GRAMERCY FUNDS MANAGEMENT LLC

PRIVACY NOTICE

The purpose of this Privacy Notice is to provide you with information regarding our use of your personal data in accordance with the requirements of applicable law, including the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Cayman Islands Data Protection Law 2017 (the “DPL”) (together, the “Data Protection Legislation”). Information specific to California residents is set forth in Appendix A hereto.

Gramercy Funds Management LLC (“Gramercy”) is deeply committed to preserving your privacy. All information that is provided to Gramercy, including, but not limited to, information transmitted to us while visiting our website, and non-public personal information about our clients and former clients, is handled in accordance with Data Protection Legislation, as described below. If desired, a visitor may visit our website without disclosing who they are or revealing any personal data. Set forth below is a full disclosure of our policies regarding the collection, use, sharing, and protection of your personal data (as defined below).

In this document, “we”, “us” and “our” refers to Gramercy and its affiliates and/or delegates (including any funds managed by Gramercy).

What information Gramercy collects

For the purposes of the Data Protection Legislation, the term “personal data” means any information about an individual in the European Economic Area (“EEA”) from which that person may be identified or be otherwise identifiable. In connection with the investment advisory services that Gramercy provides, we are obligated, inter alia, for the purposes of applicable anti-money laundering legislation to collect certain data that may also constitute “personal data” under the Data Protection Legislation, for example, names, residential address, email address, contact details, corporate contact information (including job title), signature, nationality, place of birth, date of birth, tax identification information, credit history, correspondence records, passport number, bank account details and bank statements, utilities bills, source of funds details, details relating to your investment activity (“personal data”), and technical data such as internet protocol addresses, cookies, network location, browser characteristics, device characteristics, information on actions taken on our sites, and dates and times of website visits (“investor data”). We do not sell or trade any personal data or investor data.

In our use of personal data, our funds, and in certain circumstances other Gramercy entities, may be characterized as a “data controller” for the purposes of the Data Protection Legislation. Our fund’s affiliates and delegates may also be “data processors” for the purposes of the Data Protection Legislation. Any person who is seeking information with respect to control or processing of personal data by Gramercy, or who is seeking to exercise any rights afforded to them under the Data Protection Legislation should contact Gramercy at the contact details set out below.

The representative of Gramercy in the EEA for data protection purposes is Philip Meier, 48 Dover Street, London, W15 4FF, 011-44-20-3330-6545, [email protected]

Use of personal data and basis of processing

We will use personal data to deliver investment management services and/or products to you. We may also use personal data to inform you about our services and our marketing events. Any person subject to GDPR who does not wish for their personal data to be processed for marketing purposes may opt out of such processing by notifying us at the contact details set out below.

We will only process personal data in circumstances under which we have established a lawful basis under Data Protection Legislation to do so. Our specific lawful basis for processing personal data will depend on the purpose or purposes of why we collected and need to use your information, however under Data Protection Legislation, in almost all cases the lawful basis will be:

  • To perform the contract we have entered into or anticipate entering into with you;
  • To comply with a legal obligation; or
  • If we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms, which will be: (i) the provision of investment management services, fulfilling our obligations to you, your clients, the organization you represent or your organization’s clients; (ii) administrative or operational processes within Gramercy and direct marketing or other communication to you, your clients, the organization you represent or your organization’s clients in respect of our services or products; (ii) to operate and improve our business and to help maintain quality; or (iv) to comply with a legal obligation not set out under the laws of EEA member states, or under contract, including for the establishment, exercise or defense of legal claims and in order to protect and enforce its (or another person’s) rights, property, or safety, or to assist others to do the same, and in order to provide information performance and/or services.

We will only use personal data for the purpose that it has been collected for, unless we reasonably consider that we need to use it for another reason, and that other reason is compatible with the original purpose of the control or processing. Any person requiring information with respect to any additional purpose for which personal data may be controlled or processed may obtain such information at the contact details specified below. If we need to control or process personal data for an unrelated purpose, we will use reasonable endeavors to notify affected persons and to explain the basis on which we are permitted to undertake the same.

