Privacy Policy

1. Introduction

EDMUNDNAV (“EDMUNDNAV”, “we”, “us” or “our”) provides fund administration, accounting, registrar, transfer agency, and related back-office services to private investment funds, family offices, and their managers, sponsors, and investors. In the course of delivering these services, we collect and process personal information about a range of individuals, including investors, beneficial owners, authorised representatives, advisers, and personnel of our institutional clients.

We treat the protection of personal information as a fundamental component of our duty of confidentiality. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, how long we retain it, and the rights and choices that may be available to you in respect of your information.

We encourage you to read this Policy carefully. If you do not understand any part of it, or if you have questions about how your personal information is handled, please contact us using the details set out in Section 15.

2. Scope of this Policy

This Policy applies to all personal information we process in connection with our fund administration business, including information collected through:

• our investor onboarding and subscription processes;

• our ongoing administration of private funds, special purpose vehicles, and family office structures;

• our website, client portal, and other digital channels;

• communications by email, telephone, secure messaging, video conferencing, or in person; and

• information lawfully obtained from third parties such as introducers, screening providers, public registers, and our institutional clients.

In some processing activities EDMUNDNAV acts as a data controller in its own right (for example, where we conduct our own client due diligence or risk screening). In other activities we act as a data processor or service provider on behalf of a fund, manager, or family office, who remains the primary controller of the personal information. This Policy explains both roles. Where we act as a processor, the privacy policy of the relevant fund or manager will also apply, and in case of conflict that policy will generally govern.

3. Definitions

Personal information means any information relating to an identified or identifiable natural person.

Processing means any operation performed on personal information, including collection, recording, storage, use, disclosure, transfer, restriction, and erasure.

Investor means a natural person who subscribes to or holds an interest in a fund or vehicle administered by EDMUNDNAV, and includes the directors, officers, beneficial owners, controllers, authorised signatories, and connected persons of any non-natural person investor.

Client means a fund, vehicle, manager, sponsor, family office, or related entity that has engaged EDMUNDNAV to provide administration or related services.

4. Personal Information We Collect

The categories of personal information we collect depend on your relationship with us. Not every category will apply to every individual. The categories below are typical, but not exhaustive.

4.1 Investors and Prospective Investors

• identification information, including full legal name, date and place of birth, nationality, residential address, gender, photograph, and signature;

• government-issued identifiers, such as passport number, national identity card number, driver’s licence number, tax identification number, and social security or equivalent number;

• contact details, including telephone numbers, email addresses, and correspondence addresses;

• financial and economic information, including source of funds, source of wealth, employment and occupation, net worth, expected investment activity, accredited or qualified investor status, and bank account details;

• tax-related information required for FATCA, CRS, and other reporting regimes, including tax residency, U.S. person status, and self-certifications;

• subscription and holding information, including capital commitments, contributions, distributions, balances, and transaction history;

• information generated by sanctions screening, politically exposed person (PEP) screening, and adverse media checks; and

• any additional information you, your representatives, or your advisers provide in connection with your investment.

4.2 Beneficial Owners and Connected Persons

Where an investor is not a natural person, we are required to collect information about the directors, officers, controllers, beneficial owners, settlors, protectors, trustees, beneficiaries, authorised signatories, and other connected persons of that investor. The categories of information collected for these individuals will generally mirror those described in Section 4.1.

4.3 Personnel of Institutional Clients and Counterparties

• name, business contact details, role, employer, and professional qualifications;

• authorisation and signing authority information;

• communications with us in the course of providing or receiving services; and

• information necessary for our own due diligence on the entity you represent.

4.4 Website and Portal Users

• login credentials and authentication information;

• device, browser, and connection information, including IP address, operating system, and timestamps;

• usage information, including pages viewed, features used, and documents accessed; and

• cookies and similar technologies, as further described in our cookie notice (where applicable).

4.5 Sensitive Information

We do not generally seek to collect sensitive categories of personal information (such as information revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning sexual orientation). However, certain identification documents (such as passports) may incidentally reveal such information. Where this occurs, we process that information only to the extent necessary to verify identity and to comply with our legal obligations.

