Privacy Policy
As of April 21, 2022
General
NorCap Investment Management, L.P., (“NorCap”) is required by federal regulations (16 CFR §313) to adopt certain procedures designed to maintain and secure the nonpublic personal information of its investors from inappropriate disclosure to third parties, and to communicate the aforementioned policies and procedures on a regular basis to investors. The following policy (this “Privacy Policy”) is designed to meet the standards set forth in federal regulations. NorCap is committed to keeping personal information collected from potential, current, and former investors confidential and secure. The proper handling of personal information is one of its highest priorities. NorCap never sells information relating to its investors to any outside third parties.
Investor Information
NorCap collects and keeps only information that is necessary for it to provide the services requested by its investors and to administer investors’ business with it. NorCap may collect nonpublic personal information from investors or potential investors:
• From investors when they complete an application or other form. This includes information such as name, address, social security number, driver’s license number, assets, income, net worth, copies of financial documents, and other information deemed necessary to evaluate the investor’s financial situation.
• As a result of transactions with NorCap, its affiliates, if any, or others. This could include transactions completed with NorCap or information received from outside vendors to complete transactions or to effect financial goals.
Sharing Information
NorCap only shares the nonpublic personal information of its investors with non-affiliated companies or individuals (i) as permitted by law (which may vary by state) and as required to provide services to its investors, such as with employees within NorCap, securities clearing companies, mutual fund companies, insurance companies, and other financial services providers, or (ii) to comply with legal or regulatory requirements.
Further, in the normal course of our business, NorCap may disclose information it collects about investors to companies or individuals that contract with NorCap to perform servicing functions such as:
• Recordkeeping;
• Computer-related services; and
• Good faith disclosure to regulators who have regulatory authority over NorCap.
Companies hired to provide support services are not allowed to use personal information for their own purposes and are contractually obligated to maintain strict confidentiality. NorCap limits use of personal information to the performance of the specific service requested.
NorCap does not provide personally identifiable information to mailing list vendors or solicitors for any purpose. When NorCap provides personal information to service providers, it requires these providers to agree to safeguard such information in a comparable level to that of NorCap or with the standard of reasonable care at a minimum, to use the information only for the intended purpose and to abide by applicable law.
Employee Access to Information
Only employees with a valid business reason have access to investors’ personal information. These employees will be educated on the importance of maintaining the confidentiality and security of this information. They will be required to abide by our information handling practices.
Protection of Information
NorCap maintains security standards to protect investors’ information, whether written, spoken, or electronic. NorCap updates and checks its systems to ensure the protection and integrity of information. This includes, but is not limited to, data encryption while data is transmitted or stored. The level of encryption and protection will be based on applicable law, industry standards and risk in light of the size and scope of NorCap’s business and available resources.
Maintaining Accurate Information
NorCap’s goal is to maintain accurate, up to date investor records in accordance with industry standards. NorCap has procedures in place to keep information current and complete, including timely correction of inaccurate information.
Should investors send NorCap questions and comments via e-mail, NorCap will share the investors’ correspondence only with those employees or agents most capable of addressing the investors’ questions and concerns.
Disclosure of our Privacy Policy
NorCap recognizes and respects the privacy concerns of its potential, current, and former investors. NorCap is committed to safeguarding this information. As an investment adviser registered with the United States Securities and Exchange Commission and a member of the financial services industry, NorCap is providing this Privacy Policy for informational purposes to investors and employees and will distribute and update it as required by law. It is also available upon request.
Data Protection Law of the Cayman Islands
NorCap is dedicated to complying with all laws and regulations relevant to its operations, including those of the United States and the various states. NorCap is subject to the Data Protection Law, 2017 of the Cayman Islands (“DPL”). Therefore, it has implemented policies and procedures to meet DPL standards and aid its investors in their efforts to satisfy DPL and otherwise protect their valuable data.
What personal data do we collect from you?
NorCap attempts to only collect personal data required to serve the purpose for which it was collected. The type of personal data we collect will depend upon the nature of your relationship with us (e.g., whether you are an investor, prospective investor, or visitor to its office), the purpose for which the data is required, and NorCap’s legal and regulatory obligations. Please note that NorCap may process personal information without one’s knowledge or consent where this is required or permitted by law.
Types of Data Collected
Investors
From an investor or prospective investor with NorCap, it may collect the following information:
• name;
• address;
• social security number;
• driver’s license number;
• assets;
• income;
• net worth; and
• copies of financial documents and other information deemed necessary to evaluate the Investor’s financial situation.
Visitors to Our Offices
From a visitor to NorCap’s office, it may capture the following information:
• contact details (including names, postal addresses, email addresses and telephone numbers),
Why do we collect personal data?
NorCap collects and processes personal data in connection with its business as an investment advisor. NorCap collects personal data from:
• investors and prospective investors; and
• visitors to its offices.
The personal data it collects is processed in compliance with relevant data protection laws and regulations.
