Personvernerklæring – Fondsinvesteringer
Privacy Notice: Processing of investors, designated persons, fund managers, external contacts and employee’s personal data
This privacy statement is provided by Smedvig Investment Management AS (referred to as the “Company”, “we” or “our») to inform you as; investors, designated persons, fund managers, the administration and the employees regarding the processing of their personal data, for which the Company acts as a controller. As a controller, the Company is obliged to provide you with information on how we collect, use, store and share your personal data. This privacy notice has been made available for that purpose, and it sets forth the data we collect about you, its purpose, and with whom we share it. It also outlines your rights and provides contact information for further inquiries or clarification.
The Company is the data controller for the personal data we process about you in connection with the Company’s services and business. As an Alternative Investment Fund Manager, the Company may also process your personal data on behalf of managed funds with which you have an agreement. In such cases, the Company will act as a data processor on behalf of these funds. For example, this may apply to Smedvig Funds plc which then will be the data controller for your personal data related to the agreements you may have with the fund.
The fund’s privacy notice can be found in the application form issued by the fund.
Personal Data is any information that relates to, describes, identifies or can be used, directly or indirectly, to identify an individual. Processing includes all actions that can be performed on Personal Data such as collecting, organizing, storing, using, disclosing or otherwise making available, restricting or destroying.
The Company is regulated under the Norwegian Act, Lov om behandling av personopplysninger (as amended, extended, or replaced from time to time), and effective from 15.06.2018, the General Data Protection Regulation (Regulation (EU) 2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data , referred to as “applicable law”, along with any implementing legislation and all subsequent amendments thereto.
1. Data Controller
Smedvig Investment Management AS with registered address Løkkeveien 111, 4007 Stavanger, is the data controller responsible for the processing of your personal data related to our business as an Alternative Investment Fund Manager domiciled in Norway under supervisory of the Financial Supervisory Authority of Norway, business registration number; 988 318 574.
2. Contact Information
If you have any questions or concerns regarding the processing of your personal data, all inquiries may be directed to personvern@smedvig.no
3. Your Personal Data
We adhere to applicable laws and regulations when collecting personal data about you which we have categorized as follows:
| Description | Type of Personal Data |
| Basic Personal Details | Name, date of birth, address, phone number, e-mail address |
| Proof of Identity | Passport/driver’s license, nationality/citizenship, photograph, signature, social security number, utility bill |
| Employment Data | Job title, qualifications, CV, directorships, roles & responsibility, salary, sick leave/ leave of absence, vacation/annual leave, pension schemes, insurance policies, evaluations/assessments, and performance/achievements, interview notes. |
| Financial Data | Tax details, your bank account, credit card /debit card details (including business credit /debit cards), information regarding proprietary trading, in particular, and with respect to investors; information regarding income/source of funds, source of wealth, investment horizon, and the intended scale of investments. |
| Probity Data | Regulatory & Compliance Checks (fit and proper assessments, regulatory approvals, previous disqualifications, information on whether you are considered a Politically Exposed Person (PEP) or not), Financial Soundness, Criminal & Legal history |
| Communications Data | Communication with the Company, visitor logs, meeting minutes |
| Technical Data | IP (internet protocol) address, cookies, username and password |
4. Sources of your Personal Data
- Information provided by you: Basic Personal Details, Employment Data, Financial Data and Probity Data may be collected when you provide it to us in forms or documents (such as Fitness and Probity documentation)
- Business Relationship Management: Communication Data and Technical Data is gathered during the management and administration of our business relationship with the managed fund or with you. This includes records of communications, meeting minutes and trainings.
- Publicly available Information: We may collect Employment Data that you have chosen to disclose publicly, sourced from public websites, and other similar sources.
- Third-Party Sources: Basic Personal Details, Employment Data, Financial Data, Probity Data and Communications Data may be received from third parties such as your advisors, intermediaries, legal and regulatory bodies, or other relevant entities. This can include information obtained as part of anti-money laundering and counter-terrorist financing procedures, politically exposed persons checks, among others.
