Erisbeg II LP Partnership Privacy Notice

Erisbeg II LP, acting by its general partner Erisbeg GP II Limited (the “Partnership”)

Introduction

The purpose of this document is to provide you with information on our use of your personal data in accordance with the EU data protection regime introduced by the General Data Protection Regulation (EU) 2016/679 (the “Data Protection Legislation”).

In this document, “we”, “us” and “our” refer to the Partnership acting via the General Partner and certain delegates (acting is a data processor capacity pursuant to the Data Protection Legislation).

Who this affects

The Partnership will collect and process the Personal Data of natural persons who are: i) registered investors and applicants for interests in the Partnership and/or prospective applicants for interests in the Partnership (“Investors”); (ii) beneficial owners of interests or applications for interests, personal representatives of Investors or beneficial owners, directors, officers, trustees and / or authorised signatories of Investors (“Connected Persons”); and (iii) not Investors or Connected Persons but who otherwise have contact with the Partnership for business reasons such as partners, advisors, agents and any natural persons who is employed or engaged by service providers of the Partnership (“Business Contacts”). In this Data Protection Notice, Investors, Connected Persons and Business Contacts are together referred as “Individuals”.

If you are an institutional investor that provides us with Personal Data on Connected Persons or Business Contacts, this Data Protection Notice will be relevant for those Individuals and you should transmit this document to such Individuals or otherwise advise them of its content.

Personal Data

“Personal Data” means any information which the Partnership has or obtains (including the initial application, and including the recording of electronic communications or phone calls where applicable), or which an Individual provides to the Partnership or the Partnership’s service providers:

Identity Data – being name, signature, nationality, place of birth, date of birth, passport number or similar identifier, signature, marital status, title, and gender;
Contact Data – being residential address, email address, contact details, corporate contact information, and correspondence records;
Financial Data – being bank account details, tax identification, credit history, source of funds details, information about your financial circumstances, including net assets and the size of your investment portfolio, and details relating to your investment activity; and
Marketing and Communications Data – being your preferences in receiving marketing from us and our third parties and your communication preferences.

Technical Data – includes your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website and/or platform

Special Category Personal Data

Some of this Personal Data may be “special category” Personal Data, such as data revealing racial or ethnic origin, political opinions, or trade union membership. The General Partner may, in limited circumstances, collect and process this data in connection with its obligations under applicable AML laws. Any special category Personal Data will only be used and disclosed, as necessary, for such purpose.

We do not intend to or knowingly collect or solicit Personal Data from children under the age of 18. If you are under the age of 18, do not provide us with any personal data.

How we may use your personal data

We, as a data controller, may collect, store and use the following categories of personal data under the following lawful bases for the lawful purposes described below:

Contract: We process Identity, Contact and Financial Data to reflect Investors’ ownership of shares in the Partnership, and for the performance of the contract to purchase of shares in the Partnership or to process redemption, conversion, transfer and additional subscription requests or the payment of distributions where this is necessary for the performance of a contract with Investors.
Legal Obligation: We process Identity, Contact and Financial Data of Investors and Connected Persons to discharge Irish and EU member state legal obligations to which we are subject, including in order to:

undertake our anti-money laundering (“AML”), terrorist financing and beneficial ownership due diligence on clients and investors to include, politically exposed persons screening, in accordance with the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 to 2021, and financial sanctions screening, in order to comply with the financial sanction’s regimes imposed by the EU, the United Nations and any other relevant authorities.
comply with tax reporting obligations under the Taxes Consolidation Act 1997.
comply with regulatory requirements applicable to managing your investment, in particular under the European Union Directive on Alternative Investment Fund Managers (2011/61/EU), as implemented in any relevant member state of the European Union, together with any secondary legislation or European Union rules made pursuant to the said directive, and the European Union (Markets in Financial Instruments) Regulations 2017, as well as the Central Bank of Ireland’s AIF Rulebook, guidelines and policy updates issued by the Central Bank of Ireland, where applicable, from time to time;
comply with Irish and EU member state legal sanctions requirements; and/or
comply with requests from EU and EU member state regulatory, governmental, tax and law enforcement authorities.

All references to laws are as may be amended, supplemented, consolidated, substituted in any form or otherwise modified from time to time.

Legitimate Interest: We may process Identity, Contact, Financial, Marketing and Communications Data of Individuals where this is necessary for our legitimate interests for day to day operational and business purposes, to take advice from the Partnership’s external legal and other advisors, board reporting and management purposes (including quality control, business, risk and statistical analysis for tracking fees and costs, or for customer service and training-related purposes) and in carrying out our direct marketing activities (that is, us providing you with information on products and services), in the event of any restructuring or reorganisation of the Partnership or relating to the assets of the Partnership; or where necessary to establish, exercise or defend its legal rights or for the purpose of legal proceedings.

Where we process personal data on the basis of our legitimate interests, we do so in a fair, transparent and accountable manner and take appropriate steps to prevent such activity having any unwarranted impact on you. We do not process your personal data where such legitimate interests are overridden by your interests, fundamental rights or freedoms. You have a right to object to us processing your personal data on the basis of our legitimate interests.

Consent: Should we wish to use your or your connected persons’ personal data for other specific purposes (including, if applicable, any purpose that requires your consent), we will contact you.

Where the Partnership requires personal data of Investors and/or Connected Persons (e.g., to comply with AML or other legal requirements) failure to provide this information means the Partnership may not be able to deal with such Individuals. Identity, Contact and Financial Data is required to assess your application and perform our contract with Investors. Failure to provide this information means that the Partnership may not be able to process your subscription application, accept you as an investor in the Partnership and/or perform our contract with you.

