RiverRock considers client privacy to be a fundamental aspect of itsrelationship with clients. RiverRock is committed to maintaining the confidentiality, integrity, and security of its current, prospective and former clients’ non‐public personal information. RiverRock has developed policies that are designed to protect this confidentiality, while allowing client needs to be served.
In the course of providing its clients with products and services, RiverRock and certain of its service providers may obtain non‐public personal information about its clients. This information may come from sources such as subscription agreements, engagement letters and from other written, electronic
or verbal correspondence.
RiverRock does not disclose any non‐public personal information provided by its clients or collated by RiverRock to non‐affiliated third parties, except as required or permitted by law or for RiverRock’s everyday business purposes, such as to process transactions or service a client account.
RiverRock reserves the right to disclose or report personal or account information to non‐affiliated third partiesin limited circumstances where RiverRock believesin good faith that disclosure isrequired under law, to cooperate with regulators or law enforcement authorities, to protect its rights or property, or upon reasonable request by any of its mutual funds in which clients have invested. In addition, RiverRock may disclose information about a client or their accounts to a non‐affiliated third party at their request or if the client consents in writing to the disclosure.
RiverRock takes seriously the obligation to safeguard a client’s non‐public personal information. In addition to this policy, RiverRock has implemented procedures that are designed to restrict access to a client’s non‐public personal information to its personnel who need to know that information to perform their jobs. Physical, electronic, and procedural safeguards are in place to guard a client’s non‐ public personal information.
The RiverRock website may use a variety of technologies to collect information that help RiverRock understand how the website is used. Information collected from a client’s web browser (including small files stored on a client’s device that are commonly referred to as “cookies”) allow the websites to recognise a client’s web browser and help to personalise and improve a client’s user experience and enhance navigation of the website.
RiverRock is committed to protecting your privacy. This Privacy Notice explains how we collect and use your personal data and your rights and options in this regard.
This Privacy Notice is issued on behalf of RiverRock European Capital Partners LLP (OC344335), RiverRock Securities Limited (6809259), RiverRock Technology Solutions Limited (8666949) and RiverRock Strategic Capital Limited (9874940) each of 15 Wrights Lane, London W8 5SL and any of their subsidiary and associated companies (together “RiverRock”). Specifically, your data will be controlled by the RiverRock entity that you engage or instruct, or that is providing services or communication to you. For the purposes of data protection law, RiverRock is a data controller in respect of your personal data.
WHAT PERSONAL DATA DO WE COLLECT?
The personal data we collect may include:
Contact details, such as your name, job title, postal address, e‐mail address, fax numbers, and telephone numbers;
Personal identification evidence, such as nationality, date of birth, directorships, membership of a professional or trade association or regulatory body and photographs;
Financial information, such as shareholdings, banking details, details of investments, bank statements or other evidence of source of wealth or funds;
Personal data regarding your preferences where it is relevant to the services we provide to you;
Information you give us about your spouse, partner, other family members, related shareholders or directors (your “associates”).
Details of any telephone calls or visits to or from you;
Information collected from publicly available resources (such as Companies House and social
media sites), integrity data bases and credit agencies; or
Information about how, when and why you use our on‐line services.
HOW DO WE COLLECT YOUR PERSONAL DATA?
We may collect information about you in a number of ways, from you or your organisation, from publicly available resources (such as Companies House and social media sites), integrity data bases and credit agencies or from other organisations with whom you have had dealings, including:
When you or your organisation engage RiverRock to provide services, subscribe for an investment in a RiverRock sponsored product or use any on‐line service;
When you or your organisation communicate by telephone or email or meet in person with a RiverRock representative about RiverRock’s funds, products or services;
When you or your organisation browse, make an enquiry or otherwise interact on our website;
When you or your organisation provide or offer to provide services to us.
WHAT HAPPENS IF YOU DON’T PROVIDE PERSONAL DATA?
In the majority of cases, you will provide your personal data voluntarily by filling in forms or corresponding with RiverRock by telephone, e‐mail or otherwise. In other instances, we will collect
the data with your express permission. You are in control of whether you provide this data or not.
However, RiverRock may not be able to take certain actionsif you choose not to provide personal data or not to consent to RiverRock obtaining personal data, for example because RiverRock is legally prohibited from accepting you as a client or investor, or RiverRock is unable to process any request for services or communicate with you about a service or investment. In these case, RiverRock may not be able to provide you with the requested or expected service without the relevant personal data; if this applies you will be notified accordingly.
PERSONAL DATA ABOUT YOUR ASSOCIATES
If you provide personal data to us about an associate or someone else, you must ensure that you are entitled to disclose that data to us and that we are entitled to process that data as set out in this Privacy Notice. We would ask that you provide any such person with a copy of this Privacy Notice.
