Sona Asset Management (UK) LLP (“Sona” or the “Firm”) is a Limited Liability Partnership registered in England and Wales with company number OC412361. Sona is authorised and regulated by the Financial Conduct Authority (“FCA”) with Firm Reference Number 814191.

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”) and the EU GDPR as it forms part of United Kingdom (“UK”) domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018, and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (“UK GDPR”, and, together with the EU GDPR, the “GDPR”), Sona will be the ‘controller’ of the personal data you provide.

Please read the following information carefully in order to understand the Firm’s practices in relation to the treatment of your personal data, including how we handle your personal data on our website. Should you have any questions, please email us at nlebo@sona-am.com.

What data privacy principles does the Firm adhere to?

• The Firm will process all personal data in a lawfully, fair and transparent manner;
• The Firm will only collect personal data where it is necessary;
  • For the Firm to provide a service to you;
  • For you to provide a service to the Firm;
  • For the Firm to keep you informed of its products and services; or
  • For the Firm to comply with its legal and regulatory obligations.
• The personal data collected by the Firm will be adequate, relevant and limited to what is necessary in relation to the specific purpose for which your data will be processed;
• The Firm will take all reasonable steps to ensure that personal data is accurate and, were necessary, kept up-to-date;
• The Firm will maintain personal data in a form that permits identification no longer than is necessary for the purposes for which the personal data has been collected for processing, in accordance with the Firm’s record retention requirements as mandated by the Financial Conduct Authority;
• The Firm will hold and process person data in a manner that ensures appropriate security;
• The Firm will only share personal data where it is necessary to provide the agreed service or where it is necessary for the Firm to comply with its legal and regulatory requirements.
• The Firm may utilise a service provider based outside of the European Economic Area (“EEA”) and/or the UK for the processing of personal data where this is strictly necessary to facilitate our services to you. In all cases, we will seek to ensure a similar degree of protection is afforded to it by ensuring that personal data is generally transferred onto persons (including service providers) in countries outside the EEA or the UK in a manner consistent with the GDPR. This can be done in a number of ways, including, for instance: (i) the country of the recipient that we send your personal data to may be approved by the European Commission or the UK Secretary of State as ensuring an adequate level of protection; (ii) the recipient may have signed a contract based on the ‘EU Standard Contractual Clauses’ approved by the European Commission, or the UK addendum to such ‘EU Standard Contractual Clauses’ or the UK’s International Data Transfer Agreement, in each case as approved by the UK’s Secretary of State; or (iii) the law may otherwise permit us to transfer your personal data outside the EEA or the UK under the terms of the GDPR.

What personal data does the Firm collect and why?

In the course of providing products/services to you, the Firm may collect information that is considered personal information (e.g. name, contact details, address, passport number, driving licence).

As a client, contact or employee of Sona, we will require some personal information in order to verify your identity and have the applicable relationship with you. Some of this information may be required to satisfy legal obligations (e.g. to comply with obligations arising under the money laundering regulations whereas other information may be required in connection with the provision of services to you).

The information collected will vary depending on the service the Firm provides to you or you provide to the Firm, but typically may include:

• Identification information: Such as your name, date of birth, passport number or national insurance number;
• Contact information: Including your address, telephone number and email address;
• Professional or employment-related information: Such as your occupation, your job title and the name of your employer;
• Internet or other electronic network activity information: Including username and interactions with our website or use of certain online tools.

What sources does the Firm collect personal data from?

We may collect personal data directly from you and/or your intermediaries through sources that may include: (i) account applications, subscription agreements, and other forms or related documentation; (ii) written, electronic, or verbal correspondence with us or our service providers; (iii) investor transactions; (iv) an investor’s brokerage or financial advisory firm, financial advisor, or consultant; and/or (v) from information captured on our website and other applicable websites, fund data rooms and/or investor reporting portals (as applicable).  

We may also collect personal data from other sources, such as: (i) our service providers; (ii) public websites or other publicly accessible directories and sources, including bankruptcy registers, tax authorities, governmental agencies and departments, and regulatory authorities; and/or (iii) from credit reporting agencies, sanctions screening databases, or from sources designed to detect and prevent fraud.

In certain circumstances, we may be provided with your personal data in the context of our operations, including  due diligence we may perform on an investment.  

Where does the Firm store my personal data?

The Firm has comprehensive policies and procedures in place to ensure your personal data is kept safe and secure, with these including:

• Data encryption;
• Firewalls;
• Intrusion detection;
• 24/7 physical protection of the facilities where your data is stored (i.e. Microsoft’s UK data centres);
• Background checks for personnel that access physical facilities; and
• Security procedures across all service operations.

