KEY SUMMARY

We are Sirius Aircraft Leasing Fund Limited and its subsidiaries and to use your personal data we rely on third parties to develop our business under our directions. For this reason your personal data will normally be directly processed by companies like Sirius Aviation Capital Holdings Limited, who is our Investment Adviser, or parties carrying out other functions like our Alternative Investment Fund Manager, Asset Manager, Administrator, Registrar, Receiving Agent or Broker, and we will not access or anyhow process your data unless it is strictly necessary. You can find more information about those parties here.

We process your personal data for the management and administration of shareholdings, to enable us to promote and supervise the management of the Group, to communicate with third parties like lessees of aircraft and monitor the performance of the investments, to maintain our accounts and records, to communicate with directors and past, current or prospective shareholders, contractors and investors, and to deal with any enquiries or requests you raise.

This notice explains what data we process, why, how it is legal and your rights and it is important you read the whole notice because this section only summarises the relevant points.

ABOUT US and THIS NOTICE

This Privacy Notice is provided by Sirius Aircraft Leasing Fund Limited and its subsidiaries as may be from time to time, (all of us together “Sirius Aircraft” or “we” or “us”) and to the extent we process your personal data directly or by a contractor doing it under our instructions, we are the data controller and responsible for processing your data. More information about the position about our subsidiary entities is available upon request.

We are based in Guernsey and we comply with the data protection laws applicable in Guernsey and in any other country where we operate or otherwise process your data, including the European General Data Protection Regulation where applicable.

We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.

How to contact us

If you need to contact us about this Privacy Notice, or would like this Privacy Notice in another format (for example: audio, large print, braille), please contact us via our administrator by using the details below.

BNP Paribas Securities S.C.A. (Guernsey Branch)

BNP Paribas House

St. Julian’s Avenue

St. Peter Port

Guernsey

GY1 1WA

[email protected]

 

Changes to this Privacy Notice

The latest version of this Privacy Notice can always be found here at https://siriusavcap.com/privacy/

We may change this Privacy Notice from time to time. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

Current version: V1 October 2018

USEFUL WORDS AND PHRASES

Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Term Definition
Sirius Aircraft, we, us Means Sirius Aircraft Leasing Fund Limited whose registered office is at

BNP Paribas House St Julian’s Avenue St Peter Port, Guernsey GY1 1WA, and its subsidiaries.

controller This means any person who determines the purposes for which, and the manner in which, any personal data is processed.
criminal offence data This means any information relating to criminal convictions and offences committed or allegedly committed.
Data Protection Laws This means the Data Protection (Bailiwick of Guernsey) Law, 2017 and any other applicable national laws related to data protection, privacy and electronic communications, applicable in the territories we operate or in relation to your personal data, including the European Union General Data Protection Regulation 2016/679.
data subject The individual to whom the personal data relates.
Data Protection Supervisor This means the Guernsey Office of the Data Protection Commissioner, or any other regulatory authority responsible for implementing, overseeing and enforcing the Data Protection Laws in the territories applicable to us.
individual This means a living natural person.
personal data, data This means any information from which an individual can be identified.

This includes information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings.  It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions).

It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.

processing This covers virtually anything anyone can do with personal data, including:

·          obtaining, recording, retrieving, consulting or holding it;

·          organising, adapting or altering it;

·          disclosing, disseminating or otherwise making it available; and

·          aligning, blocking, erasing or destroying it.

processor This means any contractor who processes your personal data under our specific instructions and on our behalf.
special categories of data or Sensitive

Personal Information

This means any information relating to:

·          racial or ethnic origin;

·          political opinions;

·          religious beliefs or beliefs of a similar nature;

·          trade union membership;

·          physical or mental health or condition;

·          sexual life;

·          criminal data; or

·          genetic data or biometric data for the purpose of uniquely identifying you.

you Current, former and prospective:

·            directors

·            shareholders

·            contractors and/or service providers

·            lessees of aircraft

·            buyers and sellers of aircraft

·            individual investors

·            individuals employed by or connected to the above

·            any other individuals contacting Sirius Aircraft for any purposes related to our business 

WHAT PERSONAL DATA DO WE COLLECT?

