Our Locations

This statement outlines EMR Capital¹’s policy on how we manage the personal information we hold about our clients and others. EMR Capital maintains a policy of strict confidence concerning any personal information you provide to us.

It is EMR Capital’s policy to respect the confidentiality of information and the privacy of individuals. EMR Capital’s Website Privacy Policy complies with the Australian Privacy Principles contained in the Australian Privacy Act and, where applicable, the EU General Data Protection Regulation. It will be reviewed from time to time to take account of new laws and technology, changes to our operations and practices and to make sure it remains appropriate to the changing environment. Any information we hold will be governed by the most current Privacy Policy.

We gather and store your personal information to maintain contact with you about our products and services. We understand your privacy is important and are committed to protecting your details and keeping them safe. When we receive personal information from you we will:

• Store it in a secure way
• Make sure it is kept accurate and up-to-date
• Restrict how we use it
• Restrict who we provide it to

¹ EMR Capital comprises two groups of companies formed under EMR Capital Group Limited (Company No: OG-328609) and EMR Capital Holdings Pty Ltd (ACN 158 368 846).

2.1 Australian Privacy Act

EMR Capital is bound to protect your personal information in accordance with the Australian Privacy Principles, to the extent required by the Privacy Act 1988 (Australian Privacy Act).

The Australian Privacy Act defines personal information as information or an opinion about an individual whose identity is apparent or can reasonably be ascertained. It includes your name, age and contact details as well as your health and financial information. This policy outlines our general information handling practices, and is generally reflected in our offer documents. (Offer documents generally refer to Product Disclosure Statements or information memorandums).

2.2 European Union General Data Protection Regulation

EMR Capital and its affiliates are aware of the potential applicability of Regulation (EU) 2016/679 (the General Data Protection Regulation) and any national implementing or successor legislation relating thereto in connection with the processing of any personal information that they receive. To the extent the General Data Protection Regulation applies to EMR Capital’s processing activities, or to the extent that you are a resident of the UK, the European Union (EU) or the European Economic Area (EEA), EMR Capital and its affiliates shall process such personal information in the manner, and for the purposes, set out in this Privacy Policy. For the purposes of applicable EU data protection laws (including the General Data Protection Regulation), EMR Capital will be a data controller of any personal information collected pursuant to this Privacy Policy.

The General Data Protection Regulation defines personal data as any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, and is referred to in this Privacy Policy as personal information.

To the extent you are an investor in our fund, please refer to the investor privacy notice provided to you in the subscription booklet and/or investor data room.

We obtain most of the information directly from you through a variety of forms and other applications including via the “Contact Us” form on our website, by you subscribing to email alerts, or contacting us via email, post and telephone, and from maintaining records of information provided in the course of ongoing communications. We may also collect cookie information. Information regarding our use of cookies is provided at: https://www.emrcapital.com/en-us/cookies. We may also obtain information from other sources such as financial advisors.

The types of personal information we may collect include (but are not limited to) name, address and contact details (including email address) tax information, bank account information, and other identification verification information, including photographic information from documents including your birth certificate, passport, driver’s licence, pension card, citizenship certificate, tax notice assessment, Medicare card and utilities notices.

We may ask for other information voluntarily from time to time to enable us to improve our service or consider the wider needs of our clients or potential clients.

If you choose not to provide the information and we need to fulfill your request for a specific product or service, we may not be able to provide you with the requested product or service.

4.1 Why do we collect, hold, use and disclose clients’ personal information?

Unless you are informed otherwise, the personal information we hold is used for establishing and managing your relationship with us, providing products and services, enhancing our relationship with you and giving you ongoing information or opportunities that we believe may be relevant to your financial needs and other circumstances.

From time to time we may use your personal information to provide you with current information about new products or services being offered by us or any company we are associated with. If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting our office by emailing legal@emrcapital.com.

We collect, hold, use and disclose your personal information to provide you with EMR Capital investment products and services, and to comply with:

• the Anti-Money Laundering & Counter-Terrorism Financing Act 2006
• the Corporations Act 2001
• the Australian Securities and Investments Commission Act 2001
• the Bankruptcy Acy 1966
• the Tax Laws Amendment (Implementation of FATCA Agreement) Act 2014
• the Tax Laws Amendment (Implementation of Common Reporting Standard) Act 2016; and
• applicable taxation law.

4.2 What legal bases under the EU General Data Protection Regulation do we rely on?

We rely on various legal bases under applicable data protection legislation in order to process your personal information, including our legitimate interests, contractual necessity and as required by law. You may contact us at legal@emrcapital.com to obtain further information regarding how we have balanced our legitimate interests against your fundamental rights and freedoms. We may process your personal information for the following purposes:

Purpose	Legal Basis
To provide you with the services or financial products you have requested.	Contractual necessity
To keep a record of your relationship with us.	Legitimate interest
To verify your identity.	Legal requirement and legitimate interest
To conduct due diligence activities in connection with an actual or prospective corporate transaction or investment with respect to which we are party to.	Legitimate interest
Fraud and abuse prevention.	Legal requirement and legitimate interest
Litigation management and conducting internal audits and investigations.	Legal requirement and legitimate interest
To administer and protect our business and our website.	Legitimate interest
To make suggestions and recommendations to you about goods or services that may be of interest to you in your commercial capacity.	Legitimate interest
To send you marketing communications.	Consent and legitimate interest
To respond to your contact requests via email, post or telephone.	Legitimate interest
To conduct necessary tax reporting.	Legal requirement

Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your personal data.

