Crescent Capital Group LP Privacy Notice
INTRODUCTION
Respect for Your Privacy
The privacy of your personal information is important to us at Crescent Capital Group LP (“Crescent”). We have policies protecting the confidentiality and security of information we collect about you and we are committed to protecting the privacy of that information. At the same time, in order to provide you with services you have requested, it is necessary for us to possess some personal information of yours. Similarly, without some of that information, we cannot inform you about the services we have available or that you may request.
This privacy notice includes, but is not limited to, explanations of the types of PII (as defined below), that Crescent, including its investment advisory subsidiaries and their affiliates, and in each case, their administrators, legal and other advisors and agents (the “Authorized Entities”) may collect about you, the purposes for collecting such PII, the circumstances under which the PII may be disclosed to third parties, your rights regarding your PII, and the way to contact us to exercise those rights. Note, the privacy of your PII may be protected by various government laws or regulations.
This privacy notice is provided to you to comply with the requirements of Data Protection Legislation (as defined below) including (without limitation) Regulation S-P, “Privacy of Consumer Financial Information,” issued by the United States Securities and Exchange Commission and the Federal Trade Commission (“FTC”) privacy regulations.
California residents also have rights under the California Consumer Privacy Act of 2018, as amended (the “CCPA”) and this privacy notice provides the details you need to understand your rights under the CCPA, and to exercise those rights. This privacy notice also provides you with the contact information you need to take action regarding the privacy of your data. If you are a California resident, please refer to the section of this privacy notice titled “For California Residents Only” for a description of your rights under the CCPA or to exercise any of your CCPA rights.
To the extent that the GDPR applies to the processing of your PII by Authorized Entities (each as defined below), this privacy notice also provides the details you need to understand your rights under the GDPR, and to exercise those rights. This privacy notice also provides you with the contact information you need to take action regarding the privacy of your PII. Please refer to the section of this privacy notice titled “EU-UK Data Protection Notice”.
To investors in any funds operated by Crescent or one or more of its advisory affiliates (each, a “Crescent Fund”) who have rights under the Data Protection Act (as amended) of the Cayman Islands, this privacy notice provides relevant information regarding the Authorized Entities’ collection, processing, retention and safeguarding of your personal data under that privacy regime.
Additionally, for the purposes of this privacy notice, “Data Protection Legislation” means all applicable legislation and regulations relating to the protection of personal data in force from time to time in the U.S., the European Union (the “EU”), the European Economic Area (the “EEA”), the United Kingdom (the “UK”), or any other relevant jurisdiction, including (without limitation): (a) the General Data Protection Regulation ((EU) 2016/679) (“EU GDPR”); (b) the EU GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”) (the EU GDPR and UK GDPR together shall be referred to as “GDPR”); (c) any other legislation which implements any other current or future legal act of the EU or the UK concerning the protection and processing of personal data and any national implementing or successor legislation; (d) the CCPA; and (e) any amendment or re-enactment of any of the foregoing. The terms “controller”, “processor”, “data subject”, “personal data”, “personal information”, and “processing” (and similar terms) in this privacy notice shall be interpreted in accordance with the applicable Data Protection Legislation. All references to “potential investor(s)” in this privacy notice shall be to such actual or potential investor(s) and, as applicable, any of such potential investor(s)’ partners, officers, directors, employees, shareholders, members, managers, ultimate beneficial owners and affiliates.
We reserve the right to change our privacy policies and this privacy notice at any time. In the event that we do so, we will make an updated version of this privacy notice available to you via the investor portal. The examples contained within this notice are illustrations only and are not intended to be exclusive. This notice complies with the privacy provisions of Regulation S-P under the Gramm-Leach-Bliley Act and certain privacy provisions of other laws. You may have additional rights under other foreign or domestic laws that apply to you, including as set forth in our additional privacy notices.
CRESCENT NEVER SELLS THE PERSONAL DATA IT COLLECTS.
Contacting Us
You may contact us with respect to our privacy and data protection policies and to exercise any of your rights set forth in this privacy notice or submit requests, appeal any of our decisions, or view this privacy notice in an alternate form (each, a “Communication”) by calling this toll-free number (833-358-0002), by visiting our website (www.crescentcap.com), by emailing us ([email protected]) or by writing to the general partner or investment adviser at its registered address as set out in your Crescent Fund’s limited partnership agreement, subscription agreement or offering document, as applicable.
