Privacy

RFR Lux Asset Management S.à r.l. Privacy Notice

RFR Lux Asset Management S.à r.l. Privacy Notice

Thank you for visiting our website and for your interest in our company and our services. Data protection and privacy is very important to RFR Lux Asset Management S.à r.l. If we need to process Personal Data for reasons other than those provided by statute, we will always seek the consent of the Data Subject.

The processing of personal data is always in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in the processing of personal data; on the free movement of data and the repeal of Directive 95/46/EC ("General Data Protection Regulation" or "GDPR") and in accordance with the country-specific data protection provisions applicable to RFR Lux Asset Management S.à r.l. (including, but not limited to, the Law of 1 August 2018 on the Organisation of the National Data Protection Commission and the General Data Protection Regulation as amended or replaced) (together with the GDPR, the "Data Protection Act"). Personal Data within the meaning of this information are all information that may have a connection to an identified or identifiable natural person, e.g. name, address, e-mail and IP address, user behavior.

By means of this Privacy Notice, we would like to inform you (acting as a Data Subject) about the nature, scope and purpose of the personal data we collect, use and process (“Personal Data”). In addition, you are informed about your rights relating to the collection and processing of Personal Data.

Investors who are legal entities undertake and guarantee to process the personal data of their representatives and employees and to transmit this personal data to the Controller in accordance with the Data Protection Act, including, where appropriate, informing the persons concerned of the contents of this section in accordance with Articles 12, 13 and/or 14 of the GDPR.

RFR Lux Asset Management S.à r.l., in its capacity as Data Controller (“Controller”), has implemented numerous technical and organizational measures to ensure the most complete protection of Personal Data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, you are free to provide us with Personal Data by alternative means, for example by telephone.

1. Name and address of the Controller

The Controller in the sense of the GDPR, other data protection laws and other provisions of data protection nature applicable in Member states of the European Union is:

RFR Lux Asset Management S.à r.l.
37A, avenue J.F. Kennedy
L-1855 Luxemburg
Grand Duchy of Luxemburg

Tel: +352 26.27. 54.95

E-Mail: legal•@•rfr.lu

Website: www.rfr-management.lu

2. Collection of Personal Data and information

(1) The website of RFR Lux Asset Management S.à r.l. collects a number of Personal Data and information with each call-up to the website, i.e. even when used purely in form of information by a Data Subject or by an automated system. These data and information are transmitted from your browser to our server, and stored in the log files of the server. If you wish to view our website, we will collect the following data, which is technical necessary to ensure its stability and security:

your IP address,
the date, time and duration of your visit,
the subject of your request (the exact page you viewed)

access status/http status code
the referring website (i.e. the identification of the requesting website)
the name and version of your browser,
the name and version of your operating system.

(2) When using this data and information, RFR Lux Asset Management S.à r.l. does not draw any conclusions about the identity of the Data Subject. Rather, this information is needed to:

deliver the content of our website correctly,
ensure the long-term functioning of our information technology systems and website technology, and
provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

(3) These collected data and information are therefore evaluated statistically by the Controller on the one hand and further with the aim of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data we process.

(4) If you contact us by email, we will store the information you provide (your email address and, if applicable, your first and last name) to process your enquiry. All data created in this context will be deleted after storage is no longer required, or restrict their processing if there are legal retention obligations.

3. Cookies

(1) The website of RFR Lux Asset Management S.à r.l. uses cookies. Cookies are small text files that are placed in the web browser of a computer system, where they remain stored. Cookies cannot execute programs or transmit viruses to your computer. Their purpose is to make the general online experience more user-friendly and effective.

(2) Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that can be used to assign web pages and servers to the specific web browser where the cookie was stored. This makes it possible to distinguish the websites and servers visited, the specific browser of a Data Subject from other web browsers containing other cookies. A specific web browser can be recognized and identified based on the unique cookie ID.

(3) The use of cookies helps RFR Lux Asset Management S.à r.l. to provide users of its website with more user-friendly services, which would not be possible without the use of cookies.