Depending on the product or service concerned and particular restrictions on sensitive information, this means that personal information may be disclosed to:

• service providers and specialist advisers who have been contracted to provide us with administrative, financial, legal, insurance, tax or other services
• other insurers, credit providers, courts, tribunals and regulatory authorities as agreed or authorised by law
• mailing houses
• IT service providers and data hosting providers
• security and exchange commissions and share registry offices
• anyone authorised by an individual, as specified by that individual or the contract

Generally, we require external organisations that handle or obtain personal information as service providers acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with the Australian Privacy Principles and this Privacy Policy.

We reserve the right to disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator, national security, for the purposes of public importance or any other legal or investigatory process involving us. Should we, or any of our affiliated entities, be the subject of a takeover, divestment or acquisition we may disclose your personal information to the new owner of the relevant business and their advisors.

To the extent your personal information is transferred to countries outside of the European Economic Area, such transfers will only be made in accordance with applicable data privacy laws. For further information about the safeguards used, please contact legal@emrcapital.com.

EMR Capital staff who handle personal information are trained to respect the confidentiality of client information and the privacy of individuals. EMR Capital regards breaches of your privacy very seriously and will impose appropriate penalties.

Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, mail, over the internet or other electronic medium. We hold personal information in a combination of secure computer storage facilities and paper-based files and other records, and take steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure. We will not keep more information than we need for those purposes. For further information about how long we will keep your personal information, please contact legal@emrcapital.com.

We will keep your personal information only for as long as is reasonably necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required by law. However, when we consider information is no longer needed, we will remove any details that will identify you or we will securely destroy the records.

EMR Capital endeavors to ensure that the personal information we hold is accurate and up-to-date, however we realise that this information changes frequently with changes of address and other personal circumstances.

During the course of our relationship with you, we may ask you to inform us if any of your personal information has changed. We can generally update your customer information over the telephone or electronically via email. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete.

9.1 Australian Privacy Act

Under the Australian Privacy Act, you have the right to obtain a copy of any personal information which EMR Capital holds about you and to advise us of any perceived inaccuracy. The Act does set out some exceptions to this.

To make a request, you will need to verify your identity, as held by us, via email and specify what information you require.

We will acknowledge your request within 14 days and respond promptly to it.

9.2 EU General Data Protection Regulation

To the extent the General Data Protection Regulation applies to our processing of your personal information, you have the right to access the personal information we hold about you, and there are a number of ways you can control the way in which and what information we store and process about you.

• Access: You have the right to ask for a copy of the personal information that we hold about you free of charge, however we may charge a ‘reasonable fee’, if we think that your request is excessive, to help us cover the costs of locating the information you have requested.
• Correction: You may notify us of changes to such your personal information if it is inaccurate or it needs to be updated.
• Deletion: If you think that we shouldn’t be holding or processing your personal information any more, you may request that we delete it. Please note that this may not always be possible due to legal obligations.
• Restrictions on use: You may request that we stop processing your personal information (other than storing it), if: (i) you contest the accuracy of it (until the accuracy is verified); (ii) you believe the processing is against the law; (iii) you believe that we no longer need your data for the purposes for which it was collected, but you still need your data to establish or defend a legal claim; or (iv) you object to the processing, and we are verifying whether our legitimate grounds to process your personal information, override your own rights.
• Object: You have the right to object to processing, including: (i) for direct marketing; (ii) for research or statistical purposes; or (iii) where processing is based on legitimate interests.
• Portability: If you wish to transfer your personal information to another organisation (and certain conditions are satisfied), you may ask us to do so, and we will send it directly if we have the technical means.
• Withdrawal of consent: If you previously gave us your consent (by a clear affirmative action) to allow us to process your personal information for a particular purpose, but you no longer wish to consent to us doing so, you can contact us to let us know that you withdraw that consent.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You may exercise the rights mentioned in sections 9.1 and 9.2 above by contacting our Privacy Officer:

Name: Dearbhla Sammon
Address: EMR Capital, Level 2, 150 Collins Street, Melbourne
Telephone Number: +613 9669 8865
Email Address: legal@emrcapital.com

If you consider that any action of EMR Capital breaches this Privacy Policy, or otherwise doesn’t respect your privacy, you can make a complaint. This will be acted upon promptly.

To make a complaint, please email legal@emrcapital.com

If you are not satisfied with our response to your complaint, you can telephone the Australian Privacy Commissioner’s hotline on 1300 363 992 (within Australia) or (where the General Data Protection Regulation applies) contact your local EU supervisory authority.

11.1 Australian Privacy Act

We are required to notify individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches.’ An eligible data breach occurs when the following criteria are met:

• there is unauthorized access to or disclosure of personal information held by us (or information is lost in circumstances where unauthorized access or disclosure is likely to occur,
• it is likely to result in serious harm to any of the individuals to whom the information relates, or
• we have been unable to prevent the likely risk of serious harm with remedial action.

We will conduct an assessment if it’s not clear if a suspected data breach meets these criteria. The assessment will determine whether the breach is an ‘eligible data breach’ that triggers notification obligations.

11.2 EU General Data Protection Regulation

Under the GDPR, we must notify the supervisory authority and any data subject of any personal data breach (i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed unless such personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons).

This site is only intended for individuals who are at least 13 years of age. We do not knowingly encourage or solicit visitors to this site who are under the age of 13 or knowingly collect personal information from anyone under the age of 13 without parental consent. If we learn we have collected or received personal information from an individual under the age of 13, we will delete that information.

We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and market place practice. As a consequence, we may change this Privacy Policy from time to time or as the need arises. If at any point we decide to collect personal information or use any collected information in a manner different from that stated at the time it was collected, we will notify applicable users by updating this Privacy Policy on our website. We will use information only in accordance with this Privacy Policy under which the information was collected.

If you want to make a general enquiry about our Privacy Policy or change your personal information, please email legal@emrcapital.com.