Privacy Statement

YOUR PRIVACY IS IMPORTANT TO US

At Sixpoint Partners, LLC. we recognize the importance of protecting your privacy. We strive to maintain the privacy of your personal nonpublic information while we help you achieve your financial objectives. The following disclosure explains what nonpublic personal information we collect about you, why we collect it, what we do with that information, and the steps we have put in place to protect the nonpublic personal information you have entrusted to us.

INFORMATION WE COLLECT

From you on the telephone, in person, or through mail;
From you on applications or other forms you complete;
Through transactions in your accounts with us, our affiliates, or others;
From our internet website; and From third parties with whom we deal, such as a consumer reporting agency, to verify information we receive from you and your creditworthiness.

PROTECTING YOUR INFORMATION

We restrict access to your nonpublic personal information to those employees and agents who need access to the information to perform their job functions or provide products or services to you. We protect your nonpublic personal information from access by third parties by maintaining physical, electronic, and procedural safeguards. We strive to ensure the protection of client personal information from receipt through destruction.

INFORMATION WE DISCLOSE TO THIRD PARTIES

We do not disclose any of your nonpublic personal information to non-affiliated third parties without your consent except as required or permitted by law or unless those parties are providing services or support to us and have agreed to keep your nonpublic personal information confidential. Examples of these parties include the companies or individuals we use to

(a) execute and clear our securities transactions,
(b) prepare and mail your account statements,
(c) help us verify information, including identity,
(d) provide us with consulting, legal, and accounting services,
(e) help us develop, operate, and maintain our services and systems, if you cease to transact business with us, we will continue to apply the same protections to your nonpublic personal information as we did when you were an active client.

If you have any questions regarding our privacy policy, you can contact us at info@sixpointpartners.com.

PRIVACY NOTICE TO CALIFORNIA RESIDENTS

The California Consumer Privacy Act (CCPA) and the regulations promulgated thereto, each as amended, including pursuant to the California Privacy Rights Act of 2020 (CPRA) requires us to notify California residents (unless an exemption applies) of the categories of personal information we collect about them, with reference to the categories set forth under the CCPA, and the purposes for which we will use such categories of personal information.

Categories of Personal Information Collected: The relevant categories of personal information PNC may collect about California residents includes:

Identifiers: such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security Number, driver’s license number, passport number, or other similar identifiers.
Customer records: such as paper and electronic customer records containing personal information, such as name, signature, Social Security Number, physical characteristics or description, etc.
Protected classifications under California or federal law: such as age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, sex (including gender identity or expression, sexual orientation), medical condition, veteran or military status, physical or mental disability, etc.
Commercial information: such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric information: such as genetic, biological characteristics, etc. such as, fingerprints.
Internet or other electronic network activity information: such as browsing history, search history, website interaction, etc.
Geolocation data: such as precise physical location or movements within 1850 feet.
Sensory data: such as audio, electronic, visual, thermal, olfactory, or similar information.
Employment information: such as current or past job history or performance evaluations.
Education Information: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). This category of PII is not collected by PNC.
Profiles or inferences: such as profiles reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sensitive Personal Information: Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; or genetic data.

Purposes of Collection, Use, and Disclosure: We may collect, use, and disclose the above categories of personal information as follows:

To provide the services for which the information was provided, including to maintain and administer any accounts you open with us and to process transactions and payments.
For authentication, identity verification, and fraud prevention and detection.
To process and respond to or address your questions and investigate and resolve any issues.
To personalize your experience using our websites and services.
To communicate with you, including transactional and account-related information as well as news, updates, and marketing communications.
To improve and develop products and services and for other research and analytics purposes.
To respond to authorized regulatory, compliance, and legal process.
To evaluate or conduct a merger or to sell or transfer some or all of PNC’s assets.
To protect and defend our rights and interests and those of third parties, including in defense of litigation and other claims against us.

Not covered by this Notice: This Notice does not address or apply to any of the nonpublic information we collect about consumers, pursuant to the Gramm-Leach-Bliley Act (GLBA) or otherwise subject to an exemption under CPRA Section 1798.145. For information, please review our Privacy Notice.