Sensitive Personal Data: Sensitive Personal Data refers to Personal Data revealing racial or ethnic origin; political opinions, religious or philosophical beliefs; trade union membership; genetic data; biometric data; health data; and data concerning a natural person’s sex life or sexual orientation.1
While we generally refrain from collecting Sensitive Personal Data, we may receive such data falling within special categories, such as political affiliations, as part of checks on politically exposed persons. Any processing of such Sensitive Personal Data will be conducted in accordance with applicable laws, ensuring suitable measures are in place to protect your fundamental rights and interests. On rare occasions where we do process Sensitive Personal Data, we will only use it for specified purposes, as explained at the time of collection.
Criminal Offences Data: We will only process Criminal Offences Data to the extent permitted or required by applicable law.
5. Purposes of Processing and Legal basis for processing
| Purpose | Type of Personal Data being processed | Legal Basis for processing |
| Business, financial and risk management: To ensure the efficient and effective operation of the business, encompassing audit, risk management procedures, financial management, business capacity, strategic planning, communications and corporate governance |
|
|
| Anti-money laundering, anti-bribery and respond to AML-request from third parties: To fulfil our regulatory and legal obligations relating to the prevention of money laundering, anti-bribery, fraud prevention, counter-terrorist financing, politically-exposed-persons checks and any other “know your client” request from third parties. This includes confirming and verifying your identity; and if relevant information about criminal convictions, which have been obtained from publicly available sources, such as newspapers and companies registries. |
|
|
| Legal and regulatory compliance: To adhere to our legal and regulatory responsibilities, encompassing but not limited to AML- and AIFMD regulations. To identify, investigate, and prevent violations of internal and regulatory protocols, as well as criminal activities, in alignment with relevant laws and regulations, including establishing, exercise, and defense of our legal rights |
|
|
| IT operations and security: To disclose information to other third parties such as technology providers of The Company, in order to operate, test and develop relevant system platform(s), including IT security and audits. |
|
|
| Manage service providers:
To enable us to efficiently manage how we work with other companies, including potential partners that provide service to us and potential employees. |
|
|
6. Recipients of Personal Data
Personal data may be shared with third parties, such as third party funds, regulatory authorities, legal advisors, auditors, and service providers engaged by the Company.
In addition, we may from time to time, in accordance with the activities described above and in accordance with applicable laws and regulations disclose your personal data to:
- Other entities within the Smedvig Family Office group, including:
Smedvig AS, Smedvig Eiendom AS, Smedvigkvartalet AS, Smedvig Funds plc.
- Third-party service providers, including the administrator, and company secretary of Smedvig Fund plc. (Ireland), as well as any entities appointed by these service providers to support fund administration, such as; Northern Trust Fiduciary Services (Ireland) Limited, Northern Trust International Fund Administration Services (Ireland), Deloitte Ireland LLP, Mazars (Ireland), legal advisors: Byrne Wallace Shields LLP (Ireland)
- Parties involved in our anti-money laundering, anti-bribery, anti-fraud, who may also retain personal data provided by us or directly by you for identity verification purposes, including the Company’s AML system Avallone provided by Smedvig AS
- Third-party processors, such as payment services providers, payroll services and banks
- Our professional advisors, including auditors, accountants, and legal advisors; Deloitte AS (Norway), Advokatfirmaet Wiersholm AS (Norway), Byrne Wallace Shields LLP (Ireland)
- Regulators, government bodies, and tax authorities, including but not limited to; the Norwegian Financial Supervisory Authority (Finanstilsynet), the Norwegian Data Privacy Authorities (Datatilsynet) and the Central Bank of Ireland.
- Relevant parties, law enforcement agencies, or courts to the extent necessary for the Company to exercise or defend of legal rights in accordance with applicable laws and regulations.
- Relevant parties involved in the prevention, investigation, detection, or prosecution of criminal offenses or the enforcement of criminal penalties, including safeguarding public security in accordance with applicable laws and regulations.
We do not share your Personal Data with others for marketing purposes.
