Data Protection and Privacy Policy

Policy Name: Data Protection and Privacy Policy (“Policy”)
Content Controller: Serge LeVert-Chiasson, CCO
Date: May 2018

1. Review & Training History

Review dates:
August 2014: Initial Approval – Senior Management approval
April 2015: Annual Review – Senior Management approval
March 2016: Annual Review – Senior Management approval
April 2017 – Senior Management approval
May 2018 – Senior Management approval

Training dates:
September 2014 – Monday morning meeting training
April 2015 – Monday morning meeting training
April 2017 – Monday morning meeting training

2. Purpose

This Policy outlines the way in which Sarona Asset Management Inc and its affiliated companies worldwide (“Sarona”) will use the private information that is shared by members of the public and investors with Sarona, its suppliers or other business partners and the safeguards in place to protect such private information from unauthorized dissemination. We ask that you read this privacy policy carefully.

3. Policy Statement

As a matter of policy, Sarona seeks to protect the “non-public personal information” of natural person consumers, customers and members of the public. Non-public personal information includes non-public “personally identifiable financial information” plus any list, description, contact information or grouping of customers that is derived from non-public personally identifiable financial information. This Policy explains the types of information that Sarona collects from its investors and members of the public, how it uses and discloses that information and the measures in which Sarona takes to safeguard that information.

4. Scope

This policy governs all private information shared by investors and members of the public during their interactions with Sarona.

5. Review Period

Sarona will conduct a review of this Policy when significant business process changes occur, to ensure that the information contained herein is still current and applicable.

6. Policy Requirements

6.1. Private information shared by Investors with Sarona

To comply with anti-money laundering and anti-terrorist activity laws (“AML”), as well as to comply with Know Your Client (“KYC”) guidelines, Sarona gathers private information on and from investors including (but not limited to):
• Personal mailing and contact information;
• Scanned copies of ID’s and utility invoices;
• Tax ID numbers;
• Information on personal wealth and source of wealth accumulation;
• Corporate incorporation documents;
• Completed tax forms;
• Individual capital account reports on the performance of investors in funds managed by Sarona;
• Legal agreements; and
• Minutes from investor meetings

Sarona provides each investor with all such privacy notices as may be required by law or any rule or regulation.

6.2. Private information shared by members of the public with Sarona

In the course of its business, Sarona may also receive personal mailing and contact information from members of the public that are not investors in Sarona funds. This is information about you that you give to us by filling in forms on our website (or other forms that we ask you to complete), giving us a business card (or similar) or corresponding with us by telephone, post, email or otherwise. It may include, for example, your name, address, email address and telephone number; information about your business relationship with Sarona; and information about your professional role, background and interests.

6.3. Using and disclosing private information shared by Investors with Sarona

Sarona saves private information on secure cloud based servers (please refer to Sarona’s IT Policy) and keeps hard copies of certain private investor information disclosed in subscription forms, KYC documents and other legal agreements. Sarona regularly discloses certain private information to fund administrators and auditors in compliance with local regulations. This typically involves the names of investors and perhaps the domicile of these investors.

As a Registered Investment Advisor under the Securities and Exchange Commission (SEC)’s supervision and an exempt market dealer under the Ontario Securities Commission (OSC)’s supervision, Sarona may be required to disclose personal tax information or other private information it has on individual investors as required by law. In addition, a similar request may be made by regulators in Canada and the Netherlands (non-U.S locations in which Sarona has offices) and where funds are domiciled (which currently includes the Cayman Islands, the state of Delaware and the province of Ontario). We may also be asked to comply with tax authorities in jurisdictions where we operate and where funds are domiciled.

In addition, Sarona discloses private information for the following reasons:
• To comply with a court order, legal process or other judicial or investigative proceeding that produces a request for information;
• To permit auditing of account information;
• To fulfil or respond to a request from the investor or their authorized representative; and
• To sell or transfer Sarona’s business or assets.

We may disclose personal information about you, where reasonably necessary for the various purposes set out above:
• to the other members of the Sarona group of companies;
• to your colleagues within the organisation that you represent;
• to service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf, under strict conditions of confidentiality and security;
• business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; and
• business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.

6.4. Safeguarding Private Information shared by Investors and members of the public with Sarona

Sarona maintains a hard copy of its files, which are placed behind locked doors when Sarona staff are not present in the office. In addition, Sarona uses third party cloud based service providers, such as DropBox, Windows 365 and Salesforce to maintain soft copies of its files. These third-party service providers are accountable for ensuring set information is not shared to external parties. Where available, Sarona will enact two step-authentication to access this information held on the cloud and restrict access to only Sarona staff that requires this information to complete their work.

