"We" or us in this Privacy Notice refers to Nordic Capital.
Nordic Capital respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
This Privacy Notice aims to give you information on how we use, process and store your personal data.
It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
This Privacy Notice supplements the other notices and is not intended to override them.
This Privacy Notice was last updated in May 2022
In this Privacy Notice, "DP Laws" shall mean the General Data Protection Regulation (2016/679) (the GDPR), the UK GDPR (as defined in section 3(10) of the Data Protection Act 2018 (DPA 2018), supplemented by section 205(4), the DPA 2018, the ePrivacy Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any supplementing national law and any other applicable laws concerning the protection or processing of personal data in any jurisdiction worldwide, each as amended from time to time.
About Nordic Capital
Nordic Capital is the common denomination for a group of private equity funds and vehicles, including Nordic Capital Fund V, Nordic Capital Fund VI, Nordic Capital Fund VII, Nordic Capital Fund VIII, Nordic Capital Fund IX, Nordic Capital CV1, Nordic Capital Fund X, Nordic Capital Evolution Fund, Nordic Capital CF1 and Nordic Capital Fund XI and any successor funds or vehicles from time to time (together the Vehicles), together with certain co-investment, holding companies and other vehicles within, or otherwise connected to, those Vehicles, including but not limited to Nordic Capital Cooperation Group Limited and Nordic Capital Cooperation Group SA (each, an Entity).
This Privacy Notice is issued by Nordic Capital Limited (NCL) for and on behalf of Nordic Capital, to include (but not limited to) the general partners (and/or entities with an equivalent management function or persons through which such general partners act) for each of the Vehicles, and/or the Entities (as appropriate) being (but not limited to) Nordic Capital V Limited, Nordic Capital VI Limited, Nordic Capital VII Limited, Nordic Capital VIII Limited, Nordic Capital IX Limited, Nordic Capital CV1 Limited, Nordic Capital X Limited, Nordic Capital X SARL, Nordic Capital Evo SARL, Nordic Capital DPM Limited, Nordic Capital CF1 Limited and Nordic Capital XI Limited and Nordic Capital XI SARL (each, a Data Controller). Each of the Data Controllers may act both in their own corporate capacity and in their capacity as general partners (or entities with an equivalent management function with respect to a Vehicle and/or another Entity or persons through which such general partners act).
The Vehicles are advised by their non-discretionary sub-advisers (as appropriate), NC Advisory AB, NC Advisory A/S, NC Advisory AS, NC Advisory GmbH, NC Advisory Oy, NC Advisory (UK) LLP, Nordic Capital Investment Advisory AB, Nordic Capital Investment Advisory A/S, Nordic Capital Investment Advisory AS, Nordic Capital Investment Advisory GmbH, Nordic Capital Investment Advisory Oy, Nordic Capital Investment Advisory LLP, Nordic Capital Investment Advisory LLC and Nordic Capital Operations Advisory AB (including its Danish branch), Nordic Capital Operations Advisory Limited and Nordic Capital Operations Advisory LLC.
If you deal with any of the Entities as an investor or as a prospective investor, (i) information which is collected as a result of your use of the Nordic Capital website (https://www.nordiccapital.com/) will be the responsibility of NCL, who will act as a data controller in relation to your personal data, (ii) the general partner (or an entity with an equivalent management function) of the relevant Vehicle and/or any other Entity or that Entity itself will be responsible for the processing of your personal data and will act as data controller or joint controller together with NCL, and (iii) if necessary, we will provide you with further information about the applicable Data Controller(s) and how your personal data as an investor or potential investor is processed by such Data Controller(s) in the privacy notice of any applicable subscription agreement(s).
What personal data does Nordic Capital collect?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, including:
- Identity Data, which includes title, name, marital status, gender, nationality, date of birth, username or similar identifier, as well as copies of anti-money laundering, identification (for example, passport, national ID card, driver's license, employee identification numbers) and verification documentation;
- Contact Data, which includes address, email address, telephone numbers as well as copies of proof of address documentation (for example, copies of utility bills or bank statements);
- Financial Data, which includes bank account details and may include source of wealth, including details of your tax residency;
- Transaction Data, which includes details about payments to and from you, risk tolerance, transaction history, investment experience and investment activity, interest in the Entity, including ownership percentage, capital investment, income and losses;
- Technical Data, which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
- Usage Data, which includes information about how you use our website or access other online platforms that are provided to you (for example, the Intralinks Inc. (Intralinks) system or Anduin system); and
- Marketing and Communications Data,which includes your preferences in receiving marketing from us and our third parties, and your communication preferences.
As part of our compliance with legal obligations such as AML/KYC, we may be required to process Special Categories of Personal Data about you (this may include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data and information about criminal convictions and offences. Personal data relating to political opinions of data subjects having a public political exposure will be processed on the basis of article 9, (2), e) of the GDPL (i.e. the personal data has manifestly been made public by the data subject).
