This Privacy Notice (including the supplemental GDPR and DPA Privacy Notice (below), where applicable) relates to all Brigade controlled or affiliated entities (together referred to herein as “us”, “we”, “our” or “Brigade”) and any accounts managed by such entities.
Financial companies choose how they share your personal information. Federal law gives our clients the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
We do not disclose nonpublic personal information about our clients or former clients to third parties other than as described below.
Personal information we collect.
We collect personal information about you in connection with our providing advisory services to you. This information includes your social security number and may include other information such as your:
- Investment experience.
- Transaction history.
- Wire transfer instructions.
How we collect this information.
We collect this information from you through various means. For example, when you give us your contact information, enter into an investment advisory contract with us, buy securities (i.e., interests in a fund) from us, tell us where to send money, or make a wire transfer. We also may collect your personal information from other sources, such as our affiliates1 or other non-affiliated companies.
How we use this information.
All financial companies need to share customers’ personal information to run their everyday business and we use the personal information we collect from you for our everyday business purposes. These purposes may include, for example:
- To provide advisory services to you.
- To open an account for you.
- To process a transaction for your account.
- To market products and services to you.
- To respond to court orders, regulatory inquiries and legal investigations.
Disclosure to others.
We may provide your personal information to our affiliates and to firms that assist us in servicing your account and have a need for such information, such as a broker or fund administrator. We may also disclose such information to service providers and financial institutions with whom we have joint marketing arrangements (i.e., a formal agreement between nonaffiliated financial companies that together market financial products or services to you, such as placement agents). We require third-party service providers and financial institutions with which we have joint marketing arrangements to protect the confidentiality of your information and to use the information only for the purposes for which we disclose the information to them. These sharing practices are consistent with Federal privacy and related laws, and in general, you may not limit our use of your personal information for these purposes under such laws. We note that the Federal privacy laws only give you the right to limit the certain types of information sharing that we do not engage in (e.g., sharing with our affiliates certain information relating to your transaction history or creditworthiness for their use in marketing to you, or sharing any personal information with nonaffiliates for them to market to you).
How we protect your personal information.
To protect your personal information from unauthorized access and use, we use security measures that comply with Federal law. These measures include computer safeguards and secured files and buildings.
GDPR AND DPA PRIVACY NOTICE
(APPLICABLE TO EU DATA SUBJECTS, UK DATA SUBJECTS AND CAYMAN ISLANDS DATA SUBJECTS AND / OR THE PROCESSING OF YOUR PERSONAL DATA BY BRIGADE IN THE UK)
This GDPR and DPA Privacy Notice explains how Brigade, collects, uses, shares and otherwise processes your Personal Data (defined below) in connection with your relationship with us as a Brigade client, an investor (or prospective investor) in a Brigade fund/account, acting for an investor (or prospective investor) in a Brigade fund/account, a person being generally interested in Brigade and our services in accordance with:
- Regulation (EU) 2016/679 and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing directive 95/46/EC and any regulations or orders promulgated pursuant thereto, with respect to EU data subjects (the “EU GDPR”) and the EU GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”), (“together referred to as the “GDPR”); and
- the Cayman Islands Data Protection Act (2021 Revision), as amended from time to time and any regulations or orders promulgated pursuant thereto (the "DPA"), with respect to Cayman Islands data subjects,
(together, the "Data Protection Laws").
This GDPR and DPA Privacy Notice is issued on behalf of all Brigade controlled or affiliated entities and any accounts managed by such entities, provided that to the extent a Brigade entity is a data controller in respect of your Personal Data, other Brigade entities may not be a data controller or data processor or may not have access to your Personal Data.
The term “Personal Data” shall bear the meaning given to it in the GDPR (with respect to EU data subjects) and the DPA (with respect to Cayman Islands data subjects), and, as used in this GDPR and DPA Privacy Notice, includes any information relating to you such as your name, contact details, bank account details etc. Personal Data does not include data from which you cannot be identified such as anonymized aggregate data.
We may collect the following Personal Data about you:
- Information that you provide to us such as your contact details (e.g. name, address, email address and telephone number) and information such as your job title. In addition, we collect such additional Personal Data that you choose to provide to us e.g., if you contact us by letter, telephone, email or any other means of electronic or personal communication; and
- Information we collect or generate about you, including during the course of our relationship with you, such as CRM information, data relating to website/client portal usage, call recordings, financial information, etc.
Categories of Personal Data.
In the course of business, we may collect, record, store, transfer and otherwise process information by which data subjects may be directly or indirectly identified. The categories of Personal Data include:
|Name, title, date of birth, age, gender, nationality, picture (e.g. passport / driver's licence), national identification number, usernames, email address, residential address
|Postal address, telephone / mobile / fax number, email address
|Family structure, siblings, offspring
|Source of wealth, personal assets, bank account numbers and income details, tax identification number, financial and investment qualification, shareholder reference number
|Payment details and other details of products and services purchased by the investor, power of attorney information
|Job titles, employment history, employer details
|Marketing and communication information
|Personal data contained in emails regarding your preferences in connection with marketing communications
|Special category data
|Personal data obtained pursuant to standard criminal record checks, and political opinion and affiliation data obtained further to standard anti-money laundering and client due diligence checks
|Data obtained when a data subject browses a Brigade website, i.e. IP address, cookies, etc.
