SELECT DATA PROTECTION NOTICE (PRIVACY POLICY)

1 Purpose and legal Framework

1.1 The purpose of this information notice (the “Notice”) is to provide information regarding how the applicable entity as defined in clause 2.1.2 (“Data Controller”) collects, processes and shares personal data relating to current investors (the “Investors”), ultimate beneficial owners, directors, authorised representatives, or designated as contact persons of Investors (together with Investors, the “Data Subjects” or “you”). The Notice also provides information about the Data Subjects’ rights in relation to the processing of their personal data.

1.2 In accordance with the provisions of the Luxembourg law of 1 August 2018 on the organization of the National Data Protection Commission and implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), any law, circular or regulation in the context of the GDPR, or any other applicable law, e.g. the Personal Data Protection Act of 2012 of Singapore (“PDPA”) or the Swiss Federal Act on Data Protection (“FADP”), circular or regulation, personal data may be collected and further processed by the Data Controller and its data processors.

1.3 The following information must, in accordance with articles 13 and 14 of the GDPR or any other applicable law, be provided by the Data Controller, acting as data controller or joint data controllers, to the Data Subjects, depending on the contractual relationships in place.

2 General Requirements

2.1 Who is the Data Controller and who to contact?

2.1.1 The Data Controller collects, stores and processes by electronic or other means the personal data supplied by Investors at the time of their onboarding via the relevant forms (the “Personal Data”), or in other forms, correspondence and conversations, for the purpose of fulfilling the services required by the Investors and complying with their legal obligations and specifically in compliance with the provisions of the GDPR, PDPA, FADP or any other applicable law.

2.1.2 Depending on the contractual relationships the Investor has in place, the Data Controller that is responsible to ensure that your personal data is being processed in a correct manner and in accordance with applicable legislation, is a different entity, as defined in the following:

a) For investors investing in Luxembourg bonds or notes, the Data Controller is jointly:

Select Alternative Investments Pte Ltd (acting as “Arranger”), 80 Raffles Place, #59-02, Singapore 048624, ir@select.investments, and Select Securities Europe S.à. r.l. (securitization platform), acting in respect of its compartments (the “Issuer”), 22-24 Boulevard Royal, L-2449 Luxembourg, ir@selectsecurities.lu

The Arranger might process Personal Data by communicating part of it to the Issuer for the purpose of setting up the Investors’ investments.

b) For shareholders of Singapore based special purpose vehicles that invest in immovable assets, the Data Controller is:

Select Alternative Investments Pte Ltd (acting as manager), 80 Raffles Place, #59-02, Singapore 048624, ir@select.investments

c) For shareholders of Singapore based special purpose vehicles that do not invest in immovable assets and investors with direct agreements with Corecam Pte Ltd, the Data Controller is:

Corecam Pte Ltd (acting as manager), 80 Raffles Place, #59-02, Singapore 048624, info@corecam.com.sg

d) For investors with direct agreements with Corecam AG the Data Controller is:

Corecam AG, Tödistrasse 5, 8002 Zurich, info@corecam.com

2.1.3. If you would like further information about your data protection rights, including rights about access to data and correction of inaccurate data, please contact the Data Controller that is in control of your data as stated above.

2.1.4 The Data Controller has appointed a “Data Protection Officer” where required.

2.2 What kind of Personal Data is processed?

2.2.1 Personal Data includes, but it is not limited to, the name, address, passport or identification card details, bank account details and invested amount of each Data Subject.

2.2.2 In particular the Personal Data processed includes:

a) identification data (e.g. name, e-mail, postal address, telephone number, country of residence, passport, identity card, driving licence, tax identification number, bank account details and invested amount of each Investor);

b) images and sound (e.g. copies of identifications documents); and

c) advertisement and sales data (e.g. potential interesting products for the Data Subject).

d) electronic identification data (e.g. IP addressed, cookies, traffic data);

e) personal characteristics (e.g. date of birth, marital status);

f) communications (e.g. exchange of letters, emails);

g) banking and financial data (e.g. financial identification, financial situation, risk profile, investment objectives and preferences);

h) employment and occupation (e.g. employer, function, title, place of work, specialisation);

i) tax-related data, contract data;

2.3 For which purposes and on what legal basis does the Data Controller process your Personal Data?

2.3.1 For the performance of a contractual obligation

2.3.1.1 The Data Controller process your Personal Data for you to make certain investments as agreed with the Data Controller.

