WHO ARE WE?
Reiten & Co AS is registered in Norway with number 981 225 856. Its registered office is at Haakon VIIs gt 1, 0117 Oslo. Funds advised by Reiten & Co AS in the Channel Islands, Reiten & Co Capital Partners VI L.P. and Reiten & Co Capital Partners VII L.P., are regulated by the Guernsey Financial Services Commission (“GFSC”) in the Channel Islands.
Reiten is committed to maintaining, protecting and respecting your privacy and the confidentiality, integrity and security of personal data about yourself or others that you may provide. If you do give us any personal data about yourself or others, we are committed to treating it securely, fairly and lawfully and in a transparent manner.
The “Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Economic Area (“EEA”) and their member states, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and their respective successors, applicable to the protection of natural persons with regard to the processing of personal data (as defined under the GDPR) and on the free movement of such data.
THE DATA CONTROLLER
WHAT THIS PRIVACY COVERS
1. INFORMATION WE COLLECT FROM YOU
Information you give us
You may give us information about you by filling in forms that we have given to you to fill in (which form part of your agreement with us), by corresponding with us via telephone, email, facsimile or otherwise. The information you give us may include:
- Your name;
- Your email address;
- Your telephone number;
- Your date of birth;
- Your client number or unique investor identification number;
- Your gender;
- Your financial information;
- Information about your investment strategies, objectives and risk tolerances;
- Your credit card information and/or your bank account details;
- Tax identification information;
- Anti-Mony-Laundering/Know-Your-Customer information as required;
- Any further personal data required as part of the provision of our services.
Information collected automatically
Each time you visit our site we may automatically collect the following information:
- technical information including the internet protocol (“IP”) address used to connect your computer to the internet, your log-in information, browser type and version, browser plug-in types and versions, time zone setting, operating system and platform; and
- information about your visit, including the Uniform Resource Locators (“URL”) clickstream to, through and from our site (including date and time); items you searched for; page response times; download errors, length of time spent on pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page and any phone number used to call us.
Information we receive from other sources
We work closely with third parties who may collect personal data from you and pass it onto us. For example, where we are conducting due diligence on prospective investee companies or decide to invest in third parties we may receive personal data, including but not limited to CV’s. Where this applies, the third party is responsible for providing you with relevant information and obtaining the relevant consents from you (if required) in respect to how your personal data will be used. We may combine this information with information you give to us and information we collect about you. We may use this information and combined information for the purposes set out below (depending on the types of information we receive).
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations, emails and other electronic communications) for the purpose of quality assurance, training, fraud prevention and compliance with our obligations under applicable legislation.
Personal data about other individuals
- Give consent on his/her behalf to the processing of his/her personal data; and
- Receive on his/her behalf any data protection notices
2. HOW WE USE YOUR INFORMATION
We may use information which you have given to us and we have collected and hold about you in the following ways:
- To carry out our obligations arising from the contracts entered into between you and Reiten and to provide you with information that you request from us;
- To comply with our legal obligations to carry out identity and anti-money laundering checks (please see also the “Identity and Anti-Money Laundering Checking” section below);
- To fulfil other legal obligations, comply with court order, other judicial process, or the requirements of a regulator;
- To maintain our statutory registers;
- To provide you with information on our portfolio, which you have already invested in or enquired about;
- To notify you of investment/divestments that occur within our portfolio;
- To communicate with you in connection with your investment, including by sending you investor reports and invitations to investor meetings, as part of our Services;
- To notify you of fundraising activities;
- To notify you about changes to our services;
- To measure or understand the effectiveness of marketing communications, advertising and or financial promotions we serve to you and others, and to deliver relevant marketing communications, advertising and or financial promotions to you;
- To ensure that content from our site is presented in the most effective manner for you and for your computer;
- To administer our site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- As part of our efforts to keep our site safe and secure;
- To alert you to special events, and service offerings and for other legitimate business purposes;
- If you ask us to delete your data and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing; and
- To enforce our agreement with you, protect the rights, property or safety of us or and/or those of our affiliates, you or others; and in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.
3. LEGAL BASIS FOR PROCESSING
The legal basis on which we rely to process your personal data as described above is that (a) it is necessary to perform the contract we have entered into with you or to take steps prior to entering into a contract at your request, (b) it is necessary to comply with any legal obligations imposed upon us, or (c) it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where the personal data we collect from you is needed to ensure compliance with legal obligations or to perform our agreement, failure to provide relevant personal data may prevent maintenance of a contractual relationship with you. Please see the “Marketing” section below for information on the legal basis we rely on for our marketing activities.
We may send you information by email, telephone, text message (sms) relating to products or services of ours which may be of interest to you and are similar to the services you subscribed to (such as information about similar funds you may be interested in), unless you have refused or opted out of receiving this information at the time you provided us with your data or you have later indicated to us that you do not wish to receive communications in this manner. You can opt out at any time of receiving such communications by contacting us as set out under the “How to Contact Us” section below or following the opt-out instructions included in each communication. Sending this type of communication is in our legitimate interest. We may also use your name and address to send you marketing communications by post. It is in our legitimate interest to use your personal data for postal marketing.
You can change your preferences for receiving marketing communications and other information from us at any time. You can unsubscribe at any time through the method referred to in the footer of sent marketing communications, or by contacting us. (See the “How to Contact Us” section below.) See the “Your Rights” section below for further information.
Email marketing messages may contain tracking beacons and/or tracked clickable links or similar server technologies in order to track your interaction with emails, for example to know when you have viewed particular content or a particular email message. Where used, such marketing communications may record a range of information relating to engagement, geographic, demographics and already stored subscriber data.
