Privacy Policy

General Data Protection Regulation

Asper Investment Management Limited Privacy Policy Statement

Introduction Asper Investment Management Limited (“Asper”) respects the privacy of every individual whose personal information it handles. We are committed to respecting and protecting personal data and will process personal data provided to Asper only in accordance with applicable data protection and privacy laws. Personal data includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question or who can be indirectly identified from that information in combination with other information. The main objective of this Privacy Policy Statement (“Statement”) is to provide a clear indication of how Asper collects, stores and uses personal data. When this Statement mentions “company”, “we”, “us”, “our” all of those terms refer to Asper Investment Management Limited (company number: 10075247) with registered offices located at Halkin, 68 King William Street, London, EC4N 7HR. This Statement is not an exhaustive description of how we process the personal information of natural persons. If you have any questions about this Statement, or our privacy related practices, please contact us at: gdpr@asper‐im.com. This Statement has been approved by the Board of Asper. Data protection laws Asper Investment Management processes data in line with UK laws and regulations; more specifically the General Data Protection Regulation. This regulation became effective on 25 May 2018. How do we collect personal information? We will collect information from you when you interact with us in person, in writing, by telephone and by email. For example, when you are an actual or potential investor or an actual or potential business partner, advisor, consultant or supplier. If you email us your CV, or if you have a meeting with a representative of Asper and provide us with your business card, or if you visit our office where your image is recorded by the building’s CCTV systems operated for security purposes. We may also receive information from other sources, such as third parties who collect personal information from you and pass it on to us. For example, where we conduct verification or antimoney laundering checks as part of our AML policies and procedures. What types of personal information do we collect? Personal information that we hold about you (including through our website) may include names, work addresses, email addresses, contact numbers, job title, employer organisation. Information required to verify your identity, for example passports, identification documents and proof of home address for anti‐money laundering and Know Your Customer, references, background and other similar checks, or any other personal information that you provide to us. Asper will take all reasonable steps to keep your personal information accurate and, where necessary, up‐to‐date. Please notify us at: gdpr@asper‐im.com if you believe that any of the information Asper holds about you is incorrect. Grounds for processing To process your data lawfully we will use your information on one or more of the following grounds:

  • you are a party to a contract and processing your personal data is necessary for the performance of contract;
  • it is in our legitimate interests to do so and where such interests are not overridden by your privacy interests;
  • it is required for our or our funds’ compliance with legal and regulatory obligations, including our FCA duties to our clients, or where disclosures are requested by authorities, regulators or governmental bodies;
  • we have obtained your consent where one of the above grounds cannot reasonably be relied upon.

Your personal data will not be sold to third parties, marketing agencies or processed in an unlawful manner. If we seek to use your personal data for a purpose beyond that for which it was originally collected, we will seek your consent or look to rely on another valid legal ground to process your personal information in accordance with applicable law. How do we use your personal information We will use your personal information, and may share your personal data with other third parties
acting on our behalf (as detailed below) in respect of:

  • maintaining contact records and providing business updates;
  • communicating with you about and sending invitations for presentations, events and meetings with representatives of Asper;
  • communicating with you about potential business or career opportunities;
  • obtaining professional services from our third parties, including consultants, auditors, accountants and lawyers;
  • complying with anti‐money laundering and Know Your Customer, references, background and other checks;
  • compliance with our regulatory and legal obligations, including fiduciary duties and FCA obligations to clients, or requests for disclsosures from a court, regulatory or governmental body;
  • conducting due diligence with regard to potential or actual investment opportunities;
  • improving marketing materials;
  • evaluating potential candidates for future recruitment and assessing your application if you have applied for a job with us;
  • responding to your enquiries and resolving your complaints.