How long does the Firm retain personal data?

As an FCA regulated entity, the Firm is required to maintain its books and records for a prescribed period (five years from either the ceasing of a business relationship, or, in the case of non-clients, from the making of a record – or alternatively, for seven years, where specifically requested to do so by the FCA). As such, information that falls in scope of either of these requirements is retained in line with the mandated timeframe.

The retention period for any information that is outside the scope of this requirement will be determined by various criteria, including the purposes for which we are using the information (where we may need to keep such data for as long as is necessary for those purposes). In general, we will retain your personal data for as long as we require it to perform our contractual rights and obligations, and we will delete it where this ceases to be the case or where the data subject specifically requests this.

What does the Firm use my personal data for, and on what basis?

The GDPR requires the Firm to inform you of the legal basis on which we maintain your personal data. Typically, the Firm will reach out to you personally to confirm this; however, as a general rule the following is applicable:

Clients – Information is maintained on the basis of contractual obligation, legitimate interests (where relevant), regulatory or legal obligations, and/or consent: 

For example, we are unable to provide services to you unless you disclose certain personal data to us. That may include the services set out in our terms of engagement with you or our response to any enquiry you have submitted, as well as maintaining or servicing accounts, providing investor relations services, processing subscriptions, withdrawals and redemptions (as applicable), verifying information, processing payments, enabling or effecting commercial transactions, or providing similar services.

As such, your disclosure of personal data to us is on the legal basis of our performance of our contract with you or our legitimate interest in so doing.

Exceptionally we may be requested or required to disclose to (for example) the FCA details about you and the services we provide. As such, we will process your personal data to us is on the legal basis of our performance of our compliance with a legal obligation or regulatory requirements, or our legitimate interest in so doing.

We may also use your personal data in order to keep you informed of any activities undertaken by us which we believe may be of interest to you (please see below). 

We may process your personal data in order to administer and improve our website, detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, including preventing fraud and conducting “Know Your Client,” anti-money laundering, terrorist financing, and conflict checks, as well as for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

We may also process your personal data when establishing, exercising or defending legal claims and in order to protect and enforce our (or another person’s) rights, property, or safety, or to assist others to do the same. We may also process your personal data when you provide your consent.

Service providers – Information is maintained on the basis of contractual obligation:

We may use your personal data for the purposes of performing a contract, including receiving services under such contracts.

Database/marketing contacts – Information is maintained on the basis of legitimate interest:

We may use your personal data in order to keep you informed of any activities undertaken by us which we believe may be of interest to you. This use may include sending you marketing or promotional materials, where permitted by applicable law and regulations, on the basis of our legitimate interest. Any person who does not wish their personal data to be processed for marketing purposes may opt out of such processing by contacting us on the details set out above, or by electing to unsubscribe from any marketing communications you receive from us.

Who do you share my personal information with?

We may share personal data with certain third parties for the purposes set out above, including as listed below. 

We share your personal data with our service providers to perform the functions for which we engage them. For example, we may share your personal data with professional service providers such as banks, auditors, law firms, tax advisors, consultants and other third parties. We may also use third parties to host our website or assist us in providing functionality on our website, provide data analysis and research as regards our website, to send out email updates about our website or remove repetitive information from our user lists, or otherwise provide marketing automation services.

We may share your personal data with regulatory, legal and tax authorities, including for example to respond to an enforceable request by a regulatory body, subpoena or other legal or regulatory process. We may also share personal information as required in connection with legal proceedings or in order to exercise or defend legal rights, to pursue available remedies or limit damages we may sustain. We also may share your personal data with third parties (including, but not limited to, governmental organisations and self-regulatory organizations) to enforce our rights, protect our property or protect the rights, property or safety of others, to prevent fraud, unauthorised transactions or liability; or as needed to support external auditing, compliance and corporate governance functions. 

We may transfer information, including your personal data, in connection with a change of ownership or control by or of us or any affiliated entity (in each case whether in whole or in part) and where we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).

What are my rights?

Once you have provided your details to the Firm, you have certain rights which apply, depending on your relationship with the Firm, the information you have shared with us and the Firm’s legal and regulatory obligations.

You have the right to request a copy of the information that we hold about you. If you would like a copy of some, or all, of your personal information, please email the Firm at nlebo@sona-am.com.

The Firm will provide this information to you within one month (with the ability to extend this by an additional two months where necessary), free of charge, unless otherwise permitted by applicable law.

