Orchestra Private Equity Privacy Statement
Effective Date: January 1, 2021
Orchestra Private Equity Singapore Pte. Ltd., its affiliates and the collective investment vehicles and client accounts which are managed or advised by Orchestra Private Equity Singapore Pte. Ltd. and/or its affiliates (together, “OPE”, “we”, “us” or “our”) may obtain personal data about you. For the purposes of data protection law, we are a user or controller in respect of your personal data. We are responsible for ensuring that we use your personal data in compliance with applicable data protection law.
OPE respects your concerns about privacy and is committed to protecting the privacy of all personal data obtained.
This Privacy Statement explains: (i) the personal data we process; (ii) how that information is processed; (iii) with whom we may share it; and (iv) the rights available to you.
This Privacy Statement concerns the information we collect through your use of our website www.orchestraprivateequity.com (the “website”), when you contact or request information from us, when you engage us for services and personal data, we handle while carrying on our commercial activities, including personal data of officers or representatives of organizations with which we have a business relationship.
As referenced in this Privacy Statement:
- “Personal data” generally means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, OPE (or its representatives or its service providers). In addition to information, it may also include any expression of opinion about an individual and any indication of the intentions of OPE or any other person in respect of such individual.
- “Process” includes any operation that is carried out in respect of personal data, including but not limited to, collecting, using, storing, disclosing, or otherwise processing personal data.
Personal Data that We Collect About You
OPE may collect and process the following personal data about you:
Information that you provide to us or one of our affiliates. This includes information about you that you give to us by filling in online forms or by communicating with us, whether by e-mail or otherwise. The nature of our relationship and the services you are requesting will determine the kind of personal data we might collect and use. This information may include (but is not limited to):
- Basic personal data (such as your name, date of birth, national insurance number, social security number, address, telephone number(s), e-mail address, occupation, and job title).
- When you have an investor account, your username and password to access OPE products and services online.
- Financial information (such as information relating to your financial health and details of your income and assets).
- Any information that you choose to share with us (whether through the website or otherwise, including IP address, cookie, any comments, or other content you submit to us) which may be considered personal data.
Information we collect or generate about you. This may include (but is not limited to):
- Information about our business relationships with you and our interactions with you, including any personal data that you provide during telephone and email communications with us which we may monitor and record to resolve complaints, improve our service and to comply with our legal and regulatory requirements.
- When you submit identifiable comments and other content to us, we collect whatever information you supply and use this information to communicate with you if requested, and otherwise fulfil the purpose of the content submission.
- A file with your contact history used for enquiry purposes that we may ensure that you are satisfied with the services we have provided to you.
Information we obtain from other sources. This may include (but is not limited to):
- Information from publicly available sources (including third party agencies such as credit reference agencies, fraud prevention agencies, law enforcement agencies and other publicly accessible sources).
- Information obtained from independent financial advisors (IFAs), other professional advisers, product providers, event organizers, and other agents and/or representatives.
- Information obtained from sanctions checking and background screening providers.
OPE may process your personal data for the following purposes (to the extent applicable):
- To provide, manage or administer the products or services provided to you, including processing transactions.
- To review and improve the information provided on our website to ensure it is user friendly and to prevent any potential disruptions.
- To manage your account, maintain your personal profile and personalize your experience on our website.
- To communicate with you when necessary or appropriate in relation to the services being provided to you or the services being provided to us.
- To assess applications or contracts for our products and services, including to ascertain whether you meet the applicable suitability standards imposed by the jurisdiction of your residence and any laws, rules regulations, guidelines, notices, or directions that apply to OPE, and otherwise ascertain whether we determine that you are suitable to enter into any vendor or service agreement with us.
- To perform analytics (including market research, trend analysis, financial analysis, and anonymization of personal data).
- To keep you updated whilst you are a client in relation to the products or services provided to you and to provide you with information or opportunities that we believe may be relevant to you.
- To manage our business, including to enable third party service providers to provide services on our behalf.
- To administer and maintain IT systems to uphold standards of service.
- To monitor IT systems to protect against cyber threats or malicious activity including abuse and misuse.
- To conduct our everyday business purposes, which may include compliance with industry standards and policies and/or obligations under applicable law.
- To ensure that we meet our obligations under any applicable laws, rules, regulations, guidelines, notices, or directions, including (without limitation):
- Verifying compliance with the relevant laws, rules, regulations, guidelines, notices, or directions that apply to OPE.
- Any obligations related to tax matters (such as identification, tax reporting and tax audit).
- Any obligations related to anti-money laundering and countering the financing of terrorism legislation or regulations.
- Responding to any mandatory request for information made by a governmental or other regulatory body, any exchange or self-regulatory organization.
