Privacy Policy

Data Protection Privacy Notice

1. Who we are

FundRock Management Company S.A.

5, Heienhaff, 1736 Senningerberg, Luxembourg

RCS n°B104196

2. About this notice

This notice applies to FundRock Management Company S.A. , a subsidiary of Apex Group Ltd., ( “FRMC” or “we”) and is intended for external parties, who are not candidates or employees. Candidates and employees are presented with dedicated privacy notices available on relevant platforms.

This privacy notice covers how FRMC, acting as data controller, collects, uses, transfers and stores your personal data in connection with your interactions (as defined below) with us via our website, as a client, as a prospective client or as a vendor. This notice summarises the nature of the information that is stored by FRMC, why and how it is used, and your rights in regard to this data, as well as the protections in place to safeguard it.

In relation to personal data processed under this privacy notice FRMC is responsible for ensuring that such processing complies with applicable data protection laws, including but not limited to the European Union General Data Protection Regulation (the “GDPR”) and the California Consumer Privacy Act. Your privacy is important to us. Please be aware that FRMC employees are required to comply with FRMC's data privacy practices as set out in this privacy notice and other data privacy-related policies

3. What Personal Data FRMC collects and where we get it from

‘Personal Data’ is any information that can be used to identify you or that we can link to you and which we have in our possession or control.

Categories of Data Subjects	Personal Data processed
Representatives of delegates, investment funds and service providers (incl. directors)	Name, title, place of employment. Contact information including address, email address, telephone number Nationality, Date of Birth, Place of Birth, Issuance and Expiration dates of identification document Photographic identification (including passports) Signature, both physical and electronic
Ultimate beneficial owners of delegates and service providers	Name Contact information including address, email address, telephone number Photographic identification (including passports) Nationality, Date of Birth, Place of Birth, Issuance and Expiration dates of identification document Financial data (related to the holding qualifying the natural person as UBO) Tax information – US FATCA and OECD CRS
Representatives of regulators and other public authorities	Name, title, place of employment Contact information including address, email address, telephone number
Individuals who have been nominated as emergency contacts of FRMC employees	Name, relationship to the nominee, contact details
Office visitors	Name, title, place of employment Contact information including email address and telephone number Date and time of office visit
Attendees of events organised by FRMC	Name, title, place of employment. Contact information including address, email address, telephone number. Event attended.

Special category data: we may collect this where we are required to do so for the purposes of our legal and/or regulatory obligations including but not limited to those in relation to anti-money laundering and combatting the financing of terrorism. This may include information relating to your racial or ethnic origin or information relating to criminal records.

We collect this information in a variety of ways but mainly directly from you when you contact us or request information from us where we are providing services to you or we receive services from you including:

- Information set out in any agreements entered into with us;
- As part of the client due diligence process and through onboarding documentation, including any ongoing due dilligence; and
- Personal data provided by you by way of correspondence with us by telephone, email or otherwise.

We also collect information from third parties or publicly available sources. These third parties and publicly available sources include lawyers, accountants and professional advisors, other financial institutions that process your personal data to satisfy their own regulatory requirements, credit reference agencies and financial crime databases in order to comply with our regulatory requirements as well as from other Apex Group companies.

Website and cookies: we may collect your Personal Data through your use of our website via cookies. These cookies help us to provide you with an optimised experience, understand how you use the website, provide personalised features and content, and to deliver advertisements. We also use cookies to ensure that our website is functioning correctly. For further information about cookies, please see our cookie notice here.

4. How do we use your data?

Categories of Data Subjects	Purpose of processing
Representatives of delegates, investment funds and service providers (incl. directors)	Ensuring the proper management of the relationship Fulfilment of contractual obligations Legal obligations to monitor our relationships and conduct initial and ongoing due diligence Legal obligations relating to AML/KYC
Ultimate beneficial owners of delegates and service providers	Legal obligations to monitor our business relationships and conduct initial and ongoing due diligence Legal obligations relating to AML/KYC
Representatives of regulators and other public authorities	Ensuring the proper management of the relationship Legal obligations to comply with regulatory requests and requests of other public authorities
Individuals who have been nominated as emergency contacts of FRMC employees	Protecting the vital interests of FRMC employees
Office visitors	Ensuring the proper management of the relationship and physical security of FRMC premises
Attendees of events organised by FRMC	Ensuring proper management of the relationship

5. Use of AI and Automated Technologies

We may use Artificial Intelligence and automated technologies to automate some of our processes, streamlining repetitive tasks, enhancing efficiency, user experience, and security while interacting with us. We continuously review our AI systems to ensure compliance with legal and ethical standards. If you have any questions about our use of AI in relation to your data, or if you wish to exercise any rights related to automated decision making, please contact us using the details set out in section 12 of this notice.

6. Disclosure and Sharing of Data

Personal Data may be disclosed to third parties in connection with the services we are providing. The recipients of such information will depend on the services that are being agreed and provided.

