DATA PROTECTION REGULATION MATTERS – PRIVACY NOTICE
Each of (i) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“EU GDPR”), (ii) the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (“UK GDPR” and together with EU GDPR, “GDPR”) and (ii) the Cayman Islands Data Protection Act (As Revised) (and any associated guidance and regulations, together, “DPA” and together with GDPR, the “Data Protection Laws”) is applicable, to the extent relevant, to the processing of personal data by each of Systematica Investments Services Limited, Systematica Investments UK LLP (“SIUK”), Systematica Investments Limited, Systematica Investments LP, Systematica Investments Holdings Limited, Systematica Investments Guernsey LP, Systematica Investments GP Limited, Systematica Investments US LLC, Systematica Investments Singapore Pte. Ltd and Systematica Investments Shanghai Co., Ltd (the “Systematica Entities”) in the course of their businesses, and certain other persons. This notice sets out information relating to those activities.
The Systematica Entities
The Systematica Entities are controllers of personal data for the purposes of the Data Protection Laws and will, in the course of each Systematica Entity’s business, process personal data. Information regarding such processing is set out herein.
Any person seeking information with respect to control or processing of personal data by any of the Systematica Entities or seeking to exercise any rights afforded to them under the Data Protection Laws should contact the compliance department of SIUK at [email protected]
Under the Data Protection Laws, any person wishing to is entitled to make a complaint with respect to any of the Systematica Entities’ control or processing of personal data. Under GDPR, such a complaint may be made to the Information Commissioner’s Office (“ICO”). The ICO is the UK supervisory authority for data protection issues. Contact details for the ICO may be found at www.ico.org.uk. Under DPA, such a complaint may be made to the Cayman Islands Ombudsman (“Ombudsman”). The Ombudsman is the Cayman Islands supervisory authority for data protection issues. Contact details for the Ombudsman may be found at www. ombudsman.ky.
The policies and procedures adopted by the Systematica Entities with respect to the control or processing of personal data may be amended from time to time. Similarly, the purposes for which the Systematica Entities may control or process personal data may change from time to time. If any changes would require a material amendment to the information set out herein, details of such changes will be made available in the current version of this document from time to time.
Summary of Personal Data
For the purposes of the Data Protection Laws, personal data means any information about an individual from which that person can be identified, directly or indirectly. In the course of their business, the Systematica Entities may collect, use, store, transfer and process personal information from individuals, including former, current or prospective investors and other natural persons, and former, current and prospective employees, directors, officers or other representatives or agents of market counterparties, professional services and other service providers, trade associations, public bodies and other entities or undertakings. Such personal data is typically limited in scope, and includes, for example, the name and contact details of such individuals, as well as some technical data (such as internet protocol addresses), usage data and information about marketing and communication preferences. On occasions, the Systematica Entities may also process personal data of such individuals which includes other identifiers such as date of birth, social security number, tax identification number, passport, national identity or driver’s licence number. Personal data that the Systematica Entities collect may also include commercial information, such as records of products or services purchased, obtained or considered, or other purchasing histories or tendencies, including funds invested in, investments considered, or sources of wealth; and professional or employment-related information, such as investment experience, occupation, compensation, employer and title.
In addition, the Systematica Entities may also collect, use, store, transfer and process personal information concerning current or former applicants for positions of employment at or membership of, or current or former employees or members of, the Systematica Entities. Such personal data may include some or all of the following: name and contact details, information about employment and educational history, performance records, salary data, references, bank account details, identification data, tax information, social security numbers and information regarding immigration status. The Systematica Entities will endeavour to contact those former job applicants or former employees if the personal data processed in relation to the same is material, sensitive or particularly private in order to inform them of the continued processing of their personal data, the nature of that processing, the lawful basis upon which the processing is taking place, and their rights under the Data Protection Laws with respect to such processing.
In certain limited circumstances, the Systematica Entities may process special categories of personal data (which may include details about people’s racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about people’s health, genetic and biometric data and information about criminal convictions and offences).
Collection of Personal Data
The Systematica Entities may collect personal data through a range of means. These may include direct interactions (where a person provides personal data to the relevant Systematica Entity through correspondence or other direct methods of communication), through third-party service providers (for example, recruitment agents) or publicly available sources (where a Systematica Entity receives personal data through a publicly available source such as a website or publicly-available registry).
