Privacy Notice

1. Introduction

Bletchley Park Asset Management Jersey Limited (the Sub-Investment Manager)

Bletchley Park Asset Management Limited (the Investment Manager)

Bletchley Park Asset Management Feeder 1, Bletchley Park Asset Management US Feeder 1

Bletchley Park Asset Management Master Fund (together, the Funds)

This Privacy Notice (the Notice) is issued by Bletchley Park Asset Management Jersey Limited and applies to the Sub-Investment Manager, the Investment Manager and the Funds (together, the BPAM Group).

This Privacy Notice sets out how the BPAM Group handles your Personal Data which we collect through our interaction with you directly, and through our interaction with people and entities connected with you.  The BPAM Group is committed to protecting and respecting your privacy.  Your Personal Data will be processed in accordance with the EU’s General Data Protection Regulation (GDPR) and other applicable privacy and data protection laws.  The BPAM Group’s data protection policies will be applied across all operations and will not differentiate between EU and non-EU citizens.

When we mention “we”, “us” or “our” in this Notice, we are referring to the relevant company in the BPAM Group responsible for controlling or processing your Personal Data.  The identity of the relevant BPAM Group entity responsible for your personal data in such situations can be provided to you upon request.  References to “you” include all individuals whose Personal Data we collect, hold and process in the course of operating the BPAM Group.  “Personal Data” means any information in respect of which a natural person can be identified, such as their name, address, identification number, as well as online identifiers.

Under the GDPR definitions, we have determined that:

1. a) The Sub-Investment Manager acts as a “Data Controller” of Personal Data of its Employees and Directors and, where it holds Personal Data, for third-parties, such as trading counterparties, Service Providers, or prospective employees;
2. b) The Sub-Investment Manager acts as a “Data Controller” of Personal Data used in marketing activities (principally, contact information of prospective investors or other recipients of marketing materials); and
3. c) The Funds, the Investment Manager and the Sub-Investment Manager act as “Joint Controllers” of Personal Data of investors. A summary of the arrangements between the Joint Controllers in respect of the control of this Personal Data is available upon request.

2. How are your Personal Data collected?

Your Personal Data may be collected from information provided by you or by third-party sources, including but not limited to the following sources:

1. a) through forms and documents as we may request that are completed in relation to the administration or management of our services;
2. b) through client due diligence (CDD) or “Know Your Client” (KYC) checks carried out as part of our compliance with regulatory requirements;
3. c) when you interact with us, for example, via telephone calls (which may be recorded), letters, face-to-face meetings, and email;
4. d) when you request the addition of your email address to our email distribution list for newsletters or other marketing materials;
5. e) when you respond to our request for additional Personal Data;
6. f) when you submit an employment application or provide documents or information including your curriculum vitae in connection with an appointment; and
7. g) from entities in which you or someone connected to you has an interest, your legal or financial advisers, other financial institutions who hold and process your personal information, or Personal Data received while dealing with advisers, regulators, official authorities and Service Providers (meaning third-party companies that are contracted by the BPAM Group to perform a service) by whom you are employed or engaged or for whom you act.

If you provide us with any Personal Data relating to a third-party (for example, information on your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of such third-party to you providing us with their Personal Data for the respective purposes.

You should ensure that all Personal Data submitted to us is complete, accurate, true and correct.

3. What Personal Data are collected?

We may collect various types of Personal Data about you, including but not limited to:

1. a) Your identification information (which may include your name, ID card and passport numbers, nationality, place and date of birth, gender, photograph and/or IP address and Personal Data relating to claims, court cases and convictions, politically exposed person (PEP) status, Personal Data available in the public domain and such other information as may be necessary for the BPAM Group to provide its services and to complete its CDD process and discharge its Anti-Money Laundering (AML)/Combating the Financing of Terrorism (CFT) obligations;
2. b) Your tax status information (which may include your tax residency, tax ID and/or tax status);
3. c) Your contact information (which may include postal address and e-mail address and your home and mobile telephone numbers);
4. d) Your professional and employment information (which may include your level of education and professional qualifications, your employment, employer’s name and details of directorships and other offices which you may hold); and
5. e) Financial information, sources of wealth and your assets (which may include details of your assets, sources of wealth, shareholdings and your beneficial interest in assets, your bank details and your credit history);

We may also collect and process Personal Data regarding people connected to you, either by way of professional (or other) association or by way of family relationship.

4. Why do we collect and process your Personal Data?

The Personal Data are processed and/or controlled on the following lawful grounds:

1. a) it is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests;
2. b) it is necessary to comply with our contractual duties;
3. c) it is necessary to comply with our legal and regulatory obligations;
4. d) where we have obtained your consent to processing and/or controlling your personal information for a specific purpose.

Personal Data collected are used for various purposes, including but not limited to:

1. a) facilitating the conduct of our business;
2. b) communicating with you as necessary in connection with our services;
3. c) enforcing or defending our legal and contractual rights or those of third-party Service Providers;
4. d) disclosing your personal information to any bank or financial institution in providing our services;
5. d) complying with legal or regulatory obligations imposed on us (including but not limited to AML/CDD obligations);
6. e) collecting, processing, transferring and storing customer due diligence, source of funds information and verification data under applicable anti-money laundering and terrorist financing laws and regulations; and
7. f) liaising with or reporting to any regulatory authority (including tax authorities) with whom we are either required to cooperate or report to, or with whom we decide or deem it is appropriate to cooperate in relation to tax matters.