How Gramercy collects this information

Gramercy collects personal data through various means, including, without limitation, when you give us contact or other personal data, enter into an investment advisory contract with us, buy securities from us (i.e., interests in a fund), provide banking details to us, or make a wire transfer. We may also collect personal data from other sources, such as our affiliates or certain public sources. (See Endnote 1) Failure to provide personal data to us when requested may mean that Gramercy is unable to perform its contractual obligations to you, and Gramercy may be required to cease providing services to you.

How Gramercy uses the information that it collects

Gramercy may utilize personal data for the lawful purposes of facilitating our day to day business. For example, these purposes may include: to provide advisory services, to open an account, to process a transaction for an account, to market products and services, to respond to court orders and legal investigations, or to perform any other act as is required by law (such as compliance with anti-money laundering and FATCA/CRS requirements) or where it is necessary for the performance of our rights and obligations under our fund’s subscription, constitutional and operational documents. We maintain such information in our databases to ensure our compliance with regulations requiring thorough identification of investors. Under no circumstances does Gramercy share this information with any outside organization other than to facilitate the servicing of investor accounts or as required by law, in each case as described below.

Additionally, the fund administrator may use personal data, for example to provide its services to our funds or to discharge the legal or regulatory requirements that apply directly to it or in respect of which our funds rely upon the administrator, but such use of personal data by the administrator will always be compatible with at least one of the aforementioned purposes for which we process personal data.

Should we wish to use personal data for other specific purposes (including, if applicable, any purpose that requires your consent), we will contact you.

What security measures Gramercy has in place

Because we regularly deal with information containing personal data, we have appropriate security measures in place over our electronic network and in our physical facilities to protect against the loss, misuse, or alteration of personal data that we have collected verbally, in writing, from our website or otherwise. We and our duly authorized affiliates and/or delegates shall apply appropriate technical and organizational information security measures designed to protect against unauthorized or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data. We shall notify you of any personal data breach that is reasonably likely to result in a risk to the interests, fundamental rights or freedoms of either you or those data subjects to whom the relevant personal data relates.

Sharing your personal data with others

We may provide your personal data to our affiliates and to firms that assist us in servicing your account and have a need for such information, such as a broker, custodian and/or fund administrator without first obtaining your consent. Such persons may in turn use the services of their affiliates or service providers to process your personal data where necessary or appropriate. Where we share your personal data with such third parties, we will require the recipients of that personal data to put in place adequate measures to protect it.

In certain circumstances, we and/or our authorized affiliates or delegates may be legally obliged to share personal data and other information with respect to your interest in our funds with the relevant law enforcement agencies, regulatory or tax authorities and other governmental or public agencies or authorities in the Cayman Islands (such as the Cayman Islands Monetary Authority or the Tax Information Authority), and in other countries. Such authorities, in turn, may exchange this information with authorities in other countries, including tax authorities. Further details of the third parties with whom personal data may be shared are available on request at the contact details provided below.

Persons located in the EEA should be aware that personal data may be sent to and stored by us and third parties outside of the EEA. The nature of our business means it is often necessary for us to send your personal data outside the EEA, including to the United States of America and the Cayman Islands, to properly provide our services to you, your clients, the organization you represent, and/or your organization’s clients. This occurs because our business and the third parties we may use have operations across the world. In circumstances where we transfer your personal data outside the EEA, we will seek to ensure a similar degree of protection is afforded to it by ensuring that, where possible, personal data is generally transferred only to persons in countries outside the EEA in one of the following circumstances.

  • To persons and undertakings in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • To persons and undertakings to whom the transfer of such personal data is made pursuant to a contract that is compliant with the model contracts for the transfer of personal data to third countries from time to time approved by the European Commission.
  • To persons and undertakings based in the United States if they are part of the EU-U.S. Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the United States.

Further information on specific mechanisms utilized by us in transferring personal data outside the EEA and the countries to which such transfer may be made may be obtained from us upon request to the contact details available below.

Retention of personal data

We will retain personal data for as long as it is necessary for the purpose it is being processed for and we will store the personal data for a sufficient period to handle or respond to any complaints, queries or concerns relating to such agreement or to satisfy any legal, regulatory, accounting or reporting requirements. The personal data may also be retained so that we can continue to improve our clients’ experience with us.

We will periodically review the personal data we hold in accordance with our policies. If there is no longer a legal or business need for the personal data to be retained, we delete it securely, or, in some cases, anonymize it.