Purposes for Collection and Use of Personal Data
The Systematica Entities will only process personal data in circumstances where they have established a lawful basis under the Data Protection Laws to do so. These circumstances include where the processing of the relevant data relates to a legitimate interest of the relevant Systematica Entity, further described below. In such circumstances the Systematica Entities will have established that the processing is necessary for the relevant purpose, and not inconsistent with the interests, rights or freedoms of a relevant data subject.
In accordance with the above, each Systematica Entity has determined that the lawful bases for its processing of personal data are the legitimate interests of the relevant Systematica Entity to undertake activities necessary and ancillary to the carrying on of an investment management business, including where necessary for the purposes of the relevant Systematica Entity carrying out its activities relating to any fund, vehicle or account in respect of which a Systematica Entity acts as investment manager, sub-investment manager, investment adviser or sub-investment adviser (the “Funds”), the administration of the Funds, the investment activities of the Funds, otherwise in furtherance of any contract entered into with respect to the activities of the Funds, to exercise and comply with the relevant Fund’s or Systematica Entity’s rights and obligations at law or under regulation where such obligations are not set out under the laws of any member state of the European Economic Area (“EEA”) or the United Kingdom, to establish, exercise or defend legal claims and in order to protect and enforce its (or another person’s) rights, property, or safety, or to assist others to do the same, and in order to provide information about its services and any investment products it offers.
In addition, each Systematica Entity may also control or process personal data where necessary to comply with legal or regulatory obligations applicable to them under the laws of the Cayman Islands, the United Kingdom, the European Union or any member state of the EEA, or in order to give effect to a contract, or to take necessary pre-contractual steps with a view to potentially entering into a contract (including in its capacity as an employer or a prospective employer), or where an individual has provided their consent to such processing, to the extent applicable.
Systematica Entities may from time to time control or process personal data for the purposes of operating their business, entering into contractual arrangements in the context of their investment management business, including in respect of the Funds marketing, and advertising the Funds and/or other investment vehicles and/or services related to the Systematica Entities. Any person who does not wish their personal data to be processed for marketing purposes may opt out of such processing by notifying the compliance department of SIUK at [email protected]
Any Systematica Entity will only use personal data for the purposes that it has been collected for, unless they reasonably consider that they need to use it for another reason and that reason is compatible with the original purpose of the control or processing. Any person requiring information with respect to any additional purpose for which personal data may be controlled or processed may obtain such information from the compliance department of SIUK. If a Systematica Entity needs to control or process personal data for an unrelated purpose, the relevant Systematica Entity will use its reasonable endeavours to notify affected persons and to explain the basis on which they are permitted to undertake the same.
The Systematica Entities may be legally obliged to process certain personal data in order to be able to perform services and business operations or to comply with contractual requirements. If individuals choose not to provide the Systematica Entities with the necessary personal data or to restrict the Systematica Entities from processing personal data, the Systematica Entities may not be able to meet their obligations or deliver the products or services requested. This may lead to cancellation of contracts; if this is the case, the relevant Systematica Entity will endeavour to contact the individuals to discuss this.
Disclosure of Personal Data
Each Systematica Entity may share personal data with certain third parties for the purposes set out above. The relevant third parties with whom such personal data may be shared include entities appointed to provide services to the Funds, the relevant Systematica Entity and their affiliates, including professional service providers such as banks, auditors, law firms, consultants and other third parties; regulatory, legal and tax authorities; and third parties in the event any Systematica Entity sells or transfers all or a portion of its business or assets (including in the event of a reorganisation, dissolution or liquidation). Further details of the third parties with whom personal data may be shared are available on request from the compliance department of SIUK. Wherever possible, personal data will only be disclosed by a Systematica Entity to a third party in circumstances where that third party has agreed to respect the security of personal data and treat it in accordance with applicable law. The Systematica Entities will seek to ensure that third parties to whom any personal data may be disclosed will not use personal data for their own purposes and only process personal data for specified purposes and otherwise in accordance with the instructions of the relevant Systematica Entity and/or with the Data Protection Laws.
Transfer of Personal Data outside the EEA, the United Kingdom or the Cayman Islands
The activities of the Systematica Entities are such that it may be necessary for personal data to be transferred and/or processed outside the EEA, the United Kingdom or the Cayman Islands.
