Privacy

Privacy Policy

Updated November 2024

Introduction

This document sets out the policies that will be followed by Isomer Capital LLP (“Isomer”) in implementing the privacy and information security requirements under the General Data Protection Requirements (“GDPR”), the Data Protection Act and any other relevant legislation and guidance including GCHQ’s 10 Steps to Cyber Security, the ISO27000 family of standards and the relevant regulatory requirements set out by the

Financial Conduct Authority (“FCA”) in the Principles for Business (“PRIN”), Systems and Controls (“SYSC”) and Conduct of Business (“COBS”) handbooks, the Financial Crime Guide as well as FG 16/5 Guidance for Firms Outsourcing to the ‘Cloud’ and Other Third-Party IT Services. It is the policy of Isomer to comply with any legislation concerning the protection and prevention of loss of theft of information retained and stored

by Isomer

Purpose

The purpose of privacy is to set out how Isomer collects, uses and protects personal information and data.

The key focus is on the protection of confidential data, the security and integrity of data held on electronic platforms and the use of personal data for relevant business dealings and essential communication. Isomer takes privacy seriously and is committed to maintaining the privacy and security of the information it processes.

This policy is reviewed on an annual basis as part of an overall annual review of the firm’s systems and controls. Isomer takes a proportionate, risk-based approach to privacy taking into account our customer base, business and risk profile. The firm will also consider any associated risks regarding outsourcing its IT arrangements including third party support or platforms including cloud- based computing.

Privacy Guidelines

What kind of information does Isomer collect, and how?

Isomer collects contact information from its investors and partners from time to time. Contact details are collected directly from individuals and corporations that Isomer meets.

The types of personal information and data may include, without limitation:

– Basic personal information including name, address, data of birth, contact details

– Identity documents such as passport copies

– Education and employment history

– Business activities

– Financial information including investment track record

Isomer does not collect information via third parties. The firm is registered as a data controller with the Information Commissioner’s Office (“ICO”) under registration number ZA114620 as a data controller andProprietary and confidential. Not for distribution without permission. Isomer Capital LLP is authorised and regulated by the Financial Conduct Authority.complies with the relevant data protection principles.

Isomer uses secure cloud-based solutions to store data. Their privacy policies are available online:

Box: Box Privacy Notice | Box

Mailchimp: Global Privacy Statement | Intuit

Affinity: Privacy Policy | Affinity

– Notion: Security practices – Notion Help Center

How is the information used?

Personal information and/or data may be used to:

– Stay in touch with investors, investees and partners by post, telephone, electronic mail, etc., in connection with your relationship;

– Facilitate and manage Isomer’s business relationships. This may include sharing information internally as well as disclosing it to Isomer’s fund administrator (joint data controller); and

– Facilitate internal business operations, including conducting due diligence, making investment recommendations, assessing and managing risk and fulfilling legal and regulatory requirements (including KYC and AML requirements).

Is this information shared, or transferred outside the EEA & UK?

Isomer does not sell or share personal information and/or data to third parties for third party direct marketing purposes.

Isomer’s fund administrators, Aztec, are joint controllers of some of the personal client information received by Isomer on the fund’s investors and investees. Aztec is a Luxembourg-based, GDPR-compliant firm.

Though Isomer does not transfer information to parties outside of the EEA & UK, it stores information on cloud-based tools that may have servers outside of the EEA & UK (Box, Affinity, Mailchimp). Details on the privacy policies of these software providers are included above.

How long is the information retained?

Personal information is retained by Isomer only as long as it remains necessary to the conduct of its business.

What rights do individuals and entities have in relation to their data?

Under GDPR Individuals and entities have the right to access information stored about them. They are entitled

to ask Isomer about:

The nature of the personal data;

The purpose for processing this personal data; and

The existence of any third parties with whom personal data may be shared.

The right to access personal data, correct it, object or cancel the data kept by Isomer can be exercised by contacting Isomer’s Compliance Officer or any Isomer executive.

Complaints may also be made to the ICO (www.ico.org.uk). Isomer would however appreciate the chance to deal with any data concern beforehand. The Compliance Officer or any Isomer executive will be able to address with questions or concerns regarding data.

Security

Isomer takes all steps reasonably necessary to ensure that information and/or data is treated securely and in accordance with this Privacy Policy. Data Is stored electronically on cloud-based solutions that are password protected and fully compliant with data regulation.

Contact point in relation to this policy

The contact person for matters relating to data and more generally this Privacy Notice shall be Isomer’ Compliance Officer.

Incident reporting

In the event that there is a data breach, the Compliance Officer will be notified and the incident log must be completed as soon as reasonably practicable. Incidents are monitored in real time by the Compliance Officer. Where necessary, such as when the data lost contains client details, the Compliance Officer will be responsible for ensuring appropriate and timely communications with relevant third parties including the ICO.