All Sarona employees are bound by codes of professional conduct to protect the confidentiality of investor and member of the public information, and to prevent unauthorized use, access to or disclosure of investor and member of the public information. The use of and access to investor and member of the public information is restricted to those employees who need to know that information to provide services to investors or members of the public.

Any employee who is authorized to have access to non-public personal information is required to keep such information in a secure compartment or receptacle at the close of business each day. All electronic or computer files containing such information shall be secured and protected from access by unauthorized persons. Any conversations involving non-public personal information, if appropriate at all, must be conducted by employees in private, and care must be taken to avoid any unauthorized persons overhearing or intercepting such conversations. All soft copies of documents shared with investors or members of the public containing their social security numbers will be password protected or made accessible through a password protected site in accordance with U.S privacy laws.

6.5. Communication with Investors and members of the public

When mass communicating with investors and members of the public, Sarona will always include an opt-out of mailing list option to ensure investors and members of the public can easily and securely opt out of future mailings from Sarona.

6.6. Sarona’s use of private information

We may use your information for the following purposes:
• to operate, manage, develop and promote our business and, in particular, our relationship with the organisation you represent (if any) and related transactions – this includes, for example, marketing and billing / payment purposes;
• to operate, administer and improve our website and premises and other aspects of the way in which we conduct our operations;
• to protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes; and
• to comply with our legal and regulatory obligations and bring and defend legal claims.

We may from time to time review information about you held in our systems – including the contents of and other information related to your email and other communications with us –for compliance and business-protection purposes as described above. This may include reviews for the purposes of disclosure of information relevant to litigation and/or reviews of records relevant to internal or external regulatory or criminal investigations. To the extent permitted by applicable law these reviews will be conducted in a reasonable and proportionate way and approved at an appropriate level of management. They may ultimately involve disclosure of your information to governmental agencies and litigation counterparties as described below. Your emails and other communications may also occasionally be accessed by persons other than the member of staff with whom they are exchanged for ordinary business management purposes (for example, where necessary when a staff member is out of the office or has left Sarona).

We will only process your personal information as necessary so that we can pursue the purposes described above, and then only where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest in pursuing those purposes. In exceptional circumstances we may also be required by law to disclose or otherwise process your personal information. We will tell you, when we ask you to provide information about yourself, if provision of the requested information is necessary for compliance with a legal obligation or, on the other hand, if it is purely voluntary and there will be no implications if you decline to provide the information. Otherwise you should assume that we need the information for our business or compliance purposes (as described above). If you are uncertain as to Sarona’ need for information that we request from you, please contact the Sarona representative asking for the information, or contact us, with your query.

6.7. Deleting personal information held by Sarona (upon request)

Sarona will also have in place a process to delete personal information from investors and members of the public if this is requested from those individuals. Due to securities laws, Sarona must maintain certain information on investors and members of the public. However, if a member of the public requests their personal information to be deleted from Sarona’s systems, we will ensure this is deleted from our Salesforce customer relations management system and contacts held by Sarona staff.

6.8. Your rights

You may have a right of access to the personal information that we hold about you, and to some related information, under data protection law. You can also require any inaccurate personal information to be corrected or deleted. You can object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all your personal information (and require them to be deleted) in some other circumstances. If you wish to exercise any of these rights, please contact us as set out below. You can also lodge a complaint about our processing of your personal information with the Office of the Privacy Commissioner of Canada.

6.9. Enforcement, Privacy and Consequences of Policy Violation

Employees are responsible for reporting all suspected infractions of this Policy to the Chief Compliance Officer at slevertchiasson@saronafund.com or the Chief Executive Officer at gpries@saronafund.com. When it suspects a Policy violation, Sarona shall further investigate the matter and is permitted to ask for employee’s personal financial records. Sarona expects full cooperation from all staff in its investigation.
When it finds a Policy violation, Sarona will exercise its rights to take appropriate disciplinary action including, but not limited to:
• Verbal/written warnings;
• Disciplinary action and/or termination of employment for employees; and
• Sarona may report suspected violations to law enforcement when appropriate and will cooperate with all local, national and international law enforcement agencies. Sarona is not responsible for sanctions taken by these agencies for violations of this Policy that are against local and international laws and/or criminal codes.

Additional disciplinary actions may be taken as described in Sarona’s HR Policy.