Scope and content
Table of Contents
I. Scope and content
III. Third party links and the Investor Platform
IV. Data Controller
V. Information we collect and use
VI. Where we collect personal data
VII. Why we collect and use personal data
VIII. Who we share personal data with
IX. Where personal data is processed
X. How we protect your information
XI. How long we keep personal data
XII. Your rights and how to exercise them
(i) Access your personal data
(ii) Right of rectification
(iii) Right to erasure (‘right to be forgotten’)
(iv) Restriction of processing
(v) Data transfers (data portability)
(vi) Right to object
(vii) Right to withdraw your consent
XIII. How to contact us
XIV. How to make a complaint
• Third party links and the Investor Platform
• Data Controller
Tribeca AIFM SA/NV, established Boulevard Saint-Lazare 4/10, BE-1210 Brussels and registered to the Belgian business registry (BCE) under number 0686.862.740 is the controller of your personal data.
Via email to: firstname.lastname@example.org
or via post to:
Boulevard Saint Lazare 4/10, BE-1210 Brussels.
• Information we collect and use
We collect and use your personal data to the extent necessary in the framework of our activities. Depending among other things on the type of products or services we provide to you, we may collect various types of personal data, such as:
• Information about who you are e.g., your name, date of birth, address, and contact details
• Information connected to the service or product we provide to you e.g. your bank account details and copy of ID card or passport
• Information connected to your investment in one of our funds e.g. source of revenue or invested sums
• Further business information necessarily processed in a contractual relationship
• Information about your contact with us e.g. meetings, phone calls, emails / letters
• Information that is automatically collected e.g. via cookies when you visit one of our websites
• If you apply for a job with us, information such as your CV, diplomas and the outcome of personal assessments and other personal data
Where we collect and use sensitive personal information, this information will only be collected and used (i) where it is needed to comply with our legal obligations, and (ii) where we have obtained your explicit consent to process such information.
• Where we collect personal data
We may receive and/or collect your personal data directly from you or from other sources, including:
(i) Agreements entered into by us (on our own behalf or on behalf of one of our clients/funds)
(ii) Subscription or other forms
(iii) Questionnaires filled in by you or one of the investors in our funds
(iv) Phone conversations with us
(v) Emails or letters you send to us
(vi) Meetings with one of our staff members
(vii) Your advisers or other intermediaries
(viii) Clients/funds managed by us or investors in one of our funds, at which you are a legal representative, an employee or a staff member (or similar), ultimate beneficial owner, or a shareholder
• Why we collect and use personal data
We take your privacy serious and we will only collect and use your personal data where it is necessary, fair and lawful to do so. We will only collect and use your personal data if we are able to satisfy one of the lawful processing conditions set out in the data protection laws.
For each purposes, only the data relevant to the pursuit of the specific purpose are processed. Your personal data may be processed for the following purposes:
• To provide the product or service you have requested e.g., if you wish to invest in one of our funds
• To provide products or services to our clients/funds/investors of whom you are a representative, staff member, ultimate beneficial owner, shareholder or similar position
• To establish, carry out and conduct the contractual relationship with you e.g., provide you with information you have the right to receive as a representative of an investor in one of our funds or as a board member of one of the funds
• To manage and administrate business relationships e.g., processing payments, accounting and billing
• To evaluate job applications
• To respond to requests for information
• For any other purpose to which you had expressly consented
Your personal data is processed on one or more of the following legal basis:
• To perform a contract. Tribeca must collect some of your data to answer any of your requests. If you choose not to share this data with us, it may render the performance of the contract impossible
• To comply with our legal and/or regulatory obligations e.g. for AML/KYC checks and for the detection and prevention of fraud
• Tribeca’s legitimate interests, e.g. when we investigate suspected fraud. Where the processing is in our legitimate interests, we will always conduct an assessment to ensure that this use of your personal data is not excessive or unnecessary or otherwise more intrusive than it needs to be
• You have given us your explicit consent to use your personal data in a certain way. For the avoidance of doubt, if we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time without prejudice to the lawfulness of the processing performed prior to withdrawal, by contacting us (see section 12, ‘How to contact us’)
• Who we share personal data with
We do not sell your personal data to any third parties or otherwise share your information with third parties for marketing purposes. However, for the purposes mentioned under section 7, ‘Why we collect and use personal data’, we may disclose personal data to third parties (i) it is necessary to perform the contract, (ii) when directed by the client to do so, or (iii) where disclosure is required by law.
For example, personal data may be disclosed to others to enable them to provide business services for us such as, performing general administrative activities for us and assisting us in processing a transaction on behalf of a client. Personal data may also be disclosed for audit or research purposes.