Sources of Personal Data.
We collect Personal Data about data subjects mainly through the following sources:
- subscription forms, investor questionnaires and other information provided by investors in writing (including any anti-money laundering, identification, and verification documentation), in person, by telephone or video transmission (which may be recorded), electronically or by any other means;
- transactions within a fund/account, including account balances, investments, distributions, payments and withdrawals;
- information captured on a Brigade website, including registration information and any information captured via cookies, and
- third parties, credit reference agencies and available public databases or sources, such as news outlets, websites and international sanctions lists.
Uses of your Personal Data.
We are entitled to use your Personal Data to the extent applicable law provides a lawful basis for us to do so. We will therefore process your Personal Data to the extent that:
- you have consented to us doing so;
- we need it to perform the contract we have entered into with you;
- we need it to comply with legal obligations, including any anti money laundering/customer due diligence requirements as apply to us under applicable laws;
- we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms, such as to provide investment management and/or advisory services to you and/or the institution you work or act for; to inform you about our services and to carry out legal, administrative, operational and/or compliance processes within Brigade; or
- we may need to it in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
We will only use your Personal Data for the purposes for which it was collected, unless we reasonably consider that the Personal Data needs to be used for another reason and that reason is compatible with the original purpose. If we need to process Personal Data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
Sharing and transfer Personal Data out of the EEA, the UK and the Cayman Islands.
When using your Personal Data for the purposes and on the legal basis described above, we may share your Personal Data with other Brigade entities, as well as to professional advisers and service providers we work with such as fund service providers (which includes any replacement / successor-in-title fund service provider) acting on a fund's behalf including, but not limited to, the administrator, transfer agent, registrar, depositary and paying agent, investment advisor, distributor and auditor (where applicable) ("Processors"). Where processing is carried out by a Processor on behalf of a fund, we shall engage a Processor which has implemented appropriate technical and organisational security measures in a manner that such processing meets the requirements of Data Protection Laws, and ensures the protection of the rights of data subjects.
We may also have to share your Personal Data with regulators, public institutions, courts or other third parties.
The Personal Data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) (with respect to EU data subjects) or the UK (with respect to UK data subjects) or the Cayman Islands (with respect to Cayman Islands data subjects), including a Brigade entity or a third party. It may also be processed by personnel operating outside of the EEA or the UK or the Cayman Islands (as applicable). We will always ensure that there is a legal basis and a relevant safeguard method for such data transfer so that your Personal Data is treated in a manner that is consistent with, and respects, the applicable laws and regulations on data protection. We have put in place standard contractual clauses as our safeguard method. You can obtain more details of the protection given to your Personal Data when it is transferred outside the EEA, the UK or the Cayman Islands, as applicable (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us in accordance with the “Contacting us” section below.
Retention of Personal Data.
How long we hold your Personal Data for will vary. The retention period will be determined by various criteria including: (i) the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and (ii) our legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.
You have a number of legal rights in relation to the Personal Data that we hold about you, which you can exercise in certain circumstances. These rights are to:
- request access to your Personal Data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
- request rectification of your Personal Data where it is inaccurate or incomplete;
- request the erasure of your Personal Data under certain circumstances, as further described in the Data Protection Laws;
- request the restriction of processing of your Personal Data under certain circumstances, as further described in the Data Protection Laws;
- object to the processing of your Personal Data where it is processed on the basis of our legitimate interests (unless for example we have compelling legitimate grounds for the processing which override your interests) or for direct marketing purposes/profiling; and
- ask for Personal Data portability under certain circumstances, as further described in the Data Protection Laws.
Cayman Islands data subjects have a number of additional legal rights in relation to the Personal Data that we hold about you, which you can exercise in certain circumstances. These rights are to:
- be informed as to how we collect and use your Personal Data;
- require us to stop direct marketing; and
- be notified of a data breach (unless the breach is unlikely to be prejudicial).
We may need to request specific information from you to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.
EU and UK data subjects also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, or, as the case may be, any other competent supervisory authority of an EU member state. Cayman Islands data subjects also have the right to make a complaint at any time to the Data Protection Ombudsman of the Cayman Islands. You can access their website here: ombudsman.ky
Right to withdraw consent.
If you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right to fully or partly withdraw your consent. To withdraw your consent, please contact us using the details set out in the “Contacting us” section below. Upon receiving notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented however the withdrawal of consent shall not affect the lawfulness of that prior processing based on the consent received.
Automated decision making.
We do not envisage that any decisions will be taken about you using fully automated means, however we will notify you in writing if this position changes.
Changes to this Privacy Notice.
We reserve the right to update and/or supplement this Privacy Notice at any time, and we will make an updated copy of such Privacy Notice available on our website.
If you would like further information on the collection, use, disclosure, transfer or processing of your Personal Data or the exercise of any of the rights listed above, please address questions, comments and requests to firstname.lastname@example.org or call Aaron Daniels, Chief Operating Officer, General Counsel and Chief Compliance Officer, on +001 212 745-9700.
1. Our affiliates are companies related to us by common ownership or control and can include both financial and nonfinancial companies. Non-affiliates are companies not related to us by common ownership or control and can include both financial and nonfinancial companies.↩