Privacy V2 - Heptagon Capital – Production

Heptagon Capital (jointly includes Heptagon Capital LLP, Heptagon Capital Management Limited, Heptagon Capital Limited, Heptagon Capital Services Limited and…

Privacy Policy

OUR COMMITMENT TO YOU

Heptagon Capital (jointly includes Heptagon Capital LLP, Heptagon Capital Management Limited, Heptagon Capital Limited, Heptagon Capital Services Limited and Heptagon International AB (Heptagon)) are committed to safeguarding the privacy and confidentiality of the Personal Information you have entrusted to us. It is important for you to understand what Personal Information we will collect, how we will use it, and who may access it.

Personal Information means information about an identifiable individual. It includes information that you have provided to us or was collected by us from other sources. It may include details such as your name and address, age and gender, personal financial records, identification numbers including your Social Insurance Number and personal references, to the extent permitted by local laws.

SCOPE

For the purposes of this privacy policy:

If you are an existing client of ours, further details about how we use your Personal Information is set out in your client contract with us. Further notices highlighting certain uses we wish to make of your Personal Information together with the ability to opt in or out of selected uses may also be provided when we collect Personal Information from you.

Our websites may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your Personal Information. Please check these policies before you submit any Personal Information to such third-party websites.

This Privacy Policy outlines our commitment to you.

1. Personal Information that we collect

We only collect the Personal Information that we determine to be necessary for the purposes set out in section 3.

For example, we may collect:

• Information you provide to us; Personal Information that you provide to us, such as your name, email address, and other contact details;

• Anti-Crime and Fraud Information; Information relating to any criminal or fraudulent activities provided to us by you or third parties including information which establishes your identity, such as driving licences, passports and utility bills; information about transactions, fraud, offences, suspicious transactions, politically exposed persons and sanctions lists where your details are included;

• Financial Information; Information to ensure that the advice and/or products we provide you with are appropriate and the investments you purchase are suitable for you;

• Your transactions and holdings; Details of transactions with us or holdings with us that you have made or initiated;

• Our correspondence; If you contact us, we will typically keep a record of that correspondence;

• Device Information; Such as information about your operating system, browser, software applications, IP address, geolocation, security status and other device information in order to improve your experience, to protect against fraud and manage risk;

• Website and communication usage; Details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access;

• Marketing preference information; Details of your marketing preferences (e.g. communication preferences) and information relevant to selecting appropriate products and services to offer you;

• Email tracking information; Our emails may contain technology that tracks when/if the email was opened and what links (if any) were clicked. We may use this information for purposes including determining which of our emails are more interesting to you and querying whether users who do not open our emails wish to continue receiving them. Clicking on a link in any of these emails may cause you to be personally identified and for your information to be available to our personnel so we may more effectively engage with you and improve our services. If you do not wish for this tracking to occur, you can delete the email immediately or unsubscribe from our mailing lists;

• Call recordings and CCTV; We may monitor or record our incoming or outgoing telephone calls with you to ensure accuracy, security, service quality, for training purposes and to establish a record of our communications. Notification of such recording will be made at the start of the call and if you do not wish to have your call recorded, you have other options to conduct business with us such as online, or by contacting us in writing. We may record CCTV footage in and around our premises and other locations for the safety of our clients and employees, and to protect against theft, property damage and fraud;

2. Purposes for which we use your Personal Information

When we collect your Personal Information, we may use or disclose it for the following purposes. Below each purpose we note the “legal ground” that allows that use of your Personal Information. An explanation of the scope of the “legal grounds” can be found in Annex A.

• To provide and manage products and services you have requested; To administer our services, including to carry out our obligations arising from any agreements entered into between you and us, or to notify you about changes to our services and products.

