EEA Investor Privacy Notice

Introduction

This privacy notice (the “Notice”) is provided by The Carlyle Group (“Carlyle”, “we” and “us”), and it applies in relation to any natural person resident in the European Economic Area (the “EEA”) who is:

  • A client or prospective client of Carlyle
  • An investor or prospective investor in a fund managed or advised by Carlyle
  • A member, partner, shareholder, beneficial owner, officer, director, employee or other representative of any client (or prospective client) of Carlyle or investor (or prospective investor) in a Carlyle fund

We recognise the importance of your privacy and maintaining the confidentiality of your personal information (“Personal Data”) in accordance with applicable data protection and privacy laws, including the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 (the “GDPR”) and other national and European data privacy laws (collectively, the “Privacy Laws”). This Notice sets out how we may collect, use, store, process, disclose and transfer your Personal Data.

This Notice is intended to complement and supplement the Carlyle Secured Lending, Inc. Privacy Notice and Safeguarding Policies and Procedures (the “Privacy Policy”) to ensure compliance the Privacy Laws. As related to the population described above, in case of discrepancies between the Privacy Policy and this Notice, the more restrictive requirements shall control.

We reserve the right to update this Notice at any time, and we will provide you with a new notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.

For the purposes of the Privacy Laws, including the GDPR, we act as a “data controller” and our headquarters is located in the United States at 1010 Pennsylvania Avenue, NW, Washington, DC 20004. As a data controller, we are responsible for deciding how we hold and use Personal Data about you. We are required under such Privacy Laws to notify you of the information contained in this Notice.

Data Protection Principles

In respect of the collection, holding, storage, use, and processing of your Personal Data:

  • We will process the data lawfully, fairly and in a transparent way
  • We will obtain the data only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • The data we collect will be relevant to the purposes we have told you about and limited only to those purposes.
  • We will take reasonable steps to ensure that the data is accurate and kept up to date.
  • Subject to applicable legal or other requirements, we will keep the data only as long as necessary.
  • We will use appropriate technical and/or organisational measures to ensure appropriate security of the data.

What Personal Data do we collect and how?

“Personal Data” means any information relating to a natural person (known as a “data subject”), who can be identified from that information (either directly or when combined with other information in Carlyle’s possession). In connection with our business, we collect various types of Personal Data, including:

  • identification information (e.g. name, ID card and passport numbers, nationality, place and date of birth, gender, picture, IP address);
  • contact information (e.g. postal address and e-mail address, phone number);
  • family situation (e.g. marital status, number of children);
  • tax status (e.g. tax ID, tax residence);
  • education and employment information (e.g. level of education, employment, employer’s name, remuneration);
  • financial data (e.g. bank account details, credit card number, money transfers including communications on bank transfers, assets, investor profile, credit history, debts and expenses);
  • other background data (e.g. information on criminal history/unlawful conduct)

We also may collect special categories of Personal Data (as defined in the GDPR and including health, disability and religious or ethnicity information) where provided by you, with your consent, such as disability information or religious data for purposes required by you such as scheduling of meetings or access to Carlyle or its premises.

We collect this Personal Data in various ways, including:

  • Directly from the individual data subject (e.g. pursuant to a subscription agreement or by receipt of an email or other written correspondence or business card);
  • Indirectly from other sources (e.g. from public records or from a counterparty in possession of the data).

How and on what basis do we use your Personal Data?

Below, please find an overview of the specific purposes for which we use your Personal Data and the legal grounds on which we base such processing activities:

  • To comply with legal or regulatory obligations, such as our obligations regarding know-your-client and anti-money laundering
    • provide you with information regarding Carlyle products or services
    • assist you and answer your requests
    • evaluate whether we can offer you a Carlyle product or service and under what conditions
  • To satisfy the legitimate interests of Carlyle (or a third party), such as to:
    • create a client/investor account and to manage such account
    • contact a client/investor for updates on matters regarding their investments
    • carry out other activities related to client/investor and financial management and administration
    • investigate, assess and advise on the feasibility of a prospect’s objectives
    • inform our clients/investors about Carlyle and our products and services
    • invite persons to attend events and meetings (and keep record of attendees)
    • perform analyses and statistics (on an aggregate basis) relating to the types of clients/investors we service
    • ensure compliance with tax and other reporting requirements
    • monitor and audit compliance of Carlyle with internal policies and procedures, legal obligations and to meet requirements and orders of regulatory authorities
    • investigate and take appropriate action in the event of suspected financial irregularities (such as suspected fraud or offences)
    • establish, exercise and defend a legal position, which includes the necessity to file and back up certain information as evidence that may be produced in judicial proceedings

With whom do we share your personal data?

