Last Updated: November 2023
Overview
Cross Ocean Partners Management LP and Cross Ocean Adviser LLP (alternately, “Cross Ocean”, “we”, “us” or “our”) respects your privacy and are committed to complying with this website privacy notice (“Privacy Notice”), which describes what information we collect about you, including how we collect it, how we use it, with whom we may share it and what choices you have regarding our use of your information. If you require a copy of this policy in an alternative accessible format, please contact us at legal@www.crossoceanpartners.com or calling us at +1 203 340 7850 (Greenwich, CT USA) and +44 207 653 6200 (London, UK).
Cross Ocean is a data controller in respect of the information this Privacy Notice applies to. A data controller is responsible for deciding how to hold and use personal data about you. We may process your personal data ourselves or through others acting as data processors on our behalf.
This Privacy Notice applies to information collected on our website located at www.crossoceanpartners.com (the “Site”), all interactive features, applications, widgets, social networks and social network “tabs”, and other online or wireless offerings that post a link to this Privacy Notice, whether accessed via computer, mobile device or other technology or any associated content, material, or functionality contained on the Site (collectively, the “Services” and, together with the Site, the “System”).
The EU General Data Protection Regulation (“EU GDPR”) and the EU GDPR as transposed into United Kingdom national law by the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (“UK GDPR”), apply to the processing of personal data in the context of the activities of an establishment in the European Economic Area (“EEA”) and the United Kingdom, as well as to firms outside the EEA and the UK that process personal data relating to the offering of services to individuals in the EEA and UK . Please note that certain sections of this Privacy Notice, as identified below, only apply where the EU GDPR and UK GDPR apply to the processing of your personal data.
For the avoidance of doubt, this Privacy Notice does not affect the terms of any privacy notice set out in a subscription document a user may have in place with Cross Ocean or its advised or sub-advised funds (a “Subscription Privacy Notice”), and to the extent that the terms of this Privacy Notice and the terms of a Subscription Privacy Notice conflict, the terms of that user’s Subscription Policy prevail.
Changes to our Privacy Notice
We may change this Privacy Notice at any time. We will notify you of any changes where we are required to do so. The most recent version of the Privacy Notice is reflected by the version date located at the bottom of this Privacy Notice. All such updates and amendments are effective immediately upon notice thereof, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Notice or other notice on the Site. You should view this Privacy Notice often to stay informed of changes that may affect you. We expressly reserve the right to make any changes to this Privacy Notice at any time, without prior notice to you. The version of this Privacy Notice posted on the Site on each respective date you visit the Site shall be the Privacy Notice applicable to your access and use of the System on that date.
What information do we collect?
As described in detail below, we collect certain identifying information from or about you in connection with your use of, or any of your submissions to, the System (collectively, the “Collected Information”).
This section details the information we collect about you in the course of your use of our website. We will collect:
Purpose / processing activity | Type of data | Lawful basis |
To manage our relationship with you and to correspond with you | Basic contact details (first name, last name, email address, phone number ) | For our legitimate interests in running our business and keeping our records updated |
To correspond with third parties such as service providers, legal advisors, auditors and technology providers and regulatory authorities | Basic contact details (first name, last name, email address, phone number) | Compliance with our legal obligations
For our legitimate interests in running our business and keeping our records updated |
To operate and administer the System (including analysis, testing, maintenance, support, reporting and hosting of data), to deliver the Services to improve the user experience and the System. This may include analysing your use of our System | Name, contact details, IP address, login data, browser type, operating system | Legitimate interests – business administration in relation to System including security
Compliance with our legal obligations |
To send you information about our business in which you may be interested | Name, email address, phone number | For our legitimate interests in running our business and keeping our records updated |
In addition to the uses above, please note that we may also process your information where we are required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
Information for marketing purposes
We use your information to identify products, services and events that we think may be of interest to you.
We will only send you marketing messages where you have consented to such contact, or in the case of products and services, where these are similar to those that we have already provided to you.
You have the right to ask us not to not send you marketing messages by post, telephone or e-mail or any combination of these at any time. You can also let us know at any time that you wish to change your mind and to start receiving such messages.