We verify Communications by matching information provided in or in connection with your Communication to information contained in our records. Depending on the sensitivity of the Communication and the varying levels of risk in responding to such Communications (for example, the risk of responding to fraudulent or malicious communications), we may request further information or your investor portal access credentials, if applicable in order to verify your Communication.
DATA PRIVACY INFORMATION
Defining Personally Identifiable Information
“Personally Identifiable Information” (“PII”) refers to personal data that could be used, alone or in combination with other data, to identify you as an individual. It can include (without limitation) your name, physical address, email address, IP address, date of birth, social security number, passwords or other financial or payment information. In this privacy notice, PII refers to any personal data or personal information (including as defined under Data Protection Legislation).
Types of Collected PII
In respect of the PII processed by the Authorized Entities, this section describes the categories of PII that are collected, the sources for obtaining that PII, and the purpose for collecting it.
PII Categories
The Authorized Entities collect the following categories of PII:
- names, date of birth and birth place, signatures, citizenship information, social security number, taxpayer identification number, other government identification and numbers;
- contact details and professional addresses (including residential history, personal and/or business email address, telephone, mailing address);
- account data and other information contained in any document provided by potential investors to the Authorized Entities (whether directly or indirectly), funds transfer information; Background information: information required to perform, or revealed in, know-your-customer (KYC and anti-money laundering (AML) due diligence, investor accreditation and consents;
- risk tolerance, transaction history, investment experience and investment activity, assets, income, net worth, amounts and types of investments, capital account balances, capital commitments, capital contributions, beneficiaries, positions, share or option numbers and values, vesting information, investment history, transaction information, tax status and information;
- information regarding a potential investor’s status under various laws and regulations, including their social security number, tax status, income and assets;
- accounts and transactions with other institutions;
- information regarding a potential investor’s interest in a Crescent Fund, including ownership percentage, capital investment, income and losses;
- information regarding a potential investor’s citizenship and location of residence;
- source of funds used to make the investment in a Crescent Fund; and
- anti-money laundering, identification (including passport and drivers’ license), and verification documentation.
Sources for PII
In connection with offering, forming and operating the Crescent Funds, we collect, record, store, adapt and otherwise process and use PII either relating to potential investors or to their partners, officers, directors, employees, shareholders, ultimate beneficial owners or affiliates or to any other data subjects from the following sources:
- information received in telephone conversations, in voicemails, through written correspondence, via e-mail and other electronic communications, or on subscription agreements, investor questionnaires, applications or other forms (including, without limitation, any anti-money laundering, identification, and verification documentation);
- information about transactions with any Authorized Entity or others;
- information captured on any Authorized Entity’s website, fund data rooms and/or investor reporting portal (as applicable), including registration information, information provided through online forms and any information captured via “cookies”; and
- information from available public sources, including from:
- publicly available and accessible directories and sources;
- bankruptcy registers;
- tax authorities, including those that are based outside the UK and the EEA if you are subject to tax in another jurisdiction;
- governmental and competent regulatory authorities to whom any Authorized Entity has regulatory obligations;
- credit agencies; and
- fraud prevention and detection agencies and organizations.
Purpose and Legal Bases for Collecting Your PII
The applicable Authorized Entities process the PII for the following purposes (and in respect of paragraphs (3), (4), (6), (7) and (8) in the legitimate interests of the Authorized Entities (or those of a third party)):
- The performance of its contractual and legal obligations (including applicable anti-money laundering, KYC and other related laws and regulations) in assessing suitability of potential investors in a Crescent Fund;
- The administrative processes (and related communication) carried out between the Authorized Entities in preparing for the admission of potential investors to a Crescent Fund, including administering, managing and setting up an investor’s account(s) to allow such potential investor to purchase interests in the fund(s);
- Ongoing communication with potential investors, their representatives, advisors and agents, (including the negotiation, preparation and signature of documentation) during the process of admitting potential investors to a Crescent Fund and the execution of all relevant agreements;
- The ongoing administrative, accounting, reporting and other processes and communication required to operate the business of a Crescent Fund in accordance with its governing documents and other documentation between the parties, including customer service, processing or fulfilling transactions, verifying personal information, processing contributions and distributions and financing;
- To administer, manage and set up your investor account(s) to allow you to purchase your holding (of shares) in a Crescent Fund;
- To facilitate the execution, continuation or termination of the contractual relationship between you and Crescent and/or a Crescent Fund (as applicable);
- To facilitate the transfer of funds, and administering and facilitating any other transaction, between you and a Crescent Fund;
- To perform auditing and verifications related to investor interactions, including but not limited to, verifying the quality and effectiveness of services and compliance;
- To maintain the safety, security and integrity of our products and services, databases, technology assets and business, including detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity;
- To facilitate business asset transactions involving Crescent Fund;
- To enable any actual or proposed assignee or transferee, participant or sub-participant of a Crescent Fund’s rights or obligations to evaluate proposed transactions.