Third Party Providers of Information

The Partnership may obtain Personal Data relating to Individuals from someone other than that Individual when carrying out due diligence, to take advice from the Partnership’s external legal and other advisors and to tailor marketing communications to Individuals. This Personal Data relating may be obtained from a variety of sources, Business Contacts or Connected Persons, and / or direct and indirect service providers to the Partnership, such as vendors providing AML and checking sanctions databases. We may also obtain Personal Data on Investors and Connected Persons from public sources such as sanctions lists published by the EU, the UN Security Council and other public authorities, the Companies Registration Office and market data providers such Bloomberg and Thomson Reuters.

Recipients of Personal Data

MUFG Fund Services (Ireland) Limited acting as Data Processor (as defined under the Data Protection Legislation) on behalf of the Partnership may collect, store and use your personal data for lawful purposes disclosed at paragraphs (i) and (ii) above, to discharge its obligations under its service agreement with the Partnership or for risk oversight, monitoring, analysis and auditing of its business and IT systems.

Erisbeg Management Limited (the “Manager“), may use your personal data for its own purposes, for example in the provision of its services to us or to discharge the legal or regulatory requirements that apply directly to the Manager.

Additionally, Mitsubishi UFJ Investor Services & Banking (Luxembourg) S.A., Dublin Branch (the ”Depositary”) is a Data Processor (as defined under the Data Protection Legislation) of the personal data of shareholders, applicants for interests, beneficial owners, directors and officers of investors and applicants for interests, which it obtains as a result of its contract with the Partnership:

To the extent that it is necessary for the Depositary, to comply with its own obligations under anti-money laundering legislation (on the basis of its respective legal obligations); and in the discharge of the Depositary’s statutory oversight and monitoring obligations (on the basis of its legal obligations). The Depositary may share the personal data with its delegates and agents. Where those delegates are located outside the EEA or a third country in respect of which the European Commission has not issued a finding of adequacy with regard to data protection, appropriate model clauses will be implemented. The personal data will be held by the Depositary in accordance with anti-money laundering legislation as relevant. In general, the Depositary will hold personal data, which it has in the discharge of its statutory oversight and monitoring obligations for a period of seven years, unless it is obliged to hold it for a longer period under law or applicable regulations or otherwise.

The rights which you have in relation to your personal data as described above will apply directly in respect of the Depositary to the extent that the Depositary acts as Data Controller.

Should we wish to use your personal data for other specific purposes (including, if applicable, any purpose that requires your consent), we will contact you. A copy of the Depositary’s client privacy notice is available at https://www.mufg-investorservices.com/privacy- policy/.

Why we may transmit your personal data

In certain circumstances we and/or our authorised delegates may be legally obliged to share your data and other financial information with respect to your interest in the Partnership with the Irish Revenue Commissioners and they, in turn, may exchange this information with foreign tax authorities including tax authorities located outside the EEA.

We anticipate that the following affiliates and delegates of the Partnership, or their respective affiliates or delegates may process your personal data on our behalf and this may include certain entities located outside the EEA:

the Partnership’s administrator MUFG Fund Services (Ireland) Limited;
the Partnership’s depositary, Mitsubishi UFJ Investor Services & Banking (Luxembourg) S.A., Dublin Branch.

The data protection measures we take

Any transmission of personal data by us or our duly authorised delegates outside the EEA shall be in accordance with the conditions in the Data Protection Legislation. Where an authorised affiliate and/or delegate transfers your personal data outside of the EEA, further information on the appropriate safeguards put in place by the affiliate and/or delegate will be detailed in their own privacy policies/notices.

We and our duly authorised delegates shall apply appropriate information security measures designed to protect data in our/our delegates’ possession from unauthorised access by third parties or any form of computer corruption.

We shall notify you of any personal data breach affecting you that is likely to result in a high risk to your rights and freedoms.

The data protection measures we take

We shall notify you of any personal data breach affecting you that is likely to result in a high risk to your rights and freedoms.

Updates to personal data

We will use reasonable efforts to keep your personal data up to date. However, you will need to notify the Partnership without delay in the event of any change in your personal circumstances, so that the Partnership can keep the personal data up to date.

Your data protection rights

You have certain rights regarding our use of your personal data summarised as follows:

the right to access your data (in an easily readable form);
the right to examine and correct your data;
the right of erasure and/or to restrict the use of your data;
the right to data portability;
the right to withdraw any consent given to the processing of your data (where applicable) without affecting the lawfulness of the processing carried before withdrawal of consent; and
the right to lodge a complaint with the Data Protection Commission (our lead supervisory authority) or a supervisory authority in the EU member state of your usual residence or place of work.

Our retention of your personal data

We or our duly authorised delegates may retain your personal data for as long as necessary for the purpose for which it is processed, including to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We or our duly authorised delegates may retain your personal data for a period of up to seven (7) years following your disinvestment from the Partnership or following the point where your business relationship with us has ceased or potentially for a longer period where necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.

Thereafter, we and our duly authorised delegates will refrain from collecting any further personal data on you and shall take appropriate steps to dispose of, delete or anonymise any records containing your personal data, to the extent this is operationally feasible and proportionate. Where your personal data has been anonymised, we may retain this information indefinitely.

Changes to this Privacy Notice

We may need to make changes to this Data Protection Notice from time to time and shall do so by amending the version of this Data Protection Notice published on our website at Erisbeg | Flexible Solutions for Business Owners. We will notify you of any material changes by email, or by posting the updated notice on our website, or by other appropriate means. We encourage you to review this notice regularly to stay informed about how we protect your personal data.

Getting in touch

The Partnership is not required to designate a data protection officer. However, should you have any queries or wish to discuss your data protection rights with us, please contact contact@erisbeg.com