Your privacy is very important to us. This notice (“Privacy Notice”) is provided by CarVal Investors, L.P., CarVal Investors GB LLP, CarVal Investors UK Ltd. and their affiliates (collectively, “we” or “us”) and sets forth our policies with respect to the collection, sharing, use (collectively “processing”) and protection of personal information.
How we collect information about you
We may collect personal data about you through:
- information provided directly to us by you, or another person on your behalf, through our website, by email or post, or in person;
- information that we obtain in relation to any transactions between you and us;
- information obtained in connection with investments we make on behalf of investment funds we manage;
- recruiting and application processes related to prospective employment, consulting or similar relationships;
- recording and monitoring of telephone conversations and electronic communications with you as described below; or
- the use of Internet “cookies” (an information collecting device from a web server), as described further below.
We may also, in some circumstances, receive personal information about you from third parties, such as service providers or trading counterparties, regulatory or law enforcement agencies, credit reference agencies and agencies conducting background checks. Personal information may also be obtained from publicly accessible sources of information, such as public databases, industry associations, social media and online professional networks.
Why we collect information about you
We may collect and use your personal information for the purposes of establishing or administering the relationship between us, including processing any applications, marketing our products and services to you or the businesses with which you are associated, monitoring and analysing our activities, making strategic decisions in respect of assets owned directly or indirectly by investment funds we manage, and complying with applicable legal or regulatory requirements.
We will use one of the permitted grounds under the applicable law to process your information. Such grounds include instances where you have given your consent and cases where your consent is not required under applicable law, such as where we are required to comply with a legal obligation, or where we, or a third party, determine that it is necessary for our legitimate interests to collect and use your personal information.
The legitimate interests to collect your personal information may include any of the purposes identified above and any other purpose where we or a third party have determined that you have a reasonable expectation for us or a third party to collect or use your personal information for such purpose. You have the right to object to the use of your personal data for direct marketing purposes.
What are the consequences of failing to provide your personal information?
As a regulated financial services firm, we are subject to legal and regulatory obligations that may require us to collect and store your personal information, such as the requirements to comply with the applicable law on prevention of financial crime, tax and regulatory reporting, or the rules on recording and monitoring of communications (as described below).
We may also need to collect and use your personal information for the purposes of entering into or performance of a contractual arrangement between us.
A refusal to provide us with personal information may, depending on the purpose for which your personal information is required, have various consequences such as us being unable to communicate with you, the termination of any service or other contractual arrangement between us, or, where we have a reasonable suspicion of illegal activity, we may be required to make a report to regulatory or enforcement agencies.
The types of personal data we may collect and use
The categories of personal data we may collect will depend on the nature of our relationship with you and the purpose of which information is being collected. Such personal data may include names, residential addresses or other contact details, signature, nationality, date and place of birth, national insurance or other tax identification number, photographs, copies of identification documents, bank account details, information about assets or net worth, credit history, education and employment history, criminal and administrative offences, source of funds details, or other sensitive information, such as certain special categories of personal data contained in relevant documents or materials (including, in some circumstances, information about a person’s ethnic origin, religious or political beliefs, or health).
Do we share your personal information with third parties?
We may (to the extent relevant to the purpose for which we collect your information), share your personal data with third parties, such as:
- our affiliates or other entities that are part of our group or with our funds;
- any person to whom we have a right or obligation to disclose personal data, or where we determine that disclosure is necessary to protect or defend our rights or property, including with regulators, courts of law, governmental, regulatory or law enforcement agencies;
- our internet, IT, telecommunications and other service providers, including legal advisers, accountants, payroll administrators, insurance and employee benefits providers and administrators;
- service providers and trading counterparties to our funds or our affiliates, including placement agents or distributors, asset managers, brokers, banks, trading venues, clearing houses, custodians, corporate services providers, administrators of our funds, and providers of customer relationship management tools;
- credit reference agencies and other third parties conducting background checks in the context of employment or client, counterparty, or investment due diligence;
- any person, as directed by you; or
- any person to whom we may or do transfer any of our rights or obligations under any agreement, or in connection with a sale, merger or consolidation of our business or other transfer of our assets or assets of the funds we manage, whether voluntarily or by operation of law, or who is otherwise deemed to be our successor or transferee.