- Any legal or regulatory requirement, including complying with U.S., state, local and non-U.S. laws, rules and regulations;
- Keeping investors informed about the business of the Adviser and its affiliates generally, including offering opportunities to make investments other than in the Crescent Fund in which you are currently invested and related advertising; and
- Any other purpose that has been notified, or has been agreed, in writing.
We monitor communications where the law requires us to do so. We also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect our business and the security of our systems.
Use of Your PII
Your PII may be combined with information we receive from other sources, or it may be provided to other organizations we work with. This section details that use of your PII.
Receiving PII from Third Parties
Any Authorized Entity may (in certain circumstances) combine PII it receives from a potential investor with information that it collects from, or about such potential investor. This will include information collected from other sources in an online or offline context. For example, we may receive payment information from the organization you use to pay us in order to correct our records. Additionally, to promote protection of your identity, we also may collect identity information which we use to help prevent and detect fraud.
Disclosure of PII to Third Parties
Authorized Entities do not sell your PII to any third parties.
In addition to disclosing PII amongst themselves, any Authorized Entity may disclose your PII, where permitted by applicable law (including Data Protection Legislation) to other service providers, administrators, banks, law firms, governmental agencies, employees, agents, contractors, consultants, professional advisers, lenders, data processors, with our affiliates, business partners, and other third parties including financial advisors, regulatory bodies, back office account providers, custodians, auditors, technology providers, consultants, placement agents, and persons employed and/or retained by them in order to fullfil the purposes described in this privacy notice. Authorized Entities may do so for the purposes of operating our business, including the purposes set out in the “Purposes for Collecting your PII” section of this privacy notice.
PII From Minors
We do not offer financial services and products to minors and do not intend to collect personal information from children under the age of 13 years. We follow all local legal requirements with respect to the collection and processing of a minor’s personal information.
FOR CALIFORNIA RESIDENTS ONLY
Your PII Rights
This section of this privacy notice is applicable to you only if you are a natural person resident of California and supplements the section above with respect to specific rights granted under the CCPA to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. The CCPA provides residents of California with certain rights in regard to what the Authorized Entities do with your personally identifiable information. This section details those rights, how to exercise them, and what the Authorized Entities will do in response. To the extent there is any conflict between this privacy notice and the privacy requirements under the Gramm-Leach-Bliley Act and/or Regulation S-P (“GLB Rights”), GLB Rights shall apply.
Information We Collect
We collect or within the last twelve (12) months have collected some or all of the following categories of personal information from individuals:
Category | Examples | Collected |
A. Identifiers | Name, contact details and address (including physical address, email address and Internet Protocol address), and other identification (including social security number, passport number and driver’s license or state identification card number). | YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Telephone number, signature, bank account number, other financial information (including accounts and transactions with other institutions and anti-money laundering information), and verification documentation and information regarding investors’ status under various laws and regulations (including social security number, tax status, income and assets). | YES |
C. Protected classification characteristics under California or federal law | Date of birth, citizenship and birthplace. | YES |
D. Commercial information | Account data and other information contained in any document provided by investors to authorized service providers (whether directly or indirectly), risk tolerance, transaction history, investment experience and investment activity, information regarding a potential and/or actual investment in the applicable fund(s), including ownership percentage, capital investment, income and losses, source of funds used to make the investment in the applicable fund(s). | YES |
E. Biometric information | Imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns and voice recordings or keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contains identifying information. | NO |
F. Internet or other similar network activity | Use of our website, fund data room and investor reporting portal (e.g., cookies, browsing history and/or search history), as well as information you provide to us when you correspond with us in relation to inquiries. | YES |
G. Geolocation data | Physical location or movements. | NO |
H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
I. Professional or employment-related information | Current or past job history or performance evaluations. | NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other personal information | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
L. Sensitive Personal Information (see further information on use of sensitive personal information below) | Social security, driver’s license, state identification card, or passport numbers; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; the contents of a consumer’s mail, email, and text messages unless you are the intended recipient of the communication; biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation. | YES, as to the following types of information: social security, driver’s license, state identification card, or passport numbers; account log-in, financial account in combination with any required security or access code password; or credentials allowing access to an account only. |
We do not collect or use sensitive personal information other than:
- To perform services, or provide goods, as would reasonably be expected by an average consumer who requests those goods or services;
- As reasonably necessary and proportionate to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
- As reasonably necessary and proportionate to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for such actions;
- For short-term, transient use (but not in a manner that discloses such information to another third party or is used to build a profile of you or otherwise alter your experience outside of your current interaction with us);
- To perform services on behalf of our business;
- To verify or maintain the quality or safety of a service or to improve, upgrade, or enhance such service or device; and
- To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about a consumer.
