Privacy Policy

Last updated on January 2025

1 General

In this privacy policy we provide information required by the General Data Protection Regulation 2016/679 of the European Union (“GDPR“) to persons registered as fundco’s clients and persons receiving marketing material.

In particular, we explain how we collect, retain and otherwise process personal data of our clients and potential clients when we provide and market our services and when we conduct client acquisition.

2 Controller and contact details of the controller

fundco ltd (“fundco” or “we“) acts as the data controller in accordance with this privacy policy.

The contact person of the controller is Santtu Saijets.

Address: Pohjoinen Makasiinikatu 6 A 4, 00130 Helsinki

E-mail: santtu.saijets@fundco.fi

3 Purposes and legal bases for the processing of personal data

The main purpose of processing personal data is to provide and market fundco’s alternative investment fund services (“Services“). We can only process personal data on legal bases derived from data protection legislation.

The main legal bases for processing personal data are the legitimate interest of the data controller, the legal obligation of the controller, the performance of a contract between the data subject and the controller and pre-contractual measures taken at the request of the data subject as well as the consent of the data subject, if such is required.

Fundco processes personal data on the basis of legitimate interests when the processing of personal data is in connection with direct marketing to clients and potential clients, client satisfaction surveys, and market research as well as to answer to contact requests.

The table below lists, by category, the purpose of the processing, the legal basis and the categories of personal data processed. For a more detailed description of the categories of personal data to be stored, see section 4.

Purpose of processing	Legal basis	Categories of personal data
Implementation of agreements and their terms, including any necessary measures taken prior to their conclusion	Legitimate interest of the data controller Contractual relationship or pre-contractual measures taken at the request of the data subject	Identity data; customer due diligence data
Customer service and communication	Contractual relationship or pre-contractual measures taken at the request of the data subject Legitimate interest of the data controller	Sales and marketing contact data
Customer identification and identity verification	Legal obligation of the controller	Customer due diligence data
Direct marketing by email and other marketing and outreach to individuals, such as potential clients	Legitimate interest of the data controller; Consent of the data subject (where relevant)	Identity data; sales and marketing contact data; consents and refusals
Direct marketing by email and other marketing to business clients, potential business clients and other businesses that have not expressly prohibited direct marketing	Legitimate interest of the data controller	Identity data; sales and marketing contact data
Information on current news and events in the form of a newsletter	Legitimate interest of the data controller; Consent of the data subject (where relevant)	Identity data; consents and refusals

4 Categories of personal data

This table specifies in more detail the categories of personal data referred to in section 3 insofar as they are not otherwise unambiguously specified in the previous section.

Category of personal data	Content of the category
Identity data	The natural person’s (data subject’s) name, email address, telephone number, addresses (if necessary), age, company, title, possible place of study, place of employment and other business contacts, information on whether the company represented by the data subject is our client
Consents and refusals	Consents and refusals given by the individual for the different purposes of processing personal data and for direct marketing
Analytics and modelled data	Data processed or acquired by fundco and used for the development, implementation and management of the business
Sales and marketing contact data	The data collected via our CRM system includes identity and contact data, contact activity via email or other channels with fundco’s employees and the source of the data. CRM system also maintains marketing lists and marketing preferences of contacts.
Customer due diligence data	Customer due diligence data within the meaning of the Act on Preventing Money Laundering and Terrorist Financing (444/2017), such as identification data and a copy of an identity document

5 Sources and updating of personal data

The personal data we process is mainly obtained from the data subjects themselves in connection with the use of our services or other communications.

Client and potential client data is collected mainly from the data subjects themselves, but also from generally available public sources, including websites and social networks (such as, e.g. LinkedIn). Personal data may also be collected and updated on the basis of emails that fundco’s staff directly receive from the data subject.

Personal data may also be collected and updated from third party registers.

Providing data for marketing purposes is voluntary and you can always opt out of direct marketing.

6 Recipients and recipient groups of personal data

In principle, we process personal data in the internal operations of fundco including the operations of the funds established by fundco in relation to its business operations. In addition, fundco transfers personal data to third parties who act as service providers and processors for fundco. Such service providers and processors include, for example, fundco’s customer relationship management system as well as the accounting service provider used by fundco.