Cookies

Our website uses “cookies” to distinguish you from other users of our website. A “cookie” is a small amount of data sent by our site and stored on your computer’s hard drive that our site can read and which helps us keep track of how you use our site. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. If you wish to remove cookies set by our site from your browser in the future, you can delete them. The instructions for removing cookies from your computer or mobile device may vary depending on your operating system and web browser. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.

Broadly, we use cookies on our site to allow us to recognise, measure and track users of our site in anonymous form. The information collected includes the number of visitors to this website, where visitors have come to our site from and the pages that they have visited. This allows us to improve the performance of this website, for example, by determining whether information on the website can easily be located by users of the website. We also use cookies to record user preferences of individual visitors to the website, and to record when a website user has viewed a policy or statement on the website, or provided consent. This helps us avoid unnecessary and repetitive consent requests.

Your rights as a data subject

Under Data Protection Legislation, persons whose data is processed by us will have certain rights. These rights include the right to access personal data, the right to require correction of personal data, the right to require erasure of personal data in certain circumstances, the right to restrict processing of personal data, and the right to require a transfer of personal data. In addition, if the processing of personal data is based on our legitimate interests, a person will have the right to object to the processing of that personal data.

In the event that you wish to make a complaint about how your personal data is being processed by Gramercy (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint with Gramercy at the contact details below, or directly with the relevant data protection supervisory authority. In the United Kingdom, this is the Information Commissioner’s Office (“ICO”). Contact details for the ICO may be found at www.ico.org.uk. A list of EEA data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.

How this Privacy Notice may be modified

We may change this notice from time to time. If we do, we will not use any personal data we have already collected in any new manner without first obtaining consent. Similarly, the purposes for which we control or process personal data may change from time to time. If any changes would require a material amendment to the information set out herein, details of such changes will be made available in the current version of this document from time to time.

How you can contact Gramercy about this Privacy Notice

We are committed to processing your personal data lawfully and to respecting your data protection rights. If you have any questions about this Privacy Notice, personal data which we hold, or your dealings with our website, please contact:

Lacie Smith
Managing Director, Head of Investor Relations
Gramercy
20 Dayton Avenue
Greenwich, CT 06830
Tel: (203) 552-1928 | Fax: (203) 552-1901
[email protected]

APPENDIX A

California-Specific Privacy Policy

California enacted the California Consumer Privacy Act, California Civil Code § 1798.100 et seq., (with any implementing regulations and as may be amended from time to time, “CCPA”), in 2018, and it is effective as of January 1, 2020. The CCPA imposes certain obligations on our funds and the Investment Manager (together, “we” or “us”) and grants certain rights to California residents (“California Resident”, “you” or “your”) with regard to “personal information.” If you are a California Resident, please review the following information about your potential rights with regard to your personal information under the CCPA. The rights described herein are subject to exemptions under the CCPA and other limitations under applicable law.

Terms used herein have the meaning ascribed to them in the CCPA. Our funds and the Investment Manager are all a “business.” “Personal information” under the CCPA means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or a household.

The CCPA does not restrict our ability to do certain things like comply with other laws or comply with regulatory investigations. In addition, the CCPA does not apply to certain information like personal information collected, processed, sold or disclosed pursuant to the federal Gramm-Leach-Bliley Act and its implementing regulations.

Business or Commercial Purpose for Collecting Personal Information  

In the preceding 12 months, we may have collected or disclosed for a business purpose your personal information for the following business or commercial purposes. We may collect or disclose for a business purpose personal information for all or just a few of these purposes with regard to a particular California Resident.

  • Performing services on behalf of a fund or investment vehicle, including, for example, maintaining or servicing accounts, providing customer service, processing transactions, verifying information, processing payments, or providing similar services on behalf of a fund or investment vehicle.
  • Performing our contractual obligations to a California Resident as a subscriber to a fund or investment vehicle, including, processing initial subscriptions and providing updates on a fund’s or investment vehicle’s performance and other operational matters.
  • Detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity, including preventing fraud and conducting “Know Your Client,” anti-money laundering, terrorist financing, and conflict checks.
  • Enabling or effecting commercial transactions, including, using your bank account details to remit funds and process distributions.

