With effect from 25 May 2018, the EU General Data Protection Regulation (Regulation (EU) 2016/679) (together with applicable implementing laws, “ GDPR”) is applicable, to the extent relevant, to the processing of personal data by each of Tyrus Capital Management II Limited and its affiliates (together, the “Tyrus Entities”) in the course of their businesses, and certain other persons. This notice sets out information relating to those activities.
The Tyrus Entities
The Tyrus Entities are controllers of personal data for the purposes of the GDPR and will, in the course of each Tyrus Entity's business, process personal data. Information regarding such processing is set out herein.
Any person seeking information with respect to control or processing of personal data by any of the Tyrus Entities or seeking to exercise any rights afforded to them under GDPR should contact the compliance officer of Tyrus Capital S.A.M (the “Investment Manager”) at Compliance@tyruscap.mc.
Under GDPR, any person wishing to is entitled to make a complaint with respect to any of the Fund Entities' control or processing of personal data directly to their relevant supervisory authority, such as the UK Information Commissioner's Office (“ICO”) which is the supervisory authority for data protection issues in the UK. Contact details for the ICO may be found at www.ico.org.uk.
The policies and procedures adopted by the Tyrus Entities with respect to the control or processing of personal data may be amended from time to time. Similarly, the purposes for which the Tyrus Entities may control or process personal data may change from time to time. If any changes would require amendment to the information set out herein, details of such changes will be made available in the current version of this document from time to time.
Summary of Personal Data
For the purposes of GDPR, personal data means any information about an individual from which that person can be identified. The Tyrus Entities may collect, use, store and transfer personal information from individuals that are employees, directors, officers or other representatives or agents of market counterparties, professional services and other service providers, trade associations, public bodies and other entities or undertakings. Such personal data is typically limited in scope, and includes, for example, the name and contact details of such individuals, as well as some technical data (such as internet protocol addresses), usage data and information about marketing and communication preferences.
The Tyrus Entities do not anticipate that they will process special categories of personal data (which includes details about people's race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about people's health, genetic and biometric data and information about criminal convictions and offences).
Collection of Personal Data
The Tyrus Entities may collect personal data through a range of means. These may include direct interactions (where a person provides personal data to the relevant Tyrus Entity through correspondence or other direct methods of communication), through third-party service providers (for example, recruitment agents) or publicly available sources (where a Tyrus Entity receives personal data through a publicly available source such as a website or publicly-available registry).
Use of Personal Data
The Tyrus Entities will only process personal data in circumstances permitted under GDPR. These circumstances include those circumstances where the processing of the relevant processing relates to a legitimate interest of the relevant Fund Entity and where that processing is necessary for the relevant purpose and not inconsistent with the interests, rights or freedoms of a relevant data subject.
Each Tyrus Entity has determined that the relevant processing of personal data that they undertake relates to the legitimate interest of the relevant Tyrus Entity to undertake activities necessary and ancillary to the carrying on of an investment management business, including where necessary for the purposes of the relevant Tyrus Entity carrying out its activities relating to any fund, vehicle or account in respect of which a Tyrus Entity acts as manager, investment manager, sub-investment manager, investment adviser or sub-investment adviser (the “Funds”), the administration of the Funds, the investment activities of the Funds, otherwise in furtherance of any contract entered into with respect to the activities of the Funds, to exercise and comply with the relevant Fund's or Tyrus Entity's rights and obligations at law or under regulation where such obligations are not set out under the laws of any member state of the European Economic Area (“EEA”), to establish, exercise or defend legal claims and in order to protect and enforce its (or another person's) rights, property, or safety, or to assist others to do the same, and in order to provide information about its services and any investment products it offers.
Each Tyrus Entity may from time to time control or process personal data where necessary to comply with legal or regulatory obligations applicable to them under the laws of the European Union or any member state of the EEA, or in order to give effect to a contract, or to take necessary pre-contractual steps with a view to potentially entering into a contract (including in its capacity as an employer or a prospective employer), to the extent applicable.