2.3.1.2 In this regard Personal Data may be processed for the following purposes:

a) maintaining the register of security holders if any;

b) processing subscriptions and redemptions of securities;

c) administer, manage and set up your Investor relationship(s) to allow you to purchase your holding of interest in our vehicles;

d) meet the resulting contractual obligations the Data Controller has to you;

e) facilitate the continuation or termination of the contractual relationship;

f) facilitate the transfer of funds, and administering and facilitating any other transaction;

g) complying with applicable anti-money laundering rules and any regulatory requirements applicable to the Data Controller or any of their affiliates;

h) marketing, and

i) more generally providing other services in relation to the investments you have made or will make.

2.3.1.3 Personal Data required by the Data Controller is necessary to make the investments or services agreed. Failure to provide such Personal Data will imply rejection of your(s) investment(s) or service(s).

2.3.2 For compliance with laws and regulations

2.3.2.1 The Data Controller is subject to various legal obligations pursuant to statutory (e.g. laws of the financial sector, anti-money laundering and combatting the financing of terrorism laws, tax laws) and regulatory requirements (e.g. requirements of any regulatory authority).

2.3.2.2 This covers our processing of your Personal Data for compliance with applicable laws such as the applicable legislation on know-your-Customer (“KYC”) and anti-money laundering and combatting the financing of terrorism (“AML/CFT”), compliance with requests from or requirements of local or foreign regulatory enforcement authorities, tax identification and reporting (where appropriate) notably under Council Directive 2011/16/EU on administrative cooperation in the field of taxation (as amended by Council Directive 2014/107/EU) and Singapore law, the OECD’s standard for automatic exchange of financial account information commonly referred to as the Common Reporting Standard or “CRS”), for Foreign Account Tax and Compliance Act (“FATCA”) purposes, for the Automatic Exchange of Information (“AEI”) and any other exchange of information regime to which the Data Controller may be subject to from time to time.

2.3.2.3 The processing of your Personal Data to comply with the regulatory provisions is mandatory and your consent is not required.

2.3.2.4 Your Personal Data may be shared with foreign tax authorities (or with service providers for the purpose of effecting the reporting on our behalf and failure to provide correct information to us or to respond may result in incorrect or double reporting).

2.3.2.5 If you fail to provide certain information when requested, the Data Controller may not be able to enter into a contract with you / perform the contract the Data Controller have entered into with you, or the Data Controller may be prevented from complying with our legal obligations.

2.3.3 For the legitimate interest of the Data Controller

a) Arrange, manage and/or administer your holding in any vehicles in which you are invested, and any related relationships on an ongoing basis;

b) Assess and process any applications or requests made by you;

c) Open, maintain or close relationships in connection with your investment in, or withdrawal from, related vehicles;

d) Send updates, information and notices or otherwise correspond with you in connection with your investment;

e) Address or investigate any complaints, claims, proceedings or disputes;

f) Provide you with, and inform you about, our investment products and services;

g) Keep our internal records;

h) Prepare reports on incidents/accidents;

i) Protect our business against fraud, breach of confidence, theft of proprietary materials, and other financial or business crimes (to the extent that this is not required of us by law);

j) Analyse and manage commercial risks.

The Data Controller only rely on these interests where it has considered that, on balance, the legitimate interests of the Data Controller are not overridden by your interests, fundamental rights or freedoms.

2.4 Methods of processing and disclosure of Personal Data

2.4.1 The processing of Personal Data will be carried out using appropriate tools to ensure security and confidentiality and may be carried out with the help of manual, computerised and electronic tools for storing, managing and transmitting Personal Data.

2.4.2 To achieve the purposes indicated above, it might be necessary for the Data Controller to communicate your Personal Data to the following categories of recipients:

a) Third parties: any third parties acting on the Data Controller’s behalf (such as service providers), including their respective advisers, auditors, delegates, agents and service providers; persons acting on behalf of investors, such as payment recipients, beneficiaries, account nominees, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, etc. The aforementioned third parties have been appointed as Data Processors, according to article 28 GDPR.

b) Authority: as may be required or authorized by law (including but not limited to public administrative bodies and local or foreign public and judicial authorities, including any competent regulators).

2.4.3 When the Data Controller uses processors it shall ensure that such processors provide sufficient guarantees to implement appropriate technical and organisational measures and that such processing on behalf of the Data Controller meets the requirements of GDPR, PDPA and FADP and ensures the protection of the rights of the Data Subjects.

2.4.4 When information is not collected directly from the Data Subject, the investor shall ensure to inform any other Data Subject about processing of its Personal Data and its related rights. The investor shall transfer the information described in this information notice to the relevant Data Subject so it can properly exercise its rights.

2.4.5 In the case of nominees, the Personal Data may be collected by the nominee. In those cases, the nominee will be acting as independent data controller in accordance with the provisions of GDPR, PDPA and FADP. Investors subscribing through a nominee should consult the data privacy notice of the nominee, when available.