(4) Before setting up cookies, with the exception of cookies necessary for the functioning of the website, the consent of the data subject is obtained, in accordance with Article 7 of the GDPR. The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus object to the setting of cookies permanently, by revoking their consent. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all popular internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

(5) Such stored information will be retained separately from any other data provided to us. In particular, we will not combine data gathered from cookies with any other data we may have stored about you.

4. Categories of recipients to whom Personal Data may be disclosed

(1) We use service providers (e.g. IT service providers) to carry out some of the processes and provide some of the services described above. These external service providers are carefully selected and commissioned in accordance with applicable data protection laws and regulations. These third-party service providers are bound by our instructions and are subject to regular performance reviews. They will not disclose your data to third parties.

(2) We may disclose data about you to other recipients only as required by applicable law, or with your consent, or where such disclosure is authorized. If these conditions are met, recipients of Personal Data may include:

government agencies or institutions (e.g. fiscal and law enforcement authorities) if we are required to do so by law or regulation, or

other companies or similar organizations to whom we may transfer Personal Data for the administration of our business relationship with you and the central administration, auditor, IT service provider, accounting agent and the legal and tax advisor.

(3) Recipients may, on their own responsibility, transfer personal data to their agents and/or delegates (the "sub-recipients") who will process the personal data for the sole purpose of assisting the recipients to provide their services to the controller and/or to assist the recipients in fulfilling their own legal obligations.

Recipients and sub-recipients may be located either inside or outside the European Economic Area (the "EEA"). If recipients outside the EEA are located in a country that does not provide an adequate level of protection for personal data, data controllers will conclude a legally binding transfer agreement with the recipients concerned in the form of model clauses approved by the European Commission. In this context, the data subjects have the right to request copies of the relevant document by writing to the data controller in order to enable the transfer of personal data to these countries. The recipients (if the personal data are processed on the instructions of the controller) and sub-receivers (if the personal data are processed on the instructions of the recipient) may process the personal data as processors or as separate controllers (if the personal data are processed for their own purposes, i.e. to fulfil their own legal obligations), as appropriate. The controller may also disclose personal data to third parties, such as governmental or regulatory authorities, including tax authorities, inside or outside the European Union, in accordance with applicable laws and regulations. In doing so, the data subjects acknowledge that the data controller will report all personal data to the Luxembourg tax authorities, who may in turn act as data controllers and disclose such data to foreign tax authorities in accordance with the CRS Act or equivalent European and Luxembourg legislation.

5. Legal basis and purpose of processing

We process your Personal Data in compliance with applicable data protection laws and regulations (as amended from time to time). Such processing is lawful if any one of the following conditions applies:

Consent (Article 6(1)(a) GDPR)

The processing of Personal Data is lawful if the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes (e.g. to processing your request, use of data for marketing purposes). The Data Subject has the right to withdraw consent at any time with effect for any further processing. This also applies to consent Data Subjects may have given to us before the GDPR came into force, i.e. before 25 May 2018.

Performance of a contract (Article 6(1)(b) GDPR)

We process Personal Data in order to perform our obligations under a contract with you or in order to take steps at your request prior to entering into a contract. The purpose of such processing depends mainly on the nature of your request.

Compliance with a legal obligation (Article 6(1)(c) GDPR)

RFR Lux Asset Management S.à r.l. is subject to a range of legal obligations, including, but not limited to

retention requirements under commercial and tax law,
monitoring and reporting obligations under national and supranational legal and regulatory requirements (including laws and regulations applicable in relation to FATCA and CRS)
compliance with applicable AML and CFT requirements

Legitimate interests (Article 6(1)(f) GDPR)

Where necessary, we process your Personal Data not only to perform a contract but also for the purposes of legitimate interests pursued by RFR Lux Asset Management S.à r.l. or third parties, for example

to establish and exercise legal claims or defend litigation,
to conduct business in compliance with applicable market standards,
to ensure IT security and IT operations,
to analyze and enhance your use of our website,
customer relationship management.

6. Criteria used to determine the period of storage of Personal Data

The data will be stored in accordance with legal regulations for data processing and in compliance with statutory retention periods. We process and use your data exclusively for the purposes to which we are entitled and as long as the data is required for these purposes.