You can do this:
- by replying directly to the marketing message;
- in case you wish to withdraw from all marketing communications, you can also unsubscribe from all marketing by clicking the appropriate link in any email you receive; or
- at any time by contacting us.
How do we collect this information?
We typically collect personal data about you when you provide information to us when communicating or transacting with us in writing by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. For instance, when you request information from us or otherwise correspond with us. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns.
Correspondence
We appreciate your questions and comments about the System and Services and welcome your messages at our “Contact Us” page, which you can find here: http://www.crossoceanpartners.com/contact/. If you correspond with Cross Ocean through the System or via email, the Collected Information may include the content of, and metadata regarding, any correspondence you may have with us. We may share your messages with those within our organization who are most capable of addressing the issues contained in your message. We may archive your message for a certain period of time or discard it.
With whom do we share information that we collect?
Your personal information may be processed by staff operating outside the UK and/or EEA who work for us or by our service providers (for example, those who supply support services to us), and the laws of some of these destination countries may not offer the same standard of protection for personal information as countries within the UK and/or EEA.
We will, however, put in place appropriate security procedures in order to protect your personal information. Where your information is transferred to any country outside the UK and/or EEA, we ensure that this is done using specific legally approved safeguards. For example, we have put in place standard contractual clauses to regulate the processing of personal data which is transferred from Cross Ocean Adviser LLP (in the UK) to Cross Ocean Partners Management LP (in the United States) You can request further details and a copy of these safeguards by contacting us (see the section “Correspondence” above).
In addition to the uses mentioned or described elsewhere in this Privacy Notice or in the terms of use of our System (the “Terms”), we may catalogue and add Collected Information to our database.
We do not sell, rent, or lease our user lists or the identity of individual users to third parties. However, Cross Ocean may use and disclose certain aggregated, anonymized information, such as System usage data, to our trusted business partners. As this information has been anonymized it can no longer identify you and is no longer personal data.
Cross Ocean does not disclose personal data about its clients to non-affiliated third parties, except as required or permitted by law, for its everyday business purposes (such as to process transactions or service a client account), or pursuant to joint marketing agreements that are subject to contractual and legal restrictions. Under certain circumstances, Cross Ocean may also disclose Collected Information if we become subject to a subpoena or court order, or if we are otherwise legally required to disclose information. We may also use and disclose Collected Information to establish or exercise our legal rights, to enforce the Terms, to assert and defend against legal claims, or if we believe such disclosure is necessary to investigate, prevent, or take other action regarding actual or suspected illegal or fraudulent activities or potential threats to the physical safety or well-being of any person.
As Cross Ocean grows and develops its business, it is possible that its corporate structure or organization might change or that it might merge or otherwise combine with, or that it or portions of its business might be acquired by, another company. In any such transactions, Collected Information may also transfer.
We may need to share your personal data with:
- other entities within our group as part of our regular reporting activities in company performance, in the context of a business reorganisation or group restructuring exercise or for assistance in relation to marketing and business development;
- professional advisers including lawyers, bankers, auditors and insurers to the extent such information is relevant to their performance of their services;
- regulators; and
- any of our service providers where such information is relevant to their performance of such services.
How long will we retain your information?
We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements and our legitimate interests in maintaining such personal information in our records. In doing this we will have regard to the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Generally, we will keep information relevant to our dealings with you for a minimum period of 7 years following the last date of activity or longer as required by applicable law or regulation.
In some circumstances your personal data may be anonymised so that it can no longer be associated with you, in which case it is no longer personal data.
Once we no longer require your personal data for the purposes for which it was collected, we will securely destroy your personal data in accordance with applicable laws and regulations.
What choices do you have?
When submitting information, corresponding, making requests for information, and otherwise interacting with Cross Ocean and its representatives through or in connection with the System, you choose what information to supply or submit, whether you wish to receive further information, and how you may be contacted. You are not required or obliged to share such information and should only share information that you believe is necessary or appropriate. However, please note that our website may automatically collect certain technical data (further details on this are in the ‘How do we collect this information?’ section).
