Our Commitment to Your Privacy: We are sensitive to the privacy concerns of our individual limited partners. We have a long-standing policy of protecting the confidentiality and security of information we collect about you. We are providing you this notice to help you better understand why and how we collect certain personal information, the care with which we treat that information, and how we use that information.
Sources of Non-Public Information: In connection with forming and operating our private investment funds for our limited partners, we collect and maintain non-public personal information from the following sources:
Disclosure of Information: We do not disclose any non-public personal information about you to anyone, except as permitted by law or regulation and to service providers.
Former Limited Partners: We maintain non-public personal information of our former limited partners and apply the same policies that apply to current limited partners.
Information Security: We consider the protection of sensitive information to be a sound business practice, and to that end we employ physical, electronic and procedural safeguards to protect your non-public personal information in our possession or under our control.
Further Information: We reserve the right to change our privacy policies and this Privacy Notice at any time. The examples contained within this notice are illustrations only and are not intended to be exclusive. This notice is intended to comply with the privacy provisions of applicable U.S. federal law. You may have additional rights under other foreign or domestic laws that may apply to you.
This Privacy Notice applies to the extent that EU Data Protection Legislation applies to the processing of personal data by an Authorized Entity or to the extent that a data subject is a resident of the UK, the European Union (“EU”) or the European Economic Area (“EEA”). If this Privacy Notice applies, the data subject has certain rights with respect to such personal data, as outlined below.
For this Privacy Notice, “EU Data Protection Legislation” means all applicable legislation and regulations relating to the protection of personal data in force from time to time in the EU, the EEA, or the UK, including (without limitation): the Data Protection Directive (95/46/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Data Protection (Processing of Sensitive Personal Data) Order 2000, or any other legislation which implements any other current or future legal act of the European Union concerning the protection and processing of personal data (including Regulation (EU) 2016/679 (the General Data Protection Regulation) and any national implementing or successor legislation), and including any amendment or re-enactment of the foregoing. The terms “data controller”, “data processor”, “data subject”, “personal data” and “processing” in this Privacy Notice shall be interpreted in accordance with the applicable EU Data Protection Legislation.
Categories of personal data collected and lawful bases for processing
In connection with offering, forming and operating private investment funds for investors, the Arsenal Capital Management LP (the “Management Company”), the private investment funds and other vehicles it manages (each, a “Fund”), the general partners or managers of such entities, their respective affiliates and, in each case, their administrators, legal and other advisors and agents (the “Authorized Entities”) collect, record, store, adapt, and otherwise process and use personal data either relating to investors or to their respective partners, officers, directors, employees, shareholders, ultimate beneficial owners or affiliates or to any other data subjects from the following sources (and all references to “investor(s)” in this Privacy Notice shall include actual and potential investors and shall be to such investor(s) and, as applicable, any of these other persons as relate to such investor(s)):
Any Authorized Entity may process the following categories of personal data:
Any Authorized Entity may, in certain circumstances, combine personal data it receives from an investor with information that it collects from, or about such investor. This will include information collected in an online or offline context.
One or more of the Authorized Entities are “data controllers” of personal data collected in connection with the Fund. In simple terms, this means such Authorized Entities: (i) “control” the personal data that they or other Authorized Entities collect from investors or other sources; and (ii) make certain decisions on how to use and protect such personal data.
There is a need to process personal data for the purposes set out in this Privacy Notice as a matter of contractual necessity under or in connection with the limited partnership agreement or other governing document of each Fund (each, a “Partnership Agreement”) and associated Fund documentation, and in the legitimate interests of the Authorized Entities (or those of a third party) to operate their respective businesses. From time to time, an Authorized Entity may need to process the personal data on other legal bases, including: with consent; to comply with a legal obligation; if it is necessary to protect the vital interests of an investor or other data subjects; or if it is necessary for a task carried out in the public interest.
A failure to provide the personal data requested to fulfil the purposes described in this Privacy Notice may result in the applicable Authorized Entities being unable to provide the services in connection with a Partnership Agreement and related agreements.
Purpose of processing
The applicable Authorized Entities process the personal data for the following purposes (and in respect of paragraphs (c), (d) and (f), in the legitimate interests of the Authorized Entities):
The Authorized Entities monitor communications where the law requires them to do so. The Authorized Entities also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect their respective businesses and the security of their respective systems.
Sharing and transfers of personal data
In addition to disclosing personal data amongst themselves, any Authorized Entity may disclose personal data, where permitted by EU Data Protection Legislation, to other service providers, employees, agents, contractors, consultants, professional advisers, lenders, data processors and persons employed and/or retained by them in order to fulfil the purposes described in this Privacy Notice. In addition, any Authorized Entity may share personal data with regulatory bodies having competent jurisdiction over them, as well as with the tax authorities, auditors and tax advisers (where necessary or required by law).
Any Authorized Entity may transfer personal data to a Non-Equivalent Country (as defined below), in order to fulfil the purposes described in this Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to enter into, perform and administer the Partnership Agreement and related agreements, and to implement requested pre-contractual measures. For information on the safeguards applied to such transfers, please contact the Management Company. For the purposes of of this Privacy Notice, “Non-Equivalent Country” shall mean a country or territory other than (i) a member state of the European Economic Area; or (ii) a country or territory which has at the relevant time been decided by the European Commission in accordance with EU Data Protection Legislation to ensure an adequate level of protection for personal data.
Retention and security of personal data
The Management Company, the Funds and the general partners or managers of the Funds consider the protection of personal data to be a sound business practice, and to that end, employ appropriate technical and organizational measures, including robust physical, electronic and procedural safeguards to protect personal data in their possession or under their control.
Personal data may be kept for as long as it is required for legitimate business purposes, to perform contractual obligations, or where longer, such longer period as is required by applicable legal or regulatory obligations. Personal data will be retained throughout the life cycle of any investment in a Fund. However, some personal data will be retained after a data subject ceases to be an investor in a Fund.
Data Subject Rights
It is acknowledged that, subject to applicable EU Data Protection Legislation, the data subjects to which personal data relates, have certain rights under EU Data Protection Legislation: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data; to access and receive a copy of their personal data; to request rectification of their personal data; to request erasure of their personal data; to exercise their right to data portability; and the right not to be subject to automated decision-making. Please note that the right to erasure is not absolute and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, erasure of the personal data requested to fulfil the purposes described in this Privacy Notice, may result in the inability to provide the services required pursuant to a Partnership Agreement and related agreements.
In case the data subject to whom personal data relate disagrees with the way in which their personal data is being processed in relation to a Partnership Agreement or related agreements, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.
The data subject may raise any request relating to the processing of his or her personal data with the Management Company or Frank Scrudato at (212) 771-1717 or email@example.com.