Legal ground: contract performance; consent, legitimate interests (to enable us to perform our obligations and provide our services to you or to notify you about changes to our service)

• To verify your identity, protect against fraud and manage risk; We and other organisations may access and use certain information to prevent fraud, money laundering and terrorism as may be required by applicable law and regulation and best practice at any given time, including checking against sanctions, politically exposed persons (PEP) and other fraud or crime screening databases. As part of this activity we will share your details with fraud prevention agencies and may also share them with law enforcement agencies. Fraud prevention agencies can hold your Personal Information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your Personal Information can be held for up to six years. If we, or a fraud prevention agency, determine that you pose such a risk, we may refuse to provide the services you have requested or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. Note that whenever fraud prevention agencies transfer your Personal Information outside of the EEA, they impose contractual obligations on the recipients of that data to protect your Personal Information to the standard required in the EEA. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

• To comply with legal or regulatory requirements, or as otherwise permitted by law; We may process your Personal Information to comply with our regulatory requirements or dialogue with our regulators or defend or prosecute claims as applicable which may include disclosing your Personal Information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

Legal ground: legal obligations; legal claims; legitimate interests (to cooperate with law enforcement and regulatory authorities)

• To monitor certain activities; To monitor queries and transactions to ensure service quality, compliance with procedures and to combat fraud.

Legal ground: legal obligations, legal claims, legitimate interests(to ensure the quality and legality of our services)

• To inform you of changes; To notify you about changes to our services and products. Legal ground: legitimate interests(to notify you about changes to our service)

• To communicate with you regarding products and services that may be of interest; To provide you with updates and offers, where you have chosen to receive these. We may also use your information for marketing our own and our selected business partners’ products and services to you by post, email, phone, SMS or online or social media advertisement. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt out of further communication on any electronic marketing communication sent to you or you may opt out contacting us at the details shown in the Contact Us section below or by clicking the unsubscribe link at the bottom of the emails that we send to you.

Legal ground: legitimate interests (to keep you updated with news in relation to our products and services); consent

• To understand our clients and to develop and tailor our products and services; We may analyse the Personal Information we hold in order to better understand our clients’ services and marketing requirements, to better understand our business and develop our products and services. In order to ensure that content from our website is presented in the most effective manner for you and for your device, we may pass your data to business partners, suppliers and/or service providers.

Legal ground: legitimate interests (to ensure the quality and legality of our services, to allow us to improve our services and to allow us to provide you with the content and services on the website)

• To reorganise or make changes to our business; In the event that we (i) are subject to negotiations for the sale of our business or part thereof to a third party, (ii) are sold to a third party or (iii) undergo a reorganisation, we may need to transfer some or all of your Personal Information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or reorganisation. We may also need to transfer your Personal Information to that reorganised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.

Legal ground: legitimate interests (in order to allow us to change our business)

• To communicate effectively with you and conduct our business; To conduct our business, including to respond to your queries, to otherwise communicate with you, or to carry out our obligations arising from any agreements entered into between you and us.

Legal ground: contract performance; legitimate interests (to enable us to perform our obligations and provide our services to you)

3. Consent and Your Choices

Most of our processing is permitted by “legal grounds” other than consent (see section 2 above). Where we are required to do so, we will obtain your consent before using your Personal Information to send you marketing materials about goods or services that we think will interest you. If you prefer not to receive our marketing communications, you can have your details deleted from our marketing list by contacting us at the details shown in the Contact Us section below or by clicking the unsubscribe link at the bottom of the emails that we send to you.

In relation to processing of criminal convictions data and politically exposed persons data for the purposes of complying with our anti-money laundering obligations and to combat fraud, we consider that our processing is permitted by the substantial public interest ground (to prevent or detect crime) but to the extent it is not, you give and we rely on your consent to process that type of Personal Information. Although you have a right to withdraw such consent at any time, as we consider the processing to be necessary for us to provide our services, its withdrawal (to the extent the processing cannot be justified on substantial public interest grounds) may require us to cease to provide certain services.

4. Sharing your Personal Information (and transfers outside of the EEA)

We will only use or disclose your Personal Information for the purpose(s) it was collected and as otherwise identified in this Privacy Policy.

Sharing outside the Heptagon group; Personal Information may be provided to third parties, including anti-fraud organisations, legal, regulatory or law enforcement authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations, or to comply with a court order or for the protection of our assets (for example, collection of overdue accounts).

Sharing within the Heptagon group; We may share your Personal Information within the Heptagon group, including locations outside of the EEA where we do business, for marketing purposes, for legal and regulatory purposes, to manage credit risk and other business risks, to perform analytics, to ensure we have correct or up to date information about you (such as your current address or date of birth) and to better manage your relationship with us.

Business sale or reorganisation; Over time, we may buy new businesses or sell some of our businesses. Accordingly, Personal Information associated with any accounts, products or services of the business being purchased or sold will be reviewed as part of the due diligence process and subsequently transferred as a business asset to the new business owner. We may also transfer Personal Information as part of a corporate reorganisation or other change in corporate control.