WHY DO WE USE YOUR PERSONAL DATA?
Your personal data may be used by us:
‐ To comply with our legal and regulatory obligations, including:
To verify your (or your organisation’s) identity as part of our client onboarding process;
To identify persons authorised to act on behalf of an organisation;
To detect and prevent financial crime, including fraud and money laundering;
To identify politically exposed persons;
For insurance purposes;
To comply with our reporting obligations to regulators and tax authorities;
To record terms of transactions and compliance with regulatory obligations;
To comply with anti‐trust laws, export laws and trade sanctions;
To comply with our record keeping and accounting obligations;
To comply with court orders and exercise and/or defend our legal rights;
To manage and administer RiverRock’s business.
‐ As necessary for the performance of a contract with you or to enable each party to enter into such contract, including online or technology services requested by you or your organisation.
‐ For the purposes of RiverRock’s legitimate business interests. For example:
To strengthen our relationship with you so that we may keep you informed of our services and products that you may be interest you or your organisation.
To develop and improve our services and products.
To ensure content from our website is presented in the most effective way for you and your computer;
Where you have provided your consent to do so, to send promotional information about our products and services via the methods you specify (for example by email or post).
When we process your personal data for our legitimate business interests, we will consider and balance any potential impact on you and your rights. When we process data for these purposes,
you have the right to object to this way of processing.
We will not use your personal data for taking automated decisions affecting you or for any purpose not stated above.
SHARING YOUR PERSONAL DATA
As a matter of policy, RiverRock does not disclose any personal information provided by its clients except as required or permitted by law or is reasonably necessary for the proper performance of the services we provide. We may disclose your personal data within the RiverRock group in the circumstances described below:
to ensure the delivery of products or services to our clients;
to ensure the safety and security of our data;
for administrative and other business purposes; and
to assess compliance with applicable laws, rules and regulations, and internal policies and procedures across our business.
We will take steps to ensure that the personal data is accessed only by personnel that have a need to do so for the purposes described in this notice.
We may also share your personal data outside of the RiverRock group:
to distributors, brokers or introducers;
to any party to whom we assign, delegate or novate our rights or obligations; and
to other third‐party service providers who provide administrative, processing, reporting, audit, legal, accounting, IT, payment, depositary, tax or other profession, financial, legal, regulatory or technology services to us or to our funds or products.
We take all reasonable steps to ensure the safety, privacy and integrity of your personal data and, where appropriate, enter into contracts with such third‐parties to protect the privacy and integrity of such data and any information supplied.
We may also share your personal data outside of the RiverRock group to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation (including disclosures made to regulators, tax authorities and Companies House), and to establish, exercise or defend our legal rights.
TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA
We may transfer your personal data to countries outside of the UK (including the US) which may not have the same data protection laws as the UK. We will take all necessary steps to ensure that your personal data is treated securely, and that appropriate safeguards are in place to privacy and integrity of such personal data, in accordance with data protection legislation.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
RiverRock will process and store the relevant personal data for the duration of ourservices or business relationship. RiverRock may also store data for as long as is necessary or required to fulfil legal, contractual orstatutory obligations and for the establishment, exercise or defence of legal claims and, in general, where we have a legitimate interest for doing so (which we have balanced against any potential impact on you and your rights).
You have a number of rights in relation to the personal data that we hold about you. These rights include:
the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another lawful reason (other than consent) for doing so;
in some circumstances, the right to receive some personal data in a structured, commonly used and machine‐readable format and/or request that we transmit those data to a third party where thisistechnically feasible. Please note that thisright only appliesto personal data which you have provided to us;
the right to request that we rectify your personal data if it is inaccurate or incomplete;
the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are legally entitled and/or required to retain it;
the right to request that we restrict our processing of your personal data in certain circumstances. Please note that there may be circumstances where you ask us to restrict our processing of your personal data, but we are legally entitled and/or required to refuse that request;
the right to object to our processing of your personal data where we process your personal data pursuant to our legitimate business interests. Please note that there may be circumstances where you object to our processing of your personal data, but we are legally entitled to refuse that request;
the right to object to any automated decision making (including profiling) which we conduct based on your personal data, which significantly affects you. Please note that there may be
circumstances where you object to us conducting automated decision making but we are legally entitled to refuse that request;
the right to object to the processing of your personal data for direct marketing purposes; and
the right to lodge a complaint with the data protection regulator(details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.
UPDATING YOUR PERSONAL DATA
If any of the personal data that you have provided to us changes or if you become aware that we have any inaccurate data about you, please let us know by sending an email to the email address set out below.