For more details and information about the personal information we collect and how we collect, use and disclose such personal information (as defined by the CPRA) and your rights regarding such personal information, please contact mschmalhofer@sixpointpartners.com.

EU GENERAL DATA PROTECTION REGULATION NOTICE

INTRODUCTION
DATA CONTROLLER
WHAT PERSONAL DATA WE COLLECT AND WHY?
SHARING OF YOUR INFORMATION
TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
OUR RETENTION POLICY
PROTECTING YOUR INFORMATION
COOKIES
CHILDREN
YOUR RIGHTS
BREACH NOTIFICATION
CONTACT US

1. INTRODUCTION

1.1 This notice pertains to Sixpoint Partners LLC and Sixpoint Partners Europe Ltd (collectively ‘Sixpoint’, ‘we’, ‘our’, ‘us’, or the ‘Firm’) and those activities it undertakes to provide fundraising services to U.S. and European private equity sponsors and their management companies (our ‘Clients’) and to market private equity investments to European professional investors on behalf of our Clients. We are committed to protecting the Personal Data (as defined in Article 4(1) of the GDPR) of individuals associated with the companies with which we do business. Specifically, we assist our Clients with finding suitable institutional investors to invest in our Client’s funds (‘Investors’). As such, our core activities have limited exposure to Personal Data. This notice (‘Notice’) describes Sixpoint’s practices related to www.sixpointpartners.com (the ‘Website’), general marketing programs conducted by the Firm and its representatives, operational elements of the Firm’s placement and advisory activities and also serves as the Firm’s data protection policy.

1.2 This Notice may be amended from time to time. We will post changes to this Notice on our Website and any changes will take effect 30 calendar days after posting. We recognise our continuing transparency responsibilities and will take reasonable steps to bring to the attention of our Clients any material changes to this Notice when they are posted. The effective date will be shown at the end of this Notice and the most recent amendments will be highlighted during the period between posting and the effective date of the amendments.

DATA CONTROLLER

2.1 For U.K. activities and operations Sixpoint Partners Europe Ltd is the data controller. We are registered in the United Kingdom with company number 12327421, and our registered office address is Sixpoint Partners Europe Ltd., Regus London Berkeley Square, 2nd Floor, Berkeley Square House, Berkeley Square, London, W1J 6BD, UK Office 304.

2.2 For U.S. activities and operations Sixpoint Partners LLC is the data controller. The office address is 600 Lexington Avenue 11^th Floor New York, NY 10022.

2.3 Questions, comments and requests regarding this Notice may be emailed to mschmalhofer@sixpointpartners.com or sent by post to the above mentioned address.

WHAT PERSONAL DATA DO WE COLLECT AND WHY?

This Section 3 covers the different sources and categories of Personal Data that we collect and otherwise process, why we do so, and the lawful bases for our processing.

Depending on your relationship with us, please see the relevant section below where we describe how we obtain your Personal Data and how we will treat it.

This privacy notice covers the processing of information for the following categories of individuals:

Website users;
Individuals associated with prospective Investors (for marketing purposes);
Individuals associated with Investors (for the purposes of an investor entering into an investment relationship with a Client);
Individuals associated with management companies who are our clients (for purposes of compliance with United States Anti-Money Laundering Requirements)
Individuals associated with third party vendors and service providers; and
Employee data

3.1 WEBSITE VISITORS

A- Sources of Personal Data

We will obtain Personal Data concerning our Website visitors from the following sources:

a) from you directly when completing the Contact Us section of our Website; and/or
b) from your device or browser.

B- Personal Data that we collect and process

Information provided voluntarily

We will collect your name; and/or business email address when we interact with you through the Website.

Information collected automatically from your device or browser

When you visit our Website, we will collect certain information automatically from your device.

Specifically, the information we collect automatically will include information like your IP address, device type, operating system, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We will also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Website, where they come from, what content on our Website is of interest to them, what they have viewed or looked at and in some instances what they have purchased. We use this information for internal analytics purposes, and to improve the quality and relevance of our Website to our visitors and users.

Some of this information will be collected using cookies, tracking pixels and similar tracking technology, for more information, please see our Cookies Notice.