We collect personal information for the business or commercial purposes and from the sources set forth in “Purposes for Collecting Your PII”and “Sources for PII”respectively, in the section above. We retain the categories of personal information set forth above in the “Information We Collect” section of this California privacy notice only as long as is reasonably necessary for those business or commercial purposes set forth in “Purposes for Collecting Your PII” in the privacy notice above, except as may be required under applicable law, court order or government regulations.
Disclosure
The Authorized Entities do not share for the purpose of cross-context behavioral advertising or sell (as such terms are defined in the CCPA) any of the PII they collect about you to third parties. In the preceding twelve (12) months, the Authorized Entities have not shared for the purpose of cross-context behavioral advertising or sold (as such terms are defined in the CCPA) any of the personal information they collect about you to third parties. The Authorized Entities do not disclose any non-public personal information about you to anyone, except as permitted or required by law or regulation and to service providers.
Within the last twelve (12) months, the Authorized Entities may have disclosed personal information collected from you for a business or commercial purpose to the categories of third parties indicated in the chart below. The Authorized Entities may also disclose your information to other parties as may be required by law or regulation, or in response to regulatory inquiries.
Personal Information Category | Category of Third-Party Recipients |
A. Identifiers | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
C. Protected classification characteristics under California or federal law | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
D. Commercial information | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
E. Biometric information | N/A |
F. Internet or other similar network activity | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
G. Geolocation data | N/A |
H. Sensory data | N/A |
I. Professional or employment-related information | N/A |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | N/A |
K. Inferences drawn from other personal information | N/A |
L. Sensitive Personal Information | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
You have the right to request that we disclose to you, free of charge, the categories and specifics of the PII we collect about you. We require a verifiable request from you to ensure that it is, in fact, you who is requesting such a PII disclosure. Once we verify the request, we will provide that information to you.
Following our verification of your request, we will disclose to you, unless otherwise restricted by law or regulation, the following PII we collect about you:
- The categories of PII we have collected about you;
- The categories of sources from which the PII is collected;
- The business or commercial purpose for collecting that PII;
- The categories of third parties to whom we disclose PII;
- The specific pieces of PII we have collected about you; and
- Whether we disclosed your PII to a third party, and if so, the categories of PII that each recipient obtained.
Your request for disclosure can apply to any such PII mentioned in the previous paragraph for as much as twelve months preceding your request. Be advised that we are not required to disclose such information about the PII we collect about you more than twice in a twelve-month period.
Following our verification of your request, we will disclose to you, unless otherwise restricted by law or regulation, the following PII we collect about you:
- The categories of personal information we have collected about you
- The categories of sources from which the personal information is collected
- The business or commercial purpose for collecting or selling that personal information
- The categories of third parties with whom we share personal information
- The specific pieces of personal information we have collected about you
Retention and Deletion of PII
We retain the categories of PII collected about you for only as long as is reasonably necessary for those purposes set forth above, except as may be required under applicable law, court order or government regulations.
You have the right to request that we delete the PII we have collected from you. Following our verification of your request, we will comply with your request and delete any or all of your PII in our possession that we collected from you and/or any or all such PII in the possession of our service providers, unless otherwise restricted by law or regulation. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.
Correction of PII
You have the right to request that the Authorized Entities correct any inaccuracies in the PII that they retain, subject to certain statutory exceptions, including, but not limited to, their compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.
Non-Discrimination for Exercising Your PII Rights
The Authorized Entities follow the requirements of California Civil Code §1798.125, and will not discriminate against any consumer who exercises the rights set forth in this privacy notice, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level of quality of service to you.
Contacting Us to Exercise Your PII Rights
You may contact us in order to exercise any of your rights set forth in this privacy notice by the methods set forth in the section of this privacy notice titled “Contacting Us”.
FOR INVESTORS IN CAYMAN ISLAND ENTITIES
In this privacy notice, the terms “we”, “us” and “our” refer to the relevant Crescent Fund, its affiliates and/or its delegates, including any Authorized Entity, unless the context otherwise requires.
