The SEC has adopted rules protecting the non-public personal information of customers of SECregistered investment advisers and the Federal Trade Commission has adopted substantially the same rules governing that information for customers that are investors in Investment Funds. The following is a summary of the principal requirements:
➔ Individuals that are customers of a regulated financial institution or that invest in an Investment Fund must receive a clear and conspicuous notice that details the financial institution’s privacy policies and practices.
➔ If a financial institution intends to disclose private information to a nonaffiliated thirdparty, then the customer must be given (with some exceptions) the right to opt-out (“optout rights”), and the financial institution must comply with any opt-out request when sharing information.
➔ Financial institutions are required to adopt policies and procedures reasonably designed to ensure the security, confidentiality, and integrity of customer records and protect them against anticipated hazards and unauthorized access.
2.1 Delivering the Privacy Notice to Investment Fund Investors
For Investment Funds, the Privacy Notice (see Exhibit A for current form of Privacy Notice) will initially be distributed to each investor at the direction of the Chief Compliance Officer with or as part of the subscription agreement and/or posting on the offered fund’s electronic data room.
Distribution of the Privacy Notice will be made to investors in the Investment Funds at the direction of the Chief Compliance Officer by posting a copy of the Privacy Notice on the Investor Dashboard.
2.2 Delivering the Privacy Notice to Advisory Clients
The Privacy Notice (see Exhibit A for current form of Privacy Notice) and an acknowledgement of receipt of the Privacy Notice will initially be distributed to each advisory client at the direction of the Chief Compliance Officer with or as part of the application for products and services or in the advisory contract. EIG must send the Privacy Notice once during each calendar year to each advisory client, unless there has been no change to its previously disclosed procedures regarding the handling of client nonpublic personal information. That annual delivery may be combined with EIG’s annual offer to deliver a copy of its Form ADV.
2.3 Consumer Report Information
EIG does not obtain consumer reports or information derived from consumer reports (“Consumer Report Information”), except for employment purposes. Consumer Report Information obtained for employment purposes currently is retained indefinitely. Any other Employee who obtains Consumer Report Information should contact EIG Compliance for direction on the safekeeping and disposition of that information.
2.4 Keeping Information Private
EIG follows procedures designed to ensure that data is maintained in a controlled and secure manner. The procedures may include:
➔ Maintaining subscription documents and other investor or client information on password protected drives or sites;
➔ Reformatting hard drives to physically remove data from personal computers that are retired or reallocated to other Employees;
➔ Deleting password access for Employees and contractors who have left EIG;
➔ Deleting data on personal network drives when Employees and contractors leave EIG;
➔ Maintaining logs regarding the status and disposition of back-up data;
➔ Maintaining current patch and release levels for operating system, database, and web browsing software;
➔ Instituting security precautions for remote Employee access to computer systems; and
➔ Requiring passwords to be maintained by Employees and contractors for access to all network data and applications;
➔ For paper records, Employees are responsible for maintaining the confidentiality of those records by appropriate means, including:
- Not leaving confidential information unattended in conference rooms;
- Storing the information in a locked and restricted file room so that visitors or Employees without a business need for the information do not inadvertently have access; and
- Shredding or destroying the information by secured disposal services when disposing of the records.
2.5 Use of Social Security Numbers
Employees are prohibited from:
➔ Intentionally communicating or making available to the general public any individual’s social security number;
➔ Printing an individual’s social security number on any card required for the individual to access products or services provided by the person or entity;
➔ Requiring an individual to transmit his or her social security number over the internet unless the connection is secure or the social security number is encrypted;
➔ Requiring an individual to use his or her social security number to access an internet website unless a password or unique personal identification number or other authentication device also is required to access the website; and
➔ Printing an individual’s social security number on any materials that are mailed to the individual unless state or federal law requires the number to be on the document to be mailed. However, applications and forms sent by mail may include a social security number.
2.6 Unauthorized Access to Data
EIG is required to protect the personal data of individuals maintained on its data systems. Personal data of individuals generally means an individual’s name plus one or more of the following for that individual:
➔ Social security number;
➔ Passport number, Driver’s license number or state identification card number; or
➔ Account number, credit card number, or debit card number, in combination with any required security code access code or password that would permit access to an individual’s financial account.
Personal data does not include information that is lawfully made available to the general public from federal, state or local government records.
Employees who become aware of a breach of the security of data systems maintained by EIG or by third-parties on behalf of EIG that resulted in, or that reasonably may have resulted in, the acquisition of the personal data of individuals by an unauthorized person, must notify the General Counsel and Chief Compliance Officer immediately of that breach. The General Counsel will coordinate the investigation and response, which may include, where appropriate or required by law, notification of the individual(s) whose data may have been acquired by an unauthorized person.