3 For how long does the Data Controller keep your Personal Data?

As far as necessary, Personal Data will be kept for the duration of the investments agreed for the length of time required by applicable law. The respective law relating to anti-money laundering requires that documents be retained for a period of five or ten years (depending of the specific processing) after the relationship has come to an end and as advisable in light of an applicable statute of limitations.

4 Automated decision making

Data Subjects should note that the Personal Data may be used for direct marketing subject to the right to object to such use as detailed above. This practice will not include profiling or automated decision making.

5 Rights of the Data Subject

5.1 Each Data Subject has:

a) a right to request the Data Controller access to his/her personal information processed by or on behalf of the Data Controller in accordance with the provisions of article 15 of the GDPR;

b) a right to have the Data Controller rectify his/her Personal Data if they are inaccurate as well as a right to have incomplete personal data completed, including by means of providing a supplementary statement, in accordance with the provisions of article 16 of the GDPR;

c) a right to request the erasure of his/her Personal Data in accordance with the provisions of article 17 of the GDPR including in the following situations (i) where the Personal Data is no longer necessary in relation to the Investor’s subscription, (ii) the Data Subject objects to the processing of its data and there are no overriding legitimate grounds for the processing, (iii) the data has been unlawfully processed, and (iv) the Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;

d) a right to request a restriction of the processing of his/her data in accordance with the provisions of article 18 of GDPR;

e) a right to object to the processing of his/her data in accordance with the provisions of article 21 of GDPR;

f) a right to lodge a complaint with the Commission Nationale pour la Protection des Données (“CNPD”) in Luxembourg and the relevant authority of the Member State in which the Data Subject resides or works in accordance with the provisions of article 77 of the GDPR;

g) a right to receive the Personal Data concerning him or her or to request that it be transmitted to another data controller, when feasible, in accordance with the provisions of article 20 of GDPR.

5.2 To make any of the above requests you need to put the request in writing addressing it to the Data Controller as set out above.

6 Transfer of Personal Data outside EEA

6.1 Personal Data may be transferred to other companies or entities within the Data Controller’s group of affiliates under common control in certain cases or to sub-processors, including to the following countries outside the European Economic Area (the "EEA"): Singapore or Switzerland where such transfer is necessary for the maintenance of records, administration or provision of services to the Data Controller. In certain cases, data may be transferred to a country, which does not have equivalent data protection to that of the EEA.

6.2 In such cases, the Data Controller shall ensure that data transfer is done in accordance with all applicable data protection laws and the agreement between, or other data processing agreements within, the group of affiliates.

7. Cookies and Tracking Technologies

7.1 General Information about Cookies: When navigating the Data Controller’s website, cookies may be installed on the user’s computer. Cookies are small text files that a website saves on your computer or mobile device when you visit the site. They enable the website to remember your actions and preferences over a period of time, eliminating the need to re-enter them during subsequent visits.

7.2 Purpose of Cookies: The Data Controller uses cookies to facilitate navigation on the website, remember user preferences, and compile visitor metrics. Some cookies are essential for a better user experience and to understand how visitors interact with the website.

7.3 Google Analytics: The website may use Google Analytics, a web analysis service by Google Inc. This service uses cookies to analyze user behavior on the website. The information generated by these cookies (including your IP address) may be transmitted to and stored by Google on servers in the USA. To ensure user privacy, IP addresses from within the European Union or European Economic Area are shortened before being sent to Google servers. Only in exceptional cases is the full IP address sent and then shortened by Google in the USA. Google uses this information to evaluate website usage, compile website activity reports, and provide other services related to website and internet usage. The IP address transmitted by your browser for Google Analytics will not be merged with other Google data. For more information about how Google collects and uses your data, visit the link: http://google.com/intl/de/analytics/privacyoverview.html

7.4 Microsoft Clarity and Microsoft Advertising: We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement through the link: https://privacy.microsoft.com/privacystatement

7.5 Managing Cookies: Users can control, delete, or prevent the installation of cookies. Deleting or preventing cookies may require manual adjustments to some preferences every time the site is visited, and some functionalities may not work as intended.

7.6 Data Control: Cookies on the website are controlled by the website owner or authorized representatives. They will not be used for purposes other than those stated.

8. Changes to the Notice

The Data Controller may decide to change this Notice. If the change is indicative of a fundamental change to the nature of the processing or a change which may not be fundamental in terms of the processing operation but which may be relevant to and impact upon you, then the updated Notice will be provided to you well in advance of the change actually taking effect. The Data Controller will send them to you via e-mail or publish it on their website so that you will be aware of the changes. When notifying you of such changes, the Data Controller will also explain what the likely impact of those changes on you will be, if any.

This data privacy notice was last updated on 25 May 2024.