Only Personal Data which are necessary for each specific purpose will be processed by the BPAM Group. Access is limited to those that need to provide a service to ensure data are shared to a limited number.

5. Personal Data Access and Protection

Employees, Directors and agents of the Investment Manager, the Sub-Investment Manager and the Funds have access to Personal Data.  Personal Data collected by the BPAM Group may be disclosed or transferred to related companies and to external Service Providers or other third-parties, as detailed below.

We may share your Personal Data with third-parties, including but not limited to:

1. a) providers of legal, fund administration, banking, custody, company secretarial, registered office, or corporate governance services, where disclosure to that provider is considered necessary;
2. b) any sub-contractors, agents or delegated Service Providers of the BPAM Group;
3. c) law enforcement agencies where considered necessary to fulfil legal obligations; and
4. d) regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material.

Where we share your information with a third-party, we require the recipients of that Personal Data to put in place adequate measures to protect it.

The BPAM Group is committed to ensuring the security of your Personal Data.  We take appropriate technical, physical and organisational measures to prevent unauthorised or unlawful processing of your Personal Data or accidental loss or destruction of your Personal Data.

Employees are trained to handle Personal Data securely and with utmost respect and they will treat your Personal Data as strictly confidential.  Staff members shall be authorised to access Personal Data only to the extent necessary to serve the applicable legitimate purposes for which the data are held and processed.

6. Personal Data Storage and Retention

The Personal Data processed by the BPAM Group are primarily held on a network drive with restricted access.  Some Personal Data may also be stored on cloud storage facilities with restricted access.

The BPAM Group will process and store the relevant Personal Data for the duration of our services or for the duration of the business relationship.  The BPAM Group may also continue to store the data for as long as it is necessary or required to fulfil legal, regulatory, contractual or statutory obligations and, or for the establishment, exercise or defence of legal claims, and in general where it has a legitimate interest for doing so.

7. Erasure of Personal Data

When data held in accordance with this Notice are destroyed, the data will be destroyed securely in

accordance with best practice at the time of destruction.

8. CCTV

The office premises of the Sub-Investment Manager operate a Closed-circuit Television (CCTV) network for the purposes of crime prevention, detection, and safeguarding.  Clear signage is in place to notify employees and visitors to the office premises.  Images of Data Subjects are processed as Personal Data.

9. Access to and Control of Personal Data – Your rights

You have the following rights (which may be exercisable depending on the circumstances) in respect of the Personal Data about you that we process:

1. a) the right to access and port Personal Data;
2. b) the right to rectify Personal Data;
3. c) the right to restrict the use of Personal Data;
4. d) the right to request that Personal Data is erased; and
5. e) the right to object to processing of Personal Data.

You also have the right to lodge a complaint about the control or processing of your Personal Data either with us or with the applicable jurisdictional regulator for data protection matters: namely the Office of the Information Commissioner in Jersey (https://oicjersey.org) in connection with the Sub-Investment Manager, or the Information Commissioners Office Cayman Islands (https://ombudsman.ky/data-protection) in connection with the Investment Manager or the Funds.

Where we have relied on consent to control or process your Personal Data, you have the right to withdraw consent at any time.  You also have the right to object to the control or processing of Personal Data on the basis of legitimate interests, although this right is subject to certain exceptions.

10. Website

We are committed to protecting and respecting your privacy online.  We are aware of the concern which exists over the use of Personal Data provided over the internet.

Personal identification information:  We may collect personal identification information when Users (meaning visitors to our website) email us from the links provided.  Users may be asked for, as appropriate, name and email address.  Users may, however, visit our website anonymously.  We will collect personal identification information from Users only if they voluntarily submit such information to us.

Non-personal identification information:  We may collect information about your computer (including your IP address, operating system and browser type) for system administration and in order to create reports.  This information is statistical data about our Users’ browsing actions and patterns and does not identify any individual.

Web browser cookies:  Our website may use the Google Analytics service to help analyse how Users use the website.  If this service is used by the BPAM Group, the tool will use “cookies,” which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form.  The information generated by the cookie about your use of the website (including IP address) is transmitted to Google.  This information would then be used to evaluate visitors’ use of the website and to compile statistical reports on website activity for the BPAM Group.  Google may use the data collected on the website to contextualise and personalise the advertisements of its own advertising network.  Google’s ability to use and share information collected by Google Analytics about your visits to the website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.  Google offers an opt-out mechanism for the web available here.

Third-party websites:  Users may find content on our website that links to the websites and services of our partners.  We do not control the content or links that appear on these third-party sites and are not responsible for the practices employed by their websites.  In addition, these sites or services, including their content and links, may be constantly changing.  These sites and services may have their own privacy policies and customer service policies.  Browsing and interaction on any other website, is subject to that website’s own terms and policies.

Your acceptance of these terms:  By using our website, you signify your acceptance of this Notice and terms of service.   If you do not agree to this Notice, please do not use our website.  Your continued use of the website following the posting of changes to this Notice will be deemed your acceptance of those changes.

11. Contact Details

If you have any questions about this data protection Privacy Notice or how we handle your personal information (e.g. our retention procedures or the security measures we have in place), or if you would like to make a complaint, please contact gdpr@bletchley.com for the attention of the Chief Operating Officer of Bletchley Park Asset Management Jersey Limited.

12. Changes to this Privacy Notice

We keep our Private Notice under regular review.  This Privacy Notice was last updated on 5 June 2018.