1. Capital Four is the Data Controller
Capital Four Holding A/S incorporated under CVR no. 36440678, Capital Four Management Fondsmæglerselskab A/S incorporated under CVR no. 30593065, Capital Four AIFM A/S incorporated under CVR no. 35670637 and Capital Four – Strategic Lending Fund GP ApS incorporated under CVR no. 36901373 jointly referred to as “Capital Four”, “us” or “we” is each a data controller for the personal data you share with each of us.
Our contact information is:
Per Henrik Lings Allé 2, 8. sal
2100 Copenhagen Ø
Telefon: +45 3525 6100
We ensure that your personal data is protected. We are subject to secrecy of duty and confidentiality, and hence our systems are protected with appropriate technical and organisational measures.
Our internal rules on IT security contain instructions and measures protecting your personal data against destruction, deletion or changes, and against unauthorised or unlawful loss or disclosure.
In case of a data protection breach we will inform you and the relevant authorities as soon as practicable possible and within the time limits stipulated in the GDPR.
2. The purposes and the legal basis for the processing of personal data
We process personal data for the following purposes:
- General client administration in relation to our financial services business
- Complying with Anti-Money Laundering regulation and reporting regulations
Information as to how and why we process your personal data can also be found in the contracts with you which include any terms of business applicable to the services
Our legal basis for the processing of personal data is:
- The processing is necessary for the performance of a contract with you or in order to take steps at the request of you prior to entering into a contract
- The processing is necessary for compliance with a legal obligation which we are subject to:
- Know Your Customer requirements and AML monitoring, reporting etc., including sanctions screening, pursuant to the Danish Anti-Money Laundering Act
- The Danish Bookkeeping Act
- Reporting to the tax authorities in accordance with the Danish Tax Control Act
- Reporting to supervisory authorities etc. according to the Danish Financial Business Act and the Danish Alternative Investment Funds Managers Act
- Other obligations related to service specific legislation e.g. securities trading legislation
3. Categories of personal data
The personal data is in most cases collected directly from you or generated as part of the usage of our services. Sometimes additional information is required to keep information up to date or to verify information we collect. The personal data may include the following categories:
- Identification information: name, identification number, documentation of such information, for instance a copy of a passport, driver’s license or the like
- Contact information: postal address, email address, telephone number(s)
- Messages you have sent to us
- Publicly available information from external sources such as registers held by governmental agencies, sanction lists, and other commercial information providers providing information on e.g. beneficial owners and politically exposed persons
4. Who we might disclose your personal data to
As part of our financial services business we may share your personal data with the following recipients or categories of recipients:
- Public authorities including the Danish State Prosecutor for Serious Economic and International Crime (SØIK) and Tax authorities
- Business partners
- Data Processors
We have entered into agreements with selected suppliers, which as part of their services to us process personal data on behalf of us. Examples hereof are suppliers of IT development, maintenance, hosting and support.
Before sharing we will always ensure that we respect relevant financial industry secrecy obligations.
5. How long we keep your personal data
We will only retain your personal data for as long as needed for the purposes of which the data was collected and processed or for as long as it is required by laws and regulations, e.g. the Danish Bookkeeping Act and the Danish Anti-Money Laundering Act.
When a client relationship is terminated, information regarding KYC is stored for 5 years according to the Danish Anti-Money Laundering Act.
6. Your privacy rights
You have certain rights under the General Data Protection Regulation. These include the following:
- Access to your personal data: You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, you have the right to obtain a copy of the personal data that we hold about you.
- Correction of incorrect or incomplete data: You have the right to rectification of inaccurate personal data concerning you. Further, you have the right to have incomplete personal data completed.
- Erasure: If there is no longer a legal basis for the processing of personal data you have the right to obtain the erasure of personal data concerning you and we have the obligation to erase personal data without undue delay. However, due to financial regulation, we are in many cases obliged to retain personal data during the customer relationship, and even after that, e.g. to comply with a legal or regulatory obligation or where processing is carried out to manage legal claims.
- Limitation of processing of personal data: You have the right to obtain restriction of processing of personal data in special cases. Where processing has been restricted, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
- Right to object to processing: In certain specific cases you have the right to object to processing of personal data concerning you. We may not be able to comply with such request where there are compelling legitimate grounds for us to process your personal data which override your interests, rights and freedoms or where the processing of your personal data is required for compliance with a legal or regulatory obligation or relating to legal proceedings.
- Right to data portability: You have in certain cases the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance.
Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case.
7. Updating your personal data
It is important for us that we maintain accurate records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible and we will update our records accordingly.
8. Data protection authority
You have a right to file a complaint about the processing of your personal data with the Danish Data Protection Agency. You can find contact information here: www.datatilsynet.dk.
9. Notification of changes