We may share your information with our affiliates for direct marketing purposes, such as offers of products and services to you by us or our affiliates. You may prevent this type of sharing by contacting us at +1 952 444 4780 https://carvalinvestors.com/contact/minneapolis/. If you are a new investor, we can begin sharing your information with our affiliates for direct marketing purposes 30 days from the date of this Privacy Notice. When you are no longer our investor, we may continue to share your information with our affiliates for such purposes. We may also disclose information about your transactions and experiences with us to our affiliates for their everyday business purposes. We do not share your information with non-affiliates for them to market their own services to you.
Links to Third Party Websites
Our website may from time to time provide links to external websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies. We do not accept any liability or responsibility for these policies or how your data is processed on such websites.
Processing of personal information in countries outside of the European Economic Area (EEA)
Your personal data may be processed in countries outside the European Economic Area (“Third Countries”), such as the United States, that may not have the same level of data protection as that afforded by the EU General Data Protection Regulation (“GDPR”). We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice and the Data Protection Law when it is processed in, or otherwise accessed from, Third Countries. We and any of our delegates and service providers will not transfer personal data to Third Countries unless that country ensures an adequate level of data protection based on the determination made by the European Commission, or if other appropriate safeguards are in place, such as the standard contractual clauses for data transfers approved by the European Commission. If you require further information about these protective measures, you can request it using the contact details provided below.
Retention periods and security measures
We will generally keep personal information about you for as long as necessary in relation to the purpose for which it was collected, or for such longer period if required under applicable law or necessary for the purposes of our other legitimate interests.
The applicable retention period will depend on various factors, such as any legal obligation to which we or our service providers are subject as well as on whether you decide to exercise your right to request the deletion of your information from our systems. As a minimum, information about you will be retained for the entire duration of any business relationship we may have with you, and for a minimum period of five years after the termination of any such relationship.
We will, from time to time, review the purpose for which we have collected information about you and decide whether to retain it, update it, or securely delete it, if the information is no longer required.
To protect your personal information from unauthorized access and use, we apply organizational and technical security measures in accordance with the applicable law. These measures include computer safeguards, secured files and buildings and staff training. Although we exercise reasonable care and security, there remains a risk that information may be intercepted or access by an unauthorized third party. When third parties are given access to your personal information, we apply contractual, technical and organizational measures to ensure that your personal information is processed in accordance with applicable law and only to the extent that such processing is necessary. We will notify you of any material personal data breaches affecting you in accordance with the requirements of the applicable law.
What are your rights?
If you are a resident of the European Economic Area, you have certain rights under GDPR in respect of the personal data we hold about you and which you may exercise. These rights are:
- to request access to your information;
- to request rectification of inaccurate or incomplete information;
- to request erasure of your information (a “right to be forgotten”);
- to restrict the processing of your information in certain circumstances;
- to object to our use of your information, such as where we have considered such use to be necessary for our legitimate interests (e.g. in the case of direct marketing activities);
- where relevant, to request the portability of your information;
- where you have given consent to the processing of your data, to withdraw your consent; and
- to lodge a complaint with the Information Commissioner’s Office (ICO) in the United Kingdom. Further information is available from the ICO’s website.
We may send text files (e.g., “cookies” or other cached files) or images to your web browser to store information on your computer. Such text files and images are used for technical convenience to store information on your computer. For instance, we may use a session cookie to store form information that you have entered so that you do not have to enter such information again. We may use information stored in such text files and images to customise your experience on this website and to monitor use of this website. You may set your browser to notify you when you receive a cookie. Many web browsers also allow you to block cookies. If you block cookies you may not be able to access certain parts of this website. You can disable cookies from your computer system by following the instructions on your browser or at www.allaboutcookies.org.
Recording and monitoring of communications
We may record and monitor telephone conversations and electronic communications with you for the purposes of:
- ascertaining the details of instructions given, the terms on which any transaction was executed or any other relevant circumstances;
- ensuring compliance with our regulatory obligations; or
- detecting and preventing the commission of financial crime.
Copies of recordings will be stored for a period of five years, or such other longer period as we may determine from time to time.
How to contact us
If you have any questions about this Privacy Notice or requests with regards to the personal data we hold about you, you may contact our Compliance Department by email https://carvalinvestors.com/contact/minneapolis/ or telephone (+1 952 444 4780) or by writing to CarVal Investors, L.P., 9320 Excelsior Boulevard, 7th Floor, Minneapolis, MN 55343, United States.
Rev. May 22, 2018