Your rights in relation to your information
Where the EU GDPR and UK GDPR apply to the processing of your personal data, you have rights as an individual which you can exercise in relation to the information we hold about you under certain circumstances. These rights are to:
- request access to your personal data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
- request rectification of your personal data;
- request the erasure of your personal data;
- request the restriction of processing of your personal data;
- object to the processing of your personal data;
- request the transfer of your personal data to another party.
If you want to exercise one of these rights please contact us at privacy@www.crossoceanpartners.com.
You also have the right to make a complaint at any time to a supervisory authority for data protection issues. A complaint can be made to the Information Commissioner’s Office: https://ico.org.uk/global/contact-us/ or 0303 123 1113.
Fees
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
How do we protect information collected about you?
Cross Ocean takes commercially reasonable measures to secure and protect information transmitted via or stored on the System. Nevertheless, no security system is impenetrable. We cannot guarantee that information that users of the System may happen to transmit or otherwise supply will be totally secure. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. You agree to immediately notify us of any breach of System’s security, this Privacy Notice or the Terms of which you become aware.
Children
The System (including the Site and Services included therein) is intended for a general audience and is not intended for use or view by children. We do not knowingly collect information about children or sell products to children. Consistent with the US’s Children’s Online Privacy Protection Act, we will not knowingly collect any information from children.
Visiting the System from outside the United States
If you are visiting the System, or any part thereof, from outside of the United States of America, please be aware that your information may be transferred to, stored or processed in the United States as our website is hosted there and also in order for us to correspond with you or otherwise provide the information you have requested where our United States partnership is better placed to correspond with you.
The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, but please be assured that we take steps to protect your privacy. Where this is the case, we will (or will require a processor to) put in place appropriate safeguards such as the EEA-approved standard contractual clauses to ensure that your personal data is treated in a manner that is consistent with and respects the EEA laws on data protection. In particular, we have put in place standard contractual clauses to regulate the processing of personal data which is transferred from Cross Ocean Adviser LLP (in the UK) to Cross Ocean Partners Management LP (in the United States). If you require further information about this you can request it from privacy@www.crossoceanpartners.com.
Do Not Track Requests
California and Delaware laws require that we indicate whether we honour “Do Not Track” settings in your browser concerning targeted advertising. “Do Not Track” is a standard that is currently under development. As it is not yet finalized, we adhere to the standards set out in this Privacy Notice and do not monitor or follow any Do Not Track browser requests.
Privacy Notice for California Residents
This provision supplements the information contained above and applies solely to investors who reside in the State of California. Cross Ocean does not sell your information.
The term “Personal Information” as used herein any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include de-identified or aggregate information, or public information lawfully available from governmental records. This information may include the Investor’s name, address, telephone number, e-mail address, passport number, social security number, taxpayer identification number, bank account number, transaction history, and other Personal Information.
Personal Information Collected
In the 12 months preceding the date of this Privacy Policy, we may have collected your Personal Information when you provided information during the establishment of an investor relationship (such as through an Investor’s Subscription and Capital Commitment Agreement, or from other forms and questionnaires); conducted transactions with the Partnership, visited the Site; signed up to receive information by email; or otherwise voluntarily provided us with your Personal Information. We may have also collected your Personal Information offline, such as through telephone calls.
The personal information we may have collected from these sources during the 12 months preceding the date of this Privacy Policy, and will continue to collect, includes the following:
- Personal identifiers, including your name, physical address, email address, phone numbers, customer number, account password, and IP address or other unique identifier.
- Financial information, such as financial account information.
- Internet or other electronic activity information, such as your device and browser type, your browsing and search history on our Site, and information regarding your interaction with our Site.
- Information about an Investor’s transactions with the Partnership and/or Cross Ocean.
- Inferences drawn from any of the information identified above.
Use of Personal Information
In the 12 months preceding the date of this Privacy Policy, we may have used, and may continue to use, your Personal Information for the following purposes:
- Providing our services to you.
- Facilitating your use of the Site.
- Responding to requests for information.
- Customizing your experience of the Site.
- Marketing purposes.