7. Transfer of Personal Data outside of the EU/EEA
Due to the global scope of the Company’s operations and our utilization of service providers worldwide, your personal data may be gathered, transferred, and stored in any country across the globe, including those where the Company or the service providers conducts business. Some of these countries might not have been assessed by relevant data regulatory bodies to offer the same level of protection as countries governed by EU/EEA data protection laws.
We ensure that such transfers are safeguarded through appropriate measures or are legally permissible. When we transfer your Personal Data outside of the EU/EEA, we may do so through:
- Approval from the relevant supervisory authority regarding the adequacy of the recipient country.
- If the transfer of personal data complies with the EU-US Data Privacy Framework (Adequacy Decision)
- Implementation of standard contract clauses approved by the European Commission requiring the protection of personal data by the recipient.
- Adherence to Binding Corporate Rules, approved by relevant supervisory authorities, mandating the protection of Personal Data by the recipient.
- Other circumstances where applicable laws and regulations permit us to transfer your personal data outside of the EU/EEA.
8. Data Retention
The duration for which we retain your personal data is determined by a range of criteria, including the purposes for which we utilize the data (as it must be retained for as long as necessary to fulfill those purposes) and legal obligations (as certain laws or regulations may dictate a minimum duration for retaining your personal data).
For instance, we may retain some of your personal data for the purposes previously outlined and for the duration of our ongoing business relationship with you.
Following the termination of our business relationship, we may retain your personal data for a period of up to 10 years to comply with relevant laws and regulations, as well as to address any regulatory inquiries or requests pertaining to the Company.
In cases where we are not authorized to delete your personal data due to legal, regulatory, internal compliance and audit, or technical constraints, we may retain your data for longer than 10 years. However, in such instances, we will ensure that your personal data and privacy are safeguarded.
9. Security Measures
We utilize a combination of technical and organizational measures to maintain the security and confidentiality of your personal data, in compliance with national standards. Access to personal data is restricted to employees and consultants with a legitimate need. We provide relevant training to employees to ensure awareness and compliance with the Company’s privacy policies. Additionally, we mandate that our third-party service providers handling your personal data uphold stringent measures to safeguard its security.
10. Data Subject Rights
We acknowledge that you possess certain rights concerning the processing of your personal data by us. You have the right to:
- The right to access the personal data we hold about you.
- The right to request correction of any personal data you believe to be inaccurate, outdated, or incomplete.
- The right to request the deletion of your personal data.
- The right to limit the use of your personal data to specific purposes.
- If your personal data is processed based on consent, the right to withdraw that consent at any time (please note that this does not affect the lawfulness of processing based on consent prior to withdrawal).
- The right to object, in whole or in part, to the processing of your personal data.
- The right to request that the personal data you provided be returned to you or transferred to a designated person or entity in a structured, commonly used, and machine-readable format, without obstruction from our end.
You can exercise these rights at any time by contacting The Company. Please note that, where permissible by law or regulation, we reserve the right to charge an appropriate fee for facilitating the exercise of your rights.
We may require specific information from you to verify your identity and ensure your entitlement to access the requested personal data or exercise any other rights. This is essential to prevent the disclosure of personal data to unauthorized individuals.
11. Right to complain
Should you wish to exercise any of the aforementioned rights regarding your information or if you have inquiries or comments about privacy matters, or if you seek to present a complaint regarding our use of your information, you can reach us through the following channels:
- Write to Smedvig Investment Management AS, Postboks 900 4004 Stavanger, Norway
- Send an e-mail to personvern@smedvig.no.
Should you have any concerns about our handling of your information, you retain the right to file a complaint with Datatilsynet, further information can be found at (www.datatilsynet.no).
12. Changes to the Privacy Notice
This privacy notice may be updated from time to time. The latest version will be made available upon contacting The Company.
Date: September 3. 2025, Smedvig Investment Management AS.
Tidligere versjoner
| Sist oppdatert | Link |
|---|---|
| februar 10, 2021 | Personvernerklæring – Fondsinvesteringer |