- To establish, exercise or defend our legal rights.
- To administer and maintain databases storing personal data.
We are entitled to use your personal data in these ways because:
- We need to perform our contractual obligations under the vendor or service agreement which you have entered or are entering into with us or will be done at your request prior to entering into that agreement and exercise our rights in connection with managing your account and providing the products and services to you.
- We have obtained your consent.
- We have legal and regulatory obligations that we must discharge.
- We may need to establish, exercise, or defend our legal rights or for the purpose of legal proceedings.
- The use of your personal data as described may be necessary for our legitimate interests (or the legitimate interests of one or more of our affiliates), such as:
- Allowing us to administer and manage the operation of our business effectively and efficiently.
- Ensuring compliance with all legal and regulatory obligations and industry standards and preventing fraud.
- Maintaining compliance with internal policies and procedures.
- Ensuring the security of our information systems.
We may share your personal data within the OPE group for the purposes described above.
We may also share your personal data with third parties outside of the OPE group for the following purposes:
- To our business partners who are contractually obliged to comply with appropriate data protection obligations.
- Assessing compliance with applicable laws, rules, and regulations, as required by law of relevant government or administrative authority and then, to the extent reasonably practicable, only subject to customary undertakings of confidentiality.
- To the extent required by law (for example, if we are under a duty to disclose your personal data to comply with any legal obligation), establish, exercise or defend our legal rights or for the purpose of legal proceedings.
- If we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes.
- If we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third-party buyer.
- To third party agents and contractors for the purposes of providing services to us, including (but not being limited to) OPE’s outside counsel, auditors, professional advisors and IT and communications providers. These third parties will be subject to confidentiality requirements, and they will only use your personal data as described in this Privacy Statement.
- To any organization at your request or any person acting on your behalf (including your agents, advisers, brokers and product providers).
No personal data is shared with unaffiliated third parties for their marketing purposes.
Transfers of Data
Personal data may be transferred internationally for the purposes described in this Privacy Statement and as otherwise required or permitted by applicable law. The protections which apply to international transfers of personal data are further described in this section and will apply regardless of the international transfer or processing of such information.
Transfers Outside Singapore
Where we are subject to the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (the “PDPA”) in respect of our processing of your personal data and if we transfer your personal data outside Singapore, we will take all reasonable steps to ensure that:
- The recipient agrees to protect personal data at a standard that is at least comparable to the PDPA in accordance with the PDPA.
- Any other transfer will otherwise be in accordance with the PDPA.
Transfers Outside Japan
Where we are subject to the Personal Information Protection Act of Japan (No. 57 of 2003, as amended) (the “PIPA”) in respect of our processing of your personal data, your personal information may be transferred outside Japan only if:
- You have expressly consented that personal information can be transferred to a third party outside Japan, unless such personal information is transferred to an EU country or the overseas organization to which the data will be transferred is bound by legally enforceable obligations to provide to the personal information transferred a standard of protection that is comparable under the PIPA.
- We are permitted to provide your personal data to a third party under the PIPA on any of the following grounds:
- The transfer is required under Japanese laws and regulations.
- It is necessary to protect a person’s life, body or property and it is difficult to obtain your consent.
- it is particularly necessary to enhance public health or promote fostering healthy children and it is difficult to obtain your consent.
- it is necessary to cooperate Japanese government authorities in executing their duties and obtaining your consent may impede the execution of such duties.
Transfers Outside Korea
Where we are subject to the Personal Information Protection Act of Korea (Act No. 16930, February 4, 2020) in respect of our processing of your personal data, your personal information may be transferred outside Korea only if you have been provided the following information (a. to d.), and expressly consented that your personal information can be transferred to a third party outside Korea, unless all of the following information (a. to d.) is disclosed in a way you can easily recognize, or notified to you by e-mail or other means as prescribed by the relevant provisions of the Enforcement Decree of Personal Information Protection Act.
- Of the personal information to be transferred.
- The country to which your personal information is to be transferred, the date and method of such transfer.
- The name of the entity receiving personal information.
- The intended use of personal information and the period of retention by the entity receiving personal information.
Transfers Outside Hong Kong
Where we are subject to the Hong Kong Personal Data (Privacy) Ordinance (the “PDPO”) in respect of our processing of your personal data and if we transfer your personal data outside Hong Kong, we will ensure that:
- We have reasonable grounds for believing that there is in force in that recipient destination any law which is substantially similar to, or which serves the same purposes as the PDPO.
- You have consented in writing to the transfer.
- We have reasonable grounds for believing that, in the circumstances in question.
- The transfer is for the avoidance or mitigation of adverse action against you.