Subject to any restrictions around confidentiality such disclosures may include disclosures:

to other entities in the Apex Group for the purposes described in this privacy notice;
to our third party service providers (including in relation to website hosting, data analysis, client research, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services) and to our professional advisers and agents;
to third party advisers of clients (including external legal counsel, notaries, auditors and tax advisers);
to payment, banking and communication infrastructure providers including SWIFT, financial institutions or intermediaries with which we may have dealings (including correspondent banks), insurers/insurance brokers, central counterparties, clearing houses, clearing and settlement systems, exchanges, trading platforms, regulated markets, credit institutions and other service providers assisting on transactions;
to third party storage providers (including archive service providers and document repositories) and trade data repositories;
to third party distribution platforms and to operators of private or common carrier communications or transmission facilities, time sharing suppliers and mail or courier services;
to other deal/transaction participants including issuers, borrowers, advisers, translation service providers and within prospectuses and marketing materials;
to counterparties, vendors and beneficiaries, and other entities connected with our clients;
to other persons as agreed with a client or as required or expressly permitted by applicable law;
to central banks, regulators, trade data repositories, or approved reporting mechanisms which may be outside your country; and
to courts, litigation counterparties, law enforcement, foreign
authorities and others, pursuant to subpoena or other court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings and to comply with legal and regulatory requirements.

Where there is a transfer within Apex Group or to a third party in a different jurisdiction, including, but not limited to transfers outside of the European Economic Area, we will take appropriate steps to ensure there is an adequate level of protection for Personal Data (which includes a legal agreement and appropriate security measures) in place in accordance with applicable legal requirements. The third parties are permitted to use the personal data only for the purposes which we have identified, and not for their own purposes, and they are not permitted to further share the data without our express permission.

7. Retention of your data

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

8. Data security

We have put appropriate security measures in place to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

9. Your choices and rights as a data subject

You have a number of legal rights in relation to the Personal Data that FRMC holds about you, and you can exercise your rights by contacting us using the details set out in section 12 below.

Depending on applicable law, these rights may include:

Right to access. You have the right to request information regarding the processing of your Personal Data and access to the Personal Data we hold about you.
Right to rectification. You have the right to request that FRMC correct any information you believe is inaccurate. You also have the right to request FRMC complete information you believe is incomplete.
Right to erasure. You are able to request we erase your
Personal Data in certain circumstances. There may be circumstances where you request us to erase your Personal Data but we are legally entitled to retain it.
Right to restrict processing. You have the right to request that FRMC restrict the processing of your personal data under certain conditions. There may be circumstances where you object to or ask us to restrict our processing of your Personal Data but we are legally entitled to refuse that request.
Right to withdraw consent. You have the right to withdraw consent at any time where the sole legal basis for processing your personal data is your consent.
Right to object to processing. You have the right to object to FRMC’s processing of your personal data under certain conditions.
Right to data portability. You have the right to request that we transfer the data we have collected to another organisation or directly to you under certain conditions.
Make a complaint. You can lodge a complaint with the relevant data protection authority if you think that any of your rights have been infringed by us.

In certain circumstances, we may refuse your request or limit our response to your request. These circumstances include where the request is excessive or unfounded, your requests prejudices the rights of others, where the information you are requesting is subject to ongoing criminal investigations, legal processes, or other regulatory restrictions, or where we no longer hold the data. If we refuse your request for whatever reason, we will provide you reasons for the refusal and inform you of your right to lodge a complaint with the relevant data protection authority.

10. Recording of communications

When individuals communicate with FRMC by way of telephone conversations and electronic communications, including emails, text messages and instant messages, these may be recorded and/or monitored for evidentiary, compliance, quality assurance and governance purposes or as required by applicable law.

11. Email marketing and unsubscription

You can stop the delivery of marketing emails from FRMC at any time by unsubscribing or opting out via the link included in every email. Alternatively you can make a direct request to unsubscribe by emailing enquiries@apex.bm.

12. How to contact us

If you have any concerns or questions about this privacy notice or would like to exercise your rights as a data subject, you can contact our Data Protection Officer:

Email: dpo.luxembourg@apexgroup.com

Post: Data Protection Officer | FundRock Management Company S.A. | 5, Heienhaff, 1736 Senningerberg| Luxembourg

13. Right to lodge a complaint with the Data Protection Authority

If you are not satisfied with our response, you can make a complaint to the Commission nationale pour la protection des données (“CNPD”).

Commission nationale pour la protection des données

Service des réclamations

15, Boulevard du Jazz

L-4370 Belvaux

Luxembourg

14. Updates

We will update this privacy notice when necessary to reflect changes in the law, our practices and in our services, as well as to ensure it is accurate and up to date. When we make an update we will amend the date at the top of this notice, you are therefore advised to check this privacy notice periodically. We may also notify you in other ways from time to time about the processing of your Personal Data.