Privacy Notice – Polaris

At Polaris Management A/S (“Polaris”) data protection and confidentiality is a highpriority.
This Privacy Notice explains how information about you is collected, used and disclosed by Polaris when you are an investor, if you have another commercial relationship with Polaris, if you receive Polaris press releases or when you otherwise interact with Polaris (collectively, the “Services”).

We may amend this Privacy Notice from time to time. If we make changes, we will notify you by revising the date at the top of the notice and, depending on the specific amendments; we may provide you with additional notice. We encourage you to review the Privacy Notice whenever you access our Services to stay informed about our information practices and the ways you can help protect your privacy in accordance with the General Data Protection Regulation (the “GDPR”), the Danish Data Protection Act (the “Act”) and related laws.

1. Data controller and contact information

Polaris Management A/S
CVR-no. 28 50 17 65
Malmøgade 3, 1.
DK-2100 København Ø

2. Collection of personal data

We primarily collect and process your personal data when you enter into a commercial relationship, hereunder when you are an investor in a Polaris fund. If you act as representative of a company that has invested in a Polaris fund, we will process your name, title and contact details. The legal basis for such processing is the performance of the contact according to the GDPR art. 6(1)(b).

If Polaris is obligated to file reporting’s according to the mandatory money-, KYC and terror financing obligations, Polaris will process information on your bank- and account details, copy of passport and copy of another official document that proves your identity. The legal basis for such processing is the GDPR art. 6(1)(c) and the Act section 11(2)(1).

We may collect information you provide directly to us, such as when you participate in a Polaris workshop or investor event, if you communicate with Polaris via third party social media sites (e.g. LinkedIn) or if you otherwise interact with us. The types of information we may collect about you include your name, social networking screen names or IDs, email address and any other information you choose to provide. The legal basis for such processing of personal data is either the performance of the contract according to GDPR art. 6(1)(b) or Polaris’ legitimate interest in responding to your inquiry in relation to the Services in accordance with GDPR art. 6(1)(f). Furthermore, Polaris may take pictures or video material in relation to workshop or investor events and disclose these on Polaris’ website or social media sites. The purpose is as basis not to display you as a physical person, whereas our legal basis is the legitimate interest in accordance with the GDPR art. 6(1)(f). However, Polaris will always assess the content and purpose of the picture or video in question and will collect your consent in accordance with the GDPR art. 6(1)(a) if needed.

We may use information about you for various purposes, including to: Provide, maintain and improve our current Services;

• Develop new Services;
• Provide and deliver the Services you request and send you related information;
• Respond to your comments, questions and requests;
• Communicate with you about products, services, offers, promotions and events offered by Polaris and
  others, and provide news and information we think will be of interest to you.

When you are a board member of Polaris or any fund related to Polaris, Polaris may process your personal data, hereunder name, contact details, professional background and bank details for the performance of the contract according to the GDPR art. 6(1)(b). As Polaris is comprised by the financial legislation, Polaris will also process personal data in relation to the fulfilment of the fit-and-proper requirement, hereunder criminal record and financial background. The legal basis for such processing is the GDPR art. 6(1)(c) and the Act section 8(2).

3. Use of personal data

We may share information about you with the following parties acting as data controllers or as otherwise described in this Privacy Notice:

• With relevant authorities, hereunder the Danish Financial Supervisory Authority, SKAT,etc.;
• In response to a request for information if we believe disclosure is in accordance with any applicable legal requirement;
• With relevant Data Processors; or
• With financial institutions;
• With legal-, tax or financial advisors.

In some instances, we disclose your personal data Polaris’ business partners and suppliers, such as IT suppliers, marketing agencies, suppliers of newsletter services, etc. These business partners solely process the personal data as data processors on behalf of Polaris and in accordance with Polaris’ instructions.

4. Third country transfers

If your personal data is transferred to data controllers or data processors which are located in countries outside the EU/EEA, including group entities, not ensuring an adequate level of data protection, such transfer will be safeguarded by the EU Commission’s standard contractual clauses. You can receive a copy of these safeguards by contacting us.

5. Security

We have implemented security measures to ensure that our internal procedures meet our high security policy standards. Accordingly, we strive to protect the quality and integrity of your personal data. This includes encryption of data and use of pseudonymisation, whenever applicable.

6. Storage and deletion

We will delete your personal data when we no longer need to process it for one or more of the purposes mentioned above. However, special legislation, including the Danish Consolidated Bookkeeping Act (bogføringsloven), the Act on Measures to Prevent Money Laundering and Financing of Terrorism and the Danish Limitation Act (forældelsesloven), may entail an obligation or right for us to store such data for an extended period of time. The data may also be processed and stored for a longer period if it is anonymised.

Personal data collected by us according to the Act on Measures to Prevent Money Laundering and Financing of Terrorism is stored for 5 (five) years after the end of the client relationship and is subsequently deleted.

7. Your rights

You are at any time entitled to be informed of the personal data about you that we process, but with certain legislative exceptions. You also have the right to object to the collection and further processing of your personal data. Furthermore, you have the right to have your personal data rectified, erased or blocked. Moreover, you have the right to receive information about you that you have provided to us, and the right to have this information transmitted to another data controller (data portability).

If you wish to appeal against the processing of your personal data, please contact us at . You may also contact the Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, phone number + 45 33 19 32 00, .