Data Privacy Notice Sangha Capital Fund

In accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of
the Council of 27 April 2016 on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”)
and any law, circular or regulation in the context of GDPR, as amended from time to time, personal
data may be processed by Sangha Capital Fund (the “Fund”), Sangha CVP (the “General Partner”)
and their service providers, when relevant.
‍
In accordance with articles 13 and 14 of GDPR, some information, as detailed in the present notice,
must be provided by the data controller to the Data Subjects.
‍
Data Subjects should be understood as identified or identifiable natural persons whose personal data
is processed by the Fund such as (i) the investors of the Fund, their ultimate beneficial owners,
directors, agents, authorised representatives, their designated contact persons (the “Investors”), (ii)
the ultimate beneficial owners, directors, agents, authorised representatives, and designated contact
persons of the portfolio investments of the Fund, (iii) the ultimate beneficial owners, directors, agents,
authorised representatives, and designated contact persons of the General Partner and Fund’s
service providers, (iv) natural persons reaching out through Sangha website such as prospective
portfolio investments (all together to be referred to as the “Data Subjects”).
‍
Personal data should be understood as any information (as more detailed in section 2.2. below)
relating to an identified or identifiable Data Subject (the “Personal Data”).

2.1 Who is the data controller and who to contact?

The Fund is the data controller, determining the purpose and means of processing.
The data controller collects, stores and processes by electronic or other means the Personal Data
supplied by the Data Subjects, for the purpose of fulfilling the services related to an investment in the
Fund by the Investors, the Fund making an investment in a portfolio company, for the Fund and its
service providers to comply with their legal obligations, and when Data Subjects reach out to the Fund
for instance prospective portfolio investments reaching out through Sangha’s website.
Data Subjects who wish to contact the data controller should contact:
‍
In writing at the following address:

Sangha Capital Fund
11-13 Bd de la Foire,
1528 Ville-Haute Luxembourg
Grand Duchy of Luxembourg
Attn: Data Protection team
Or by Email to: [berta@sanghacapital.co]
‍
You have the right to lodge a complaint at any time to the competent supervisory authority on data
protection matters, such as in particular the supervisory authority in the place of your residence or
your place of work. In the case of Luxembourg, this is the Commission Nationale pour la Protection
des Données (“CNPD”). We would, however, appreciate the opportunity to deal with your concerns
before you approach the supervisory authority, so please contact us in the first instance.

2.2 What kind of Personal Data is processed?

Personal Data includes, but it is not limited to, the name, address, passport or identification card
details, bank account details, granted amount and financial situation of each Data Subject.
In particular the Personal Data of the Data Subjects processed includes, but it is not limited to, the
following categories:
‍
• Identification data (e.g. name, date of birth, place of birth, gender, marital status, e-mail,
postal address, telephone number, country of residence, passport, identity card, tax
identification number and bank account details);
• Contact details;
• Source of wealth; and
• Any other information provided by the Data Subjects in the context of services provided to/by
them.

2.3 How do we receive your Personal Data and who are the recipients?

Certain Personal Data shall be collected, recorded, stored, adapted, transferred or otherwise
processed. The Personal Data processed is received through the business relationship with the Data
Subject. The Fund receives the Personal Data either directly from the Data Subject or through their
service providers.
‍
The following parties may have access to the Personal Data:
‍
• The Fund
• The General Partner
• Amicorp Luxembourg, S.A.
• COLUMBUS VENTURE PARTNERS, S.G.E.I.C., S.A.U
• PricewaterhouseCoopers Luxembourg
• Other processor(s) that Sangha Capital Fund may have
• Any affiliates or delegates of the foregoing, the employees of those entities, the appointed
legal and professional advisers of those entities may also have access to the Personal Data,
in connection with the operations of the Fund.
‍
The data controller may sub-contract to another entity, the data processor (such as the service
providers), the processing of Personal Data. The data processors may also engage sub-processors.
When the data controller uses data processors (such as the service providers), the data controller
shall ensure that such data processors provide sufficient guarantees to implement appropriate
technical and organisational measures and that such processing on behalf of the data controller
complies the requirements of GDPR and ensure the protection of the rights of the Data Subjects.
‍
Where Personal Data is not collected directly from the Data Subjects, the person providing the
Personal Data shall ensure that Data Subjects are informed about their rights, how to exercise them
and the information provided in this data privacy notice, and his/her related rights.

3.1 For the purposes of a contractual obligation

We process your Personal Data in relation to your investment in the Fund. The information required is
necessary for you to make an investment in the Fund. In this regard Personal Data may be processed
for the following purposes:
‍
• Maintaining the register of partners of the Fund
• Processing subscriptions and redemptions of partnership interests and payments of
distributions to limited partners of the Fund
‍
We process your Personal Data in relation to the Fund making a portfolio investment.