• You have the right to request that the information the Firm holds about you is erased under certain circumstances including where there is no additional legal and/or regulatory requirement for the Firm to retain this information.
• As a client, you have the right to request that any information the Firm holds about you be provided to another company in a commonly used and machine-readable format, otherwise known as ‘data portability’.
• You have the right to ensure that your personal information is accurate and up to date, or where necessary rectified. Where you feel that your personal data is incorrect or inaccurate and should therefore be updated, please contact nlebo@sona-am.com.
• You have the right to object to your information being processed, for example for direct marketing purposes.
• You have the right to restrict the processing of your information, for example limiting the material that you receive or where your information is transferred.
• You have the right to object to any decisions based on the automated processing of your personal data, including profiling.
• You have the right to lodge a complaint with the relevant data protection authority, which in the UK, is the Information Commissioner’s Office (https://ico.org.uk/concerns/) if you are not happy with the way that we manage or process personal data.

Will I be notified of changes to this policy?

The Firm may, from time to time, review and update this policy. The Firm will maintain the latest version of this policy on its website, and where the changes are deemed material, it will use reasonable efforts to make you are aware of these.

Who should I direct questions to?

If you have any questions, concerns or complaints about the practices contained within this document or how the Firm has handled your data, please contact Nicholas Lebo: nlebo@sona-am.com. Alternatively, you may write to: Second Floor, 19-21 St James’s St, London SW1A 1ES, United Kingdom.

Sona Asset Management (HK) Limited (the “Sona Asset Management”, “we”, “us” or “our”) is providing you with this privacy notice to help you understand our privacy policies and practices and how they relate to the personal data that we receives and/or collects from you.

In accordance with the Personal Data (Privacy) Ordinance of Hong Kong (Cap. 486), the term “personal data” means any data relating directly or indirectly to a living individual, from which it is practicable for the identity of the individual to be directly or indirectly ascertained and in a form in which access to or processing of the data is practicable.

What personal data does Sona Asset Management collect and/or process?

Sona Asset Management collects personal data about you from the following sources:

• Information Sona Asset Management receives from you in subscription documents or other related forms;
• Information about your transactions with Sona Asset Management, our affiliates, or others;
• Information about you that Sona Asset Management receives from third parties, such as consumer reporting agency, credit reference agency, verification service provider and other publicly available sources, etc.;
• Any other information you have provided to Sona Asset Management; and/or
• Any other information we collect or generate about you, when communicating with or providing services to you. Your communication with Sona Asset Management will be subject to monitoring in accordance with and to the extent permitted by applicable laws.

Sona Asset Management may collect and/or process certain types of your personal data, including but not limited to the following:

• Name, address, email address, phone number, date of birth;
• Personal identification information, such as identity card or passport details, proof of address;
• Information about your source of wealth and source of funds; and/or
• Other personal data that you may choose to share with Sona Asset Management.

What are our purposes of collecting and/or processing your personal data?

Sona Asset Management may process the above categories of personal data for some or all of the following purposes:

• To verify your identity and comply with applicable law, including know-your-client and anti-money laundering and sanctions requirements;
• To effect client transactions (including accepting subscriptions);
• To comply with any applicable legal or regulatory obligations, including information disclosure requirements;
• To conduct statistical analysis and market research;
• To allow service providers retained by Sona Asset Management or our affiliates to provide services associated with your transactions with us;
• To improve our products and services and defend our legal rights and interests;
• With your valid consent, to conduct direct marketing of products and services that Sona Asset Management or any of our affiliates considers may be of interest to you; and/or
• Any other uses relating to the above to which you have consented.

Providing your personal data to third parties

Sona Asset Management may disclose personal data to the following third parties for the above mentioned purposes:

• Sona Asset Management’s affiliates;
• Any agent, contractor or third party firms engaged by Sona Asset Management or our affiliates, including without limitation, brokers, fund administrators, accounting support firms and compliance/operational support service providers;
• Any agents of Sona Asset Management who need to know that information in order to provide services to its investors;
• Any third party for promotional or marketing purposes in relation to the products and services of Sona Assessment Management and/or our affiliates, with your consent;
• Any applicable regulators, exchanges, government bodies, tax authorities or other industry recognized bodies located inside or outside Hong Kong;
• Any third party as required by any applicable law, rules and regulations, codes of practice or guidelines of any applicable jurisdiction, or as required by an order by a court of competent jurisdiction; and/or
• Any other third parties who you consent to share your data with.

Sona Asset Management will require such third parties to protect the confidentiality of your personal data and to use the personal data only for the purposes for which it is disclosed to them. Where we share or transfer your personal data outside of Hong Kong, we will ensure that the overseas recipients’ processing of your personal data meets the personal data protection standards prescribed by applicable laws and regulations.