5. Sources of Personal Information

We obtain personal information from the following sources:

• directly from you, including through subscription documents, onboarding questionnaires, correspondence, and use of our portal;

• from your authorised representatives, advisers, family office staff, or introducing brokers;

• from our institutional clients, including the funds and managers that engage us;

• from third-party data providers, including KYC, AML, sanctions, PEP, and adverse media screening providers;

• from public registers, regulators, and other publicly available sources; and

• from our own records of past dealings.

6. Purposes for Processing Personal Information

We process personal information for the following purposes.

Service delivery - Establishing and administering investor accounts; processing subscriptions, redemptions, transfers, and distributions; maintaining the register of investors; preparing investor statements, capital account statements, and notices; calculating net asset value.

Client and investor due diligence - Identity verification, KYC, AML, counter-terrorist financing, sanctions, PEP, and adverse media screening; ongoing monitoring; risk assessment and rating.

Regulatory and tax reporting - FATCA and CRS reporting; reporting to regulators in the jurisdictions in which the relevant fund or vehicle is established or marketed; suspicious activity reporting; responding to lawful requests from authorities.

Communications - Responding to enquiries, sending statements, notices, and capital calls, providing investor updates, and operational service messages

Risk management and internal administration - Internal audit, accounting, business continuity, information security, training, quality assurance, and management reporting.

Defending legal claims - Establishing, exercising, or defending legal claims, including in connection with disputes, litigation, regulatory investigations, or insurance matters.

Corporate transactions - Evaluating, negotiating, and implementing mergers, acquisitions, restructurings, financings, or transfers of all or part of our business.

7. Legal Bases for Processing

Where applicable data protection law requires us to identify a legal basis for processing personal information, we rely on one or more of the following:

• Compliance with legal obligations – where processing is necessary to comply with anti-money laundering, counter-terrorist financing, sanctions, tax (including FATCA and CRS), accounting, or other regulatory requirements applicable to us or our clients.

• Performance of a contract – where processing is necessary to perform our administration agreement with a client, or to take steps at your request prior to entering into a contract.

• Legitimate interests – where processing is necessary for our legitimate interests or those of a third party (for example, our clients, investors, or counterparties), provided those interests are not overridden by your fundamental rights and freedoms. Such interests include operating and developing our business, preventing fraud and financial crime, ensuring information security, and defending legal claims.

• Consent – where you have given clear consent for processing for a specific purpose. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

• Public interest or vital interests – in limited circumstances, where processing is necessary in the public interest, including the prevention and detection of crime, or to protect a person’s vital interests.

8. How We Share Personal Information

We treat personal information as confidential and disclose it only to the extent necessary to deliver our services and meet our legal obligations. Recipients may include:

• the relevant fund, vehicle, manager, sponsor, or family office for which we provide administration services, and their directors, officers, and authorised representatives;

• professional advisers, including auditors, legal counsel, tax advisers, and compliance consultants engaged by us or by our clients;

• service providers and counterparties, including custodians, prime brokers, depositaries, banks, paying agents, transfer agents (where we are not appointed in that role), KYC and screening providers, IT, cybersecurity, and cloud hosting providers, document storage providers, and communication platforms;

• regulators, tax authorities, and other governmental bodies, including in connection with FATCA, CRS, AML, suspicious activity reporting, and other lawful requests for information;

• law enforcement and judicial authorities, where required by law, court order, or in response to a lawful request;

• parties to a corporate transaction, such as prospective purchasers, financing parties, and their advisers, in connection with the evaluation or completion of any actual or proposed merger, acquisition, restructuring, financing, or transfer of all or part of our business; and

• other third parties, where you have authorised disclosure or where disclosure is otherwise required or permitted by law.

We do not sell personal information, and we do not share personal information with third parties for their own marketing purposes.

9. International Transfers

EDMUNDNAV operates internationally, and the parties listed in Section 8 may be located in jurisdictions outside the country in which you reside or in which the relevant fund or vehicle is established. As a result, personal information may be transferred to, stored in, and processed in jurisdictions whose data protection laws may differ from those of your home jurisdiction.