In circumstances where a Systematica Entity transfers personal data outside the EEA, the United Kingdom or the Cayman Islands, they will seek to ensure a similar degree of protection is afforded to it by ensuring that personal data is generally transferred only to persons in countries outside the EEA, the United Kingdom or the Cayman Islands in one of the following circumstances:
- to persons and undertakings in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, the relevant Secretary of State in the United Kingdom or the Ombudsman, as applicable and as supplemented where and if required;
- to persons and undertakings to whom the transfer of such personal data is made pursuant to a contract that is compliant with the model contracts for the transfer of personal data to third countries from time to time approved by the European Commission, the relevant Secretary of State in the United Kingdom or the Ombudsman, as applicable, and as supplemented where and if required; and
- only on one of the conditions allowed under the GDPR in the absence of (i) a decision by the European Commission or the relevant Secretary of State in the United Kingdom or the Ombudsman, as applicable, that has deemed a country to provide an adequate level of protection for personal data (i.e. an adequacy decision) or (ii) appropriate safeguards such as a contract that is compliant with the model contracts for the transfer of personal data to third countries approved by the European Commission, the relevant Secretary of State in the United Kingdom or the Ombudsman, as applicable..
Further information on specific mechanisms utilised by Systematica Entities transferring personal data outside the EEA, the United Kingdom or the Cayman Islands and the countries to which such transfer may be made (which may include, but are not limited to The Bailiwick of Jersey, the Bailiwick of Guernsey, Switzerland, Singapore, the Cayman Islands and the United States) may be obtained from the compliance department of SIUK upon request.
Data Security and Retention
To protect personal data from unauthorised access and use, the Systematica Entities take reasonable steps to use technical, administrative, organisational and physical security measures appropriate to the nature of the personal data they are processing. The Systematica Entities generally restrict access to personal data to those employees and agents who have been advised as to the proper handling of such information and who need to know such data in order to operate the business. Given the nature of information security, there is no guarantee that such safeguards will always be successful.
Each Systematica Entity will retain personal data for as long as necessary to fulfil the purposes for which it has been collected. This will include any period of retention required to satisfy any legal, regulatory, taxation, accounting, regulatory or reporting requirement applicable to the relevant Systematica Entity.
In determining the appropriate retention period for any personal data, the relevant Systematica Entity will consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purpose for which the relevant data is being processed, the extent to which the purposes for which the relevant data is being processed can be achieved by other means and any applicable legal requirements. Without prejudice to the generality of the forgoing, the Systematica Entities have determined that they will retain records for at least 6 years.
Details of retention periods applicable to personal data subject to the Data Protection Laws are available upon request from the compliance department of SIUK. In some circumstances, a person may request that a Systematica Entity delete any personal data retained by it. Further, in some circumstances, a Systematica Entity may anonymize personal data for research or statistical purposes, in which case such information will no longer be linked to an individual and will not constitute personal data and may be retained and utilised indefinitely without further notice.
Rights of Persons
Under the Data Protection Laws, persons whose data is processed by a Systematica Entity will have certain rights. These rights include the right to access personal data, the right to require correction of personal data, the right to require erasure of personal data in certain circumstances, the right to restrict processing of personal data, the right to require a transfer of personal data, and the right to withdraw consent to the processing of personal data, to the extent applicable. In addition, if the processing of personal data is based on a legitimate interest of a Systematica Entity, a person will have the right to object to the processing of that personal data.
Any person seeking to exercise any such right should contact the compliance department of SIUK. In certain circumstances, the relevant Systematica Entity may charge reasonable fees if any such request is clearly unfounded, repetitive or excessive.
Links to External Websites
Our website may contain links to third party websites. Any access to and use of such third party websites is not governed by this Privacy Notice, but, instead, is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.
The California Consumer Privacy Act
The California Consumer Privacy Act (“CCPA”) imposes certain obligations on the Systematica Group and certain funds managed by the Systematica Group (together, “we” or “us”) and grants certain rights to California resident investors (“California Resident,” “you,” or “your”) with regard to “personal information.” If you are a California Resident, please review the following information about your potential rights with regard to your personal information under the CCPA. The rights described herein are subject to exemptions and other limitations under applicable law.
Terms used herein have the meaning ascribed to them in the CCPA. We are a “business.” “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a California Resident or a household. It does not include de-identified information, aggregate consumer information or publicly available information (as defined in the CCPA).