Purpose of this notice
This privacy notice provides information regarding our collection, processing, retention and safeguarding of personal data, also referred to herein as personal identifying information or PII, that constitutes “personal data” under the Data Protection Act (as amended) of the Cayman Islands (the “DPA”) as described in detail above.
If you are a natural person, this will affect you directly. If you are a corporate investor (including, for these purposes, a legal arrangement such as a limited partnership or trust) that provides PII on natural persons connected to you for any reason in relation to your investment in a Crescent Fund, this will be relevant for those persons and you should transmit this privacy notice to them.
Your PII
By virtue of making an investment in a Crescent Fund and your associated interactions with us, you will provide us (including by submitting subscription documents, tax forms and associated documents and in correspondence and discussions with us) certain information that constitutes PII. We may also obtain PII from public sources.
Why we process your PII
We process your PII for the purposes of:
- performing our contractual rights and obligations (including under the limited partnership agreement, subscription agreement or offering document of the Crescent Fund);
- complying with our legal or regulatory obligations (including those relating to anti-money laundering and counter-terrorist financing, preventing and detecting fraud, sanctions, automatic exchange of tax information, requests from governmental, regulatory, tax and law enforcement authorities, beneficial ownership and maintaining statutory registers); and
- our legitimate interests or those of a third party (including to manage and administer your investment in the Crescent Fund, to send you updates, information and notices or otherwise correspond with you in connection with your investment in the Crescent Fund, to review, assess and process your requests or applications, to address or investigate any complaints, claims, proceedings or disputes, to seek professional advice, including legal advice, to meet our regulatory, accounting, tax reporting and audit obligations, to manage risk and operations, to maintain our internal records, to act in accordance with our policies and procedures, to protect our business against fraud, breach of confidence and theft of proprietary materials and to protect the security and integrity of our IT systems) where we consider that, on balance, our (or their) legitimate interests are not overridden by your interests, fundamental rights or freedoms.
Should we wish to process your PII for other specific purposes (including, if applicable, any purpose that requires your consent), we will contact you.
Transfer of your PI
We transfer your PII to certain third parties, who will process your PII on our behalf, including administrators and other third party service providers that we appoint or engage to assist with the Crescent Fund’s management, operation, administration and legal, governance and regulatory compliance. In certain circumstances, we may be required by law or regulation to transfer your PII and other information with respect to your investment in the Crescent Fund to governmental, regulatory, tax and law enforcement authorities. They may, in turn, exchange this information with other governmental, regulatory, tax and law enforcement authorities (including in jurisdictions other than the Cayman Islands).
Your PII may be transferred to jurisdictions that do not have data protection laws equivalent to the DPA. This may be necessary for one of a number of reasons, including for the performance of our rights and obligations under your Crescent Fund’s constitutional documents or under an agreement with a third party that is in your interests or in connection with international cooperation arrangements between governmental, regulatory, tax and law enforcement authorities.
Security, storage and retention of PII
We implement appropriate technical and organisational measures against unauthorised or unlawful processing of your PII and against accidental loss or destruction of, or damage to your PII, consistent with the DPA.
We will retain your PII for as long as we require it to perform our contractual rights and obligations or for our legitimate interests or for such longer period as required by our legal or regulatory obligations. In general, we will retain your PII throughout your investment in the Crescent Fund. We will also retain certain of your PII after you cease to be an investor in the Crescent Fund. As a general principle, we do not retain your PII for longer than we need it.
Your Rights
Under the DPA, you have certain data protection rights, including the right to request access to your PII, the right to restrict the use of your PII, the right to have incomplete or inaccurate PII corrected, the right to ask the Crescent Fund or any Authorized Entity to stop processing your PII, the right to require us to delete your PII in certain circumstances and the right to complain to the Cayman Islands Ombudsman, who may be contacted by email ([email protected]), telephone (+1 345 946 6283) or post (PO Box 2252, Grand Cayman KY1-1107, Cayman Islands).
Automated decision-making
We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of your PII, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the requirements of the DPA (and other applicable laws).
Questions or concerns
If you have any questions or concerns about the contents of this privacy notice or our processing of your PII, contact us as described in the section of this privacy notice titled “Contacting Us”.
