1. Capital Four is the data controller
Capital Four Holding A/S incorporated under CVR no. 36440678, Capital Four Management Fondsmæglerselskab A/S incorporated under CVR no. 30593065, Capital Four AIFM A/S incorporated under CVR no. 35670637 and Capital Four – Strategic Lending Fund GP ApS incorporated under CVR no. 36901373 jointly referred to as “Capital Four”, “us” or “we” is each a data controller for the personal data you share with each of us.
Our contact information is:
Capital Four Management
Per Henrik Lings Allé 2, 8th floor
2100 Copenhagen Ø
Phone: +45 3525 6100
We ensure that your personal data is protected. We are subject to secrecy of duty and confidentiality, and hence our systems are protected with appropriate technical and organisational measures.
Our internal rules on IT security contain instructions and measures protecting your personal data against destruction, deletion or changes, and against unauthorised or unlawful loss or disclosure.
In case of a data protection breach we will inform you and the relevant authorities as soon as practicable possible and within the time limits stipulated in the GDPR.
2. The purposes and the legal basis for the processing of personal data
We process personal data for the following purposes:
- General client administration in relation to our financial services business and performing investment analysis of investment opportunities as part of our services, ref. section A., B. and D. below.
- Complying with Anti-Money Laundering regulation and reporting regulations, ref. section C below.
Information as to how and why we process your personal data can also be found in the contracts with you which include any terms of business applicable to the services.
Our legal basis for the processing of personal data is:
A: You have given consent to the processing of your personal data for one or more specific purposes (GDPR article 6, 1, a).
B: The processing is necessary for the performance of a contract with you or in order to take steps at the request of you prior to entering into a contract, and to provide you with appropriate offers, advice and services as part of our contract (GDPR article 6, 1, b).
C: The processing is necessary for compliance with a legal obligation which we are subject to (GDPR article 6, 1, c):
- Know Your Customer requirements and AML monitoring, reporting etc., including sanctions screening, pursuant to the Danish Anti-Money Laundering Act
- The Danish Bookkeeping Act
- Reporting to the tax authorities in accordance with the Danish Tax Control Act
- Reporting to supervisory authorities etc. according to the Danish Financial Business Act and the Danish Alternative Investment Funds Managers Act
- Other obligations related to service specific legislation e.g. securities trading legislation
D: The processing is necessary for the purposes of our legitimate interests, e.g. when performing investment analysis as part of our services (GDPR article 6, 1, f).
We may collect personal data about contact persons who are employees of our suppliers and business partners when such person is acting on behalf of the other party. We collect such information as part of entering into a contract with the collaborator or when receiving services from suppliers. Further, we might need to collect contact information about employees of the authorities.
3. Categories of personal data
The personal data is in most cases collected directly from you or generated as part of the usage of our services. Sometimes additional information is required to keep information up to date or to verify information we collect. The personal data may include the following categories:
- Identification information: name, identification number, documentation of such information, for instance a copy of a passport, driver’s license or the like
- Contact information: postal address, email address, telephone number(s)
- Employer or position
- Messages you have sent to us
- Recording of phone conversations related to securities trading
- Publicly available information from external sources such as registers held by governmental agencies, sanction lists, and other commercial information providers providing information on e.g. beneficial owners and politically exposed persons
4. Where do we receive the information from?
Usually, we will receive the information from you, however, we might also receive it from your employer, or from publicly available sources. Further, we might receive information you have disclosed to our service providers for performing our investment analysis.
5. Who we might disclose your personal data to
As part of our financial services business we may share your personal data with the following recipients or categories of recipients:
- Public authorities including the Danish State Prosecutor for Serious Economic and International Crime (SØIK) and Tax authorities, and supervisory authorities
- Suppliers and service providers assisting with technical support and services
- Business partners
- Data Processors
We have entered into agreements with selected suppliers, which as part of their services to us process personal data on behalf of us. Examples hereof are suppliers of IT development, maintenance, hosting and support.
Before sharing we will always ensure that we respect relevant financial industry secrecy obligations.
6. How long we keep your personal data
We will only retain your personal data for as long as needed for the purposes of which the data was collected and processed or for as long as it is required by laws and regulations, e.g. the Danish Bookkeeping Act and the Danish Anti-Money Laundering Act.
When a client relationship is terminated, information regarding KYC is stored for 5 years according to the Danish Anti-Money Laundering Act.
7. Your privacy rights
You have certain rights under the General Data Protection Regulation. These include the following:
- Access to your personal data: You have the right to obtain a copy of the personal data that we hold about you.
- Correction of incorrect or incomplete data: You have the right to rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
- Erasure: If there is no longer a legal basis for our processing of personal data you have the right to obtain the erasure of personal data concerning you and we have the obligation to erase personal data without undue delay. However, due to financial regulation, we are in many cases obliged to retain personal data during a client relationship, and even after that, e.g. to comply with a legal or regulatory obligation or where processing is carried out to manage legal claims.
- Limitation of processing: You have the right to ask us to suspend processing of personal data in special cases.
- Object to processing: In certain specific cases you have the right to object to processing of personal data concerning you. We may not be able to comply with such request where there are compelling legitimate grounds for us to process your personal data or where the processing of your personal data is required for compliance with a legal or regulatory obligation or relating to legal proceedings.
- Data portability: You have in certain cases the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance.
Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case.
8. Updating your personal data
It is important for us that we maintain accurate records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible and we will update our records accordingly.
9. Data protection authority
You have a right to file a complaint about the processing of your personal data with the Danish Data Protection Agency. You can find contact information here: www.datatilsynet.dk.
10. Notification of changes