Within Carlyle. We share your Personal Data among Carlyle entities for the purposes set forth above. Our group entities are restricted from sharing your Personal Data with other non-affiliates entities, except as described herein or otherwise permitted by the Privacy Laws or other applicable laws. The transfer of Personal Data from the UK/EEA to the Carlyle entities outside the EEA is governed by data transfer agreements which are in the form of the standard contractual clauses approved by the European Commission (a copy of which can be obtained from us via the contact details below).

Outside of Carlyle. We share your Personal Data with non-affiliated third parties for the purposes set forth above. For example, as appropriate, we share your Personal Data with:

  • Service providers (e.g. attorneys, auditors, accountants, tax advisers, administrators, custodians, depositaries, brokerage firms, event organizers or other agent, adviser or service provider of Carlyle). As is common in the industry, non-affiliated third-party companies may from time to time be used to provide certain services, such as administration services, tax compliance services, reporting, account statements and other information, organizing events, conducting research on client satisfaction and gathering shareholder proxies. These companies may have access to your Personal Data but generally are permitted to use the information solely to provide the specific service or as otherwise permitted by law.
  • Public entities and institutions (e.g. financial authorities, such as the US Securities & Exchange Commission, the UK’s Financial Conduct Authority, criminal prosecution authorities and law enforcement) either upon providing a legal or regulatory request or as part of our legislative or regulatory reporting requirements
  • Other counterparties (e.g. including any vendor, any lender or any of their respective managers, general partners or investment advisers or administrators, or any of their respective agents or representatives or any affiliate of any of the foregoing)

With respect to such third parties, we generally will seek to enter into appropriate contractual arrangements, as applicable, to ensure lawful and fair processing of your Personal Data on our behalf.

Further, where your Personal Data is processed by third parties outside the EEA, we will ensure appropriate safeguards are in place to adequately protect it, as required by applicable law, including the execution of standard contractual clauses (referred to above) if the recipients are not located in a country with adequate data protection laws (as determined by the European Commission) or certified under the EU-US Privacy Shield framework.

With whom do we share your personal data?

We take seriously the obligation to safeguard your Personal Data. Your Personal Data held by us will be kept confidential in accordance with applicable Carlyle policies and procedures. We will use all reasonable efforts to ensure that all Personal Data is kept secure and safe from any loss or unauthorised disclosure or use. All reasonable efforts are made to ensure that any Personal Data held by us are stored in a secure and safe place, and accessed only by our authorised employees and transferees.

Further, we seek to ensure that we keep your Personal Data accurate and up to date. However, you are responsible for and we kindly request that you inform us of any changes to your Personal Data (such as a change in your contact details).

How long do we keep your Personal Data?

In general, we will process and store your Personal Data for at least as long as it is necessary in order to fulfil our contractual, regulatory and statutory obligations. Subject to those qualifications, our goal is to keep such data for no longer than necessary in relation to the purposes for which we collect and use the Personal Data (we refer to the purposes as set forth above). Carlyle will retain your Personal Data in accordance with our Books & Records Policy. If you have any specific question in this respect, please feel free to contact us.

What are your rights with respect to your Personal Data?

Under the Privacy Laws, in certain circumstances, a data subject has certain individual rights with respect to the Personal Data that we hold about them. In particular, you may have the right to:

  • Request access to any data held about you
  • Ask to have inaccurate data amended
  • Request data held about you to be deleted, provided the data is not required by Carlyle to perform a contract, defend a legal claim or to comply with applicable laws or regulations
  • Prevent or restrict processing of data which is no longer required
  • Request transfer of appropriate data to a third party where this is technically feasible

These rights may be limited in same situation, i.e where it is necessary for legal compliance for us to process your personal data.

Additionally, in the circumstances where you have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

To exercise any of these rights, please contact us using the contact details set out under the “Contact and Complaints” heading below.

To what extent is there automated decision making, including profiling?

We respect your legal rights not to be subject to decisions that are based solely on automated processing of your Personal Data, including profiling, especially where such processing has legal or other significant effects on you. In establishing and carrying out a business relationship, we generally do not use any automated decision making pursuant to the GDPR. We may process some of your Personal Data automatically, with the goal of assessing certain personal aspects (profiling), such as to comply with legal or regulatory obligations to combat money laundering, terrorism financing, and offenses that pose a danger to assets.

Contact and Complaints

Questions, comments, requests or complaints regarding this Notice and/or our use of Personal Data should be addressed to dppc@carlyle.com. If you have any complaints regarding this Notice, you may also contact your local data protection authority.

 

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.