GLOBAL CLIENT / THIRD PARTY PRIVACY AND CONFIDENTIALITY POLICY

Updated: February 1, 2025

Department: Legal & Compliance

Owner: Global Privacy Officer

1. STATEMENT OF POLICY

FM Investment Group (together with its group companies, “FM” or “Company”) is committed to respecting and protecting all information entrusted to us in the course of our business. This includes individuals’ privacy as well as client confidentiality. The Global Client/Third Party Privacy & Confidentiality Policy (“Policy”) describes FM Investment Group’s methods regarding the collection, processing, storage, and safeguarding of Confidential and Personal Information for business related purposes.  

2. GENERAL SCOPE OF POLICY

This Policy is applicable to all of the Company’s directors, officers, partners, employees, temporary employees hired through agencies, brokerage professionals and independent contractors2 (collectively “Employees”) globally.

3. EXCEPTIONS TO POLICY

None.

4. DETAILED PROCEDURE/GUIDANCE

A. DEFINITIONS

1. Confidential Information – Any and all information or data (regardless of format) that is provided to FM Investment Group by clients or third parties in confidential circumstances, which is not publicly known, and which relates to a client engagement or its affairs. This can include information or data types governed by other information laws (e.g., inside price sensitive or government protected). 
   
   

2. Personal Information – Any and all information or data (regardless of format) that (i) identifies or can be used to identify, contact or locate an individual, or (ii) that relates to an individual, whose identity can be either directly or indirectly inferred, including any information that is linked or linkable to that individual. 
   
   

3. Sensitive Personal Information – A subset of Personal Information, which due to its nature has been classified by law, contract, or by FM Investment Group policy as requiring additional privacy protections and Enhanced Safeguarding.  Sensitive Personal Information may consist of:  (i) government-issued identification numbers, (ii) banking and payment information, (iii) health, biometric and medical information, (iv) consumer credit information, (v) data elements revealing race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, genetic data, biometric data (when processed for the purpose of uniquely identifying an individual), and criminal records or allegations of crimes, and (vi) any other Personal Information designated by FM Investment Group as Sensitive Personal Information. 
   
   

4. Enhanced Safeguarding – The implementation of more stringent physical, technical, and administrative measures against the risk of inadvertent or unauthorized disclosure of Sensitive Personal Information than the safeguards generally required because the inadvertent or unauthorized disclosure of Sensitive Personal Information would create a risk of substantial harm to the individual, including identity theft or financial fraud.
   
   

5. Data subject – The person about whom Personal Information relates.
   
   

6. Global Privacy Officer – The individual appointed by FM Investment Group for the oversight of FM Investment Group’s Global Privacy Program. 
   

B. GOVERNANCE

1. The Chief Privacy Officer is responsible for the oversight of this Policy, the enterprise strategy to address operational and information privacy management risk, and the support of compliance with all data protection, privacy and information security laws and regulations.
   

2. Each individual business line and department is responsible for following this Policy in order to address its specific activities involving the collection, use, disclosure, destruction, international transfer, exercise of rights and safeguarding of Confidential and Personal Information.
   

C. COLLECTION

1. FM Investment Group collects Confidential or Personal Information for the purposes of delivering services to clients, managing the infrastructure to support those services, and complying with legal and compliance obligations. 
   

2. The volume and type of Confidential or Personal Information collected depends on what is required or relevant for delivering services to clients. FM Investment Group aims to collect only the minimum amount of Confidential and Personal Information for delivering services. 
   

3. Unless otherwise agreed, it is the responsibility of clients to ensure the lawfulness and fairness of any disclosure of Confidential and Personal Information to FM Investment Group (including ensuring the lawfulness and fairness of any processing of that Confidential and Personal Information by FM Investment Group). This includes obtaining any necessary consents from the Data Subject. 
   

4. The obligation to provide any relevant notices (e.g., to a Data Subject) or information concerning FM Investment Group’s collection or use of Confidential or Personal Information rests on the client or third party.  FM Investment Group also relies on clients and third parties to provide accurate, complete and consistent Confidential or Personal Information. 
   

5. FM Investment Group may also collect Personal Information from publicly available sources, including, but not limited to, public internet websites and databases, public or government sources, and news or open-source reporting.

D. USE

1. FM Investment Group uses Confidential and Personal Information only for providing services to clients, managing the infrastructure to support those services, and complying with legal and compliance obligations.
   

2. FM Investment Group acts on the instructions of clients when using Confidential and Personal Information. These instructions can be given orally or in writing, and their form and detail depend on both the services and the requests or requirements of the client. In the context of applicable privacy law, FM Investment Group typically acts as a Data Processor/Service Provider to our clients.
   

3. Unless otherwise agreed, FM Investment Group may use certain Confidential and Personal Information for statistical benchmarking, industry intelligence and research purposes. Before doing so, FM Investment Group will take reasonable measures to anonymize or aggregate the information. 
   

4. Although not a common feature for delivering services, FM Investment Group complies with any requirements or restrictions from clients on the use of Personal Information to profile or make automated decisions on individuals.
   

    

E. RETENTION

1. Where FM Investment Group provides the client with the facility to access and delete Confidential and Personal Information processed on the client’s behalf, the client is responsible for deleting the Confidential and Personal Information when no longer required.  In other cases, FM Investment Group will delete Confidential and Personal Information at the end of any retention period agreed with the client, or in accordance with the client’s instructions in fulfilling Data Subject rights.  
   