Who might we provide your personal information to? There are circumstances where we may be compelled or wish to disclose your personal information to third parties. This will only take place in accordance with applicable law and on the basis of one or more of the lawful grounds for processing (detailed above). This may include sharing your personal information with companies who process personal information on our behalf, such asthird party outsourced service providers to facilitate the provision of our services, providers of cloud hosting solutions and professional advisers, such as lawyers, fund administrators, accountants or other consultants and group entities. Asper will ensure that, where a third party is used for specific reasons, the service provider has agreed to protect and maintain the security and confidentiality of the information that Asper shares with them. Sensitive or special category personal data Certain types of data require extra safeguards, in particular information about children, the “special categories” of personal data including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation, genetics, and biometrics, and criminal offences (including allegations and sentencing). We generally do not need this information so please do not send it to us. Retention and deletion Asper will retain personal information for a period that will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation. Destruction of data will be carried out in accordance with Asper’s data retention policy. Where the retention schedule requires destruction instead of archival, the following shall apply:

  • Paper records will be shredded by a provider who grants documented evidence of its destruction in the form of a certificate or video evidence.
  • Electronic records shall be deleted from live systems but may be retained on back‐ups in
    line with the back‐up retention schedule.
  • Physical equipment capable of storing data shall be disposed of either by (i) physical
    destruction (crushing) or (ii) by government certified levels of electronic shredding. All electronic shredding shall come with a certificate of destruction.

Limitations on the transfer of personal data The GDPR restricts data transfers to countries outside the UK in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. Equivalent requirements apply in the EU. Asper individuals transfer personal data originating in one country across borders when they transmit or send that data to a different country or view/access it in a different country. If Asper individuals need to transfer data outside of the UK or, if operating from an EU
establishment, outside the EU,1 please speak to the GDPR Project Team in advance. Measures put in place to safeguard your personal data We have put in place several technical and organisational measures aimed at protecting the confidentiality, the integrity and the availability of your personal data:

  • All the endpoints of the company are protected with antivirus and firewalls.
  • Encryption technology is in use to protect the integrity of the personal data we process. Encryption prevents data from being easily accessible and recoverable in the event of theft or computer misuse.
  • A password policy is currently in place to ensure that the data stored on our systems is only accessible to authorised personnel. The passwords are changed on a regular basis.
  • We regularly make backups of our data to ensure that it is readily available in the event of technical problems or disaster recovery.
  • We restrict access to personal information to those employees and third parties who need to know that information for the purposes set out in this Statement.

While Asper takes appropriate technical and organistaional measures to safeguard the personal information that you provide, no transmission over the internet can ever be guaranteed secure and Asper cannot guarantee its security by this method of transmission. Your rights Under data protection laws you have certain rights, including the right to: access, rectify, withdraw consent, erase, restrict, transport and object to the processing of your personal information. You also have a right to lodge a complaint with the Information Commissioner’s Office (see further details below) if you believe your information is not being processed in accordance with the law. Should you wish to exercise any your rights, please contact: gdpr@asper‐im.com. We will do our best to respond within 30 days, but if it is going to take longer we will contact you to ask for further time. Privacy and the internet Asper’s website www.asper‐im.com uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owner of the site. The main objective of cookies is to provide us with data that we can use to improve our website in order to provide you with a better service. Google Analytics is in use to collect information about how visitors use our website. Please see Asper’s Cookie Policy at www.asper‐im.com for further details. When using our website without adjusting your web browser to block them, you are consenting to these types of cookies being stored on your device. Additional information If you have any questions with regards to this privacy policy, the way your data is handled or if you would like to exercise any of your rights under the General Data Protection Regulation, please contact gdpr@asper‐im.com or in writing to: Debbie Hudgell Kuhler, Asper Investment Management, Halkin, 68 King William Street, London, EC4N 7HR. The Information Commissioner’s Office and Autoriteit Persoonsgegevens (Dutch Data Protection Authority) If you would like to learn more about the General Data Protection Regulation, you can visit: UK: the ICO’s website following this link: https://ico.org.uk/. You can also find an overview of the GDPR following this link: https://ico.org.uk/for‐organisations/data‐protectionreform/overview‐of‐the‐gdpr/ Netherlands: the Autoriteit Persoonsgegevens’ website following this link: https://autoriteitpersoonsgegevens.nl/en Notification of changes This Statement is dated June 2021. We may amend this Statement from time to time without notice. An amended Statement will be posted and available on our website. We may change the Statement for a number of reasons, including changes in law, market practice or our treatment of your personal information.

1 Please note that this includes transfer of personal data from an EU establishment to the UK.