Privacy Policy - I Squared

Introduction

The privacy and security of personal information is very important to us. This privacy statement explains what information I Squared Capital Advisors Group and its related entities or affiliates (“I Squared Capital”, “ISQ”, “we”, “our” or “us”) gather about you, what we use that information for, the lawful basis on which that information is used and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries. ISQ is the controller of the personal data processed under this policy and our contact details are set out under “Your Rights” below.

References to “you” or “your” refers to individuals for whom we process their personal information, including investors (including where necessary their agents, directors, officers, ultimate beneficial owners and/or representatives), along with third party business partners, vendors, consultants and other deal counterparties (such as directors of target companies) or management teams of portfolio companies in connection with transactions to which we are a party, and/or the provision of our services.

One of our third-party business partners is called SunGard (operating as FIS). While SunGard currently hosts the investor portal on our behalf and provides related support, any other uses of data will be for SunGard’s own purposes and for their own benefit, and will therefore be separate from, and used in a different context to, our uses of data.

Who this privacy statement applies to and what it covers

This privacy statement sets out how we collect, handle, store and protect information about you in the operation of our business. We may collect personal information in a number of ways, including: (i) information captured on our websites (such as our main webpage: https://isquaredcapital.com/ and the investor login portal) and other information you provide during the course of our commercial relationship with you, including when you provide information to us online (including forms such as account opening forms, agreements and associated documentation), by phone, email or in person; (ii) when you submit information in connection with our services; (iii) when we carry out due diligence checks/screening activities, such as ‘know-your-customer’ (also known as “KYC”) checks, or anti-money laundering (also known as “AML”) checks); (iv) and when you visit our premises.

We may also, in some circumstances, receive personal information about you from third parties, such as service providers or trading counterparties, regulatory or law enforcement agencies, credit reference agencies, professional advisors, and agencies conducting background checks. Personal information may also be obtained from certain publicly accessible sources of information, such as public databases, industry associations, social media and online professional networks. The types of data collected from such third-party sources listed in this paragraph include, as applicable, name, contact details, job title, qualifications, employer or parent organisation, financial information, criminal data, and verification/identity information including social security numbers.

This Privacy Statement also contains information about when we share your personal information with other members of our group and third parties (for example, third parties carrying out due diligence activities on our behalf).

In this Privacy Statement, your information is sometimes called “personal data” or “personal information”. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information.

What information we collect

The categories of personal data we may collect will depend on the nature of our relationship with you and the purpose for which your personal information is being collected.

The personal data that we collect or obtain may include your name; age; date of birth; gender; e-mail address; home address; country of residence and nationality; username and passwords for registration purposes; verification information (including copies of identity documents such as passports and driver’s licenses, images of signatures), social security numbers, place of birth, national identification number; signature; family circumstances (for example, your marital status and dependents); employment and education details (for example, the organisation you work for, your job title and your education details); data relating to your criminal convictions and offences; financial, account, investment, transaction and tax-related information (for example information relating to your investment history, account information /balance, financial transactions, your income, source of funds, tax residency/identification number and other invoice information); and CCTV footage.

We may also collect or obtain personal data from you because we observe or infer that data about you from the way you interact with us or others. For example, to improve your experience when you use our website and ensure that it is functioning effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) and Web beacons which may collect personal data.

Why we use information about you

We will use your personal data to carry out activities that form part of the operation of our business. As part of this, we may use your personal data in the course of correspondence relating to such activities. Such correspondence may be with you, our affiliates, our service providers or (if required) competent authorities. We may also use your personal data to conduct due diligence checks relating to the relevant activities.

