We or us in this Privacy Notice refers to Nordic Capital.
Nordic Capital respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
This Privacy Notice aims to give you information on how we use, process and store your personal data.
It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.
This Privacy Notice was last updated on 7 May 2020. In this Privacy Notice, “DP Laws” shall mean the General Data Protection Regulation (2016/679) (the GDPR) and any supplementing national law and any other applicable laws concerning the protection or processing of personal data in any jurisdiction worldwide, each as amended from time to time.
About Nordic Capital
Nordic Capital is the common denomination for a group of private equity funds and vehicles, including Nordic Capital Fund V, Nordic Capital Fund VI, Nordic Capital Fund VII, Nordic Capital Fund VIII, Nordic Capital Fund IX, Nordic Capital CV1, Nordic Capital Fund X and any successor funds or vehicles from time to time (together, the Vehicles), together with certain co-investment, holding companies and other vehicles within, or otherwise connected to, those Vehicles (each, an Entity).
This Privacy Notice is issued by Nordic Capital Limited (NCL) for and on behalf of Nordic Capital, to include (but not limited to) the general partners for each of the Vehicles and/or the Entities (as appropriate), being (but not limited to) Nordic Capital V Limited, Nordic Capital VI Limited, Nordic Capital VII Limited, Nordic Capital VIII Limited, Nordic Capital IX Limited, Nordic Capital CV1 Limited, Nordic Capital X Limited and Nordic Capital X SARL (each, a Data Controller). Each of the Data Controllers may act both in their own corporate capacity and in their capacity as general partners.
The Vehicles are advised by their non-discretionary sub-advisers (as appropriate), NC Advisory AB, NC Advisory A/S, NC Advisory AS, NC Advisory GmbH, NC Advisory Oy, NC Advisory (UK) LLP, Nordic Capital Investment Advisory AB, Nordic Capital Investment Advisory A/S, Nordic Capital Investment Advisory AS, Nordic Capital Investment Advisory GmbH, Nordic Capital Investment Advisory Oy, Nordic Capital Investment Advisory LLP, Nordic Capital Investment Advisory LLC and Nordic Capital Operations Advisory AB.
Information which is collected as a result of your use of this website will be the responsibility of NCL, who will act as data controller in relation to your personal data. If you deal with any of the Vehicles and/or Entities as an investor or as a prospective investor (or otherwise in connection with an investment or prospective investment), then the general partner of that Vehicle and/or that Entity or that Entity itself will be responsible for the processing of your personal data and will act as data controller or joint controller together with NCL. We will provide you with further information about the applicable Data Controller(s) and how your personal data as an investor or potential investor is processed by such Data Controller(s) in the privacy notice of the applicable subscription agreement(s).
What personal data does Nordic Capital collect?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, including:
- Identity Data, which includes title, name, marital status, gender, nationality, date of birth, username or similar identifier, as well as copies of anti-money laundering, identification (for example, passport, national ID card, driver’s license, employee identification numbers) and verification documentation;
- Contact Data, which includes address, email address, telephone numbers as well as copies of proof of address documentation (for example, copies of utility bills or bank statements);
- Financial Data, which includes bank account details and may include source of wealth, including details of your tax residency;
- Transaction Data, which includes details about payments to and from you, risk tolerance, transaction history, investment experience and investment activity, interest in the Partnership, including ownership percentage, capital investment, income and losses;
- Technical Data, which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
- Usage Data, which includes information about how you use this website or access other online platforms that are provided to you (for example, the Intralinks Inc. (Intralinks) system); and
- Marketing and Communications Data, which includes your preferences in receiving marketing from us and our third parties, and your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor do we collect any information about criminal convictions and offences (other than information which is already in the public domain and is provided to us by third party providers, including World-Check).
How does Nordic Capital collect personal data?
We use different methods to collect personal data, including:
Information that is provided directly to Nordic Capital
We may collect personal information from prospective investors, intermediaries and other business partners for the purposes of establishing a business relationship with you in respect of a Nordic Capital fund, entering into contractual relationships, and/or to otherwise satisfy our legal or regulatory obligations.
