Privacy Policy

INTRODUCTION

Africa Transformation Industrialization Fund Limited (“ATIF”) respects your privacy and is committed to protecting your personal data. This privacy policy sets out how we look after your personal data, your privacy rights and how the law protects you. This Privacy Policy (“Policy”) may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

1. About this Privacy Policy

(“ATIF”, “we”, “us”, “our”) values your security and privacy and may for certain types of personal data processing, be subject to the General Data Protection Regulation (GDPR) of Abu Dhabi Global Market (ADGM) or regulations and laws from other jurisdictions. For the purposes of this Policy “Personal Data” means any information that ATIF processes that relates to identifiable or identified individuals. This Policy:

• is issued by ATIF and addressed to individuals outside our organization and anywhere in the world who submit Personal Data to ATIF or whose Personal Data we otherwise obtain in the course of our ordinary business activities; and
• sets out the basis on which we collect, use and disclose your Personal Data.

Specifically, this Policy covers:

• Employees of representatives of our service providers;
• Employees, representatives and / or directors of companies we are considering investing in (subject to having entered into appropriate confidentiality arrangement with such target companies);
• Shareholders of companies we are considering investing in; and
• Clients or potential clients (or representatives of corporate clients or potential corporate clients).

This Policy does not cover:

• Our employees, directors and contractors;
• Our Partners; and
• Job applicants.

Such individuals will be provided with a separate privacy policy which is specific to our relationship with them. For the purposes of data protection, we are a Controller in respect of your Personal Data. We are responsible for ensuring that we use your Personal Data in compliance with the GDPR Law.

2. Principles and Basis for Use of Personal Data

We will take all steps reasonably necessary to ensure your data is processed fairly and lawfully, in accordance with the GDPR, other applicable regulations and laws and this Policy. We will:

• process your Personal Data in a lawful, fair, transparent and secure way;
• collect your Personal data only for specific, explicit and legitimate purposes as explained to you when collecting your personal data;
• not use your Personal Data in a way that is incompatible with those purposes;
• process your Personal Data in a manner that is adequate and relevant to the purposes for which we have collected it and limited only to those purposes;
• keep your Personal Data accurate, where necessary, up to date; and
• keep your Personal Data in a form that identifies you only as long as necessary for the purposes we have informed you or as permitted by law.

We use your Personal Data on the following legal bases:

• for our legitimate business interests as set out in Section 4 below;
• because the information is necessary for the performance of a contract with you or to take steps at your request to enter into a contract;
• because you have given your consent (if we expressly ask for consent to process your Personal Data for a specific purpose; and
• to comply with legal and regulatory obligations (for example obtaining satisfactory due diligence for the purposes of UAE/ADGM anti-money laundering legislation).

With respect to any special categories of Personal Data (as set out under section 3 below), we rely on the following legal bases:

• To comply with anti-money laundering or counter-terrorist financing obligations.

Should you have any questions with respect to the legal basis which we rely on in relation to a particular processing activity, please do not hesitate to contact us using the methods described at section 12.

3. Collection of Personal Data

The Personal Data we may collect from or in relation to you includes for example:

• information establishing your identity (for example your name, address, email address, date of birth, passport or Emirates ID, photograph);
• documents to verify information supplied to us, such as bills issued by third parties or endorsements issued by employers or institutions such as banks;
• reference checking information obtained via third parties such as credit reference agencies, and sanctions lists;
• financial information (for example, credit card details, bank account details);
• information provided so that we are able to fulfil our regulatory compliance obligations including anti-money laundering and “know your client” checks (for example the information establishing your identity as set out above);
• information you provide when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
• any information you independently choose to provide to us (for example, if you send us an email or call us);
• information relating to your use of our website (for example, domain name, IP address and cookies) or information you provide when you register for alerts and subscriptions and when you report a problem with any of our website services; and
• any information collected where you are an employee of a target company (for example information establishing the identity of a target company employee’s spouse and children as detailed above, appraisals, ethnicity, sex, marital status, payroll number, salary, residency visa, criminal record, background checks, payroll register, designation, employee ID and qualifications).

Under certain circumstances, we may also collect special categories of Personal Data, specifically:

• Criminal record checks.

We may obtain your Personal Data from:

• you (for example, when you use our website, when you make an inquiry, send emails, or otherwise provide us with your Personal Data);
• credit information, identity or criminal record checks;
• suppliers, consultants or advisors; and
• screening tools and information available in the public domain.

4. Use of Personal Data

We may use or process your Personal Data for the following purposes:

• to provide you with information about our Fund or investments;
• verifying or confirming investments or instructions from you or for your account;
• to verify your identity and to undertake the necessary due diligence;
• for audit purposes;
• to handle requests and enquiries;
• to detect crime, including fraud and money-laundering or terrorist financing, and analyze and manage commercial risks;
• to respond to any queries, requests or comments that you may have;
• to process your payments (if any);
• to review, develop and improve the services which we offer;
• to review, analyse and assess potential investment into target companies; and
• to comply with legal obligations.

