EU Privacy Policy

                                                                  EU PRIVACY NOTICE

Last Modified: November 2023

This Privacy Notice applies to the extent that European Data Protection Legislation (as defined below) applies to the processing of personal data by an Authorized Entity (as defined below) or to the extent that a data subject is a resident of the UK, the European Union (“EU”) or the European Economic Area (“EEA”). If this Privacy Notice applies, the data subject has certain rights with respect to such personal data, as outlined below.

For this Privacy Notice, “European Data Protection Legislation” means all applicable legislation and regulations relating to the protection of information relating to an identified or identifiable natural person in force from time to time in the EU, the EEA, or the UK and/or Luxembourg,, including, without limitation: Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”), the GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018, and any national implementing or successor legislation (including any data protection law applicable in Luxembourg such as the law of 1st August 2018 on the organization of the National Commission for Data Protection and the general regime on data protection, as may be amended or replaced), or any other legislation which implements or supplements any other current or future legal act of the European Union and/or the United Kingdom concerning the protection and processing of personal data and any national implementing or successor legislation, and including any amendment or re-enactment of the foregoing. The terms “controller”, “processor”, “data subject”, “personal data” and “processing” in this Privacy Notice shall be interpreted in accordance with the applicable European Data Protection Legislation. Unless the context otherwise requires, as used herein the words “include,” “includes” and “including” shall be deemed to be followed by the phrase “without limitation.” All references to “investor(s)” in this Privacy Notice shall be to such actual or potential investor(s) and, as applicable, any of such investor(s)’ partners, officers, directors, employees, shareholders, members, managers, ultimate beneficial owners and affiliates.

Please contact SR One at privacy@srone.com with any queries arising out of this Privacy Notice.

Categories of Personal Data Collected and Lawful Bases for Processing

In connection with offering, forming and operating private investment funds for potential investors, the applicable fund, its general partner, SR One , their affiliates and, in each case, their administrators, legal and other advisors and agents (the “Authorized Entities”) collect, record, store, adapt, and otherwise process and use personal data either relating to potential investors or to their partners, officers, directors, employees, shareholders, ultimate beneficial owners or affiliates or to any other data subjects from the following sources (and all references to “potential investor(s)” in this Privacy Notice shall be to such potential investor(s) and, as applicable, any of these other persons as relate to such potential investor(s)):

1. information received in telephone conversations, in voicemails, through written correspondence, via e-mail, or on subscription agreements, investor questionnaires, applications or other forms (including, without limitation, any anti-money laundering, identification, and verification documentation);
2. information about transactions with any Authorized Entity or others;
3. information captured on any Authorized Entity’s website, fund data room and/or investor reporting portal (as applicable) including registration information and any information provided through online forms and any information captured via “cookies”; and
4. information from available public sources, including from:

• • publicly available and accessible directories and sources;
  • bankruptcy registers;
  • tax authorities, including those that are based outside the UK and the EEA if you are subject to tax in another jurisdiction;
  • governmental and competent regulatory authorities to whom any Authorized Entity has regulatory obligations;
  • credit agencies; and
  • fraud prevention and detection agencies and organizations.

Any Authorized Entity may process the following categories of personal data:

1. names, dates of birth and birth place, gender, nationality and profession;
2. contact details and professional addresses (including physical address, email address and telephone number, fax number and proof of address);
3. account data and other information contained in any document provided by potential investors to the Authorized Entities (whether directly or indirectly), tax identifiers, tax status and tax certificates;
4. information regarding your use of our website, fund data room and investor reporting portal (e.g., cookies, browsing history and/or search history);
5. risk tolerance, transaction history, investment experience and investment activity;
6. information regarding a potential investor’s status under various laws and regulations, including their social security number, tax status, income and assets;
7. accounts and transactions with other institutions;
8. information regarding a potential investor’s interest in the applicable fund(s), including ownership percentage, capital investment, income and losses;
9. information regarding a potential investor’s citizenship and location of residence;
10. source of funds used to make the investment in the applicable fund(s); and
11. anti-money laundering, identification (including passport and drivers’ license) and verification documentation.

Any Authorized Entity may, in certain circumstances, combine personal data it receives from a potential investor with information that it collects from, or about such potential investor. This will include information collected in an online or offline context.

One or more of the Authorized Entities are “controllers” of personal data collected in connection with the applicable fund(s). In simple terms, this means such Authorized Entities: (i) “control” the personal data that they or other Authorized Entities collect from potential investors or other sources; and (ii) make certain decisions on how to use and protect such personal data.

There is a need to process personal data for the purposes set out in this Privacy Notice as a matter of contractual necessity under or in connection with the applicable agreement of limited partnership or other governing agreement (the “Fund Agreement”) and associated documentation for the fund(s) in which the data subject has or may invest, and in the legitimate interests of the Authorized Entities (or those of a third party) to operate their respective businesses. From time to time, an Authorized Entity may need to process the personal data on other legal bases, including: with consent; to comply with a legal obligation; if it is necessary to protect the vital interests of a potential investor or other data subjects; or if it is necessary for a task carried out in the public interest.