Because a wide range of activities form part of the operation of our business, the way we use personal data also varies. For example, we might use personal data for the purposes of, or in connection with:

providing our services to you, including the provision of investment advice, deal structuring, execution support, evaluating potential transactions and entering into a commercial relationship with you.
administrative, risk analysis and fraud/crime prevention purposes, including verifying the identity of individuals, carrying out due diligence checks such as AML, KYC and anti-bribery/corruption sanction screenings, maintaining records of investments, administering transactions and managing payments/fees.
complying with applicable legal or regulatory requirements or to exercise or defend our rights or the rights of a third party, including complying with law enforcement or government authority requests and participating in compliance audits.
requests and communications from competent authorities.
services we receive from our professional advisors, such as lawyers, accountants and consultants.
managing and making information available to third party service providers (e.g. providers of due diligence services) and our affiliates, who assist us as described further below.
requests and communications from competent authorities (including courts and tribunals).
protecting our rights and those of our affiliates, including where we believe necessary to investigate, prevent or take action regarding suspected or actual illegal activities, fraud, situations involving potential threats to the safety of any person or to otherwise enforce this privacy statement.
to manage and improve our website or to manage and respond to any request or enquiries submitted to us including through our website.
otherwise corresponding with you.
for marketing and promotional purposes. For example, we may use your personal information, such as your email address, to send you news and newsletters, event updates, business opportunities, or to otherwise contact you about information we think may interest you or your company.

In some cases, the information that we request from you is not mandatory. However, such information may be necessary in connection with the performance of certain activities that form part of the operation of our business or resulting from our contractual relationship with you, or where we are required by law to collect certain personal information about you (as noted above). Failure to provide this information may prevent or delay the fulfilment of these obligations.

The legal grounds we use for processing personal information

We are required by law to set out in this privacy statement the legal grounds on which we rely in order to process your personal data. As a result, in most cases we use your personal data for the purposes outlined above because:

of our legitimate interests in the performance of activities that form part of the operation of our business, so long as such interests do not override your interests, fundamental rights or freedoms;

Examples of the ‘legitimate interests’ referred to above are: (i) to provide, manage and improve our services to our customers; (ii) to support/protect our reputational standing, preserve our integrity and comply with legal or regulatory obligations to which we are subject, such as KYC and AML checks and anti-bribery/corruption sanctions regulations, including to verify the accuracy of information provided by a third party; (iii) to prevent fraud or criminal activity; and (iv) to safeguard the security of our IT systems, architecture and networks, and our physical premises.

of the legal and regulatory obligations that we are subject to, such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or where we are required by law to process data (e.g. proof of identity) in order to ensure we meet our ‘know your client’ and ‘anti money laundering’ obligations (or other legal obligations imposed on us) or to protect our rights.
the information is required in order to carry out the activities that form part of the operation of our business and to perform our contractual obligations to you.
we obtain consent where required by applicable law, for example to conduct direct marketing communications.

In some circumstances, where authorised by local law, we may collect data relating to criminal convictions or offences, where required by local law.

To Whom we disclose your information

In connection with one or more of the purposes outlined in the “Why we use information about you” section above, we may disclose details about you to:

our affiliates. We work closely with our affiliates within the ISQ group and may share certain information with them, for example for internal reporting purposes, in order to provide our service in accordance with our contract with you and in our legitimate interests to run an efficient business;
third parties including service providers/vendors/business partners that provide services to us and/or our affiliates, such as troubleshooting, data security and maintenance, data hosting (including providing data room platforms/workspaces on our behalf, and carrying out due diligence activities on our behalf);
financial/transaction counterparties, in order to provide our service in accordance with our contract with you and in our legitimate interests to run an efficient business;
our professional advisors including our lawyers, accountants and consultants in our legitimate interests to run an efficient business;
law enforcement agencies, competent authorities (including courts and supervisory or other authorities/similar third parties). Data may be shared with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party in our legitimate interests to run an effective business and/or as required by law;
your employer and/or their advisers, in order to provide our service in accordance with our contract with you and in our legitimate interests to run an efficient business;
your advisers, such as lawyers, accountants and consultants, in order to provide our service in accordance with our contract with you and in our legitimate interests to run an efficient business;
organisations that help us reduce the incidence of fraud, in order to provide our service in accordance with our contract with you and in our legitimate interests to run an efficient business;
asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use commercially reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy statement, in our legitimate interests to run an effective business;
and other third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Why we use information about you” section above, in order to provide our service in accordance with our contract with you and in our legitimate interests to run an efficient business.