C – Why do we collect your Personal Data and what are our lawful bases for doing so?

We process your Personal Data for the following purposes:

a) to allow you to participate in interactive features of our service when you choose to do so;
b) to respond to your queries;
c) to ensure that content from our Website is presented in the most effective manner for you and for your device;
d) for the provision of support services;
e) for system administration purposes;
f) for generating and monitoring statistical data about our users’ browsing actions and patterns, the number of visitors to our Website, the pages visited and how long they stayed; and/or
g) to exchange Personal Data with PNC’s group of companies (the “PNC Group”) for the purpose of reporting, global management, carrying out monitoring, analysing our business, complying with group regulatory requirements and any other purposes that are incidental to or connected with the foregoing purposes.

As described in our Cookie Notice, we will not set cookies on a user’s device unless they have consented to our doing so. The only exception is where the cookies in question are strictly necessary for the performance or navigation of our Website.

It is in our legitimate interests, and that of our Website visitors, for us to process data about your use of our Website in order to improve the services and information that we provide on our Website and for the security of our Website operation. We will only rely on legitimate interests if our rights are not overridden by your data protection interests or fundamental rights and freedoms.

Please do not submit your information to us via our Website, if you do not want us to process your Personal Data for the above purposes.

3.2 INDIVIDUALS ASSOCIATED WITH PROSPECTIVE INVESTORS (FOR MARKETING PURPOSES)

A – Sources of Personal Data

We will obtain Personal Data concerning prospective Investors from public sources and through direct interaction. Any Personal Data collected in this way is retained in the Firm’s client relationship management (“CRM”) system.

B- Personal Data that we collect and process

We will process the following categories of information in relation to individuals associated with companies to whom we market:

a) name;
b) job title;
c) business contact details (including phone number and email address); and
d) associated company name and number.

C – Why do we collect your Personal Data and what are our lawful bases for doing so?

Sixpoint undertakes marketing and solicitation activities in order to help our Clients identify suitable Investors. Marketing activities are directed at employees held out publicly as responsible for making investment decisions on behalf of Investors.

The lawful basis for which we collect Personal Data is for us to pursue the legitimate business interests of marketing private equity investments to commercial entities whose business it is to subscribe to such investments. Personal Data about employees of those business entities shall be processed to facilitate contact between two commercial entities. Marketing through letter, telephone and e-mail is exclusively intended to inform authorized representatives of commercial entities of the funds that may be of interest to their organisation.

3.3 INDIVIDUALS ASSOCIATED WITH INVESTORS (FOR THE PURPOSES OF AN INVESTOR ENTERING INTO AN INVESTMENT RELATIONSHIP WITH A CLIENT)

A – Sources of Personal Data

During the course of business operations we will obtain Personal Data about individuals associated with Investors and prospective Investors (including their employees, officers, major shareholders, general partners, or other associated individuals). We may also obtain Personal Data about individuals associated with our account debtors (including their employees, officers, major shareholders, general partners or other associated individuals).

In connection with this we obtain information from the following sources:

a) the individual directly (for example, by telephone, e-mail, when a representative of, or individual associated with, our client fills out our forms, or in the course of providing our services);
b) our Client;
c) credit reference agencies (which may search the UK Electoral Register);
d) fraud prevention agencies, CIFAS, or other organisations;
e) our own affiliates;
f) various subscription services; and/or
g) publicly available sources (for example, governmental websites, company registries, search engines and social media sites).

B – Personal Data that We Collect and Process

We collect Personal Data for two main reasons as further explained below:

to comply with regulatory requirements to address anti-money laundering, sanctions checks and other regulatory responsibilities (regulatory); and
to manage our contractual, operational and administrative affairs, including exercising and defending legal claims (administrative).