Will your personal data be used for direct marketing?

Subject to obtaining your consent where required by law, we may share your information with our affiliates for direct marketing purposes, such as offers of products and services to you by us or our affiliates. We do not share your information with non-affiliates for them to market their own services to you. We may disclose information you provide to us to companies that perform marketing services on our behalf, such as any placement agent retained by the Funds that Sona Asset Management and/or its affiliates manages and/or advises, subject to obtaining your consent where required by law.

If you change your mind on which communications you would like to receive or how you would like to receive them or you decide that you do not wish to receive direct marketing communications any more, you can unsubscribe at any time by contacting us at ir@sona-am.com.

What are your rights?

You have a right to request access to, and request correction of, your personal data. Requests for access and correction should be
addressed to Sona Compliance at compliance@sona-am.com .

Who should I direct questions to?

If you have any questions about this privacy policy or how we handle your personal data, you can contact the offices of Sona Asset
Management at compliance@sona-am.com / +44 (0)20 3872 4572 .

Sona Asset Management and its affiliates (together “we” of the “Company” operate in different countries and some of these countries have laws related to the collection, use, transfer and disclosure of personal information, including those of our job applicants (“candidates”). The purpose of this Candidate Data Protection Notice and Privacy Policy (“Candidate Notice”) is to give you information about what personal information we collect and why, to whom we disclose it, and how we protect it, as well as your respective privacy rights under applicable laws..

This Candidate Notice applies to you to the extent that you provide or have provided your personal information in your capacity as a job candidate for a position at Sona Asset Management, either as an employee or as non-employee staff.

The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

What information does the Company collect?

The Company collects a range of information about you. This includes:

• your name, address and contact details, including email address and telephone number; talent management information (e.g., degrees, licenses, trainings, professional references, work experience, job titles and duties, seniority, educational history, any role or roles for which you are applying or being considered, and other information about you that you provide in a CV or similar document);
• whether or not you have a disability for which the Company needs to make reasonable adjustments during the recruitment process;
• information about your entitlement to work ; and
• Details of any FCA controlled function status.

The Company may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including online tests such as psychometric testing.

The Company may also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records check or screenings. The Company will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.

Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

Why does the Company process personal data?

The Company needs to process data to take steps at your request prior to entering into a contract with you. It may also need to process your data to enter into a contract with you.

In some cases, the Company needs to process data to ensure that it is complying with its legal obligations and those required by the FCA or SEC. For example, it is required to check a successful applicant's eligibility to work in the UK before employment starts.

The Company has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the Company to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. The Company may also need to process data from job applicants to respond to and defend against legal claims.

The Company may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. It may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. The Company processes such information to carry out its obligations and exercise specific rights in relation to employment.

For some roles, the Company is obliged to seek information about criminal convictions and offences. Where the Company seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.

If your application is unsuccessful, the Company may keep your personal data on file in case there are future employment opportunities for which you may be suited. The Company will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.

Who has access to data?

Your information may be shared internally for the purposes of the recruitment exercise which may include managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles,

The Company will also share your data with our third party outsourced HR provider if they are involved in the recruitment process. However, the Company will not share your data with other third parties, unless your application for employment is successful and it makes you an offer of employment. The Company will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.

Your data may be transferred outside the European Economic Area (EEA).

How does the Company protect data?

The Company takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

For how long does the Company keep data?

The Company will not retain your personal information for longer than is necessary in relation to the purposes for which your personal information is processed. The criteria used to determine our retention periods are:

• The duration of your application and recruitment process;
• As required by a legal obligation to which we are subject; and
• As advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Subject to applicable law, some personal data will be retained after the application and recruitment process ends, either because you are employed or otherwise engaged by us or, if your application is withdrawn or unsuccessful.

Your rights

Depending on the applicable laws in your country of resident, you may have certain rights related to your personal information. For example, the right to:

• access and obtain a copy of your data on request;
• require the Company to change incorrect or incomplete data;
• require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
• object to the processing of your data where the Company is relying on its legitimate

interests as the legal ground for processing. If you would like to exercise any of these rights, please contact talent@sona-am.com

Depending on your country, you may have the right to lodge a complaint with your local data protection authority if available. If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner.

• United Kingdom – Information Commissioner’s Office https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/
• Hong Kong – Office of the Privacy Commissioner for Personal Data, Hong Kong, https://www.pcpd.org.hk/

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to the Company during the recruitment process. However, if you do not provide the information, the Company may not be able to process your application properly or at all.

Automated decision-making

Recruitment processes are not based solely on automated decision-making.