Personal data may be transferred or disclosed to subcontractors for purposes such as updating address information and company responsibilities.

Service providers process personal data only to the extent necessary to provide the service in question or in connection with system maintenance and troubleshooting. In addition, contracts concerning the use of personal data may also be concluded with service providers other than those acting as processors. Each service provider processes personal data only to the extent necessary for the provision of the service.

We may also transfer or disclose personal data to government authorities if required by applicable laws and regulations or when necessary to comply with legal obligations or respond to lawful requests.

7 Transfer of personal data to third countries

Fundco does not as a rule transfer data outside the European Union or the European Economic Area (“EU/EEA“). However, Data may be transferred outside the EU/EEA where necessary for the use of our Services and the investments, e.g. in situations where private market managers and their funds or our service providers or their parent companies are located in such third countries. Where data is transferred outside the EU/EEA, such transfers will be subject to the conditions set out in data protection legislation, such as the European Commission’s Standard Contractual Clauses or other transfer mechanism designated in the GDPR.

8 Data retention period or criteria for determining the retention period

The personal data collected is stored for only as long as it is necessary for the purposes described above. Personal data is deleted when it is no longer needed, unless fundco is required to retain it due to applicable laws and regulations.

The accuracy, relevance and adequacy of personal data used for marketing purposes is reviewed regularly, at least once a year. Unnecessary and outdated data will be deleted at the time of the review and at other times as necessary. In addition, data may be retained for the time necessary for the preparation, presentation or defence of a legal claim.

9 Security of the processing

Fundco implements and maintains the appropriate and necessary technical and organisational measures to ensure the protection of personal data.

The adequacy of the measures is scaled on the basis of a risk assessment, taking into account, among other things, the nature, scope, context and purposes of the processing, as well as the risks to the rights and freedoms of data subjects. The measures are regularly assessed and reviewed and updated, as necessary.

Fundco is committed to comply with the guidelines of the Finnish Financial Supervisory Authority.

10 Rights of the data subject

As a data subject, you shall have the following rights:

Rights of the data subject
Right of access to your data	You have the right to know whether fundco is processing your personal data and what personal data fundco is processing. You can also request a copy of your personal data. You have the right to inspect the personal data concerning you. Fundco cannot, however, in order to protect the confidentiality of its clients, agree to requests for data that could jeopardise the processing of confidential client data. If you make your request electronically and have not requested another form of delivery, the data will be provided in the commonly used electronic format.
Right to rectify your data	You have the right to request that inaccurate or incorrect personal data concerning you be corrected or completed.
Right to have your data erased	You have the right to have your data deleted in certain cases. However, a request to delete personal data cannot be implemented if the personal data is stored, for example, to comply with a legal obligation.
Right to restrict the processing of your data	In certain cases, you have the right to request restriction of the processing of your data.
Right to object to the processing of your data	You have the right to object to the processing of your data in certain cases. Fundco may refuse a request if the processing is necessary for the legitimate interests of fundco or a third party.
Right to transfer data from one system to another	To the extent that we process your data on a contractual basis and the processing is carried out automatically, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and the right to transfer that data to another controller.
Right to lodge a complaint with a supervisory authority	You have the right to lodge a complaint with the competent supervisory authority if you consider that data protection legislation has not been respected in the processing of your personal data. In Finland, the supervisory authority is the Data Protection Ombudsman.

All requests mentioned here should be sent to the contact person of fundco mentioned in section 2. You can make a free-form request. We may ask you specific questions if necessary to fulfil your request.

More detailed information on the exercise of data subjects’ rights is available on the website of the Data Protection Ombudsman (https://tietosuoja.fi/en/what-rights-do-data-subjects-have-in-different-situations).

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
uncodeAI.css	session	Uncode cookie contain information about the screen resolution and viewport at runtime. The information is utilized to determine the appropriate Adaptive Images at any page refresh, ensuring that all images are responsive.
uncodeAI.images	session	Uncode cookie contain information about the screen resolution and viewport at runtime. The information is utilized to determine the appropriate Adaptive Images at any page refresh, ensuring that all images are responsive.
uncodeAI.screen	session	Uncode cookies contain information about the screen resolution and viewport at runtime. The information is utilized to determine the appropriate Adaptive Images at any page refresh, ensuring that all images are responsive.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.