Your privacy is very important to us. This notice (this “Privacy Notice”) is provided by Naya Capital Management UK Limited (the “Investment Manager”) and Naya Capital Management Limited (the “Manager”, and collectively with the Investment Manager and their respective affiliates, the “Naya Group”) and Naya Fund (the “Offshore Fund”), Naya Fund LP (the “Onshore Fund”) and Naya Master Fund LP (the “Master Fund”, and together with the Offshore Fund and the Onshore Fund, the “Funds” and each, a “Fund”, and together with the Naya Group, “we” or “us”), and sets forth the policies of the Naya Group and the Funds for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of personal data relating to current, prospective and former investors in the Offshore Fund and/or the Onshore Fund, as applicable. This Privacy Notice is being provided in accordance with the requirements of data privacy laws, including the EU General Data Protection Regulation 2016/679 (“GDPR”), the US Gramm-Leach-Bliley Act of 1999, as amended, or any other law relating to privacy or the processing of personal data and any statutory instrument, order, rule or regulation implemented thereunder, each as applicable to the Naya Group and the Funds (collectively, “Data Protection Law”). References to “you” or an “investor” in this Privacy Notice mean any investor who is an individual, or any individual connected with an investor who is a legal person (each such individual, a “data subject”), as applicable.
Capitalised terms used herein but not defined herein shall have the meanings assigned to them in the confidential private placement memorandum of the Offshore Fund or the Onshore Fund, as applicable, as each may be supplemented, updated or modified from time to time (the “Memorandum”).
The types of personal data we may collect and use
The categories of personal data we may collect include names, residential addresses or other contact details, signature, nationality, tax identification number, date of birth, place of birth, photographs, copies of identification documents, bank account details, information about assets or net worth, credit history, source of funds details or other sensitive information, such as certain special categories of data contained in the relevant materials or documents.
How we collect personal data
We may collect personal data about you through: (i) information provided directly to us by you, or another person on your behalf; (ii) information that we obtain in relation to any transactions between you and us; and (iii) recording and monitoring of telephone conversations and electronic communications with you as described below.
We also may receive your personal information from third parties or other sources, such as our affiliates, the Administrator, publicly accessible databases or registers, tax authorities, governmental agencies and supervisory authorities, credit agencies, fraud prevention and detection agencies, or other publicly accessible sources, such as the Internet.
Using your personal data: the legal basis and purposes
We may process your personal data for the purposes of administering the relationship between you and us (including communications and reporting), direct marketing of our products and services, monitoring and analysing our activities, and complying with applicable legal or regulatory requirements (including anti-money laundering, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business). Your personal data will be processed in accordance with Data Protection Law and may be processed with your consent, upon your instruction, or for any of the purposes set out herein, including where we or a third-party consider there to be any other lawful purpose to do so.
Where personal data is required to satisfy a statutory obligation (including compliance with applicable anti-money laundering or sanctions requirements) or a contractual requirement, failure to provide such information may result in your subscription in the applicable Fund being rejected or compulsorily redeemed or withdrawn, as applicable. Where there is suspicion of unlawful activity, failure to provide personal data may result in the submission of a report to the relevant law enforcement agency or supervisory authority.
How we may share your personal data
We may disclose information about you to our affiliates or third parties, including the Administrator, the Prime Brokers and the executing brokers and trading counterparties of the Master Fund for our everyday business purposes, such as to facilitate transactions, maintain your account(s) or respond to court orders and legal investigations. It may also be necessary, under anti-money laundering and similar laws, to disclose information about the Funds’ investors in order to accept subscriptions from them or to facilitate the establishment of trading relationships for the Master Fund with executing brokers or other trading counterparties. We will also release information about you if you direct us to do so.
We may share your information with our affiliates for direct marketing purposes, such as offers of products and services to you by us or our affiliates. You may prevent this type of sharing by contacting us as described below (see “Who to contact about this Privacy Notice”). We may also disclose information about your transactions and experiences with us to our affiliates for their everyday business purposes. If you are a new investor, we can begin sharing your information 30 days from the date we sent this Privacy Notice. When you are no longer our investor, we may continue to share your information as described in this Privacy Notice.
We do not share your information with non-affiliates for them to market to you.
Monitoring of communications
We may record and monitor telephone conversations and electronic communications with you for the purposes of: (i) ascertaining the details of instructions given, the terms on which any transaction was executed or any other relevant circumstances; (ii) ensuring compliance with our regulatory obligations; and/or (iii) detecting and preventing the commission of financial crime.
Retention periods and security measures
We will not retain personal data for longer than is necessary in relation to the purpose for which it is collected, subject to Data Protection Law. Personal data will be retained for the duration of your investment in the Offshore Fund or the Onshore Fund, as applicable, and for a minimum period of five to seven years after a redemption or withdrawal, as applicable, of an investment from the Offshore Fund or the Onshore Fund, as applicable, or liquidation of a Fund. We may retain personal data for a longer period for the purpose of marketing our products and services or compliance with applicable law. From time to time, we will review the purpose for which personal data has been collected and decide whether to retain it or to delete if it no longer serves any purpose to us.
To protect your personal information from unauthorised access and use, we apply organisational and technical security measures in accordance with Data Protection Law. These measures include computer safeguards and secured files and buildings. We will notify you of any material personal data breaches affecting you in accordance with the requirements of Data Protection Law
Because of the international nature of a fund management business, personal data may be transferred to countries outside the EEA (“Third Countries”), such as to jurisdictions where we conduct business or have a service provider, including countries that may not have the same level of data protection as that afforded by the Data Protection Law in the EEA. In such cases, we will process personal data (or procure that it be processed) in the Third Countries in accordance with the requirements of the Data Protection Law, which may include having appropriate contractual undertakings in legal agreements with service providers who process personal data on our behalf in such Third Countries.
Your rights under Data Protection Law
You have certain rights under GDPR in relation to our processing of your personal data and these are, generally: (i) the right to request access to your personal data; (ii) the right to request rectification of your personal data; (iii) the right to request erasure of your personal data (the “right to be forgotten”); (iv) the right to restrict our processing or use of personal data; (v) the right to object to our processing or use where we have considered this to be necessary for our legitimate interests (such as in the case of direct marketing activities); (vi) where relevant, the right to request the portability; (vii) where your consent to processing has been obtained, the right to withdraw your consent at any time; and (viii) the right to lodge a complaint with a supervisory authority. You should note that your right to be forgotten that applies in certain circumstances under GDPR is not likely to be available in respect of the personal data we hold, given the purpose for which we collect such data, as described above.
You may contact us at any time to limit our sharing of your personal information. If you limit sharing for an account you hold jointly with someone else, your choices will apply to everyone on your account. US state laws may give you additional rights to limit sharing.
Complaining to supervisory authorities
A complaint in respect of the Investment Manager may be made to the Information Commissioner’s Office in the United Kingdom.
Who to contact about this Privacy Notice
Please contact our Chief Compliance Officer on firstname.lastname@example.org / +44 20 7535 5176 or by writing to the following address Naya Capital Management UK Limited, 54 Baker Street, London W1U 7BU, United Kingdom for any questions about this Privacy Notice or requests with regards to the personal data we hold.
For more specific information or requests in relation to the processing of personal data by the Administrator, the Prime Brokers or any other service provider of the Funds, you may also contact the relevant service provider directly at the address specified in the Directory section of the relevant Memorandum or by visiting their websites.