Regulatory activity

As part of The PNC Financial Services Group, Inc. (“PNC”), a US-headquartered financial institution, we have a legitimate interest to carry out due diligence on Investors in compliance with U.S. regulatory obligations with respect to anti-money laundering, counter terrorism, anti-bribery and anti-corruption, tax and other similar legislation. Where the Firm is responsible for carrying out such due diligence, we request Personal Data relating to Investors’, officers, authorised signatories, direct/indirect shareholders, general partners, trustees, settlors, protectors and beneficial owners. We also process the Personal Data of the directors of any parent or subsidiary that provides Investors with credit support. This will include:

a) a copy of a passport, driver’s licence, national identity card or any other equivalent identity document;
b) proof of residential address (for example, a copy of a utility bill, bank statement or any other equivalent document confirming the residential address);
c) the results of searches run by third parties or against publicly available information where such results may include the following categories of Personal Data: name, address, date of birth, directorships, convictions, disqualifications and notices of correction;
d) login details for the Online Facility feature of our service (including username and password); and/or
e) a specimen signature.

We will conduct real-time and/or automated screening against politically exposed persons and prohibited and/or sanctioned persons lists published by various regulators from time to time or checks through certain subscription services.

Administrative activity

We will also collect contact and other verification details of individuals associated with companies seeking to make investments in the funds sponsored and managed by our Clients. If Sixpoint processes subscription documentation with respect to a privately placed fund investment on behalf of our Client, we will keep a record of that correspondence. In such cases, we will process the following categories of information related to individuals associated with companies that submit private placement subscription documentation:

a) name;
b) job title;
c) business contact details (including phone number and email address); and
d) associated company name and number.

C – Why do we collect your Personal Data and what are our lawful bases for doing so?

We collect Personal Data in the capacity as intermediary for the underlying fund and that relevant Personal Data which is provided in order to complete a subscription agreement will be shared with the investment fund for the purposes of completing the underlying investment, including conduct of any required background checks.

The lawful basis for which we collect Personal Data is to comply with legal and regulatory obligations that apply to us (in the case of conducting any required background checks) and to facilitate the contractual relationship between the Client and the Investor.

We will ensure through the contractual relationships that we facilitate between Clients and Investors that any consent required to carry out checks on employees of an Investor (in line with the processing described in this section 3.3) have been lawfully and adequately collected, and notice has been provided.

3.4 INDIVIDUALS ASSOCIATED WITH MANAGEMENT COMPANIES WHO ARE OUR CLIENTS

A – Sources of Personal Data

During the course of business operations we will obtain Personal Data about individuals associated with Clients (including their beneficial owners, officers, and major shareholders) We obtain this information via the completion of the Beneficial Owners Certification Form and/or Sixpoint AML Verification Form by our clients.

B – Personal Data that We Collect and Process

name
title
date of birth
residential street address
immigration status
social security number or passport information

C – Why Do We Collect your Personal Data and What Are Our Lawful Grounds for Doing So?

Sixpoint will collect Personal Data about the beneficial owners and controlling parties associated with our clients in order for us to pursue the following legitimate business interests, such as to conduct due diligence activities required by laws of the United States prior to engaging in fundraising activities on your behalf.

3.5 SERVICE PROVIDERS AND THIRD PARTY VENDORS (COVERING THEIR EMPLOYEES, AUTHORISED SIGNATORIES, OFFICERS, DIRECTORS AND REPRESENTATIVES)

A – Sources of Personal Data

We will obtain Personal Data about individuals associated with our service providers and third-party vendors from the following sources:

a) the individual directly (for example, when they fill out our forms, sign agreements with us, or in the course of carrying out services for us);
b) the service provider; and/or
c) publicly available sources (for example, your company website).

B – Personal Data that We Collect and Process

We will request Personal Data relating to our service providers’ and third party vendors’ officers, authorised signatories, and other associated individuals. This will include:

a) name;
b) job title; and
c) business contact details.

C – Why Do We Collect your Personal Data and What Are Our Lawful Grounds for Doing So?

We will need to collect Personal Data about individuals associated with our vendors in order to comply with legal and regulatory obligations that apply to us, and to be able to have a contractual arrangement with you.

The Personal Data we collect will also be used for us to pursue the following legitimate business interests, such as to communicate with you in relation to the services you provide to us or to carry out operational and administrative actions.