Where we transfer personal information across borders, we take appropriate steps to ensure that the information remains protected, which may include relying on adequacy decisions, entering into standard contractual clauses or equivalent transfer mechanisms, obtaining explicit consent where required, or relying on derogations permitted under applicable law (including transfers necessary for the performance of a contract or for the establishment, exercise, or defence of legal claims).

10. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, tax, or reporting requirements, and to establish, exercise, or defend legal claims.

In particular, anti-money laundering and counter-terrorist financing legislation in the jurisdictions in which we operate generally requires us to retain investor identification and transaction records for a minimum of five to seven years following the termination of the relevant business relationship or completion of the relevant transaction. Tax and accounting records are typically retained for similar or longer periods.

When personal information is no longer required, we will securely delete, destroy, or anonymise it in accordance with our retention schedule and applicable law.

11. Information Security

We maintain a programme of organisational, technical, and physical safeguards designed to protect personal information against unauthorised access, alteration, disclosure, loss, or destruction. These measures include:

• access controls, multi-factor authentication, and the principle of least privilege;

• encryption of personal information in transit and, where appropriate, at rest;

• network security controls, including firewalls and intrusion detection;

• staff confidentiality obligations, training, and disciplinary procedures;

• due diligence on service providers and contractual confidentiality and security commitments; and

• incident response, business continuity, and disaster recovery procedures.

Despite these measures, no method of transmission or storage is completely secure. If we become aware of a security incident affecting your personal information, we will notify you and the relevant authorities to the extent and within the timeframes required by applicable law.

12. Your Rights

Depending on your jurisdiction and the applicable data protection law, you may have some or all of the following rights in respect of your personal information:

• the right to be informed about how we process your personal information;

• the right of access to a copy of the personal information we hold about you;

• the right to rectification of inaccurate or incomplete personal information;

• the right to erasure of personal information in certain circumstances (sometimes referred to as the “right to be forgotten”);

• the right to restrict processing in certain circumstances;

• the right to object to processing carried out on the basis of legitimate interests or for direct marketing;

• the right to data portability in certain circumstances;

• the right to withdraw consent where processing is based on consent; and

• the right to lodge a complaint with a competent data protection supervisory authority.

These rights are not absolute. In particular, where we process personal information to comply with legal obligations (such as anti-money laundering, sanctions, or tax reporting requirements), or where we need to retain information to establish, exercise, or defend legal claims, we may be unable to give effect to a request to delete or restrict processing of that information.

To exercise any of your rights, please contact us using the details set out in Section 15. We may need to verify your identity before responding to your request, and we will respond within the timeframes required by applicable law.

13. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects on individuals based solely on automated processing. Where automated tools (such as sanctions or PEP screening systems) flag a potential match, the outcome is reviewed and confirmed by a member of our compliance team before any decision is taken.

14. Children

Our services are directed to institutional clients and accredited or qualified investors and are not directed to children. We do not knowingly collect personal information directly from children. Personal information relating to a minor (for example, a beneficiary of a trust or family office structure) is processed only where provided by an adult representative for legitimate administration purposes.

15. Contact Us

If you have any questions about this Policy, wish to exercise any of your rights, or wish to raise a concern about how your personal information is handled, please contact us:

EDMUNDNAV Privacy and Data Protection Office

Email: info@edmundnav.com

Postal address: 51218 Al Zahiyah, 10th St, Abu Dhabi, UNITED ARAB EMIRATES

Attention: Data Protection Officer / Privacy Officer

If you are not satisfied with our response, you may have the right to lodge a complaint with the data protection supervisory authority in your jurisdiction.

16. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The version date at the top of this Policy indicates when it was last revised. Where changes are material, we will provide notice through our website, our portal, or by other appropriate means. Continued use of our services or continued investment in a fund or vehicle administered by us following the effective date of any updated Policy will be deemed acceptance of the updated terms, except where applicable law requires us to obtain fresh consent.