Information we process about you

We, or our processors, collect your contact details such as name, email address, address, telephone number, bank account details, KYC documents such as your passport and credit history, personal identifiers, such as social security number and national insurance number, age, professional title, occupation, financial information and tax status. We do not directly process most of the information you give to our Investment Adviser, Alternative Investment Fund Manager, Asset Manager, Registrar, Administrator and other third parties like our Brokers, and when they collect your personal data, or any personal data you provide to them, they will inform you about the processing of this data for their own purposes or on our behalf if appropriate.

How is Personal Data collected from you

Your personal data will be collected when buying shares in Sirius Aircraft or through interactions with us or our contractors in the course of our business, investments, leasing of aircraft or interests in common, or as part of the services we deliver to you.

Your personal data may also be collected from a third party advisor (such as your lawyer or introducing agent), from publicly available sources (such as the Guernsey Registry or Companies House) or an identification verification database.

Sensitive Personal Information or Special Categories of Data.

We do not envisage the use of your sensitive personal data as part of our business and will only request for it if it is strictly necessary in order to comply with a legal obligation or otherwise according to the law.

In case we request for this information we will inform you at the time this is requested for, if necessary we will ask for your consent, and we will protect this information with greater care.

Personal information about other individuals

If you provide us with information about other individuals you confirm that you are mandated by them and thus act under their instructions and have informed them about this Privacy Notice as appropriate.

HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?

Personal data

We are allowed to process your personal data for the following reasons and on the following legal bases:

Legitimate interests

We have a legitimate interest in sharing data about you

(i) between our group entities if necessary for internal administrative purposes; and

(ii) with our contractors when it is necessary for them to deliver the services we are contracting.

We do not share information about you with these third parties in a context other than where it is necessary to perform a contract or for us to run and manage our business efficiently as you expect us to do.

You can find more information related to third parties in this Privacy Notice (see “Who will have access to your personal data?“). You can object to processing that we carry out on the grounds of legitimate interests as long as it is not linked to another legal ground (for example if it is necessary to perform a contract we have in place with you). See the section headed “Your Rights” to find out how.

Contract

It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.

Legal obligation

We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies, tax administrators and law enforcement agencies. 

WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?

Our Administrator, Registrar and Receiving Agent will directly collect and process your personal data as our processors. The companies delivering these services are as follows:

 

Who information is processed by: processors
Administrator, Custodian and Company Secretary BNP Paribas Securities Services S.C.A. Guernsey Branch

 

Registrar Computershare Investor Services (Guernsey) Limited

 

Receiving Agent Computershare Investor Services plc

 

Investment Adviser Sirius Aviation Capital Holdings Limited

 

Asset Manager Sirius Aircraft Management Limited

 

Alternative Investment Fund Manager Carne Global AIFM Solutions (C.I.) Limited

 

 

In addition, we share your personal data with the following entities who act as separate controllers of your personal data because although they are our contractors, they decide why and how to use your data when providing services for us. You should review their privacy notices to find out how they process your personal data. If you have any queries or complaints about how they process your personal data by them, please contact them separately using the contact information provided on their website.

 

Who information is shared with: controllers Link to their privacy notice

 

To the extent that they do not act under our instructions (for example when they need to comply with their own legal obligations): Administrator, Custodian and Company Secretary BNP Paribas Securities Services S.C.A. Guernsey Branch

 

https://securities.bnpparibas.com/data-protection-notice.html
To the extent that they do not act under our instructions (for example when they need to comply with their own legal obligations): Registrar Computershare Investor Services (Guernsey) Limited

 

https://www.computershare.com/je/privacy-policy
To the extent that they do not act under our instructions (for example when they need to comply with their own legal obligations): Receiving Agent Computershare Investor Services plc

 

https://www.computershare.com/uk/privacy-policy
To the extent that they do not act under our instructions (for example when they need to comply with their own legal obligations): Alternative Investment Fund Manager Carne Global AIFM Solutions (C.I.) Limited https://www.carnegroup.com/en/downloads
Broker and Placing Agent Liberum Capital Limited http://liberum.com/media/369087/gdpr-privacy-policy.pdf
Auditor KPMG Ireland Channel Islands https://home.kpmg.com/qm/en/home/misc/privacy.html
Other parties by categories We share data concerning you with other providers such as our legal advisers based in each of the territories we operate.