2. FM Investment Group may retain copies of Confidential and Personal Information to comply with legal requirements or for compliance or record-keeping purposes, in which case FM Investment Group will retain such Confidential and Personal Information for as long as required by those legal requirements or to fulfil those purposes.  
   

3. In relation to Confidential and Personal Information held in backups or archives, FM Investment Group operates a programmed destruction cycle, and selective deletion is not feasible. FM Investment Group continues to safeguard the information throughout and in accordance with this Policy. Confidential and Personal Information held in backups or archives is not subject to any further processing.

F. DISCLOSURE

1. Confidential and Personal Information is shared within FM Investment Group with those individuals and departments who need to know. Disclosure depends on the nature of the information and the services being delivered. 
   

2. FM Investment Group only discloses Confidential or Personal Information to outside organizations in the course of, or for the purposes of, delivering services to clients. FM Investment Group may also disclose to third parties where required to by law or for compliance purposes. 
   

3. Such recipients include other FM Investment Group group entities and affiliates, FM Investment Group’s insurers and professional advisers, other advisers, or other third parties as instructed by clients, or organizations that provide FM Investment Group with various outsourced business functions and technology. 
   

4. When FM Investment Group discloses Confidential or Personal Information to a third party, the third party is authorized to use and further disclose the related Confidential or Personal Information only as necessary to provide their services to FM Investment Group or as required by law. 
   

5. FM Investment Group shall take appropriate actions to ensure that a third party protects Confidential and Personal Information that FM Investment Group discloses to it. This includes the use of appropriate contracts and information security measures providing essentially equivalent levels of protection to those agreed to with our clients.
   

6. If permitted by law and regulation, FM Investment Group shall inform the relevant client or third party where it proposes to disclose Confidential or Personal Information as required by law or to respond to a government request.  

7. 
   

8. FM Investment Group does not sell or share client Personal Information.

G. INTERNATIONAL TRANSFER

1. FM Investment Group and its clients operate across the globe, and the subject matter of services provided to a client may be located in one or more jurisdictions. In order to deliver the services, FM Investment Group may receive or transfer Confidential and Personal Information within a country or across borders. 
   

2. Where FM Investment Group needs to transfer Personal Information internationally, it does so in accordance with any agreement from and as permitted by the client or in compliance with applicable privacy laws. 

3. 
   

4. FM Investment Group has an inter-group data transfer agreement across its FM Investment Group legal entities and relies upon legally valid mechanisms of international transfer, such as EU and UK Standard Contractual Clauses, to internationally transfer Personal Information to third parties.

H. EXERCISE OF RIGHTS

1. In the event that a person other than a client wishes to exercise any rights (such as of access or correction) under applicable privacy laws as regards Personal Information, FM Investment Group will promptly notify the client so that the client can respond. 
   

2. If FM Investment Group receives a complaint about the collection, processing or sharing of Personal Information or a request from a regulatory authority responsible for compliance with privacy laws, FM Investment Group will, to the extent permitted by law, promptly notify the client so that the client can respond. 
   

    

I. SAFEGUARDS

1. FM Investment Group collects, processes, maintains, shares (internally and externally), and destroys Personal Information in a manner that appropriately limits the risk of loss, theft, misuse, or unauthorized access. 
   

2. All FM Investment Group Employees are contractually required to safeguard Confidential and Personal Information. In addition, certain Employees may be subject to additional professional obligations on compliance with laws and confidentiality. 
   

3. Where there has been a serious loss, misuse or other breach to the integrity and confidentiality of Personal Information likely to cause serious harm, FM Investment Group shall comply with the requirement to notify the client either as agreed with the client or under applicable laws. 
   

4. FM Investment Group raises awareness of the matters in this Policy through communications and training, and puts measures in place to ensure the reliability of Employees who access Confidential and Personal Information. 
   

    

J. FURTHER GUIDANCE

Interpretations of this Policy should be submitted to the Chief Privacy Officer.  The Chief Privacy Officer will be responsible for interpreting any portions of this Policy as they may apply to specific situations. 

K. LANGUAGES

While this Policy is available in multiple languages, the English text shall govern in the event of any discrepancies in the interpretation of the different versions of the Policy.

1 The term “FM Investment Group” is used broadly herein to cover FM Investment Group as well as all global affiliates, subsidiaries, and business or corporate functions, including entities that hire employees or engage independent contractors, as applicable.    
2 Independent contractors are those independent vendors who assist the Company in the development and carrying out of business on a strategic basis.  Independent contractors shall abide by this policy as part of the obligations assumed under their respective agreement with the Company.  Should the independent contractor be a legal entity and not an individual, then such independent contractor shall cause and direct its associates linked to the services provided to the Company, if requested by the Company, to acknowledge and abide by this policy.    
3 Compliance with this policy shall not be construed or interpreted as creating an employment relationship between an Employee and a particular Company entity where none otherwise exists.  Compliance with this policy by an independent contractor or an officer or associate of such independent contractor shall not be construed or interpreted as creating an employment relationship between such independent contractor, or officer or associate of such independent contractor, and the Company.