We may disclose personal data to the following third parties in the following circumstances:
• Our affiliates, to the extent they support us in providing you with products or services
• Your adviser, trustee, business associate, professional advisor where this is required as part of the product or service you have agreed with us
• Investors in our funds, to the extent we are legally or contractually obliged to share such information with them (e.g. your name and address if you are a board member of a fund)
• Third parties we have chosen to support us in the delivery of the products and services we offer to you and other customers. For example, legal consultants, technology companies, real estate managers, surveyors, notaries, maintenance or repair companies, or banking and other commercial partners
• Third parties who can help us in our contact with you, for example an internet service provider (e.g. Intralinks)
• Third parties, if we believe disclosure is necessary to (i) investigate, prevent, or respond to suspected illegal or fraudulent activity, (ii) protect the safety, rights, or property of our company, clients or investors, or others, or (iii) exercise or protect legal rights or defend against legal claims
• In the event of a change of control in Tribeca AIFM SA/NV and/or Tribeca Capital Partners SA/NV resulting from, for example a sale to, or merger with, another entity, or if all or a portion of our assets are sold, we reserve the right to transfer your personal data to the new party in control or the party acquiring assets
• Our regulators; including the Financial Services and Markets Authority in Belgium
• Governmental authorities, to the extent we in good faith believe to have a legal obligation to share such personal data or otherwise pursuant to a legal or regulatory request, subpoena, or other legal process
• Law enforcement and other appointed agencies who support us (or where they request the information) in the prevention and detection of crime
If personal data is disclosed to any third party mentioned above (save for to the regulator, governmental authorities or law enforcement), we will require such third party to treat the information as confidential and not to use it for any other purpose than to carry out the services they have been contracted to perform.
In addition, we have engaged an IT service provider to arrange for maintenance and support functions. This IT service provider shall not be deemed to be a data controller since they do not have independent control of the personal data that is provided by us. Thus, we remain responsible for the due processing of your data in this regard.
• Where personal data is processed
Our processing of your personal data is done in Belgium. However, some of your personal data may be processed by the third parties we work with (please refer to section 7, ‘Who we share personal data with’) in other countries, including outside of the EEA.
Where your personal data is being processed outside of the EEA, we take additional steps to ensure that your personal data is protected to at least an equivalent level as would be applied by EEA data privacy laws e.g. we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
• How we protect your information
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal data which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Your information is protected by controls designed to minimise loss and/or damage through accident, negligence or deliberate actions. We use industry standard measures to protect personal data provided to us. While we strive to ensure the security of your personal data when storing, using and sharing the information you give us, no service is one hundred percent secure, and thus we encourage you to take appropriate measures to protect yourself, including, for example, keeping all user names and passwords confidential.
In case of a data leak the responsible person will notify the regulator and the person involved (owner of the personal data) within 48h.
• How long we keep personal data
We do not retain your personal data any longer than necessary. In general, this means that we do not retain it for a longer period than required in order to comply with our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.
In some cases, we are required to keep certain personal data for a longer period for legal and regulatory reasons. The length of time will vary, and we regularly review our retention periods to make sure that they comply with all laws and regulations. For example, we have the legal obligation to store your information (specific parts of it) up until 10 years after our professional relation ends.
• Your rights and how to exercise them
In compliance with privacy laws, you have the following rights regarding the processing of your personal data:
• the right to be informed about how and why we are processing your personal data
• the right of access to personal data relating to you
• the right to rectification of inaccurate or incomplete personal data
• the right to request erasure of your personal data
• the right to restrict processing of your personal data
• the right to data portability
• the right to object to processing of your personal data (e.g. profiling or direct marketing)
• the right not to be subject to automated decision making (including profiling) which significantly or legally affects you
• the right to withdraw your consent
• Access your personal data
You have the right to request details of the information we hold about you and how we process it.
• Right of rectification
You have the right to request that incorrect or incomplete data is rectified/completed or removed.
• Right to erasure (‘right to be forgotten’)
You have the right to obtain the erasure of your personal data in the following cases:
• The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
• You have withdrawn your consent for processing
• You make a reasoned objection to the processing
• Your personal data has been unlawfully processed by us
• The personal data has to be erased for compliance with a legal obligation
The right to be forgotten is not an absolute right. We can decide to reject your request and not to erase your data if your request is not based on one of the aforementioned reasons, or (i) in order to exercise the right to freedom of expression and information; (ii) in order to comply with a statutory obligation; or (iii) to establish, exercise or defend a legal claim.
If we reject your request to erase your personal data, we will inform you of the reasons why we are unable to honour your request.
• Restriction of processing
If you believe that we are processing your information unlawfully or that the data processed by us is incorrect, you can request that the processing be restricted. This means that the processing will be limited to storage.
• Data transfers (data portability)
You have the right to obtain a copy, in a structured, commonly used and machine-readable format, of the personal data that you have provided to us for the performance of the agreement that you have concluded with us or based on your consent.
This only concerns personal data that we have received from you and not data that we have received from third parties. The aim of this right is to enable you to easily transfer this data to another party.
• Right to object
You always have the right to object to the processing of your personal data that takes place based on our legitimate interest or the legitimate interest of a third party. In that case, we will no longer process your data unless there are compelling legitimate grounds for processing which override yours, or that relate to the establishment, exercise or defence of legal claims.
• Right to withdraw your consent
Where processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. We may be able to continue to process your personal information to the extend required or otherwise permitted by law.
If you wish to receive more information about your rights or wish to exercise them, please contact us using the contact information in section 12, ‘How to contact us’. We may ask security questions or ask for a copy of your ID to verify your identity. You will receive our reply within four weeks. If necessary this period can be extended by one month, given the complexity and the number of requests.
• How to contact us
Via email to: email@example.com
Via post to: Tribeca AIFM
Boulevard Saint Lazare 4/10
• How to make a complaint
While we hope that we can resolve any complaints for you, you do have the option to complain to your local data protection authority. This is available to you whether or not you have exhausted our complaints procedure.