3.2 For compliance with laws and regulations

The Fund, the General Partner, the service providers and any of their affiliates are subject to various legal obligations pursuant to statutory (e.g. laws of the financial sector, anti-money laundering and
combating the financing of terrorism laws, tax laws) and regulatory requirements.
‍
This covers our processing of your Personal Data for compliance with applicable laws such as the
applicable legislation on Know-Your-Customer (“KYC”) and anti-money laundering and combating the
financing of terrorism (“AML/CFT”), compliance with requests from or requirements of local or foreign
regulatory enforcement authorities, tax identification and reporting (where appropriate) notably under
‍
Council Directive 2011/16/EU on administrative cooperation in the field of taxation (as amended by
Council Directive 2014/107/EU), the OECD’s standard for automatic exchange of financial account
information commonly referred to as the Common Reporting Standard, for Foreign Account Tax and
Compliance Act purposes, for the automatic exchange of information and any other exchange of
information regime to which we may be subject to from time to time.
‍
Your Personal Data may be shared with Luxembourg tax authorities (or service providers for the
purpose of reporting) and may be forwarded by the latter to foreign tax authorities (failure to provide
correct information to us or to respond may result in incorrect or double reporting).

3.3 Upon your request

We process your Personal Data in relation to your interest to contact the Fund, following your consent
through our website.

3.4 Automated decision making

Data Subjects should note that Personal Data shall not be used for direct marketing, profiling or
automated decision making.

Your Personal Data will be kept in a form which permits its identification for the duration of the
investment in the relevant Fund or portfolio investment and for the length of time required by
applicable law. Luxembourg laws relating to KYC and AML/CFT requires that documents be retained
for a period of five (5) or ten (10) years (depending on the specific processing) after the relationship
has come to an end and in light of any statute of limitation.

Each Data Subject has:
‍
a) a right to access his/her Personal Data processed by or on behalf of the data controller. Data
Subjects should send their requests as set out in section 2.1.
‍
b) a right to have his/her Personal Data rectified if they are incorrect or incomplete.
‍
c) a right to request the erasure (right to be forgotten) of his/her Personal Data in accordance
with the provisions of article 17 of the GDPR including in the following situations (i) where the
Personal Data is no longer necessary in relation to the Investor’s subscription in the Fund, the
portfolio investments of the Fund or the request through the website, and (ii) the Data Subject
objects to the processing of his/her Personal Data and there are no overriding legitimate
grounds for the processing, and (iii) where the data has been unlawfully processed, and (iv)
the Data Subject withdraws consent on which the processing is based according to point (a)
of Article 6(1) of the GDPR, and where there is no other legal ground for the processing.
‍
d) a right to withdraw consent at any time, without affecting the lawfulness of processing based
on consent before its withdrawal, when the Data Subject has given consent to the processing
of his or her Personal Data for one or more specific purposes, in accordance with the
provisions of the point (a) of the Article 6(1) of the GDPR.
‍
e) a right to request a restriction of the processing in accordance with the provisions of Article 18
of the GDPR.
‍
f) a right to lodge a complaint with the CNPD or the relevant authority of the Member State in
which the Data Subject resides or works in accordance with the provisions of Article 77 of the
GDPR.
‍
g) a right to receive the Personal Data concerning him or her or to request that it be transmitted
to another data controller, when feasible, in accordance with the provisions of article 20 of
GDPR.
‍
To make any of the above requests you need to put the request in writing addressing it as set out in
section 2.1 of this notice.

Personal Data of the Data Subjects may be processed by the service providers or their sub-
processors, including where such authorised entities are located outside Luxembourg or the
European Economic Area, in jurisdictions where confidentiality and Personal Data protection laws
might not exist or be of a lower standard than in the European Union. In this case, any transfer of
Personal Data to a third country shall take place only if: (i) such country is covered by an adequacy
decision or (ii) the Fund and its processors have executed Standard Contractual Clauses as adopted
by the European Commission with the recipient of such personal data, to the extent such transfers are
subject to GDPR and any law, circular or regulation in the context of GDPR and appropriate or
suitable safeguards for the Data Subjects have been put in place. Data Subject may obtain a copy of
the list of countries where his/her Personal Data may be processed at the registered office of the
Fund.
‍
The Fund and its processors may transfer personal data to a third country or any international
organisation where such transfer is required by the European Union or Member State law to which the
Fund or its processors are subject.

It is imperative that the Personal Data we hold about you is accurate and current at all times.
Otherwise, this will impair our ability to provide you with the requested services (amongst other
potential and salient issues). Please keep us informed if your Personal Data changes during the
course of our engagement and professional relationship with you.
‍
Data Subjects should be aware that the information provided here above may be subject to changes.
Changes to this privacy notice will be posted on our website, we encourage you to actively follow it.

By accessing the Fund’s website, you can set your browser to refuse all or some browser cookies, or
to alert you when websites set or access cookies. If you disable or refuse cookies, please note that
some parts of the website may become inaccessible or not function properly. This data privacy notice
should be read in conjunction with the cookie policy available at https:// [website related to the cookies
policy].

The Fund may request the Data Subject to provide additional or updated identification documents
from time to time pursuant to on-going client due diligence requirements under relevant laws,
regulations and circulars, and Data Subjects shall comply with such requests. Data Subjects should
note that the data processed may be obtained from, the service providers, or from public registers,
when available.