Tyrus Entities may from time to time control or process personal data for the purposes of operating their business, entering into contractual arrangements in the context of their investment management business, including in respect of the Funds marketing, and advertising the Funds and/or other investment vehicles and/or services related to the Tyrus Entities. Any person subject to GDPR who does not wish their personal data to be processed for marketing purposes may request an opt out from such processing by writing to the compliance officer of the Investment Manager at Compliance@tyruscap.mc.
Any Tyrus Entity will only use personal data for the purposes that it has been collected for, unless they consider that they need to use it for another reason and that reason is compatible with the original purpose of the control or processing. Any person requiring information with respect to any additional purpose for which personal data may be controlled or processed may obtain such information from the compliance officer of the Investment Manager. If a Tyrus Entity needs to control or process personal data for an unrelated purpose, the relevant Tyrus Entity will use its reasonable endeavours to notify affected persons and to explain the basis on which they are permitted to undertake the same.
Each Tyrus Entity may control and process personal data without the knowledge or consent of persons subject to GDPR in compliance with their policies and procedures from time to time where this is permitted or required by law or a regulatory obligation.
Disclosure of Personal Data
Each Tyrus Entity may share personal data with certain third parties for the purposes set out above. The relevant third parties with whom such personal data may be shared includes, but shall not be limited to, entities appointed to provide services to the Funds, the relevant Tyrus Entity and their affiliates, and regulatory, legal and tax authorities. Details of the third parties with whom personal data may be shared are available on request from the compliance officer of the Investment Manager. Wherever possible, personal data will only be disclosed by a Tyrus Entity to a third party in circumstances where that third party has agreed to respect the security of personal data and treat it in accordance with applicable law. The Tyrus Entities will seek to ensure that third parties to whom any personal data may be disclosed will not be permitted to use personal data for their own purposes and they will only be permitted to process personal data for specified purposes and otherwise in accordance with the instructions of the relevant Tyrus Entity and/or with the GDPR.
Transfer of Personal Data outside the European Economic Area
The activities of the Tyrus Entities and their control or processing of personal data are such that it may be necessary for personal data to be transferred and/or processed outside the EEA.
In circumstances where a Tyrus Entity transfers personal data outside the EEA, they will seek to ensure a similar degree of protection is provided by ensuring that personal data is transferred only to persons in countries outside the EEA in one of the following circumstances:
Further information on specific mechanisms utilised by the Tyrus Entities transferring personal data outside the EEA and the countries to which such transfer may be made (which may include, but are not limited to the Cayman Islands, the Principality of Monaco and the United States) may be obtained from the Investment Manager at Compliance@tyruscap.mc upon request.
Each Tyrus Entity will retain personal data for as long as necessary to fulfil the purposes for which it has been collected. This will include any period of retention required to satisfy any legal, regulatory, taxation, accounting, regulatory or reporting requirement applicable to the relevant Tyrus Entity.
In determining the appropriate retention period for any personal data, the relevant Tyrus Entity will consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purpose for which the relevant data is being processed, the extent to which the purposes for which the relevant data is being processed can be achieved by other means and any applicable legal and/or regulatory requirements. Without prejudice to the generality of the foregoing, the Tyrus Entities have determined that they will retain records for at least five years, in accordance with the rules, requirements and guidance of the United Kingdom Financial Conduct Authority (which determination may change at any time without obligation for notice thereof).
Details of retention periods applicable to personal data subject to GDPR are available upon request from the compliance officer of the Investment Manager. In some circumstances, a person may request that a Tyrus Entity delete any personal data retained by it. Further, in some circumstances, a Tyrus Entity may anonymize personal data for research or statistical purposes, in which case such information may be retained and utilised indefinitely without further notice.
Rights of Persons
Under GDPR, persons whose data is processed by a Tyrus Entity will have certain rights. These rights may include the right to access personal data, the right to require correction of personal data, the right to require erasure of personal data in certain circumstances, the right to restrict processing of personal data, the right to require a transfer of personal data and the right to withdraw any consents provided to the use of personal data. Any person seeking to exercise any such right should contact the compliance officer of the Investment Manager. In certain circumstances, the relevant Tyrus Entity may charge reasonable fees if any such request is clearly unfounded, repetitive or excessive.