How does Nordic Capital collect personal data?
We use different methods to collect personal data, including:
Information that is provided directly to Nordic Capital
We may collect personal information from prospective investors, intermediaries and other business partners for the purposes of establishing a business relationship with you in respect of a Nordic Capital fund, entering into contractual relationships, and/or to otherwise satisfy our legal or regulatory obligations.
Information obtained from third parties
We also collect and process information from a variety of publicly available sources, such as the internet, social media and commercial registries. We may also undertake background checks (using providers such as World- Check).
In addition, we may receive personal data in connection with legal requirements that are applicable to us, or from third parties in connection with the services we provide.
How do we use your personal data once collected?
We will only use your personal data when applicable laws allow us to. Typically we will use your personal data in the following circumstances, for the following purposes and pursuant to the following legal bases:
where we need to do so in order to perform a contract to which you are party, or to comply with a request you have made prior to entry into a formal contract with us, including:
- to manage or administer your commitments and/or interests and any related accounts on an ongoing basis;
- to administer and operate the Entity;
- to verify the identity of a Data Controller or an Entity in connection with any actual or proposed investments of any such Entity and/or for any purpose which a Data Controller or NCL considers is necessary or desirable to further the interests of a Data Controller, NCL or an Entity; and/or
- risk management and risk controlling purposes relating to the Entity or any entity in the same group as the Entity;
for direct marketing purposes (e.g., to inform you of new investment opportunities);
where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests, including
- to carry out statistical analysis or market research;
- to investigate and respond to any complaints about us and to help maintain service quality and train staff to deal with complaints and disputes;
- to provide proof, in the event of a dispute, of a transaction or any commercial communication as well as in connection with any proposed purchase, merger or acquisition of any part of the Entity's business; and/or
- marketing products or services (including new investment opportunities) related to the ones already provided by a Data Controller; where we need to comply with our legal and/or regulatory obligations, for example:
- to comply with in-house procedures and statutory/regulatory requirements applicable to a Data Controller (including under appropriate anti-money laundering legislation and customer due diligence verification purposes);
- to help detect, prevent, investigate, and prosecute fraud and/or other criminal activity, and share this data with our legal, compliance, risk and managerial staff to assess suspicious activities;
- to comply with foreign laws and regulations and/or any order of a foreign court, government, supervisory, regulatory or tax authority; and/or
- if required in order to comply with FATCA, CRS and any other equivalent information reporting regimes or as otherwise required by law, disclose details of your name, address, taxpayer identification number (TIN) or perform a contract with you concerning the accounts held by you (including the total gross amount paid or credited); and/or
for any other specific purpose to which you have given your consent.
If we require your personal data due to a legal requirement or obligation, or in order to perform a contract with you, then failure to provide this information might mean that we cannot provide our services or products to you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Disclosure of personal data
We may disclose or transfer personal data to other entities within Nordic Capital insofar as we deem it necessary for the proper performance of the services a Data Controller provides to you, for bona fide compliance purposes as well as on the other basis as set out within this Privacy Notice.
In addition, we may disclose or transfer personal data to subcontractors (including, but not limited to, our corporate administrators, our bankers and other service providers), our legal and other advisors and agents, any third party that acquires, or is interested in acquiring or securitising, all or part of our assets or shares, or that succeeds us in carrying on all or a part of our businesses, or services provided to it, whether by merger, acquisition, reorganisation, restructuring or otherwise as well as any other third party supporting the activities of a Data Controller where it is necessary for the proper performance of the services that we provide to our clients, and may disclose or transfer personal data to competent authorities in order to comply with our legal and/or regulatory obligations.
International data transfers
We may process, store or transfer (in hard copy and/or electronically) your personal data anywhere in the world, including countries outside the European Economic Area, the United Kingdom and/or Jersey. We may transfer personal data to a Non-Equivalent Country (as defined below), in order to utilise the services of our service providers (including our onboarding partner Anduin which is situated in the USA), fulfil the purposes described in this Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to perform and administer the services provided to you, and to implement requested pre-contractual measures.
We use safeguards to ensure that your personal data is treated appropriately where it transferred to countries outside of the European Economic Area (or the UK and/or Jersey). Such safeguards may include the use of standard contractual clauses approved by the European Commission or by other competent regulators.
For information on the safeguards applied to such transfers, please contact, in Jersey, NCL at firstname.lastname@example.org and, in Luxembourg, Ncfunds@aztecgroup.eu (mailbox for Nordic Capital X SARL, Nordic Capital Cooperation Group SA, Nordic Capital Evo SARL and Nordic Capital XI SARL). For the purposes of this Privacy Notice, "Non-Equivalent Country" shall mean a country or territory other than (i) a member state of the European Economic Area; or (ii) the United Kingdom; or (iii) a country or territory which has at the relevant time been decided by the European Commission (and/or where applicable the government of the United Kingdom) in accordance with DP Laws to ensure an adequate level of protection for personal data.