The legitimate interests referred to above are the processing purposes described in point (c), (d), (f), (g), (i) and (k) of the below section, the provision of the proof, in the event of a dispute, of a transaction or any commercial communication as well as in connection with any proposed purchase, merger or acquisition of any part of the relevant fund’s business; risk management; processing personal data of employees or other representatives of investors which are legal persons; and exercising the business of the fund in accordance with reasonable market standards.

A failure to provide the personal data requested to fulfill the purposes described in this Privacy Notice may result in the applicable Authorized Entities being unable to provide the services in connection with the terms of the Fund Agreement and/or the subscription agreement for such fund (the “Subscription Agreement”).

Purpose of Processing

The applicable Authorized Entities process the personal data for the following purposes (and in respect of paragraphs (c), (d) and (f), in the legitimate interests of the Authorized Entities):

1. The performance of obligations under the Partnership Agreement and/or the Subscription Agreement (and all applicable anti-money laundering, KYC and other related laws and regulations) in assessing suitability of potential investors in the applicable fund.
2. The administrative processes (and related communication) carried out between the Authorized Entities in preparing for the admission of investors to the applicable fund.
3. Ongoing communication with potential investors, their representatives, advisors and agents, (including the negotiation, preparation and signature of documentation) during the process of admitting potential investors to the applicable fund.
4. The ongoing administrative, accounting, reporting and other processes and communication required to operate the business of the applicable fund and/or any other Authorized Entity, including any website(s) of an Authorized Entity, and including in accordance with the Partnership Agreement and other applicable documentation between the parties.
5. Any legal or regulatory requirement.
6. Keeping investors informed about the business of the general partner of the applicable fund and its affiliates generally, including offering opportunities to make investments other than to the applicable fund.
7. Any other purpose that has been notified, or has been agreed, in writing.

The Authorized Entities monitor communications where the law requires them to do so. The Authorized Entities also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect their respective businesses and the security of their respective systems.

Sharing and Transfers of Personal Data

In addition to disclosing personal data amongst themselves, any Authorized Entity may disclose personal data, where permitted by European Data Protection Legislation, to other service providers, investors, employees, agents, contractors, consultants, professional advisers, lenders, processors and persons employed and/or retained by them in order to fulfill the purposes described in this Privacy Notice. In addition, any Authorized Entity may share personal data with regulatory bodies having competent jurisdiction over them, as well as with the tax authorities, auditors and tax advisers (where necessary or required by law).

Any Authorized Entity may transfer personal data to a Non-Equivalent Country (as defined below), in order to fulfill the purposes described in this Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to enter into, perform and administer the Subscription Agreement and Partnership Agreement, and to implement requested pre-contractual measures. For information on the safeguards applied to such transfers, please contact SR One at privacy@srone.com. For the purposes of this Privacy Notice, “Non-Equivalent Country” shall mean a country or territory other than (i) a member state of the EEA; or (ii) a country or territory which has at the relevant time been decided by the European Commission in accordance with European Data Protection Legislation to ensure an adequate level of protection for personal data.

Retention and Security of Personal Data

SR One and its affiliates consider the protection of personal data to be a sound business practice, and to that end, employ appropriate technical and organizational measures, including robust physical, electronic and procedural safeguards to protect personal data in their possession or under their control.

Personal data may be kept for as long as it is required for legitimate business purposes, to perform contractual obligations, or where longer, such longer period as is required by applicable legal or regulatory obligations. Personal data will be retained throughout the life cycle of any investment in a fund managed by SR One. However, some personal data will be retained after a data subject ceases to be an investor in such fund.

Data Subject Rights

It is acknowledged that, subject to applicable European Data Protection Legislation, the data subjects to which personal data relates, have certain rights under European Data Protection Legislation: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data; to access and receive a copy of their personal data; to request rectification of their personal data; to request erasure of their personal data; to exercise their right to data portability; and the right not to be subject to automated decision-making. Please note that the right to erasure is not absolute and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, erasure of the personal data requested to fulfill the purposes described in this Privacy Notice, may result in the inability to provide the services required pursuant to the Subscription Agreement and the Partnership Agreement.

In case the data subject to whom personal data relate disagrees with the way in which their personal data is being processed in relation to the Subscription Agreement or the Partnership Agreement, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.

This Privacy Notice may be amended from time to time. If this Privacy Notice is materially changed, the new Privacy Notice will be made available to you so that you are always aware of what and how personal data is collected and used.

The data subject may raise any request relating to the processing of his or her personal data by contacting SR One at privacy@srone.com or (+1) (650) 257-2212.