Categories of Personal Information We Collect or Disclose for a Business Purpose  

In the preceding 12 months, we may have collected or disclosed for a business purpose the following categories of personal information from or about you to our service providers or other entities that have agreed to limitations on use of your personal information. We may collect or disclose for a business purpose all or just a few of these categories with regard to a particular California Resident.

  • Identifiers such as, your name, address, date of birth, email address, social security number, driver’s license number, passport number, or other similar identifiers.
  • Personal information protected under California Civil Code Section 1798.80(e), including, for example, your signature or bank account or other financial information.
  • Characteristics of protected classifications under California or federal law, including, your sex or gender, national origin, or marital status.
  • Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing histories or tendencies. For example, funds invested in the prior year, investments considered, or sources of wealth.
  • Internet or other electronic network activity information, including, for example, information regarding your interaction with our website or use of certain online tools.
  • Professional or employment-related information, including your current or former employer or your current professional title.
  • Inferences drawn from any of the information identified above to create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. For example, information on your potential interest in investing in new funds or investment vehicles based on various information.

Personal information under the CCPA does not include deidentified information, aggregate consumer information or publicly available information that is lawfully made available from government records.

Categories of Sources from Which Personal Information is Collected

In the preceding 12 months, we may have collected personal information about you from the following categories of sources. We may collect personal information from all or just a few of these categories of sources with regard to a particular California Resident.

  • Directly from you or your representatives, including through forms or related documentation you complete when subscribing for shares or interests, in correspondence and conversations (including by email), through transactions with regard to funds, and when you provide remittance instructions.
  • From our service providers such as our fund administrator.
  • From law enforcement.
  • From government records and other publicly accessible directories and sources, including, bankruptcy registers, tax authorities, governmental agencies and departments, and regulatory authorities.
  • From credit reporting agencies, sanctions screening databases, and fraud prevention and detection agencies and organizations.

Categories of Third Parties with Which We Share Personal Information

In the preceding 12 months, we may have shared your personal information with the following categories of third parties. We may share personal information with none, all, or just a few of these third parties with regard to a particular California Resident. We do not sell your personal information except as permitted by the CCPA or other laws.

  • Law enforcement.
  • Regulators and other government agencies as required or permitted by law.
  • Individuals, entities, or regulatory bodies in connection with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons.
  • Individuals, entities, or regulatory bodies to exercise or defend legal claims on behalf of you.
  • Individuals, entities, or regulatory bodies at your direction or with your consent.
  • Other individuals, entities, or regulatory bodies as otherwise required or permitted by law.

We may disclose all or just a few of the categories of personal information identified in the paragraph labeled “Categories of Personal Information We Collect or Disclose for a Business Purpose” to our service providers or other entities with which we have contracted to provide support and services and that have agreed to limitations on the use of your personal information for a business purpose or that fit within other exemptions or exceptions in the CCPA.

California Residents’ Rights under the CCPA  

If your personal information is subject to the CCPA, you may have certain rights concerning your personal information, subject to applicable exemptions and limitations, including the right to: (i) be informed, at or before the point of collection, of the categories of personal information to be collected and the purposes for which the categories of personal information shall be used; (ii) not be discriminated against because you exercise any of your rights under the CCPA; (iii) request that we delete any personal information about you that we collected or maintained, subject to certain exceptions (“request to delete”); and (iv) request that we, as a business that collects personal information about you and that discloses your personal information for a business purpose, disclose to you (“request to know”): (a) the categories of personal information we have collected about you; (b) the categories of sources from which we have collected the personal information; (c) the business or commercial purpose for collecting or selling the personal information; (d) the categories of third parties with which we share personal information; (e) the specific pieces of personal information we have collected about you; and (f) the categories of personal information we have disclosed about you for a business purpose.

How to Submit a Request under the CCPA  

You may submit requests to know or delete by telephone at (800) 610-6192, or by email at [email protected]

We are required to provide certain information or to delete personal information only in response to verifiable requests made by you or your legally authorized agent. Any information gathered as part of the verification process will be used for verification purposes only.

1 Our affiliates are companies related to us by common ownership or control and can include both financial and nonfinancial companies.
May 4, 2020