3.6 EMPLOYEE DATA

Notice to Sixpoint employees about measures taken to protect Personal Data is provided via the PNC EU –Employee Privacy Notice. Employee Personal Data arising out of activities by Sixpoint is maintained in PNC’s consolidated secure systems in the United States in accordance with a data transfer agreement established between Sixpoint and its U.S. affiliate.

SHARING OF YOUR INFORMATION

We share Personal Data relating to our Clients, Investors and other business contacts among affiliates, and also with trusted third party vendors and business partners. The purposes for these transfers are set out below. We do not sell your Personal Data to third parties.

A – Our Affiliates

We may disclose your Personal Data to any member of The PNC Group for the following business purposes:

a) to carry out global AML/KYC processes; or
b) to store Personal Data on our central systems.

In so doing, our affiliates may be data controllers and/or data processors of the Personal Data that we share with them. As data controllers and/or data processors, these affiliates will process your data in line with intra-group data transfer agreements that we have entered into with the relevant members of The PNC Group in line with the requirements of the General Data Protection Regulation (EU) 2016/679 and national implementing laws (“GDPR”).

B – Our Service Providers

We may disclose information about you to organisations that provide a service to us or are acting as our agents, on the understanding that they will keep the information confidential and will comply with contractual safeguards in line with the GDPR requirements.

For example, we may share your information with the following types of service providers:

a) technical support providers who assist with our Website and IT infrastructure;
b) third party software providers, who may include ‘software as a service’ solution providers, where the provider hosts the relevant Personal Data on our behalf;
c) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
d) money laundering and compliance search providers;
e) providers that help us store, collate and organise information effectively and securely, both electronically and in hard copy format, and for marketing purposes;
f) providers that help us generate and collate reviews in relation to our services; and/or
g) providers that help us analyse or evaluate our data collection process or Client service fulfilment.

C – Government and Regulatory Authorities

We may disclose information about you if we have a duty to do so or if required by an EU or Member State governmental, banking, taxation or other regulatory authority or similar body, or by the rules of any relevant stock exchange or pursuant to any applicable EU or Member State law or regulation or if the law allows us to do so. Otherwise, we will keep information about you confidential.

D – Credit Reference and Fraud Prevention Agencies

In some cases, we may need to share your Personal Data with authorised fraud prevention agencies in order to obtain information from them that is necessary to prevent and detect fraud, money laundering and other crimes.

In regard to background checks on individuals associated with Investors, we reserve the right to carry out further checks from any of these sources from time to time for fraud prevention.

Should an unaffiliated third party request a bank or credit reference from us, or any other request for a reference that concerns you, we will not provide such a reference without your written permission.

E – Third Party Investment Managers

Sixpoint provides information to third party investment management companies to facilitate investments in private equity funds. Sixpoint will obtain assurances from third party investment management companies that Personal Data about you is protected.

F- Other

We may also disclose your Personal Data:

a) as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of the terms of our agreements, or as required by law;
b) in the context of mergers and acquisitions, we may transfer your Personal Data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event the we decide to dispose of all or parts of our business; and
c) with our advertising and promotional agencies and consultants and those organisations selected by us to carry out marketing campaigns on our behalf, subject to appropriate contractual safeguards.
TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

In general, when transferring your Personal Data outside the EEA (which consists of EU Member States and Iceland, Lichtenstein and Norway), we will only do so if one of the following safeguards is in place:

a) the transfer is to a non-EEA country which has an adequacy decision by the EU Commission;
b) the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA; or the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority.

We may exceptionally rely on one of the GDPR derogations if applicable.

You may request a copy of the relevant documentation from us using the contact details provided in section 2 above.

OUR RETENTION POLICY

We retain Personal Data only for as long as necessary for the purposes for which the data was collected. If such purposes have been fulfilled or cannot be reached anymore, we will erase your Personal Data and delete any documents thereafter, unless we need to retain the data due to legal obligations or for the establishment, exercise or defense of legal claims.