Information obtained from third parties
We also collect and process information from a variety of publicly available sources, such as the internet, social media and commercial registries. We may also undertake background checks (using providers such as World-Check).
In addition, we may receive personal data in connection with legal requirements that are applicable to us, or from third parties in connection with the services we provide.
How do we use your personal data once collected?
We will only use your personal data when applicable laws allow us to. Typically we will use your personal data in the following circumstances, for the following purposes and pursuant to the following legal bases:
1. where we need to do so in order to perform a contract to which you are party, or to comply with a request you have made prior to entry into a formal contract with us, including:
- to manage or administer your commitments and/or interests and any related accounts on an ongoing basis;
- to administer and operate the Entity;
- to verify the identity of a Data Controller or an Entity in connection with any actual or proposed investments of any such Entity and/or for any purpose which a Data Controller or NCL considers is necessary or desirable to further the interests of a Data Controller, NCL or an Entity; and/or
- risk management and risk controlling purposes relating to an Entity or any entity in the same group as such Entity;
2. for direct marketing purposes (e.g. to inform you of new investment opportunities);
3. where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests, including:
- to carry out statistical analysis or market research;
- to investigate and respond to any complaints about us and to help maintain service quality and train staff to deal with complaints and disputes;
- to provide proof, in the event of a dispute, of a transaction or any commercial communication as well as in connection with any proposed purchase, merger or acquisition of any part of an Entity’s business; and/or
- marketing products or services (including new investment opportunities) related to the ones already provided by a Data Controller;
4. where we need to comply with our legal and/or regulatory obligations, for example:
- to comply with in-house procedures and statutory/regulatory requirements applicable to a Data Controller (including under appropriate anti-money laundering legislation and customer due diligence verification purposes);
- to help detect, prevent, investigate, and prosecute fraud and/or other criminal activity, and share this data with our legal, compliance, risk and managerial staff to assess suspicious activities;
- to comply with foreign laws and regulations and/or any order of a foreign court, government, supervisory, regulatory or tax authority; and/or
- if required in order to comply with FATCA, CRS, any other equivalent information reporting regimes, or as otherwise required by law, disclose details of your name, address, taxpayer identification number (TIN) or perform a contract with you concerning the accounts held by you (including the total gross amount paid or credited); and/or
5. for any other specific purpose to which you have given your consent.
Disclosure of personal data
We may disclose or transfer personal data to other entities within Nordic Capital insofar as we deem it necessary for the proper performance of the services a Data Controller provides to you, for bona fide compliance purposes as well as on the other basis as set out within this Privacy Notice.
In addition, we may disclose or transfer personal data to subcontractors (including, but not limited to, our corporate administrators, our bankers and other service providers), our legal and other advisors and agents, any third party that acquires, or is interested in acquiring or securitising, all or part of our assets or shares, or that succeeds us in carrying on all or a part of our businesses, or services provided to it, whether by merger, acquisition, reorganisation, restructuring or otherwise as well as any other third party supporting the activities of a Data Controller where it is necessary for the proper performance of the services that we provide to our clients, and may disclose or transfer personal data to competent authorities in order to comply with our legal and/or regulatory obligations.
International data transfers
We may process, store or transfer (in hard copy and/or electronically) your personal data anywhere in the world, including countries outside the European Economic Area. We may transfer personal data to a Non-Equivalent Country (as defined below), in order to fulfil the purposes described in this Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to perform and administer the services provided to you, and to implement requested pre-contractual measures. For information on the safeguards applied to such transfers, please contact, in Jersey, NCL at firstname.lastname@example.org and, in Luxembourg, Nordic Capital X SARL at AztecLuxFX@aztecgroup.eu. For the purposes of this Privacy Notice, “Non-Equivalent Country” shall mean a country or territory other than (i) a member state of the European Economic Area; or (ii) a country or territory which has at the relevant time been decided by the European Commission in accordance with DP Laws to ensure an adequate level of protection for personal data.