Where we disclose your information

Please note that your personal data may be transferred to, stored, and processed in countries outside of the European Union or the UK whose laws may not provide the same level of data protection. Those countries currently include the United States of America, Singapore, India, the People’s Republic of China and will include certain other countries in which from time to time we carry out activities that form part of the operation of our business.

In such cases, we will ensure that there are adequate safeguards in place to protect your personal data that comply with our legal obligations. To ensure this level of protection for your personal information, we put in place appropriate safeguards, including contractual commitments (such as standard contractual clauses approved by the European Commission and appropriate transfer mechanisms authorised by the UK Government). A copy of these clauses is available here and here.

Further details of the transfers of your personal information outside of the EEA/UK and the adequate safeguards used by I Squared Capital in respect of such transfers (including copies of relevant agreements where applicable) are also available from us by contacting legal@isquaredcapital.com.

Protection of your personal information

All I Squared Capital personnel accessing personal information should comply with internal rules and processes in relation to the processing of personal information to protect and ensure the confidentiality of such information.

We have also implemented technical and organisational measures designed to protect personal information against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the personal information, with particular care for sensitive information.

Although we use security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

How long we keep your information

We will hold your personal data on our systems for the longest of the following periods: (i) as long as is necessary for our business operations/relevant business activities as described above; (ii) retention period that is required by law or regulation; (iii) the end of the period in which litigation or investigations might arise in respect of our activities, or in respect of the period to defend or bring any existing or potential legal claims; (iv) to maintain business records for analysis and/or audit purposes; and (v) to deal with any complaints.

Your rights

You have various rights in relation to your personal data under applicable local law. In particular, you have a right to:

request a copy of personal data we hold about you
ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete
ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data
receive your personal information in a usable electronic format and transmit it to a third party (right to data portability)
object to our processing of your personal data
where you have provided consent, withdraw such consent to our processing of your personal information

Some of these rights only apply in certain circumstances and in many cases, are limited by law. For example, where fulfilling your request will adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal information.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please email legal@isquaredcapital.com. You may also use these contact details if you wish to make a complaint to us relating to your privacy.

Right to complain

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you are unhappy with the way we handled your personal information or any privacy query or request you have raised with us, you also have a right to complain to a data protection authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen.

Use of cookies

We may use cookies and other tracking technologies (“Tracking Technologies”) on our website. These Tracking Technologies may be stored on your device or browser and may gain access to information stored on your device; they may also be used to collect your personal data.

If you are in the EEA or UK, we will automatically drop Tracking Technologies that are strictly necessary for our website (these are cookies that are essential to the functioning of our services, to provide a service requested by you or to comply with the law (e.g. the security requirements of data protection law). We do not need to obtain your consent in order to use these Tracking Technologies and these Tracking Technologies cannot be turned off as we cannot provide the services without them) and we will request your consent to drop the following additional Tracking Technologies:

Tracking Technology	Description	Duration
Performance Tracking Technologies	These cookies enable us to collect information about your online activity (e.g. the duration of your use of the services), including behavioral data and content engagement. They allow us to provide you with a better user experience and to maintain, operate and continually improve our services.	24 months
Google Analytics	Google Analytics is a web analytics tool that helps us understand how users engage with our Services. Like many providers, Google Analytics tracks user interactions on websites. This information is used to compile reports and to help us improve our services. The reports disclose trends on our services without identifying individual visitors. For more information on Google Analytics, see here. You can opt out of Google Analytics without affecting how you engage with our services – for more information on opting out from Google Analytics tracking across all services you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.	24 months

Most browsers accept cookies automatically, but you may be able to control the way in which your devices permit the use of Tracking Technologies. If you so choose, you may block or delete our cookies from your browser; however, blocking or deleting cookies may cause some of the services, including certain features and general functionality, to work incorrectly. If you have questions regarding the specific information about you that we process or retain, as well as your choices regarding our collection and use practices, please email legal@isquaredcapital.com. To view or change your preferences in relation to our Tracking Technologies, click here.