7. Data protection in relation to job applications and during the application process

The Controller collects and processes Personal Data of job applicants for the purpose of processing a job application. Such data may be processed electronically, in particular if an applicant submitted an application to the Controller by electronic means, e.g. by email. If the Controller enters into an employment contract with an applicant, the data provided by the applicant will be stored in compliance with applicable laws and regulations for the purpose of the employment relationship. If the Controller does not enter into an employment contract with an applicant, all documents submitted by the applicant in support of his or her application will be automatically deleted six months after the decision to refuse the application.

8. Data Subject Rights

(1) Every data subject has the right to information, the right to rectification, the right to erasure, the right to restrict processing, the right to object and the right to data portability.

In addition, there is a right of appeal to a competent data protection supervisory authority (in Luxembourg the National Commission for Data Protection, Grand Duchy of Luxembourg (the "CNPD"): 15, Boulevard du Jazz, L-4370 Belvaux).

(2) You can revoke your consent to the processing of personal data at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before the GDPR is in force, i.e. before 25 May 2018.

(3) You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you for reasons rising from your particular situation.

In individual cases, we process Personal Data about you for direct marketing purposes. You have the right to object at any time to the processing of Personal Data about you for such marketing; this also applies to profiling related to direct marketing purposes.

If you object to processing for direct marketing purposes, we will stop processing your Personal Data for this purpose.

If you object, we will no longer process your Personal Data, unless we can demonstrate a compelling legitimate interest in such processing which overrides your interests or fundamental rights and freedoms, or if the processing is necessary for the establishment, exercise or defense of legal claims.

Your objection may be made informally and should be directed, if possible, to the following address:

RFR Lux Asset Management S.à r.l.
37A, avenue J.F. Kennedy
L-1855 Luxemburg
Grand Duchy of Luxemburg

Tel: +352 26.27. 54.95

E-Mail: legal•@•rfr.lu

Website: www.rfr-management.lu

9. Obligation to provide Personal Data and possible consequences of non-provision

To be able to use our offerings, you have to provide the Personal Data required for the purpose concerned or which we are legally obliged to collect. Without these data, we will generally not be able to provide the desired performance.

10. Existence of automated decision-making

Being a responsible company, we refrain from using automatic decision-making or profiling within the meaning of Article 22 GDPR.

11. Updates or amendments to this Privacy Notice

We continuously develop and improve our services. Therefore, we may add new features to this website from time to time. If this has consequences for how your Personal Data are processed, we will inform you in this Privacy Notice in due time.

Luxemburg, October 2020

RFR Lux Fund Management S.à r.l. Privacy Notice

RFR Lux Fund Management S.à r.l. Privacy Notice

Thank you for visiting our website and for your interest in our company and our services. Data protection and privacy is very important to RFR Lux Fund Management S.à r.l. If we need to process Personal Data for reasons other than those provided by statute, we will always seek the consent of the Data Subject.

The processing of personal data is always in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in the processing of personal data; on the free movement of data and the repeal of Directive 95/46/EC ("General Data Protection Regulation" or "GDPR") and in accordance with the country-specific data protection provisions applicable to RFR Lux Fund Management S.à r.l. (including, but not limited to, the Law of 1 August 2018 on the Organisation of the National Data Protection Commission and the General Data Protection Regulation as amended or replaced) (together with the GDPR, the "Data Protection Act"). Personal Data within the meaning of this information are all information that may have a connection to an identified or identifiable natural person, e.g. name, address, e-mail and IP address, user behavior.

RFR Lux Fund Management S.à r.l., in its capacity as Data Controller (“Controller”), has implemented numerous technical and organizational measures to ensure the most complete protection of Personal Data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, you are free to provide us with Personal Data by alternative means, for example by telephone.