A breach of the security of data systems does not include the good faith acquisition of personal information by an Employee or agent of EIG or its third-party vendors for the purposes of EIG’s or the vendor’s business provided that the personal information is not used for or subject to further, unauthorized disclosure.
2.7 Defining Non-Public Personal Information
Non-public personal information includes:
➔ All personally identifiable financial information (including names, addresses, telephone numbers, social security and other tax identification numbers, financial circumstances and income and account balances); and
➔ Any list, description, or other grouping of customers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available information – e.g., a list of persons (and their publicly listed telephone numbers) who have disclosed assets or wealth in excess of $1,000,000.00.
2.8 Policy Statement Regarding Use and Treatment of Confidential Information
No confidential information, including non-public personal information, whatever the source, regarding any customer, may be disclosed to anyone except as follows:
➔ To other Employees in connection with EIG’s business.
➔ To an affiliate, but the affiliate may disclose the information only to the same extent as EIG.
➔ To any person expressly authorized by a customer.
➔ To certain of EIG’s outside service providers (including its attorneys, custodians, fund administrators, accountants, brokers and consultants).
➔ To regulators and others when required by law.
➔ To nonaffiliated third parties with whom EIG has a contractual agreement to jointly offer, endorse or sponsor a financial product or service; and to service and maintain customer accounts including effectuating a transaction. Contracts with nonaffiliated third parties creating a joint marketing or servicing agreement with EIG must contain language prohibiting the disclosure of all non-public personal information by the nonaffiliated third party except as necessary to carry out the purpose of the agreement. The General Counsel reviews relevant contracts for inclusion of the requisite disclosure.
2.9 Procedures Regarding Disclosure of Non-public Personal Information
➔ Non-public personal information may not be disclosed to any nonaffiliated third parties unless customers have been previously informed of the disclosure, as required by law.
➔ Non-public personal information may be disclosed to the extent specifically permitted or required under other provisions of law.
➔ Otherwise there may be no disclosure of that information except pursuant to an express disclosure authorization from the customer.
2.10 Penalties for Violation of Procedures
Any questions regarding EIG’s policies or procedures with respect to non-public personal information should be directed to the EIG Compliance.
1 EIG Global Energy Partners operates a single advisory business through EIG Management Company, LLC, an investment adviser registered with the Securities and Exchange Commission and a group of related advisers, and EIG Credit Management, LLC, an investment adviser separately registered with the SEC.
EIG Global Energy Partners
What You Should Know
As used herein, the term “EIG” shall mean the General Partner, acting on behalf of a fund as controller. In simple terms, this means that EIG: (i) “controls” the personal data that it collects from existing investors, potential investors or other sources; and (ii) makes certain decisions on how to use and protect such personal data. EIG recognizes the importance of keeping information about you secure and confidential. EIG does not sell or share your personal and financial information with marketers or others outside its affiliated group of companies.
EIG carefully manages information among its affiliated group of companies to safeguard your privacy and to provide you with consistently excellent service. EIG is providing this notice to you to comply with the requirements of data protection and privacy laws and regulations applicable to EIG.1
EIG is committed to protecting the non-public personal and financial information of its customers and consumers who obtain or seek to obtain financial products or services primarily for personal, family or household purposes through investments in pooled investment vehicles or separately managed accounts and companies for which EIG serves as investment adviser or sub-adviser (collectively, the “Investment Funds”). EIG fulfills its commitment by establishing and implementing policies and systems to protect the security and confidentiality of this information.
EIG limits access to non-public personal and financial information about you to those EIG personnel who need to know the information in order to provide products or services to you. EIG maintains physical, electronic and procedural safeguards to protect your non-public personal and financial information.
Categories of Information We Collect
In connection with offering, forming and operating an Investment for investors and potential investors, EIG collects, records, stores, adapts, and otherwise processes the following types of non-public personal and financial information about you from the following sources:
- Your name, address, citizenship and residence data, and identifying numbers (including your Social Security number and other government identification numbers), and other personal and financial information, from you and from identification cards and papers you submit to us, on applications, subscription agreements or other forms or communications.
- Information about your account balances and financial transactions with us, our affiliated entities, or nonaffiliated third parties, from our internal sources, from affiliated entities and from nonaffiliated third parties.
- Information about your account balances and financial transactions and other personal and financial information, from consumer credit reporting agencies or other nonaffiliated third parties, to verify information received from you or others.