Purpose for Collection and Processing
When processing personal data, the purpose includes the following, as applicable:
• to perform services to fulfill NorCap’s obligations toward investors, and on the basis of the company’s legitimate interests, or NorCap’s investor’s legitimate interests, to provide the best service possible;
• to support NorCap’s business processes including our information technology, electronic communications and electronic documents storage, management, and transmissions, to fulfil the company’s obligations toward investors, or, if not applicable, on the basis of NorCap’s legitimate interests to provide the best service it can, to support the company’s business operations, administration, IT services, and network security, and to prevent fraud;
• to safeguard personal data and NorCap’s IT system with appropriate security, on the basis of investor and the company’s legitimate interest for such security;
• to keep investors and prospective investors up-to-date with NorCap’s events, activities and news that may be of interest, on the basis of consent or the company’s legitimate interests; and
• to comply with legal and regulatory requirements applicable to NorCap (including the need to prevent and combat money laundering).
How long do we keep data?
Personal data is kept for the time required to pursue the purposes for which it was collected and processed, including for the purpose of satisfying any applicable legal, professional, contractual, regulatory, accounting, or reporting requirements.
If NorCap receives a request that the company stop sending marketing materials, NorCap will continue to keep a record of contact details and appropriate information to enable the company to comply with the request not to be contacted by NorCap.
NorCap will retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, legitimate administrative or operational purposes, and any regulatory or reporting requirements, whether applicable to NorCap or its investors. In determining data retention periods, NorCap takes into consideration local laws, contractual obligations, its professional duties to its investors, its reasonable business requirements, and data owner expectations and requirements.
When it is no longer necessary to retain personal data, NorCap will securely delete or, in some circumstances, anonymize personal data for research or statistical purposes, in which case it may use this information indefinitely without further notice.
Categories of Recipients
Personal data may be transferred to the following categories of recipients:
• service providers NorCap has retained to perform services on its behalf or on behalf of an investor in connection with specific services it is providing for the investor;
• public authorities if NorCap is required to do so by law or legal process, in response to a request from government authorities, or if it believes disclosure is necessary to prevent personal harm or financial loss.
What rights do data owners have in relation to my personal data?
Depending on the facts and circumstances related to the personal data NorCap collects or obtains – including, for example, the nature of the information it processes, where one is located or resides, or whether it obtains the information in connection with services NorCap provides to its investors – data owners may have rights regarding the personal data NorCap holds afforded under relevant data protection laws. These may include the right to request information about, or access to, the personal data NorCap holds, and rights to complain about how NorCap handles personal data. NorCap is committed to honoring these rights while ensuring that such rights are exercised in accordance with its other legal and ethical obligations.
What are data owner rights as a California resident under The California Consumer Privacy Act (“CCPA”)?
Beginning January 1, 2020, California residents may exercise certain privacy rights pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). The right to submit certain requests as a California resident are described below. Please note that when submitting a request, data owners will be asked to provide information to verify their identities before action is taken. The data owner may designate an authorized agent to make the requests below on its behalf. An authorized agent must submit proof to us that he or she has been authorized to do so, and the data owner will need to verify its identity directly with NorCap.
How do you protect personal data?
NorCap employs industry-standard best-practice protection to safeguard the personal data it collects.
Security Measures
NorCap has implemented security-by-design infrastructure utilizing technologies such as firewalls, intrusion detection systems, anti-malware detection, data loss prevention, zero-day threat protection, and endpoint encryption.
NorCap’s security measures include:
• Offering TLS-encrypted email.
• Providing a secure, encrypted file transfer solution, that allows very large files to be transferred back and forth between NorCap and investors.
• Requiring authentication for remote access into NorCap’s systems for all employees.
• Utilizing external security experts to maintain and audit NorCap’s IT environment.
• Performing regular security audits of NorCap’s service providers to ensure Investor information is handled with appropriate safeguards.
• Employing advanced threat intelligence to stay abreast of emerging threats in the ever-changing security landscape.
• Conducting vulnerability assessments of all NorCap systems to ensure that new threats are addressed quickly and completely.
What if one does not want to provide personal data?
For investors or prospective investors of NorCap, it is in their discretion to provide personal data to NorCap. However, for NorCap to enter into a business relationship, it will need to obtain certain information, including personal data that may be necessary or legally required. If not provided, it may be prevented from providing such services or sending marketing information or other communications that have been requested.
Who to contact to address personal data?
To request access to information regarding personal data maintained by NorCap or request certain actions regarding that data, please contact:
NorCap Investment Management, L.P.
Bolton Walters, CCO
8350 North Central Expressway, Suite 725 | Dallas, TX 75206 | U.S.A.
bwalters@norcapfunds.com
Amendments to this Privacy Policy
NorCap may update this Privacy Policy from time to time, and it reserves the right to do so to comply with applicable data protection laws. The effective date of this Privacy Policy is noted at the top of this page.