- It is not practicable to obtain your consent in writing to that transfer.
- If it was practicable to obtain such consent, you would give it.
- We have taken all reasonable precautions and exercised all due diligence to ensure that the data will not, in that recipient destination, be collected, held, processed or used in any manner which, if that recipient destination were Hong Kong, would be a contravention of a requirement under the PDPO.
Transfers Outside the US
Where we are subject to the US Privacy Act of 1974, Health Insurance Portability and Accountability Act (the "HIPAA"), Children's Online Privacy Protection Act (the "COPPA"), Gramm-Leach-Bliley Act (the "GLBA"), California Consumer Privacy Act (the "CCPA"), and any other US State Privacy Laws, and we transfer your personal data outside of the US or outside of the US State where the State Privacy Law applies to, we have put in place relevant data protection policies and/or data transfer agreements so as to provide your personal data with the same protections as set out under the applicable laws.
Transfers Outside the European Economic Area (“EEA”)
Where we are subject to the EU General Data Protection Regulation (or any equivalent data protection legislation) in respect of our processing of your personal data and if we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in several ways, for instance where:
- the recipient destination has been subject to a finding from the European Commission that it ensures an adequate level of protection for the rights and freedoms that you possess in respect of your personal data.
- If the recipient is in the United States of America, it is a certified member of the EU-US Privacy Shield scheme.
- The recipient has signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data.
- To the extent that the EU General Data Protection Regulation (or any equivalent data protection legislation) applies to you, you are entitled to request further details of the protection given to your personal data when it is transferred outside its country or jurisdiction of origin.
Transfers Outside the Cayman Islands
Where we are subject to the Cayman Islands Data Protection Law and we transfer your personal data outside of the Cayman Islands, we have put in place relevant data protection policies and data transfer agreements to provide your personal data with the same protections as set out under Cayman Islands law.
How long we will retain your personal data for will vary and will be determined by the following criteria: (i) the purpose for which we are using it – OPE will need to keep the data for as long as is necessary for that purpose; and (ii) to the extent that we are permitted by law to retain it for a longer period of time (in which case we will retain it for the period permitted by law) or to the extent that we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
To the extent you are entitled to do so under applicable law:
- You have a right to obtain information on, and access to, the personal data that we process about you and to request the correction of any error or inaccuracy in relation to such personal data.
- You also have the following rights in respect of your personal data.
- The right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we can rely on another legal ground for doing so.
- In some circumstances, the right to receive any personal data which we process about you based on your consent (as opposed to any other legal ground) in a structured, commonly used and machine-readable format and/or request that we transmit such data where this is technically feasible. Please note that this right only applies to personal data which you have provided to us.
- The right to request that we rectify your personal data if it is inaccurate or incomplete.
- The right to request that we erase your personal data in certain circumstances. This may include (but is not limited to) circumstances in which: (i) it is no longer necessary for us to retain your personal data for the purposes for which we collected it; (ii) we are only entitled to process your personal data with your consent, and you withdraw your consent, and where there is no other legal ground for the processing; or (iii) you object to our processing of your personal data for our legitimate interests, and our legitimate interests do not override your own interests, rights and freedom.
Notwithstanding the above, please note that there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and/or to refuse that request:
- The right not to be subject to a decision based solely on the automated processing of your personal data, where this produces legal effects concerning you or which significantly affects you.
- The right to lodge a complaint with the data protection regulator in your jurisdiction if you think that any of your rights have been infringed by us.
You may exercise any of the above rights or obtain further information about the use of your personal data by contacting firstname.lastname@example.org. To process your request, we reserve the right to use personal data previously obtained to verify your identity or take other actions that we believe are appropriate, subject to the requirements under applicable law.
To protect your personal data from unauthorized access and use, OPE uses security measures that comply with applicable law. These measures include appropriate physical, electronic and procedural controls which are reasonably designed to:
- Ensure the security and confidentiality of your records and information.
- Protect against any anticipated threats or hazards to the security or integrity of your records and information.
- Protect against unauthorized access to or use of your records or information that could result in substantial harm or inconvenience to you.
You may also wish to note that you may be able to access other organizations’ websites through links on this website and in this regard, please note that OPE is not responsible for the privacy standards and processes of those organizations and external websites.
This Privacy Statement may be updated periodically to reflect changes in our firm’s policies and applicable law. We suggest that you periodically review this Privacy Statement for any update.
How to Contact Us
If you have any questions or concerns about OPE’s handling of your personal data, please contact email@example.com.
We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction.
Orchestra Private Equity Privacy Statement was implemented on January 1, 2021. The policy is subject to change and will be reviewed with a frequency of at least once every two years.