In connection with offering, forming and operating an Investment Fund for investors and potential investors, EIG collects, records, stores, adapts, and otherwise processes and uses personal data either relating to investors, potential investors or to their partners, officers, directors, employees, shareholders, ultimate beneficial owners or affiliates from the following sources:
- information received in telephone conversations, in voicemails, through written correspondence, via e-mail, or on subscription agreements, investor questionnaires, applications or other forms (including, without limitation, any anti-money laundering, identification, and verification documentation);
- information about transactions with EIG or others;
- information captured on EIG’s website, including registration information and any information captured via “cookies”; and
- information from available public sources, including from:
- publicly available and accessible directories and sources;
- bankruptcy registers;
- tax authorities, including those that are based outside your home jurisdiction if you are subject to tax in another jurisdiction;
- governmental and competent regulatory authorities to whom EIG has regulatory obligations;
- credit agencies; and
- fraud prevention and detection agencies and organizations.
You may refuse, at your discretion, to communicate your personal data to EIG. In this event, however, EIG or its agent may reject your request for subscription for interests in the Investment Fund if the relevant personal data is necessary to the subscription of interests.
Purpose of Processing
- The performance of obligations under the Partnership Agreement and/or the Subscription Agreement (and all applicable anti-money laundering, “know-your-client” and other related laws and regulations), including in assessing suitability of potential investors in the Investment Fund.
- The administrative processes (and related communication) carried out by EIG in preparing for the admission of investors to the Investment Fund.
- Ongoing communication with existing investors and potential investors and their respective representatives, advisors and agents, (including the negotiation, preparation and signature of documentation), including during the process of admitting potential investors to the Investment Fund.
- The ongoing administrative, accounting, reporting and other processes and communication required to operate the business of the Partnership in accordance with the Partnership Agreement and other applicable documentation between the parties.
- Any legal or regulatory requirement.
- Keeping existing and potential investors informed about the business of EIG and its affiliates generally, including offering opportunities to make investments other than to the Investment Fund.
- Any other purpose that has been notified, or has been agreed, in writing.
- EIG monitors communications as required by applicable law and, where permitted to do so, to protect respective businesses and the security of their respective systems.
Categories of Information We Disclose to Non-Affiliated Third Parties
EIG may disclose your name, address and account and other identifying numbers, as well as information about your pending or past transactions and other personal financial information, to non-affiliated third parties as necessary to administer and service the Investment Funds in which you are invested, to market its products and services through joint marketing arrangements or as otherwise permitted, including to other service providers, prospective or current investors or participants in the Investment Fund, employees, agents, contractors, consultants, professional advisers, lenders, data processors and persons employed and/or retained by them in order to fulfil the purposes described in this Privacy Notice.
For example, EIG may disclose personal and financial information concerning you to law enforcement agencies, regulatory agencies, self-regulatory organizations or other non-affiliated third parties, if required or requested to do so by a court order, judicial subpoena or regulatory inquiry.
EIG does not otherwise disclose your personal and financial information to non-affiliated third parties, except where it believes in good faith that disclosure is required or permitted by Data Protection Legislation. Because EIG does not disclose your personal and financial information to non-affiliated third parties except in the limited circumstances described above, the Privacy Notice does not contain opt-out provisions.
Categories of Information We Disclose to Our Affiliated Entities
EIG may disclose your name, address and account and other identifying numbers, account balances, information about your pending or past transactions and other personal financial information to its affiliated entities for the purposes set out in this Privacy Notice.
EIG regularly disclose your name, address and account and other identifying numbers, account balances and information about your pending or past transactions to its affiliates to administer and service the Investment Fund in which you are invested or to market its products and services to you.
Information About Our Former Customers
EIG does not disclose non-public personal and financial information about former customers to non-affiliated third parties unless required or requested to do so by a court order, judicial subpoena or regulatory inquiry, or otherwise where it believes in good faith that disclosure is required or permitted by law.
Subject to certain conditions and limitations provided for by applicable law, you have the right:
- to access and receive a copy of the personal information EIG holds about you, free of charge;
- to rectify any personal information held about you that is inaccurate or incomplete;
- to request the erasure of personal data held about you without undue delay when the use or other processing of such personal data is no longer necessary for the purposes for which is was collected or otherwise processed, and in certain other circumstances (though please note that the right to erasure is not absolute and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation);
- to restrict the processing of your personal data by EIG;
- to object to the processing of your personal data;
- to request receipt or transmission to another organization, in a machine-readable form, of the personal data that you have provided to EIG where it is using your personal data (right to data portability); and
- not to be subject to automated decision-making.
From time to time EIG may ask you to confirm the accuracy of your personal data.
