partner of the Fund. The Data Controller is not the contracting party for the Investor with regard to the Investor’s subscription for, and acquisition of, a limited partner’s interest but supports and advises the Fund Manager and the Fund on the Investor’s participation in the Fund.
b. Purpose: Maintaining legitimate interests
The Data Controller also processes the Investor’s Personal Data insofar as it is required to protect the Data Controller’s or the Fund’s legitimate interests or those of third parties. The Data Controller hereto pursues the following interests (in particular by way of advice to the Fund/ Fund Manager), which are simultaneously the respective purposes:
- Fund management activities;
- Operational service recording and evaluation;
- Internal communication;Ensuring operational safety;
- Inquiries from public authorities;
- Assertion of legal claims.
The legal basis for the processing of Personal Data is Article 6(1)(f) GDPR.
c. Purpose: Fulfilment of legal obligations
The Data Controller also processes the Investor’s Personal Data in order to comply with legal obligations to which the Data Controller or the Fund/Fund Manager or those of third parties are subject. The pertinent obligations may arise e.g. from commercial, tax, money laundering, financial or criminal laws. The respective legal obligation is simultaneously the purpose of the processing. Therefore, the Data Controller may especially process Investor’s Personal Data to help the Fund Manager or the Fund to comply with money laundering identification and verification obligations. To that end, the Data Controller may process Investor’s Personal Data to enable video identifications of the Investor by third parties (e.g. IDnow) which include:
- audio and video recordings of the process, of the identified person and the identification document,
- images of the identified person, of the front and (if available) back of the identified person's identification document,
- personal data such as first name, name, street, house number, postal code, place of residence, date of birth, place of birth, nationality, email, mobile phone number,
- ID card / passport data such as type of ID card, ID card number, Issuing country, Date of issue, Validity date, Issuing authority,
(hereinafter the “Identification Data”).
The Data Controller will store such Identification Data on behalf of and in the account of the obliged Fund Manager/Fund that initially identified the respective person. The Fund Manager/Fund has immediate access to such Identification Data.In order to avoid repeated video identifications of Investors (data minimization), an obliged Fund Manager/Fund may access Identification Data initially retrieved by another Fund Manager/Fund, if the accessing Fund Manager/Fund is legally obliged to identify the respective Investor. In such case, the Data Controller may act as a messenger between those Fund Managers/Funds and will grant the accessing Fund Manager/Fund access to the Investor’s Identification Data. This applies in particular to cases where an Investor completes the subscription via IDnow eSign, using an already existing IDnow account (Wallet) to authenticate his identity and sign.
The processing generally serves the purpose of complying with official control and information obligations. The legal basis for the processing is Article 6(1)(c) GDPR. Accordingly, the Data Controller only processes Personal Data that is necessary for the fulfilment of the legal obligation.
For certain data processing operations, the Data Controller may request that the Investor consents to the processing of the Investor’s personal information by the Data Controller. The specific purposes for which a consent will be granted by the Investor will be set forth in the relevant declaration of consent.
Such consent may be granted by the Investor, in particular, with respect to the facilitation of further investments in other funds by the Investor, in particular via the Onboarding Suite, by making available the Investor’s data for future subscriptions.In order to avoid the need to enter the Investor’s Personal Data into the Onboarding Suite for each new investment, the Data Controller offers to save and process the Investor's Personal Data submitted for its investment in a Fund also for potential future investments.
If the Investor grants his consent, the Data Controller saves the Personal Data of the Investor. In that case, subject to the grant of a corresponding separate consent by the Investor, the Data Controller takes over the Personal Data of the Investor from previous investments if the Investor is invited by the same Fund Manager or a third party for an investment to the Onboarding Suite. Without the consent of the Investor, the Investor´s Personal Data will not be provided to any such party.
If the Investor has consented for certain purposes to the processing of Personal Data, Article 6(1)(a) GDPR serves as the legal basis. The Investor can revoke such consent at any time. This does not affect the legality of the processing carried out on the basis of the consent until the revocation.
e. Anonymized Data
For certain statistical evaluations of investments, the Data Controller may make data available to Onboarding Suite GmbH clients or any third parties in a completely anonymized form. In these cases the Data Controller irrevocably removes – prior to the evaluations – all personal references from the Personal Data so that nobody is able to reconstruct any personal reference. This ensures that neither the Data Controller nor the Onboarding Suite GmbH clients nor third parties can draw any conclusions about the Investor’s Personal Data.