Sub-contractors and agents; We may use affiliates or other companies to provide services on our behalf such as data processing, account administration, fraud prevention and detection, analytics and marketing. Such companies will be given only the Personal Information needed to perform those services and we do not authorize them to use or disclose Personal Information for their own marketing or other purposes. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed.

Transfers outside of the EEA; Your Personal Information may be accessed by staff, suppliers or other persons in, transferred to, and/or stored at, a destination outside the EEA in which data protection laws may be of a lower standard than in the EEA. We will, in all circumstances, safeguard personal information as set out in this Privacy Policy.

Where we transfer Personal Information from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Information to these jurisdictions. In countries which have not had these approvals (see the full list here), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.

Please Contact Us if you would like to see a copy of the specific safeguards applied to the export of your Personal Information.

5. Retention of your Personal Information

Our retention periods for personal data are based on business needs and legal requirements. We retain your Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Information is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.

6. Maintaining the accuracy of your Personal Information

We are committed to maintaining the accuracy of your Personal Information and ensuring that it is complete and up-to-date. If you discover inaccuracies in our records, or your Personal Information changes, please notify us immediately so that we can make the necessary changes. Failure to notify us of changes to your Personal Information may negatively impact the way we communicate or provide services to you. Where appropriate, we will advise others of any material amendments to your Personal Information that we may have released to them. If we do not agree to make the amendments that you request, you may challenge our decision as described in Contact Us.

7. Safeguarding your Personal Information

We use physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss or theft of your Personal Information in our custody or control.

We have agreements and controls in place with third party service providers requiring that any information we provide to them must be safeguarded and used only for the purpose of providing the service we have requested the company to perform.

Security over the internet.

No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Information in accordance with data protection legislative requirements.

All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share your password with anyone.

8. Changes to this Privacy Policy

From time to time, we may make changes to this Privacy Policy.

This Privacy Policy is always the most recent version. Please see Contact Us to answer any questions you may have about our Privacy Policy.

9. Your Rights

If you have any questions in relation to our use of your personal information, you should first contact us as per the Contact Us section below. Under certain conditions, you may have the right under The European Data Protection law to require us to:

• provide you with further details on the use we make of your information;

• provide you with a copy of information that you have provided to us;

• update any inaccuracies in the personal information we hold (please see paragraph 7);

• delete any personal information that we no longer have a lawful ground to use;

• where processing is based on consent, to withdraw your consent so that we stop that particular processing (see paragraph 4 for marketing);

• object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and

• restrict how we use your information whilst a complaint is being investigated.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.

If you are not satisfied with our use of your Personal Information or our response to any exercise of these rights you have the right to complain to a European data protection regulator (e.g. the Information Commissioner’s Office in the UK).

CONTACT US

If you have any questions or concerns about our privacy practices, the privacy of your Personal Information or you want to change your privacy preferences, please let us know. To manage your email preferences, please contact us using the details below:

Heptagon Capital LLP

Robert Rosenberg

63 Brook Street Mayfair London W1K 4HS

If after contacting us you do not feel that we have adequately addressed your concerns, you may contact the European data protection regulator in the country where the Heptagon branch which you deal with is established:

UK - The Information Commissioner’s Office Visit: https://ico.org.uk/

Malta - Office of the Data Protection Commissioner Visit: https://idpc.org.mt/en/Pages/Home.aspx

Sweden - Datainspektionen Visit: https://www.datainspektionen.se/in-english/

ANNEX A: Table of Legal Bases

Use of Personal Information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available is set out below. We note the grounds we use to justify each use of your information next to the use in the “Uses of your Personal Information” section of this policy.

These are the principal legal grounds that justify our use of your information:

Consent: where you have consented to our use of your information you may withdraw your consent by contacting us.as per the Contact Us information above.

Contract performance: where your information is necessary to enter into or perform our contract with you.

Legal obligation: where we need to use your information to comply with our legal obligations.

Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims: where your information is necessary for usto defend, prosecute or make a claim against you, us or a third party.

Substantial Public Interest: where we use Personal Information relating to criminal convictions or political affiliationsfor a purpose that is expressly in the substantial public interest, including for the prevention or detection of crime or fraud.