Our investor portal is provided by Intralinks. Intralinks are participants in the US-EU Privacy Shield Framework and accordingly any data which we may transfer to them is transferred on that basis. Should you utilise our investor portal, you should ensure that you review Intralink's privacy notice.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will process and store your personal data for as long as our business relationship continues, or for the duration of provision of services to you by us.
We may also store that data for as long as necessary in order to comply with our legal, compliance, contractual or other regulatory obligations or in connection with the establishment, enforcement or defense of any legal claims.
You have the right to:
- access your personal data;
- correct your personal data where it is inaccurate or incomplete;
- restrict under certain circumstances the further processing of your personal data;
- ask for erasure of your personal data under certain circumstances;
- object to the use of your personal data (including direct marketing purposes); and
- ask for personal data portability under certain circumstances.
Further, you may at your discretion refuse to communicate personal data to a Data Controller or object to some processing of your personal data. There are, however, situations where a Data Controller can refuse to comply with such a request. For example, where it is subject to a legal or contractual obligation to process the data. There may, however, be implications in respect of your holding of interests in an Entity until such time as the requisite data has been provided. Where the processing is based on consent, the withdrawal of consent shall not affect the lawfulness of processing for other reasons and based on other grounds where this is permitted under applicable law.
Third party websites
This Privacy Notice does not cover any third-party websites reached via links on this website. You are advised to read the privacy statements on the third-party websites you visit.
You have the right to make a complaint at any time to the competent data protection supervisory authority in the relevant jurisdiction. In Jersey, such authority is the Data Protection Authority, which can be contacted at +44 (0)1534 716530 or at www.JerseyOIC.org and in Luxembourg, such authority is the Commission Nationale pour la Protection des Données (the CNPD) which can be contacted at the following address: 1, Avenue du Rock’n’roll, L-4361 Esch-sur-Alzette, Grand-Duchy of Luxembourg. We would, however, appreciate the chance to deal with your concerns before you approach the applicable data protection supervisory authority, so please contact us in the first instance, in Jersey, at email@example.com or, in Luxembourg, at AztecLuxFX@aztecgroup.eu.
Changes to Privacy Notice
Each Data Controller reserves the right to update this Privacy Notice at any time, and will ensure that any update to this Privacy Notice is made available on this website. We may also notify you in other ways from time to time about the processing of your personal data.
Our full contact details are:
Name or title of contact: The Administrator
Email address: firstname.lastname@example.org
Postal address: 26 Esplanade, St Helier, Jersey, Channel Islands, JE2 3QA
Name or title of contact: Nordic Capital X SARL
Email address: AztecLuxFX@aztecgroup.eu (mailbox for Nordic Capital X SARL)
Postal address: 8, rue Lou Hemmer, L-1748 Senningerberg, Grand Duchy of Luxembourg
LUXEMBOURG ADDENDUM TO THE PRIVACY NOTICE
Where you are investing in an Entity which has its registered office in Luxembourg, please be informed that the data controller will be the entity indicated as such in the Privacy Notice provided to you at the time of interest for an investment or your investment in such Entity (the “Luxembourg Data Controller”) and collects, stores and processes, by electronic or other means, the personal data you supplied (or if you are a legal person, any natural person related to you such as your contact person(s), employee(s), trustee(s), nominee(s), agent(s), representative(s) and/or beneficial owner(s)).
The Luxembourg Data Controller may disclose your personal data to third parties located in a Non-Equivalent Country. Where such third parties are located in a Non-Equivalent Country, the Luxembourg Data Controller has adopted appropriate safeguards for such transfer. Those safeguards are namely the EU-US Privacy Shield or that the Luxembourg Data Controller has entered into legally binding transfer agreements with the relevant third parties in the form of the European Commission approved model clauses, or any other appropriate safeguards pursuant to the GDPR. In this respect, you have a right to request copies of the relevant document for enabling the personal data transfer(s) towards such countries by contacting the Luxembourg Data Controller at the address provided in the Privacy Notice.