PRIVACY NOTICE
DATA CONTROLLERS
SNÖ True North AS (organisation number 820 953 452) (the Fund), SNÖ Ventures AS (organisation number 816 697 832) (the Manager) and SNÖ Ventures II AS (organisation number 925 882 216) (the Adviser) will each process personal data as part of their business.
In this context, each corporate entity mentioned above is the controller of the personal data they process. Unless otherwise specified, we refer to each of the controller entities by using the terms "we", "us" or "our" in the part of this policy that relates to our business.
Your personal data will be processed by us, and by persons engaged by us. We are committed to protecting and respecting your privacy.
Under the GDPR, you have rights, and we have obligations, with respect to your personal data. The purpose of this notice is to explain how and why we, and persons engaged by us, will use, store, share and otherwise process your personal data. This notice also sets out your rights under the GDPR, and how you may exercise them.
Please contact us on the following email address if you have any questions concerning our data processing or this privacy notice: hello@sno.vc.
INTRODUCTION
The purpose of this document is to provide you with information about how we use your personal data in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR").
If you are an individual investor, this will affect you directly. If you are an institutional investor that provides us with personal data on individuals connected to you for any reason in relation to your investment with us, this will be relevant for those individuals, and you should transmit this document to such individuals or otherwise advise them of its content.
By virtue of making an investment in a fund managed by a SNÖ manager (including the initial application and ongoing interactions with the manager and persons engaged by the manager) or by virtue of you otherwise providing us with personal information on individuals connected with you as an investor (for example directors, trustees, employees, representatives, shareholders, investors, clients, beneficial owners or agents), you will provide us with certain personal information which constitutes personal data within the meaning of the GDPR.
PERSONAL DATA PROCESSED
You will provide us with personal information within the forms and any associated documentation that you complete when subscribing; when you provide it to us or our service providers in correspondence and conversations (including by email); when you make transactions with respect to the Fund; and when you provide remittance instructions.
We may also obtain personal data on you from other publicly accessible directories and sources. These may include websites; bankruptcy registers; tax authorities; governmental agencies and departments, and regulatory authorities, to whom we have regulatory obligations; credit reference agencies; sanctions screening databases; and fraud prevention and detection agencies and organisations, including law enforcement.
This includes information relating to you and/or any individuals connected with you as an investor in a fund managed by a SNÖ manager, such as: name, residential address, email address, contact details, corporate contact information, signature, nationality, place of birth, date of birth, tax identification, credit history, correspondence records, passport number, bank account details, source of funds details and details relating to your investment activity.
LEGAL BASIS AND PURPOSE OF PROCESSING
We will only process personal data where legally permitted. Sometimes more than one legal basis applies to the processing of the same piece of personal data, depending on the processing activity. We will process your personal data on the following legal grounds:
Compliance with a legal obligation. Personal data can be processed for compliance with a legal obligation to which the data controller is subject. That might especially be the case for the purpose of compliance with orders from public authorities. It might also be case for purposes such as accounting, financial bookkeeping and monitoring the compliance with our policies. The data controller may process names, addresses, personal identification numbers, citizenship, copy of passports, tax data and financial information. The information will primarily be collected from investors, but other sources may also be used, such as e.g. public registers. The legal basis is GDPR Article 6(1)(c).
Performance of contract. Personal data can be processed for the performance of your agreement, as well as fund management. The data controller may process names, addresses, phone numbers, personal identification numbers, citizenship and bank account numbers. The legal basis is GDPR Article 6 (1)(b).
Legitimate interest. Personal data can be processed for the legitimate interest of the data controller, which will be the case for emails, operations, managing and safekeeping of the IT and communications systems, improving products and services, strategic planning, budgeting, financial management and reporting, communications, re-organizations or disposals or integration with purchaser. The legal basis is GDPR Article 6(1)(f). We will only process your personal data in pursuance of our legitimate interests where we have considered that the processing is necessary and, on balance, our legitimate interests are not overridden by your legitimate interests, rights or freedoms.
We may also process personal data to market subsequent funds or other products, in accordance with applicable marketing and privacy laws.
DATA RETENTION
We will only retain personal data for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements, after which it will be deleted or archived except to the extent that it is necessary to continue to process it for the purpose of compliance with legal obligations to which the data controller is subject, or for another legitimate purpose.
Personal data processed in accordance with anti-money laundering laws will be stored for five years after the end of the customer relationship or after the transaction was completed. Once the five-year period expires, personal data shall be deleted unless other regulations require further retention.
Personal data processed to fulfil the investment agreement will be deleted when the contract is completed and all legal obligations arising from it are complied with.
DATA SECURITY
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in unauthorized ways, altered or disclosed. In addition, access to personal data is limited to those staff members and other third parties who have a business need to know. They will only process your personal data according to instructions and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected data security incident and will notify any applicable regulator of a suspected breach where legally required.
DATA SHARING
We may share your personal data with affiliates and third parties, including professional advisors (e.g. accountants, auditors), regulatory authorities (e.g. financial supervisory authority), law enforcement (e.g. Økokrim) or third-party service providers (e.g. IT service suppliers). We require third parties to respect the security of personal data and to treat it in accordance with the law.
We will share personal data with third parties where required by law, where it is necessary to perform the agreement or where there is another legitimate interest.
We will not transfer personal data to third parties outside the EU/EEA unless an adequate level of protection has been put in place to ensure that personal data is treated by those third parties in a way that is consistent with and which respects the GDPR.
YOUR RIGHTS
Under certain circumstances, by law, you have the right to:
Be informed about the purposes for which your personal data are processed;
Access your personal data (commonly known as a “data subject access request”);
Have incomplete or inaccurate personal data corrected;
Delete your personal data in some limited circumstances;
Ask us to stop processing your personal data;
Stop direct marketing;
Restrict the processing of your personal data.; and
Transfer your personal data to another party (commonly known as "data portability").
Please note, however, that certain personal data may be exempt from such rights under and in accordance with other laws and regulations. In accordance with anti-money laundering laws, the data controller shall not give access to information submitted to Økokrim or investigations, etc. pursuant to such laws.
AUTOMATED DECISION-MAKING
We will not take decisions producing legal effects concerning you, or otherwise significantly affecting you, based solely on automated processing of your personal data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the applicable requirements under the GDPR.
CONTACT DETAILS
Any requests in respect of rights relating to personal data, should be directed to: hello@sno.vc.
If your request or concern is not satisfactorily resolved by the data controller, you may contact Datatilsynet (address and contact details can be found on www.datatilsynet.no).