Joint Data Controller Clause

In certain cases, FundRock may act as joint data controller with our clients. In such instances, FundRock and/or the relevant Fund may process personal data of an investor or a prospective investor of the Fund (“investor data”). Investor data may be processed for the following purposes:

Personal data of an investor or a prospective investor in a Fund (collectively, “investor data”) may be processed by the “registrar” or “administrator” (as described in the prospectus of a Fund) or other services providers to a Fund.  Investor data may be processed for the purpose of:

1.offering investments and setting up the accounts

2. direct or indirect marketing activities
3. managing investments and performing the related services

performing controls and monitoring delegates

4. complying with applicable regulations including anti-money laundering rules or anti-terrorist financing rules
5. monitoring calls and electronic communications for: processing and verification of instructions, investigation and fraud prevention; or enforcing and defending claims.
6. the administration of our website and for our internal operations

The legal grounds for processing (referred to as the “legal basis for processing”) is:

• our legitimate interests, namely the proper management and administration of your investment and to fulfill your requests for information, products and services
• the performance of the contractual obligations between you and us, as the operator of the Fund
• to comply with applicable laws

Where we process personal data based on your consent, you will be notified that you may withdraw your consent at any time.

We may disclose investor data to the service providers to the Funds, our service providers, delegates, suppliers or our contractors and sub-contractors insofar as reasonably necessary for the purpose of the operation, and administration of a Fund, the distribution of a Fund and the safe custody of the assets of a Fund. In particular, investor data (as described above) will be given:

• by us to the registrar or administrator of a Fund in order to enable them to provide various services, including but not limited to investor relations and on-boarding functions, anti-money laundering and other regulatory compliance checks, set-up of investor accounts, monitoring of trading activity and other record keeping obligations
• by us or the registrar or administrator of a Fund to credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you
• by the registrar or administrator of a Fund to the depositary of a Fund (“depositary”) within the context of the instructions for subscriptions and redemptions of the shares or units of a Fund
• by the depositary of a Fund to the custodian of a Fund (“custodian”) or to entities within the depositary’s group of companies
• by us or the registrar or administrator to the sponsor, distributor, or third party technology service provider in relation to the distribution of a Fund or in order to monitor changes to the investor register, perform the calculation of management fee rebates (if applicable) or carry out statistical analysis and market research
• by us to the investment manager of a Fund in order to monitor a Fund’s investments
• by us or the registrar or administrator of a Fund to other business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; and
• by us or the registrar or administrator to other third parties in order to comply with legal and regulatory requirements applicable to a Fund.

In all instances, your personal data will processed in accordance with our Privacy Policy, with Regulation n°2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), and any applicable national legislation.

You have the right to make a complaint to any relevant supervisory authority, including the Commission nationale pour la protection des données (the “CNPD”) in Luxembourg and the Data Protection Commission (the “DPC”) in Ireland.

If you have any questions, comments, or concerns please contact us at FRMC_GDPR@Fundrock.com; our GDPR team will respond to your query.