Your browser settings may allow you to transmit a “do not track” signal, “opt-out preference” signal, or other mechanism for exercising your choice regarding the collection of your information when you visit various websites. Like many websites, our website is not designed to respond to such signals, and we do not use or disclose your information in any way that would legally require us to recognize opt-out preference signals. To learn more about “do not track” signals, you can visit this site.

Changes to this Privacy Statement

We may modify or amend this Privacy Statement from time to time. We will communicate those changes to you using our usual means of communication with you or as required by applicable law.

Supplemental Terms – Jurisdiction Specific

If you are a user located in one of the jurisdictions below, please review the additional information for your jurisdiction, which applies in addition to the information in our Privacy Statement above.

Australia

Where practicable, we will give you the option of not identifying yourself or using a pseudonym when registering an account on or using our services. You acknowledge that if you do not provide us with your personal information, we may be unable to provide you with access to certain features or sections of our services, including social media integration and in-service purchases.

We hold your personal information in hard copy or electronically in our IT systems, which may include third party cloud storage providers.

We disclose personal information to locations outside of Australia – see the section “Where we disclose your information” above for a list of countries. We take reasonable steps to ensure that third party recipients of your personal information located outside Australia handle your personal information in a manner that is consistent with Australian privacy laws.

You have the right to access personal information we hold about you and to seek the correction of any of your personal information we hold that is inaccurate. You may do so by contacting us at legal@isquaredcapital.com.

If you are dissatisfied with the way we have handled your personal information, or with our response to your request for access to, or correction of, your personal information, you may make a complaint by contacting us at legal@isquaredcapital.com. If we receive a complaint about how we handled your personal information, we will review the complaint and determine what action, if any, to take. We aim to resolve any such complaints in a reasonable period of time, and ask that you cooperate with us and provide us with relevant information that we may require. If you are dissatisfied with the way we have handled your complaint, you may contact the Office of the Australian Information Commissioner at +61 1300 363 992; or using the contact information set out here.

Brazil

You have the right to (a) be informed about the processing activities carried out with your personal data, including data sharing; (b) access and confirm that we process your personal data; (c) correct incomplete or outdated data; (d) request the anonymization, blocking or deletion of unnecessary or excessive personal data we may process about you; (e) port your personal data; (f) request the deletion of personal data processed with your consent; (g) request the review of decisions made exclusively based in automated data processing; and (h) file a complaint before the National Data Protection Authority (ANPD).

Whenever we use your personal data based on your consent, you may revoke the consent that you have previously given for the processing of your personal data. To revoke such consent, you may terminate your account or you can contact us at any time. This may affect our provision of our services to you.

In addition to the legal grounds indicated above in this Privacy Statement, the General Data Protection Law (Law No. 13,709/2018 – LGPD) allows the processing personal data for the exercise and protection of rights in judicial, administrative and arbitration proceedings, as well as for the protection of credit. We may process your personal data under such lawful basis to the extent permitted by the applicable law.

If you have any questions about the processing of your personal data or wish to exercise your rights, please contact us at legal@isquaredcapital.com.

India

To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities by contacting us at [legal@isquaredcapital.com]. Where consent is required to process your personal information, if you do not consent to the processing or if you withdraw your consent, we may not be able to deliver the expected service. Where the processing of your personal data is not based on consent, our processing is based on certain legitimate uses as permitted under law and in compliance with applicable law.

Singapore

By providing us with your personal data, using the website or our services, you consent to the collection, use and disclosure of your personal data for the purposes set out in this Privacy Policy. For any cross-border transfer of your information to any country where we have databases or affiliates and, in particular, the locations specified in “Where we disclose your information”, we rely on legally enforceable obligations to provide to the personal data transferred a standard of protection that is comparable to that under the Personal Data Protection Act 2012 (“SG PDPA”). We obtain consent for the collection, use and disclosure of your personal data in accordance with the Personal Data Protection Act 2012 (“SG PDPA”) unless an exception applies under the SG PDPA or we are required or authorized by other applicable law.