Our investor portal may be provided by Intralinks, Anduin or such other service provider we may choose from time to time (as indicated to you at the time of interest for an investment or your investment in any Entity). Should you utilise any such investor portal, you should ensure that you review the relevant privacy notice of such service provider.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will process and store your personal data for as long as our business relationship continues, or for the duration of provision of services to you by us.
We may also store that data for as long as necessary in order to comply with our legal, compliance, contractual or other regulatory obligations or in connection with the establishment, enforcement or defense of any legal claims.
You have the right to:
- obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of your personal data;
- access your personal data;
- correct your personal data where it is inaccurate or incomplete;
- restrict under certain circumstances the further processing of your personal data;
- ask for erasure of your personal data under certain circumstances;
- object to the use of your personal data (including direct marketing purposes);
- where our processing of your personal data is based upon your consent, withdraw such consent at any time (without affecting the lawfulness of processing based on such consent before its withdrawal); and
- ask for personal data portability under certain circumstances.
Further, you may at your discretion refuse to communicate personal data to a Data Controller or object to some processing of your personal data. There are, however, situations where a Data Controller can refuse to comply with such a request. For example, where it is subject to a legal or contractual obligation to process the data. There may, however, be implications in respect of your holding of interests in the Entity until such time as the requisite data has been provided. Where the processing is based on consent, the withdrawal of consent shall not affect the lawfulness of processing for other reasons and based on other grounds where this is permitted under applicable law.
You may exercise your rights by contacting, in Jersey, email@example.com. or, in Luxembourg, Ncfunds@aztecgroup.eu.
Third party websites
This Privacy Notice does not cover any third-party websites reached via links on this website. You are advised to read the privacy statements on the third-party websites you visit.
You have the right to make a complaint at any time to the competent data protection supervisory authority in the relevant jurisdiction. In Jersey, such authority is the Jersey Office of the Data Protection Commissioner which can be contacted at +44 (0)1534 716530 or at www.JerseyOIC.org, and in Luxembourg, such authority is the Commission Nationale pour la Protection des Donnees (the CNPD) which can be contacted at the following address: 15, Boulevard du Jazz, L-4370 Belvaux, Grand-Duchy of Luxembourg.
We would, however, appreciate the chance to deal with your concerns before you approach the applicable data protection supervisory authority, so please contact us in the first instance, in Jersey, at admin@nordiccapital. je or, in Luxembourg, at Ncfunds@aztecgroup.eu.
Changes to Privacy Notice
Each Data Controller reserves the right to update this Privacy Notice at any time, and will ensure that any update to this Privacy Notice is made available on our website (available here: https://www.nordiccapital.com/privacy- policy/). We may also notify you in other ways from time to time about the processing of your personal data.
Our full contact details are:
Name or title of contact: Nordic Capital Limited
Email address: firstname.lastname@example.org
Postal address: 26 Esplanade, St Helier, Jersey, Channel Islands, JE2 3QA
Name or title of contact: Nordic Capital Cooperation Group SA or, in respect of Nordic Capital Fund X: Nordic Capital X SARL; in respect of Nordic Capital Evolution Fund: Nordic Capital Evo SARL; or, in respect of Nordic Capital Fund XI: Nordic Capital XI SARL.
Email address: Ncfunds@aztecgroup.eu (mailbox for Nordic Capital X SARL, Nordic Capital Cooperation Group SA, Nordic Capital Evo SARL and Nordic Capital XI SARL)
Postal address: 7, rue Lou Hemmer, L-1748 Senningerberg, Grand Duchy of Luxembourg
Luxembourg addendum to the privacy notice
Where you are investing in an Entity which has its registered office in Luxembourg, the Data Controller will be the entity indicated to you at the time of interest for an investment or your investment in such Entity (each such data controller being a Luxembourg Data Controller). The Luxembourg Data Controller collects, stores and processes, by electronic or other means, the personal data you supplied (or if you are a legal person, any natural person related to you such as your contact person(s), employee(s), trustee(s), nominee(s), agent(s), representative(s) and/or beneficial owner(s)).
The Luxembourg Data Controller may disclose your personal data to third parties located in a Non-Equivalent Country. Where such third parties are located in a Non-Equivalent Country, the Luxembourg Data Controller has adopted appropriate safeguards for such transfer. Those safeguards are namely that the Luxembourg Data Controller has entered into legally binding transfer agreements with the relevant third parties in the form of the European Commission approved model clauses, or any other appropriate safeguards pursuant to the GDPR. In this respect, you have a right to request copies of the relevant document for enabling the personal data transfer(s) towards such countries by contacting the Luxembourg Data Controller at the address provided in the Privacy Notice.