5. Sharing of Personal Data

We may share your Personal Data with:

• any member of the ATIF, its affiliates or subsidiaries;
• third party service providers who provide a service to us and need access to such Personal Data to carry out work on our behalf or to perform a contract we enter into with them (including but not limited data processing, IT, marketing and advertising and office services);
• professional advisors such as our auditors, lawyers and fund administrators;
• any competent authority or government entities if required by any applicable law, regulation, or legal process;
• if we otherwise notify you and you consent to the sharing; and
• with third parties in an aggregated and/or anonymized form which cannot reasonably be used to identify you.

6. Transferring Personal Data Internationally

The information you submit may be transferred, stored and hosted outside ADGM and may be transferred to countries which do not have data protection laws or to countries where your privacy and other fundamental rights will not be protected as extensively. We will implement appropriate measures to ensure that your Personal Data remains protected and secure while and for as long as it remains under our control. Should you have any questions with respect to safeguards we implement when transferring your Personal Data out of ADGM, please do not hesitate to contact us using the methods described at section 12.

7. Data Retention

We will keep your Personal Data for as long as is necessary for the specific purpose which we collected it, or to comply with any legal obligations to which we may be subject.

8. Your Rights

You may contact us if you wish to:

• Access your Personal Data: request a copy of your Personal Data that we process about you.
• Rectify your Personal Data: request us to amend or update your Personal Data where it is inaccurate or incomplete. We are not responsible for the accuracy of the information you provide, and will modify or update your Personal Data upon your request.
• Erase your Personal Data: request us to delete your Personal Data where it is no longer necessary for the purpose(s) for which your information was collected. We will erase or archive from active use your Personal Data upon request, unless we are required to retain it in accordance with ADGM or other applicable laws or to perform agreed services.
• Restrict your Personal Data: request us to temporarily or permanently stop processing all or some of your Personal Data.
• Object to use of your Personal Data: at any time, object to us processing your personal data where it is based exclusively on our legitimate interests.
• Receive or transmit your Personal Data in machine-readable and structured format (also known as “data portability”): request the receipt or transmission of your personal data to another organization, in a structured and machine-readable format.
• Withdraw your consent: withdraw your consent at any time to the use of your Personal Data for a particular purpose (where we have asked for your consent to use your information for that particular purpose).

9. Security

ATIF has established policies and procedures for securely managing information and protecting Personal Data against unauthorized access. We continually assess our data privacy, information management and security practices. We do this in the following ways:

• Establishing policies and procedures for securely managing information;
• Protecting against unauthorized access to Personal Data by using data encryption, authentication and virus detection technology, as required;
• Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements;
• Monitoring our websites through recognized online privacy and security organizations; and

10. Cookies

A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences, and enhance browsing experience (“Cookie”). ATIF uses Cookies to track overall site usage and enables us to provide a better user experience. We do not use Cookies to “see” other data on your computer or determine your email address. Types of cookies we drop, and the information collected using them include: Essential:

• Google Tag Manager – helps make tag management simple, easy and reliable by allowing marketers and webmasters to deploy website tags all in one place.

Site Analytics:

• Google Analytics – gives website owners the digital analytics tools needed to analyse data from all touchpoints in one place, for a deeper understanding of the customer experience.
• Pingdom – monitors sites and servers on the internet, alerting the website owners if any problems are detected.
• Hotjar – by combining both analysis and feedback tools, Hotjar helps website owners understand what users want, care about and interact with on their website by visually representing their clicks, taps and scrolling behavior.

Advertising:

• LinkedIn Analytics – enables website owners to promote their company updates to targeted audiences on desktop, mobile, and tablet.

Most browsers accept and maintain Cookies by default. Check the ‘Help’ or ‘Settings’ menu of your browser to learn how to change your Cookie preferences. You can choose to alter Cookies settings related to the use of our website services, but this may limit your ability to access certain areas of our website. Alternatively you may wish to visit an independent source of information, www.aboutcookies.org, which contains comprehensive information on how to alter settings or delete Cookies from your computer as well as more general information about Cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual or network operator for advice.

11. External Links

The website may contain links to other websites on the Internet that are owned and operated by third parties. If you access those links, you will leave our website. These links are provided solely as a convenience to you and not as an endorsement by ATIF of their content or reliability. You acknowledge that ATIF is not responsible for the availability of, or the information and content of any external links. If you decide to access linked third-party websites, you do so at your own risk. ATIF does not accept liability and shall not be liable to you for any loss or damage arising from or as a result of your acting upon the content of another website to which you may link from the website services. This Policy does not cover the personal data you choose to give to unrelated third parties. We encourage you to review the privacy policy of any company before submitting your Personal Data.

12. Contact Us

If you have any questions relating to this Policy or if you have any complaints related to how ATIF processes your Personal Data, please contact us at contact@atifnet.com or at Office Unit 13, Part of Floor 7, Al Khatem Tower, Abu Dhabi Global Market, Al Maryah Island, Abu Dhabi, United Arab Emirates.