Purposes for Collecting and Using Personal Information
We may collect or use your personal information for the following business or commercial purposes: (i) performing services on behalf of a fund, including maintaining or servicing accounts, providing investor relations services, processing subscriptions, and withdrawals, verifying information, processing payments or providing similar services; (ii) performing our contractual obligations to a California Resident as a subscriber to a fund, including providing updates on a fund’s performance, providing tax reporting and other operational matters; (iii) detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity, including preventing fraud and conducting “Know Your Client,” anti-money laundering, terrorist financing, and conflict checks; and (iv) enabling or effecting commercial transactions, including, using bank account details to remit funds and process distributions.
Personal Information We Collect
We may collect the following categories of personal information from or about a California Resident: (i) identifiers and similar information such as, name, address, date of birth, email address, social security number, driver’s license number, passport number, online identifiers or other similar identifiers; (ii) certain information protected under federal or state laws such as a signature or bank account or other financial information; (iii) characteristics of protected classifications under federal or certain state laws, including, gender, national origin, or marital status; (iv) commercial information, including records of products or services purchased, obtained, or considered, or other purchasing histories or tendencies, including funds invested, investments considered, or sources of wealth; (v) internet or other electronic network activity information, including interactions with our website or use of certain online tools; (vi) geolocation data; (vii) professional or employment-related information, including occupation, compensation, employer, and title; and (viii) inferences drawn from any of the information identified above to create a profile reflecting your preferences or similar information, including your potential interest in investing in new funds. We may disclose for a business purpose all or just a few of the above categories of personal information.
Sources of Personal Information
We may collect personal information about you directly from you and/or your intermediaries through sources such as: (i) account applications, subscription agreements, and other forms or related documentation; (ii) written, electronic, or verbal correspondence with us or our service providers; (iii) investor transactions; (iv) an investor’s brokerage or financial advisory firm, financial advisor, or consultant; and/or (v) from information captured on applicable websites. In addition, we may collect personal information from different sources, such as: (i) our affiliates, our service providers, or our affiliates’ service providers; (ii) public websites or other publicly accessible directories and sources, including bankruptcy registers, tax authorities, governmental agencies and departments, and regulatory authorities; and/or (iii) from credit reporting agencies, sanctions screening databases, or from sources designed to detect and prevent fraud.
Sharing Personal Information with Third Parties
We do not sell your personal information. We may disclose personal information to third parties in circumstances where we believe in good faith that disclosure is required or permitted under law, to cooperate with regulators or law enforcement authorities, to protect our rights or property, or upon reasonable request by the fund in which you have invested. We also may disclose personal information about you or your accounts to a third party at your request or direction or with your consent.
We may disclose your personal information to our service providers or other entities that have agreed to limitations on the use of your personal information or that fit within other exemptions or exceptions in or as otherwise permitted by the CCPA or other applicable laws.
California Residents’ Rights under the CCPA
If your personal information is subject to the CCPA, you may have certain rights concerning that information, subject to applicable exemptions and limitations, including the right to: (i) be informed, at or before the point of collection, of the categories of personal information to be collected and the purposes for which the categories of personal information shall be used; (ii) not be discriminated against because you exercise any of your rights under the CCPA; (iii) request that we delete any personal information about you that we have collected or maintained, subject to certain exceptions (“request to delete”); and (iv) request that we, as a business that collects personal information about you and that discloses your personal information for a business purpose, disclose to you (“request to know”): (a) the categories of personal information we have collected about you; (b) the categories of sources from which we have collected the personal information; (c) the business or commercial purpose for collecting the personal information; (d) the categories of third parties with whom we share personal information; (e) the specific pieces of personal information we have collected about you; and (f) the categories of personal information we have disclosed about you for a business purpose.
The CCPA does not restrict our ability to do certain things like comply with other laws or comply with regulatory investigations. In addition, the CCPA does not apply to certain information like personal information collected, processed, sold or disclosed pursuant to the Gramm-Leach-Bliley Act and its implementing regulations. We also reserve the right to retain, and not to delete, certain personal information after receipt of a request to delete from you where permitted by the CCPA or another law or regulation.
How to Submit a Request Under the CCPA
You may submit a “request to know” or “request to delete,” each as described above, by calling us at +44 020 3180 5700, or through our website at the following link: https://www.systematica.com/contact-us/.
We are required to provide certain information or to delete personal information only in response to verifiable requests made by you or your legally authorized agent. Any information gathered as part of the verification process will be used for verification purposes only.
Contact for More Information
If you have any questions or concerns about this notice please contact us at [email protected].