4. Personal Data from third parties
5. Recipients of Personal Data
The Data Controller will only share the Investor’s Personal Data with external recipients outside of the Data Controller (i) if required for the participation of the Investor as limited partner of the Fund or for the compliance with legal requirements, or (ii) with the Investor’s consent.For the above purposes, Personal Data may be transferred to affiliated and third-party entities supporting the activities of the Fund which include without limitation the General Partner and the fund administrator. The transmission takes place on the basis of Article 6(1)(a), (b) and/or (f) GDPR. Further external recipients can be:
Processors will be carefully selected and the Data Controller will regularly review them to ensure that the Investor’s privacy is maintained. Processors can be affiliated companies of the Data Controller or external service providers that are used in the course of business operations. Processors may only use the Personal Data for the purposes specified by the Data Controller and described in detail in the data processing contracts concluded with the Data Controller. Requirements, the content and the scope of data processing contracts are included in Article 28 GDPR.
b. Public authorities
Authorities and government institutions, such as regulators, prosecutors or tax authorities, to whom the Data Controller is legally obliged to transfer Personal Data (including for FATCA-/CRS-reasons). The transfer is based on Article 6(1)(c) GDPR.
c. Other service providers
Accountants or other service providers beyond processors are bound by the Data Controller’s instructions. The transmission takes place on the basis of Article 6(1)(a), (b) and/or (f) GDPR.
6. Data processing in third countries
If Personal Data is transferred to recipients whose place of business or place of processing of the Investor’s Personal Data is not located in a Member State of the European Union or another state party to the Agreement on the European Economic Area, the Data Controller will ensure that prior to the transfer, except where permitted by law, either the recipient has an adequate level of data protection (e.g. through a European Commission adequacy decision, appropriate guarantees such as self-certification for the EU-US Privacy Shield, or putting into place so-called EU standard contract clauses with the recipient) or the Data Controller has obtained the Investor’s sufficient consent.
The Investor can obtain from the Data Controller an overview of the recipients in third countries, if any, and a copy of the specific arrangements agreed to ensure the appropriate level of data protection.
7. Data subject’s rights
As a person affected by data processing, the Investor has numerous rights. Specifically:
Right to information: The Investor has the right to obtain information about the Personal Data the Data Controller has stored about the Investor.
Right to rectification and deletion: The Investor may request the correction of incorrect Personal Data and – insofar as the legal requirements are met – the deletion of the Investor’s Personal Data.
Restriction of processing: As far as the legal requirements are met, the Investor may request that the Controller restricts the processing of the Investor’s Personal Data.
Data portability: If the Investor has provided the Data Controller with Personal Data based on a contract or consent, the Investor may, subject to the legal requirements, require that the Investor receives such Personal Data in a structured, common and machine-readable format or that the Data Controller transfers it to another responsible person.
Objection to data processing in the case of the legal basis of ’legitimate interest’: The Investor may object to the processing of the Investor’s Personal Data by the Data Controller at any time if there is a legitimate interest of the Investor arising from the Investor’s particular situation. In such case, the Data Controller will stop the processing of the Investor’s Personal Data, unless the Data Controller can – in accordance with the legal requirements – prove compelling legitimate reasons that outweigh the Investor’s rights.
Revocation of consent: If the Investor has consented to the processing of the Investor’s Personal Data, the Investor can revoke the Investor’s consent at any time with effect for the future. The lawfulness of the processing of the Investor’s Personal Data prior to the revocation remains unaffected.
Right to complain to the supervisory authority: The Investor can file a complaint with the competent supervisory authority if the Investor believes that the processing of the Investor’s Personal Data violates applicable law. The Investor can contact the data protection authority which is responsible for the Investor’s place of residence or the Investor’s country or the data protection authority responsible for the Data Controller.
Contact: Furthermore, the Investor can contact the Data Controller free of charge with any questions about the processing of the Investor’s Personal Data, the Investor’s rights as a data subject and any consent the Investor has given under the contact information given above. If the Investor wants to revoke the Investor’s consent, the Investor can choose the same channel which the Investor used when the Investor submitted the consent.
8. Retention period
The following applies: The Data Controller stores the Investor’s Personal Data only for as long as it is necessary to fulfil the purposes (sec. 3. a., b. and c.) or – in the case of consent (sec. 3. d.)– as long as the Investor has not revoked the consent (and no other legal basis applies). In the event of an objection, the Data Controller will delete or anonymise the Investor’s Personal Data, unless its further processing can be based on applicable statutory provisions. The Data Controller will also delete or anonymise the Investor’s Personal Data when obliged to do so for legal reasons. Anonymization means that the Investor will no longer be identifiable.
9. Requirement to provide Personal Data
The Investor may at his/her/its discretion refuse to communicate Personal Data to the Data Controller. In this case, the Data Controller may reject his/her/its request for the subscription for an interest in the Fund. This right to reject does not apply for purposes that are based on consent.