You have the right to access your personal information, how we use it, and who we share it with. You have the right to correct any of your personal information that is inaccurate. You also have the right to withdraw consent, although if consent is withdrawn, we may not be able to provide you with the requested services. These rights may be subject to exceptions under the SG PDPA.

Our designated data protection officer for the purposes of compliance with the SG PDPA can be contacted at legal@isquaredcapital.com.

United States Residents

This section applies if you are a resident of California, Colorado, Connecticut, Utah, Virginia or another U.S. state that has passed a privacy law similar to the California Consumer Privacy Act (“CCPA”) and requires specific privacy notice disclosures. For purposes of this section, references to “personal information” shall also include “sensitive personal information” as those terms are defined under the CCPA.

The table below sets out the categories of personal information (including sensitive information, denoted by *) we collect and disclose (if applicable), including our collection and disclosure over the past 12 months.

Category of Personal Information	Recipient(s)
Identifiers, such as name, email address, IP address, other device identifiers	[Our affiliates, service providers/vendors/business partners, financial/transaction counterparties, your employer and/or their advisers
Personal information listed in the California Customer Records statute such as name, address, signature, social security number, passport number and driver’s license or state identification number*.	Our affiliates, service providers/vendors/business partners, financial/transaction counterparties,
Government Identifiers* such as driver’s license, national identification number, state identification card or passport	Our affiliates, service providers/vendors/business partners
Internet and similar network activity information, such as information regarding your interaction with the Services and User Input
Geolocation data such as IP address
Account access credentials* such as account log-in or credentials allowing access to your account
Commercial information such as financial, account, investment, transaction and tax-related information relating to your investment history, account information, balance, financial transactions, your income or source of funds	Our affiliates, service providers/vendors/business partners, financial/transaction counterparties, your employer and/or their advisers
Audio, electronic, visual, thermal, olfactory, or similar information such as CCTV footage	Our affiliates, service providers/vendors/business partners]
Characteristics of protected classifications under California or federal law such as gender, age, nationality or country of residence
Professional or employment-related information such as title of profession, employer or educational and professional background
Non-public education information collected by certain federally funded institutions such as education records
Inferences drawn from other personal information such as profile reflecting your preferences

Please see the corresponding sections above for information regarding the specific purposes for which we collect (“Why we use information about you”) and disclose (“To whom we disclose your information”) your information, and the sources from which we collect such information (“Who this Privacy Statement applies to and what it covers”), please see the sections above. We do not “sell” or “share” (as those terms are defined under the CCPA) personal information, nor have we done so in the preceding 12 months. Further, we do not have actual knowledge that we sell or share personal information of residents under 16 years of age. In addition, we only use and disclose sensitive personal information with your consent or for the purposes specified in the CCPA.

We will not discriminate against you for exercising any of your rights described in the “Your Rights” section above. We may need to collect information from you to verify your identity, such as your email address, government issued ID or date of birth, before providing a substantive response to the request. Depending on your location, you may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. If we deny your request in whole or in part, you may have the right to appeal that decision, by contacting us at legal@isquaredcapital.com.

Taiwan

If you are a resident of Taiwan, the following Taiwan-specific provisions apply to our collection, processing or use of your personal data in lieu of or in addition to the relevant sections of the above:

The controller of your personal data processed is I Squared Capital Advisors (Taiwan) Limited
With regard to the section titled “To whom we disclose your information”, to the extent required by Personal Data Protection Act, we will first obtain your consent before sharing your personal data to entities/individuals listed therein.
With regard to the section titled “Your rights”, you also have the right to make an inquiry of and to review your personal data.
You hereby agree that we can share your personal data to our affiliate, financial/transaction counterparties or other third parties for the purposes listed in the section titled “Why we use information about you”. If you do not agree that we may so share your personal data, our relevant performance may be prevented or delayed. If you disagree with us sharing your personal data in this manner, please contact us at legal@isquaredcapital.com.