We will also share your personal data with the police, tax authorities and other law enforcement agencies or regulators where we are required by law to do so.

 

More information concerning these recipients is available under request.

 

 

Transfers of your personal data outside the territories where we operate

Where we transfer your personal information outside Guernsey and/or the territories where we operate, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:

  • the country to which we send the personal information may be approved according to the Guernsey law parameters, or by the European Commission as providing adequate protection for personal data;
  • by having in place a contract based on “model contractual clauses” approved by the European Commission;
  • where the recipient is located in the US, it may belong to the EU-US Privacy Shield scheme; or
  • where the law permits us to otherwise transfer your personal information to another country.

If you would like further information about the safeguards we have in place to protect your personal information, please contact us at [email protected].

 

How we keep your personal data secure

We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities and we ensure that the companies processing your data on our behalf provide an adequate level of protection to secure both your personal data and other confidential information.

WHEN WILL WE DELETE YOUR DATA?

Our main rule is not to keep your data for longer than we need to in order to meet all the purposes we included in the section “Why do we process your personal data?“.

With this in mind, your personal data will generally be retained for the longest of the following periods:

  • for us and the processors and/or any authorised third parties to carry out the purposes for which the data was collected or as long as is set out in any relevant agreement you enter into with us);
  • in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
  • any retention period that is required by data protection laws and any applicable laws or regulatory requirements.

For example, if you are a shareholder, we will keep your data during the time you are in such position after which, we will keep your personal data if we need it to comply with a legal obligation or if we need it to meet other purposes, but if we do not need all the data you provided at first instance, we will delete the remaining data. For most of the purposes and legal obligations we have stated a retention period of 6 years although this might vary depending on the agreements we have in place with you, or other legal obligations. A detailed retention schedule is available upon request.

YOUR RIGHTS

As a data subject, in certain circumstances, you have the following rights under the Data Protection Laws:

  • the right to object to processing of your personal data;
  • the right of access to personal data relating to you (known as data subject access request);
  • the right to correct any mistakes in your information;
  • the right to ask us to stop contacting you with direct marketing;
  • the right to restrict your personal data being processed;
  • the right to have your personal data ported to another controller;
  • the right to withdraw your consent;
  • the right to erasure; and
  • rights in relation to automated decision making.

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see “How to contact us”).

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

 

Right to object to processing of your personal data

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed “How is processing your personal data lawful“.

 

Right to access personal data relating to you

You may ask to see what personal data we hold about you and be provided with:

  • a copy of the personal data;
  • details of the purpose for which the personal data is being or is to be processed;
  • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers;
  • the period for which the personal data is held (or the criteria we use to determine how long it is held);
  • any information available about the source of that data; and
  • whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

 

Right to correct any mistakes in your information

You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

 

Right to restrict processing of personal data

You may request that we stop processing your personal data temporarily if:

  • you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
  • the processing is unlawful but you do not want us to erase your data;
  • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing because you believe that your interests should override our legitimate interests.

Right to data portability

You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

 

Right to withdraw consent

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.

 

Right to erasure

You can ask us to erase your personal data where:

  • you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
  • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
  • you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • your data has been processed unlawfully or has not been erased when it should have been.

 

Rights in relation to automated decision making

You have the right to have any decision that has been made by automated means and which has a significant effect on you reviewed by a member of staff and we will consider any objections you have to the decision that was reached.

What will happen if your rights are breached?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice – and if you do not think that we have processed your data in accordance with this notice – you should let us know as soon as possible. You may also complain to the Guernsey Office of the Data Protection Commissioner or (if you are resident within the EU) to the Irish Office of Data Protection Commission, or to your local Data Protection Supervisor.

Details of the Guernsey Data Protection Commissioner can be found at https://odpc.gg/  for individuals in Guernsey. The Irish Office of Data Protection Commission can be contacted at [email protected]   for individuals in the EU).