EU-UK DATA PROTECTION NOTICE
This EU-UK Data Protection Notice applies to the extent that the GDPR applies to the processing of PII by Authorized Entities. Where the GDPR applies to such processing, one or more of the Authorized Entities are “controllers” of such PII collected in connection with your investment in that Crescent Fund. In simple terms, this means such Authorized Entities: (i) “control” the PII that they or other Authorized Entities collect from potential investors or other sources; and (ii) make certain decisions on how to use and protect such PII.
Nature, Purpose & Legal Basis for Processing
The categories of PII which the Authorized Entities process and the sources of such PII are set out in the “Types of PII Collected” section of this privacy notice.
The Authorized Entities will process your PII for the purposes set out above in the “Purposes for Collecting Your PII” section. The law specifies certain ‘lawful bases’ under which the Authorized Entities are allowed to process your PII. The lawful basis upon which the Authorized Entities rely for each purpose is also set out above in the “Purpose and Legal Bases for Collecting Your PII” section. Most commonly, the Authorized Entities will rely on one or more of the following lawful bases for processing your PII:
- Where Authorized Entities need to perform the contract entered into with you;
- Where Authorized Entities need to comply with a legal obligation; and/or
- Where the Authorized Entities’ legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
From time to time, an Authorized Entity may need to process the PII on other legal bases, including: with consent; if it is necessary to protect the vital interests of a potential investor or other data subjects; or if it is necessary for a task carried out in the public interest.
Where you do not provide your PII
If you do not provide us with certain PII when requested, an Authorized Entity may not be able to perform all or part of the contract entered into with you.
Recipients of Investor PII
As disclosed above, in addition to disclosing PII amongst themselves, any Authorized Entity may disclose, where permitted by the GDPR, your PII to third parties for the purposes of carrying out the services of your contract and for the legitimate business purposes disclosed, including to other service providers, employees, agents, contractors, consultants, professional advisers, lenders, processors and persons employed and/or retained by them in order to fulfil the purposes described in this EU-UK Data Protection Notice. In addition, any Authorized Entity may share PII with regulatory bodies having competent jurisdiction over them, as well as with the tax authorities, auditors and tax advisers (where necessary or required by law).
We take reasonable steps, as required by Data Protection Legislation, to ensure the safety, privacy and integrity of your PII and where appropriate, enter into contracts with such third parties to protect the privacy and integrity of such PII and any information supplied.
Transfers of PII outside the EEA and UK
Any Authorized Entity may transfer your PII to a Non-Equivalent Country (as defined below), in order to fulfil the purposes described in this EU-UK Data Protection Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to enter into, perform and administer the Subscription Agreement, and to implement requested pre-contractual measures. For information on the safeguards applied to such transfers, please contact us as indicated in the section of this privacy notice titled “Contacting Us”. For the purposes of of this EU-UK Data Protection Notice, “Non-Equivalent Country” shall mean a country or territory other than (i) a member state of the EEA; (ii) the UK; or (iii) a country or territory which has at the relevant time been decided by the European Commission or the Government of the UK (as applicable) in accordance with Data Protection Legislation to ensure an adequate level of protection for PII.
Security, Storage and Retention of PII
We consider the protection of PII to be a sound business practice, and to that end, employ appropriate technical and organizational measures, including robust physical, electronic and procedural safeguards to protect PII in their possession or under their control.
PII may be kept for as long as it is required for legitimate business purposes, to perform contractual obligations, or where longer, such longer period as is required by applicable legal or regulatory obligations. PII will be retained throughout the life cycle of any investment in a Crescent Fund. However, some PII will be retained after a data subject ceases to be an investor in such Crescent Fund.
Your Rights
It is acknowledged that, subject to applicable Data Protection Legislation, the data subjects to which PII relates, have certain rights under the GDPR: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their PII; to access and receive a copy of their PII; to request rectification or their PII; to request erasure of their PII; to exercise their right to data portability; and the right not to be subject to a decision based on automated processing, including profiling. Please note that the right to erasure is not absolute and it may not always be possible to erase PII on request, including where the PII must be retained to comply with a legal obligation. In addition, erasure of the PII requested to fulfill the purposes described in this EU-UK Data Protection Notice, may result in the inability to provide the services required with respect to your investment in a Crescent Fund.
You should inform us of any changes to your PII. Any requests made under this EU-UK Data Protection Notice can be made using the details set out in the section of this privacy notice titled “Contacting Us” section.
You have the right to lodge a complaint with the data protection supervisory authority in your jurisdiction if you are unhappy with how your PII is being handled.
Contact
If you have any queries regarding this data protection notice, please contact us as indicated in the section of this privacy notice titled “Contacting Us”.