Our lawful basis for processing your Personal Information
EIG is obliged under applicable law to specify the lawful basis on which it may process your personal information. Depending on the circumstances, the lawful basis will be because the processing is necessary either:
- for the purposes of the performance of contractual obligations with customers and consumers; In particular, your personal data will be processed to maintain the register of investors, to process subscription, redemptions and conversions of interests and payments of distributions or interest to you.
- for compliance with legal and regulatory obligations, such as applicable company and financial laws, tax laws, anti-money laundering rules and other legal obligations applicable to EIG such as maintenance of controls in respect of late trading and market timing practices; or
- for the purposes of its legitimate interests, such as maintaining relations with customers; facilitating the on-going administration and operation of its business; marketing and promoting products and services; protecting against, identifying and preventing fraud and other unlawful activity; complying with requests from regulatory, law enforcement or other government agencies; and investigating and responding to complaints.
There is a need to process personal data for the purposes set out in this Privacy Notice as a matter of contractual necessity under or in connection with the Partnership Agreement and associated documentation, and in the legitimate interests of EIG (or those of a third party) to operate their respective businesses. From time to time, EIG may need to process the personal data on other legal bases, including: with consent; to comply with a legal obligation; if it is necessary to protect the vital interests of a potential investor or other data subjects; or if it is necessary for a task carried out in the public interest.
From time to time, EIG may need to process the personal data on other legal bases, including: with consent or if it is necessary for a task carried out in the public interest.
Further Information and Complaints
You may request further information about the way EIG manages your personal information, make a request to exercise your rights or lodge a complaint by contacting our Privacy Officer on the contact details below.
You can contact EIG by calling us on +1 202.600.3300 or by writing to:
The Privacy Officer
C/O Chief Compliance Officer
EIG Global Energy Partners
600 New Hampshire Ave., NW
Washington, DC 20037
This is without prejudice to your right to file a complaint with the competent data protection authority. In Luxembourg you can lodge a complaint with the CNPD at the following address: 1, Avenue du Rock’n’Roll, L-4361 Esch-sur-Alzette, Grand Duchy of Luxembourg; or, in case you reside in another EU Member State, with any competent data protection supervisory authority in your EU Member State of residence.
EIG will retain your personal data for as long as it reasonably requires it for legitimate business purposes, or the purposes specified in this Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or establish, defend or exercise its legal rights. EIG will retain your personal data for at least as long as the relationship between you and EIG continues, other than where EIG receives a valid request from you to delete your personal data. In determining data retention periods, EIG considers local laws, regulatory requirements and guidance, as well as contractual obligations and your reasonable expectations and requirements.
Transfers to Other Jurisdictions
Your personal information may be stored outside of your home jurisdiction, including outside of the EEA or Australia, which may be in the USA or other countries which may not be considered to offer an equivalent level of protection of personal data as the level afforded in your home jurisdiction. Personal data transferred to other jurisdictions will, where possible, be protected by appropriate safeguards. For more information regarding the transfer or your personal information, you have a right to request copies of the relevant document for enabling the personal data transfer(s) towards such countries by writing to the Data Controller or, where the affiliated entities or non-affiliated entities disclose the Personal Data to sub-recipients and where relevant, to these affiliated entities or non-affiliated entities. EIG may also use cloud storage and IT servers that are located offshore.
Updating your Personal Information
It is important to our relationship that the personal information EIG holds about you is accurate and up to date. During the course of your relationship with EIG, you will be asked to inform EIG if any of your personal information has changed. If you consider that any information EIG holds about you is incorrect, you should contact EIG to have it updated. EIG will generally rely on you to assist it in informing it if the information EIG holds about you is inaccurate or incomplete.
Denied Access to Personal Information
There may be situations where EIG is not required to provide you with access to your personal information. For example, if giving access would be unlawful. An explanation will be provided to you if EIG denies you access to your personal information it holds.
1 Applicable laws include: (i) Regulation S-P, Privacy of Consumer Financial Information, issued by the United States Securities and Exchange Commission; (ii) the provisions of the EU Regulation n°2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”); (iii) data protection law applicable in Luxembourg (including but not limited to the law of 1st August 2018 on the organization of the National Commission for Data Protection and the general regime on data protection, as may be amended or replaced); (iv) the California Consumer Privacy Act; (v) the Cayman Islands Data Protection Law, 2017; and The Privacy Act 1988 (“Privacy Act”) which is an Australian law which regulates the handling of personal information about individuals, (collectively hereinafter the “Data Protection Legislation”). Applicable laws and regulations may differ depending on your domicile, residency and investor status, as well as the nature of the services provided and information collected by EIG.