PROTECTING YOUR INFORMATION

Sixpoint protects against the loss, misuse and alteration of your Personal Data using reasonable, industry standard controls. Appropriate measures have been taken to safeguard your Personal Data to prevent unauthorized access, and to comply with applicable laws regarding the protection of such information. These measures include physical, electronic and other procedural protections, such as passwords, firewalls, and encryption or authentication technology. While we do our best to protect your Personal Data, we cannot ensure or warrant the security of any information that you transmit to us. The information you provide to us is sent over an open network, such as the Internet or email, and may be accessed by anyone. We cannot guarantee the confidentiality of any communications or materials sent to us over such open networks. We therefore do not accept any liability for direct or indirect losses in relation to security of any data that you send to us over an open network.

COOKIES

The www.sixpointpartners.com Website uses cookies and tracking mechanisms. Please refer to our Cookie Notice, which explains the use of cookies, including instructions on rejecting or deleting cookies.

To comply with privacy regulations, all website visitors will be asked to affirmatively consent to the use of non-essential cookies. Please note that this Policy does not apply to other organisations to which we link. We are not responsible for their privacy policies or practices of any other third party Websites and you should make your own inquiries regarding them.

Your use of the Website, including any disputes arising from it, is subject to this Policy as well as our Terms of Use, Disclosures, and Cookie Policy and all dispute resolution provisions therein, including the limitation of liability and choice of law provisions.

CHILDREN

Children under 16 years old are not the target audience for the Website. To protect their privacy, we prohibit the solicitation of Personal Data from these children. If you are under the age of 16, please do not submit your email address or any other Personal Data to us through the Website.

YOUR RIGHTS

If you are an individual covered by this Notice, you have the following rights in relation to your Personal Data under the GDPR:

a) to obtain information on how we handle your Personal Data and access documents which contain your Personal Data;
b) to request us to correct or update your Personal Data if it is inaccurate or out of date;
c) to object to the processing of your Personal Data where we have indicated in Section 3 above that our legitimate interest is the lawful basis for processing your data, or where decisions about you are based solely on authorized processing, including profiling;
d) to erase Personal Data about you that is held by us:
which is no longer necessary in relation to the purposes for which is was collected,
to the processing of which you object, or

iii. which may have been unlawfully processed by us;

e) to restrict processing by us, i.e. to restrict processing to storage only:
where you oppose to deletion of your Personal Data and prefer restriction of processing instead, or
where you object to the processing by us on the basis of our legitimate interests;
f) to transmit Personal Data that you submitted to us back to you or to another organisation in machine-readable format under certain circumstances; and
g) to withdraw your consent at any time, in the limited circumstances in which we may rely on your consent to process your Personal Data.

These rights are not absolute and are subject to various conditions under:

applicable data protection and privacy legislation; and
the laws and regulations to which we are subject.

For general questions regarding this Notice or if you at any time decide that you would like to exercise any of these rights, please contact us using the contact details provided in section 2 above.

If you are unhappy with how we have dealt with your request or concern, you have the right to file a complaint with the Information Commissioner’s Office, the UK supervisory authority. For more details, please visit the ICO’s website: https://ico.org.uk/concerns/handling/.

BREACH NOTIFICATION

A breach occurs when there is accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data of a European Data Subject. This includes both accidental and deliberate breaches.

Sixpoint must determine if a breach has occurred whenever any Personal Data of European Data Subjects is lost, destroyed, corrupted or disclosed; if someone accesses the information or passes it on without proper authorization; or if the information is made unavailable and this unavailability has a significant negative effect on the European Data Subjects.

If Sixpoint believes that such a breach has occurred, it must notify the PNC Privacy Office immediately, file a Security Incident Report (SIR) and follow appropriate internal policies and procedures. Once Sixpoint has filed a SIR, the Firm in conjunction with Legal and Privacy will notify its regulatory hosting firm, Mirabella, and determine whether Sixpoint must notify the supervisory authority and/or European Data Subjects whose Personal Data is involved of the breach.

Additionally, Sixpoint shall document any breaches, comprising the facts relating to the breach, its effects and the remedial action taken.

CONTACT US

Should you feel that your privacy or security is being compromised, wish to make a request for access to any Personal Data we may hold about you or wish to exercise one of your rights as described further on the “Your Rights” section above, or have any questions on this policy, please contact us using the contact details provided at section 2.

Date of last update or revision: July 22, 2020.