1. Name and address of the Controller

The Controller in the sense of the GDPR, other data protection laws and other provisions of data protection nature applicable in Member states of the European Union is:

RFR Lux Fund Management S.à r.l.
37A, avenue J.F. Kennedy
L-1855 Luxemburg
Grand Duchy of Luxemburg

Tel: +352 26.27. 54.95

E-Mail: compliance•@•rfr.lu

Website: www.rfr.lu

2. Collection of Personal Data and information

(1) The website of RFR Lux Fund Management S.à r.l. collects a number of Personal Data and information with each call-up to the website, i.e. even when used purely in form of information by a Data Subject or by an automated system. These data and information are transmitted from your browser to our server, and stored in the log files of the server. If you wish to view our website, we will collect the following data, which is technical necessary to ensure its stability and security:

your IP address,
the date, time and duration of your visit,
the subject of your request (the exact page you viewed)

access status/http status code
the referring website (i.e. the identification of the requesting website )
the name and version of your browser,
the name and version of your operating system.

(2) When using this data and information, RFR Lux Fund Management S.à r.l. does not draw any conclusions about the identity of the Data Subject. Rather, this information is needed to:

deliver the content of our website correctly,
ensure the long-term functioning of our information technology systems and website technology, and
provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

3. Cookies

(1) The website of RFR Lux Fund Management S.à r.l. uses cookies. Cookies are small text files that are placed in the web browser of a computer system, where they remain stored. Cookies cannot execute programs or transmit viruses to your computer. Their purpose is to make the general online experience more user-friendly and effective.

(3) The use of cookies helps RFR Lux Fund Management S.à r.l. to provide users of its website with more user-friendly services, which would not be possible without the use of cookies.

(6) If we use cookies that are not technically necessary, we will obtain the Data Subject’s consent in advance.

4. Categories of recipients to whom Personal Data may be disclosed

government agencies or institutions (e.g. fiscal and law enforcement authorities) if we are required to do so by law or regulation, or

other companies or similar organizations to whom we may transfer Personal Data for the administration of our business relationship with you and the central administration, auditor, IT service provider, accounting agent and the legal and tax advisor.

5. Legal basis and purpose of processing

Consent (Article 6(1)(a) GDPR)

The processing of Personal Data is lawful if the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes (e.g. to processing your request, use of data for marketing purposes).The Data Subject has the right to withdraw consent at any time with effect for any further processing. This also applies to consent Data Subjects may have given to us before the GDPR came into force, i.e. before 25 May 2018.

Performance of a contract (Article 6(1)(b) GDPR)

Compliance with a legal obligation (Article 6(1)(c) GDPR)

RFR Lux Fund Management S.à r.l. is subject to a range of legal obligations, including, but not limited to

retention requirements under commercial and tax law,
monitoring and reporting obligations under national and supranational legal and regulatory requirements (including laws and regulations applicable in relation to FATCA and CRS)
compliance with applicable AML and CFT requirements

Legitimate interests (Article 6(1)(f) GDPR)

Where necessary, we process your Personal Data not only to perform a contract but also for the purposes of legitimate interests pursued by RFR Lux Fund Management S.à r.l. or third parties, for example

to establish and exercise legal claims or defend litigation,
to conduct business in compliance with applicable market standards,
to ensure IT security and IT operations,
to analyze and enhance your use of our website,
customer relationship management.

6. Criteria used to determine the period of storage of Personal Data

7. Data protection in relation to job applications and during the application process

8. Data Subject Rights

(1) Every data subject has the right to information, the right to rectification, the right to erasure, the right to restrict processing, the right to object and the right to data portability.

(3) You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you for reasons rising from your particular situation.

If you object to processing for direct marketing purposes, we will stop processing your Personal Data for this purpose.

Your objection may be made informally and should be directed, if possible, to the following address:

RFR Lux Fund Management S.à r.l.
37A, avenue J.F. Kennedy
L-1855 Luxemburg
Grand Duchy of Luxemburg

Tel: +352 26.27. 54.95

E-Mail: compliance•@•rfr.lu

Website: www.rfr.lu

9. Obligation to provide Personal Data and possible consequences of non-provision

10. Existence of automated decision-making

Being a responsible company, we refrain from using automatic decision-making or profiling within the meaning of Article 22 GDPR.

11. Updates or amendments to this Privacy Notice

Luxemburg, October 2020