Please note that we may use your marketing and content preferences, and other information you provide to us (including details of your attendance at, or interest in, events) or information on your use of our site in order to send you personalised marketing and try and ensure that you only receive information that you are likely to find of interest.
5. IDENTITY AND ANTI-MONEY LAUNDERING CHECKING
We may do an identity and/or credit check on you:
- So that we and other related affiliates can verify your identity;
- To make credit decisions about you; and
- To prevent and detect fraud and money laundering.
Our search will be recorded on the files of the credit reference agency. We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked.
Other credit businesses may use your information to:
- Make credit decisions about you and the people with whom you are financially associated;
- Trace debtors; and
- Prevent and detect fraud and money laundering. If you provide false or inaccurate information to us and we suspect fraud, we will record this.
It is our legal obligation to use your personal data to conduct identity and anti-money laundering checking, or it is in our or a third party’s legitimate interest to do so. In some instances, we may hold an identity check and/or credit file. Please contact us using the contact information below and we will provide you with the details of the agencies which we use so that you can contact them directly to obtain the relevant information.
6. DISCLOSURE OF YOUR INFORMATION
Reiten may disclose your personal data to another entity for the purposes of outsourcing one or more of the services provided by us; or, to confirm or update information provided by you; or to inform you of events, information about our services, and other important information, or for other purposes disclosed at or before the time the information is collected. We may share your information when legally required to do so.
We may share your personal data with:
- Other companies affiliated with us;
- Our agents, service providers, suppliers and sub-contractors who assist us with the performance of our Services and meeting business operation needs: custodians; data storage companies who assist us in storing and backing up the data relating to our business; web hosting companies who assist us with the hosting, operation and maintenance of our site; compliance and anti-money laundering identification; and providers of software that we use in our business, including in relation to the production of investor notices and financial statements, client relationship management, investment management, reporting software and other software;
- Credit reference agents – see “Identity and Anti-Money Laundering Checking” section above;
- Our business partners in accordance with the “Marketing” section above;
- In the event that we buy or sell any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, or their advisors;
- Law enforcement agencies in connection with any investigation to help prevent unlawful activity;
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, where requested by regulatory agencies, or in order to enforce or apply our terms of business and other agreements or to protect the rights, property or safety of Reiten. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- Financial institutions and other similar organisations that we deal with in the course of the Services we offer; and
- Auditors, accountants, legal counsel or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate.
When we share your information with third parties, they will process your information either as a data controller or as our data processor and this will depend on the purpose of our sharing the personal data. We will only share your personal data in compliance with the applicable data protection legislation and the Data Protection Laws and Regulations.
We have put in place what we consider to be appropriate security measures against unlawful or unauthorised processing of the personal data we hold about you, and against the accidental loss of, or damage to, such personal data. We use both technical and procedural methods to maintain the integrity and security of our databases, including firewalls. But please be aware though that no security measures are perfect or impenetrable.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.
8. ACCURACY OF PERSONAL DATA
We try to ensure that the information we hold about you is accurate and kept up-to-date by contacting you at regular intervals and asking you to confirm that this is the case, or if not, to provide us with updated details. However, if at any time you believe that any information we are holding about you is inaccurate, out-of-date or incomplete, please notify us at firstname.lastname@example.org as soon as possible. We will correct or delete any information found to be incorrect.
9. TRANSFERS OF YOUR INFORMATION OUT OF THE EEA
We store your personal data on our secure servers located in Norway. Reiten operates internationally and processing of your personal data for the purposes described above may occur in countries outside of the European Economic Area (“EEA”), such as the United States, which may not have data protection regulations as stringent as those in the EEA.
10. YOUR RIGHTS
You have the following rights with respect to your personal data. If you want to exercise any of these rights you can do so by contacting us at email@example.com
The right to access your personal data
You can request information on what personal data we hold along with certain other details (this is known as a “Data Subject Access Request” or “DSAR”). If you would like to obtain a copy of some or all of your information, please contact us and let us know what information you require. In some cases we may need to charge a reasonable fee in relation to your Data Subject Access Request, for example if you require additional copies of your personal data based on the administrative cost of providing you with such further copies.
The right to correct your personal data
The right to object to the processing of your personal data
The right to request deletion of your personal data
You can ask us to erase your personal data (also known as the “right to be forgotten”) in the following circumstances:
- It is no longer necessary for Reiten to hold that personal data with respect to the purpose for which it was originally collected or processed;
- It is no longer necessary for Retien to hold that personal data to comply with its legal obligations;
- You wish to withdraw your consent to us holding and processing your personal data (where applicable because that was the legal basis on which we were processing your data);
- You object to us holding and processing your personal data that we process based on a legitimate interest (and there is no overriding legitimate interest to allow us to continue doing so) or you object to the processing of your personal data for direct marketing purposes;
- The personal data has been processed unlawfully; or
- The personal data needs to be erased in order for us to comply with a particular legal obligation.
- We will comply with your request unless we have reasonable grounds to refuse to erase your personal data.
Right to withdraw consent
If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
Right to restrict processing
You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read above for information on your right to object).
Right to data portability
You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means.
Right to lodge a complaint with the data protection authority
If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the data protection authority that is authorised to hear those concerns.
13. HOW TO CONTACT US
If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your personal data in accordance with the Data Protection Laws and Regulations, you have the right to lodge a complaint at the The Norwegian Data Protection Authority (Datatilsynet) https://www.datatilsynet.no/en/