DATA PRIVACY NOTICE

1. This data privacy Notice (“Notice”) is issued and provided by Epiphany Capital Management Limited in respect of itself and/or any of its affiliated investment companies, as applicable (together “Epiphany”, “Company”, “we”, “us” or “our”).
2. The Notice is addressed to external individuals, professionals, and legal entities (collectively referred to as “you” or “your”) with whom we may interact, or may have interacted, in the course of our business, including any person with whom we entered into a contractual relationship.

III. By means of this Notice, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process in accordance with the EU General Data Protection Regulation and/or other non-EU laws and regulations, as applicable (“Data Protection Legislation”). The Data Protection Legislation governs the meaning of the terms used in this Notice.

1. When handling your data, we may act as data controller and/or data processor, as the case may be, in accordance with the Data Protection Legislation, depending on the circumstances in which personal information is collected, held or used. The data collection and processing may be in hard copy or through electronic instruments.
2. We may collect, store and process personal data received as part of the business relationship at any stage of the same relationship. Where your data are provided for investment purpose, we as data controller may directly (or through a third-party service provider) process your personal information. If you are an entity, we may process the personal information of your beneficial owner(s), employees, directors, officers and you shall make sure that these persons are properly informed of this Notice.
3. Personal data may include: (i) personal identification information (e.g. name, date of birth, nationality, addresses, telephone number, ID details, signature samples, social security number); (ii) identification data provided by public authorities (e.g. tax and passport numbers); (iii) personal distinguishing marks (e.g. video or voice recordings); (iv) information surrounding life areas (e.g. professional activity, hobbies, family members); (v) financial information (e.g. investment profiles including preferences, creditworthiness data, origin of wealth and assets); (vi) communications (e.g. e-mail correspondence). You are responsible for ensuring that any personal data that you send to us are complete, updated, correct and sent securely. From time to time we may ask you to confirm the accuracy of personal data.

VII. The purposes of the processing include:

– the establishment of the business relationship (e.g. onboarding and disinvestments, compliance procedure, liaison with public authorities and service providers);

– the exercise of the rights and the fulfilment of both contract obligations (including implementation of pre-contractual measures) and legal obligations (e.g. reporting to tax authorities);

– maintaining and updating your data;

– marketing and promotional activities;

– notification regarding changes to our service offers or business;

– monitoring and improving the quality of our services;

– quality assurance and training purposes.

VIII. Personal data may be disclosed to: (i) any of our affiliated entities including their respective directors, officers, employees, agents, and service providers; (ii) any public or accredited authorities; any third parties processor and in general any relevant parties to the extent necessary for the establishment, exercise or defence of legal rights or contractual obligations; (iii) any relevant parties for the purpose of prevention and detection of crimes; (iv) any relevant parties in the event that we sell or transfer all or any relevant portion of our business or assets.

1. In accordance with and to the extent permitted by the Data Protection Legislation, every data subject shall have the following rights:

– Request access to any personal data we hold about you, along with information regarding its nature, processing, and disclosure;

– Request rectification of your personal data if it is inaccurate or incomplete;

– Request erasure of your personal data (“right to be forgotten”), where applicable;

– Restrict further collection of personal data beyond what has already been gathered;

– Obtain and reuse your personal data, and transfer it to another controller (“data portability”);

– Restrict processing of your personal data under certain conditions;

– Withdraw your consent at any time, where processing is based on consent;

– Be informed without undue delay in the event of a personal data breach that may affect your rights and freedoms;

– Lodge a complaint with a supervisory authority regarding the processing of your personal data.

Notwithstanding the foregoing, we may exercise rights in connection with compelling legitimate grounds which override the data subject’s interest or where the data subject’s rights are not feasible, e.g. if data must be retained for the defense of legal claims or for compliance with applicable laws.

For any request, please contact us at epiphany@amicorp.com

1. Where you provide personal data relating to other individuals, you shall ensure that: such individuals have been informed of this Notice; and you are authorised to provide such personal data to us. We may not rely on such representations as a substitute for our own legal obligations under Data Protection Legislation.
2. We process your personal data on one or more of the following legal grounds:

Performance of a contract: where processing is necessary to enter into or perform a contractual relationship with you;

Compliance with legal obligations: including regulatory, tax, anti-money laundering, and counter-terrorist financing obligations;

Legitimate interests: where processing is necessary for our legitimate business interests, provided these are not overridden by your fundamental rights and freedoms. Such interests include, inter alia, the operation and administration of our business, client relationship management, risk management, and the defence of legal claims;

Consent: where you have provided your explicit consent (e.g. for certain marketing communications), which may be withdrawn at any time;

Establishment, exercise or defence of legal claims.

XII. We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, regulatory, tax, accounting or reporting requirements. In particular, investors and transactional data are typically retained for the minimum period required under applicable laws.

XIII. Personal data may be disclosed, where necessary, to:

our group entities and affiliates;

regulated service providers, including custodians, administrators, auditors, legal advisors, and IT service providers;

regulatory, supervisory, tax or governmental authorities;

courts, tribunals, or parties involved in legal proceedings;

potential buyers or transferees in the context of a corporate transaction.

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (“EEA”) or your country of residence.