- Preventing fraud, activities that violate our Terms of Service or that are illegal, and to protect our rights and the rights and safety of our users or others.
Sharing Your Information
Cross Ocean generally does not disclose any non-public Personal Information about Investors to any non-affiliated parties. In the 12 months prior to the date of this Policy, we may have disclosed each of the categories of Personal Information identified above to the following categories of entities:
- To service providers that help us operate our business. Cross Ocean restricts access to non-public Personal Information to those personnel, agents or other parties that need to know that information in order to provide services to Cross Ocean.
- To non-affiliated parties at the request of an investor or with an Investor’s consent (with respect to information relating to such Investor)
- To data analytics providers. We may share your Personal Information with data analytics providers that help us manage how visitors use and interact with our Site, including the products we offer.
We may also share your Personal Information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also share your Personal Information with third parties to help detect and protect against fraud or data security vulnerabilities. And we may transfer your Personal Information to a third party in the event of a merger, reorganization of our entity or other restructuring. For the limited purposes outlined above, Cross Ocean may internally disseminate non-public Personal Information concerning Investors. However, Cross Ocean will use commercially reasonable efforts to ensure that such information is treated in accordance with the principles set forth above.
We have not sold your Personal Information in the last 12 months, and do not, and will not, sell your Personal Information.
California Consumer Privacy Act of 2018. The California Consumer Privacy Act of 2018 (the “CCPA”) grants California residents certain rights with respect to their Personal Information, including, as described below, the right to know about, delete, and if applicable, opt-out of the sale of their Personal Information. These rights are subject to certain limitations, however, such as that they do not all apply to Personal Information about employees, applicants, and contractors, or information processed exclusively in the business-to-business context (e.g., information about an individual acting in his or her capacity as a representative of an entity). These rights also do not apply to information subject to the Gramm-Leach-Bliley Act. Where we decline to grant a request pursuant to an applicable exception, we will provide you with an explanation.
Right to request disclosure of information we collect or share about you. You can submit a request to us for the following data regarding the Personal Information we have collected about you in the 12 months prior to our receipt of your request (a “request to know”):
- The categories of Personal Information we have collected.
- The categories of sources from which we collected the Personal Information.
- The business or commercial purposes for which we collected the Personal Information.
- The categories of third parties with which we shared the Personal Information.
- The categories of Personal Information we disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed that particular category of Personal Information.
- The specific pieces of Personal Information we collected.
Right to request the deletion of Personal Information we have collected from you. Upon request, we will delete the Personal Information we have collected about you, except for situations where specific information is necessary for us to provide you with a product or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law.
The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.
How can you make a request to exercise your rights? To exercise the rights described above, California residents may submit a verifiable consumer request to us by either e-mailing us at legal@www.crossoceanpartners.com or calling us at +1 877 936 3739. The request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information and it must describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will not deny services, charge different prices, offer a different quality of service or otherwise discriminate against you for exercising these rights.
How we will handle a request to exercise your rights. For requests to know or delete, we will first acknowledge receipt of the request within 10 business days of receipt of your request. We will provide a substantive response to your request within 45 days from receipt of your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we’ll let you know.
When you make a request to know or delete your Personal Information, we will take steps to verify your identity. These steps may include asking you for Personal Information, such as your name, address, or other information we maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial.
You are also entitled to submit a request for Personal Information that could be associated with a household as defined in the CCPA. To submit a request to know or delete household Personal Information, such requests must be jointly made by each member of the household, and we will individually verify all of the members of the household using the verification criteria explained above, and separately verify that each household member making the request currently resides in the household. If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.
You may also designate an authorized agent to submit requests on your behalf. If you do so, you will be required to verify your identity by providing us with certain Personal Information as described above. Additionally, we will also require that you provide the agent with written and signed permission to act on your behalf, and we will separately confirm with you that you provided the agent with permission to submit the request. We will deny the request if the agent is unable to meet submit proof to us that you have authorized them to act on your behalf or if any of the above verification criteria are not met.
We are committed to honoring your rights. If you exercise any of the CCPA rights explained in this Privacy Policy, we will continue to treat you fairly.