1. Who we are
Sunline Pte. Ltd. (“Sunline”, “we”, “us”) is a fund management company incorporated in Singapore and licensed by the Monetary Authority of Singapore (Capital Markets Services Licence No. CMS100332-1). We act, among other things, as Investment Manager to Clan Futurity, a sub-fund of an Irish collective asset-management vehicle (the “Fund”) whose management company is FundRock Management Company (Ireland) Limited and whose administrator and transfer agent is CACEIS Ireland Limited.
Sunline Pte. Ltd., 3 Killiney Road, #05-07 Winsland House I, Singapore 239519 · +65 6836 5574 · general@sunline.com.sg
This statement explains how Sunline handles personal data in accordance with the Singapore Personal Data Protection Act 2012 (“PDPA”) and, where applicable, the EU General Data Protection Regulation (“GDPR”), under which Sunline acts as a data controller. Investors in the Fund: the Fund and its service providers also process your personal data in their own right; that processing is described in the Data Protection section of the Fund’s prospectus, which this statement supplements and does not replace.
2. What we collect and why
We collect personal data of investors and prospective investors (and their representatives, directors and beneficial owners), clients, business contacts and website enquirers: identification and contact details, KYC/due-diligence and tax information (including FATCA/CRS self-certifications), bank and investment details, and correspondence. It is obtained from you directly, from the Fund’s administrator and from intermediaries, advisers and screening databases.
We use this data to:
- process applications, subscriptions, redemptions and transfers, and manage your investment or our services to you (GDPR basis: performance of a contract);
- meet our legal and regulatory obligations, including anti-money-laundering, sanctions and tax reporting under Singapore, Irish and EU law (GDPR basis: legal obligation); and
- manage and protect our business, prevent financial crime, keep records and handle legal claims, and communicate with investors (GDPR basis: legitimate interests).
Providing this data is a contractual and statutory requirement: without it we may be unable to accept or maintain your investment. We do not sell personal data or use it for automated decision-making. Under the PDPA, we collect, use and disclose personal data with your consent (including deemed consent) or as otherwise permitted by law; you may withdraw consent at any time by writing to us, subject to legal and contractual consequences we will explain.
3. Who we share it with
Personal data may be shared, on a confidential basis and only as needed, with: the Fund and its directors; FundRock Management Company (Ireland) Limited; CACEIS Ireland Limited (administrator, registrar and transfer agent); the Fund’s depositary, auditors and other service providers; our own professional advisers, banks, brokers and IT/outsourced providers acting on our instructions; and regulators, tax authorities, courts and law enforcement (including MAS and the Central Bank of Ireland) where required by law.
4. International transfers
Your personal data may be transferred between Singapore, Ireland and other jurisdictions where the Fund’s service providers operate. Under the PDPA we ensure recipients are bound to protect the data to a comparable standard; under the GDPR, transfers outside the EEA are protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses, or take place under a permitted derogation (e.g. performance of your contract). Contact us for more information on the safeguards applied.
5. Retention and security
We keep personal data only as long as needed for the purposes above and to meet legal obligations — anti-money-laundering rules in Singapore and Ireland generally require retention for at least five years after the relationship or transaction ends. We maintain appropriate technical and organisational security measures, restrict access to those who need it, and will notify the relevant authority and affected individuals of any data breach where the law requires.
6. Your rights
Subject to applicable law, you may request access to and correction of your personal data and withdraw consent (PDPA), and — where the GDPR applies — request erasure, restriction or portability of, or object to, our processing of your personal data. You may also complain to a supervisory authority: the Data Protection Commission in Ireland (www.dataprotection.ie), the Personal Data Protection Commission in Singapore (www.pdpc.gov.sg), or the authority of your place of residence — though we would appreciate the chance to address your concerns first. These rights may be limited where the law requires us to retain or continue processing data (e.g. AML record-keeping).
To exercise any right or ask a question, please write to our Data Protection Officer at general@sunline.com.sg (marked for the attention of the Data Protection Officer) or by post to the address above. We may verify your identity before acting on a request.
7. Website and updates
Information on the cookies used by this website is set out in our Cookie Policy. We may update this statement from time to time; the current version, with its date, is always available at this address.