Privacy Policy
Capital Four is fully committed to protecting any client information or other personal data. Further, Capital Four is committed to maintaining the privacy and security of any personal data we collect from time to time about our business contacts (e.g. clients, prospective clients, former clients), suppliers, applicants and other individuals the company interacts with, and in addition other third parties or their employees, directors, officers or representatives (any of whom are referred to as "you" in this Privacy Policy).
In this Privacy Policy we describe how we use your personal data, i.e. our collection, usage, processing, storage or sharing of personal data in accordance with the EU General Data Protection Regulation (GDPR).
If you are a legal entity or partnership, you must provide your employees, directors, officers or representatives with adequate notice including the information set out in this Privacy Policy. When you continue to engage in the provision of services with us, we may use and transfer the personal data about e.g. your employees, or other relevant parties such as directors, management, beneficial owners, authorised representatives, associated parties, officers or representatives etc. in accordance with this Privacy Policy as amended from time to time in accordance with the "Notification of changes" section below.
1. Capital Four is the data controller
Capital Four Holding A/S (CVR no. 36440678), Capital Four Management Fondsmæglerselskab A/S (CVR no. 30593065), and Capital Four AIFM A/S (CVR no. 35670637) jointly referred to as “Capital Four”, “us” or “we” is each joint data controller for the personal data you share with us.
In accordance with GDPR article 26, the companies have entered into an arrangement for joint controllership. The essence of this arrangement is that:
- Capital Four Management Fondsmæglerselskab A/S acts as the primary point of contact for applicants and manages the daily IT and HR systems used for processing applications.
- The companies are responsible for ensuring your rights are upheld. You may exercise your rights in respect of and against each of the controllers.
Our contact information is:
Capital Four Management
Per Henrik Lings Allé 2, 8th floor
2100 Copenhagen Ø
Phone: +45 3525 6100
E-mail: legal@capital-four.com
www.capital-four.com
We ensure that your personal data is protected. We are subject to secrecy of duty and confidentiality, and hence our systems are protected with appropriate technical and organisational measures.
Our internal rules on IT security contain instructions and measures protecting your personal data against destruction, deletion or changes, and against unauthorised or unlawful loss or disclosure.
In case of a data protection breach we will inform you and the relevant authorities as soon as practicable possible and within the time limits stipulated in the GDPR.
2. The purposes and the legal basis for the processing of personal data
We process personal data for the following purposes:
- General client administration in relation to our financial services business and performing investment analysis of investment opportunities as part of our services, ref. section A, B and D below.
- Complying with Anti-Money Laundering regulation and reporting regulations, ref. section C below.
Information as to how and why we process your personal data can also be found in the contracts with you which include any terms of business applicable to the services.
Our legal basis for the processing of personal data is:
- You have given consent to the processing of your personal data for one or more specific purposes (GDPR article 6, 1, a).
- The processing is necessary for the performance of a contract with you or in order to take steps at the request of you prior to entering into a contract, and to provide you with appropriate offers, advice and services as part of our contract (GDPR article 6, 1, b).
- The processing is necessary for compliance with a legal obligation which we are subject to (GDPR article 6, 1, c), including:
- Know Your Customer requirements and AML monitoring, reporting etc., including sanctions screening, pursuant to the Danish Anti-Money Laundering Act.
- The Danish Bookkeeping Act.
- Reporting to the tax authorities in accordance with the Danish Tax Control Act.
- Reporting to supervisory authorities etc. according to e.g., the Danish Investment Firms Act and the Danish Alternative Investment Funds Managers Act.
- Other obligations related to service specific legislation e.g. securities trading legislation.
- Processing of data revealing racial or ethnic origin (e.g., from passport copies) is necessary for reasons of substantial public interest in accordance with Danish Data Protection law and GDPR Article 9, 2, g, specifically to comply with AML and sanctions screening obligations.
- The processing is necessary for the purposes of our legitimate interests, e.g. when performing investment analysis as part of our portfolio management services (GDPR article 6, 1, f), specifically:
- Conducting due diligence, improving and developing our financial services, and performing essential investment analysis as part of our business offering.
- Maintaining IT and business security and protecting our assets.
We may collect personal data about contact persons who are employees of our suppliers and business partners when such person is acting on behalf of the other party. We collect such information as part of entering into a contract with the collaborator or when receiving services from suppliers. Further, we might need to collect contact information about employees of the authorities.
3. Categories of personal data
The personal data is in most cases collected directly from you or generated as part of the usage of our services. Sometimes additional information is required to keep information up to date or to verify information we collect. Personal data may include the following categories:
- Identification information: name, identification number, documentation of such information, for instance a copy of a passport, driver’s license or the like, and information about control structures and beneficial owners.
- Contact information: postal address, email address, telephone number(s).
- Employer or position.
- Messages you have sent to us.
- Recording of phone conversations related to transactions in financial instruments.
- Publicly available information from external sources such as registers held by governmental agencies, sanction lists, and from commercial information providers providing information on e.g. beneficial owners and politically exposed persons.
- Information about participation in Capital Four events or information about you as a subscriber of a Capital Four newsletter.
4. Where do we receive the information from
Usually, we will receive the information from you, however, we might also receive it from your employer, or from publicly available sources. Further, we might receive information you have disclosed to our service providers for performing our investment analysis.
5. Who we might disclose your personal data to
As part of our financial services business, we may share your personal data with the following recipients or categories of recipients:
- Public authorities including the Danish Money Laundering Secretariat, Tax authorities, and supervisory authorities.
- Suppliers and service providers assisting with technical support and services.
- Business partners.
- Data Processors.
We have entered into agreements with selected suppliers, which as part of their services to us process personal data on behalf of us. Examples hereof are suppliers of IT development, maintenance, hosting and support.
Before sharing we will always ensure that we respect relevant financial industry secrecy obligations.
In some cases, we might transfer personal data to countries outside EU/EEA (third countries). In these cases, we ensure that the transfer complies with GDPR Chapter V. We rely on the following safeguards to protect your rights:
- We only transfer data to a third country that has been deemed to provide an adequate level of data protection by the European Commission, or
- The transfer is based on appropriate safeguards, such as the EU Commission's Standard Contractual Clauses (SCCs), which ensure the transferred data receives a level of protection essentially equivalent to that guaranteed within the EU.
You may obtain a copy of the safeguards used for a specific transfer by contacting us via the details in Section 1.
6. Video Surveillance at Office Entrances
Capital Four utilizes video surveillance at the entrance doors to the office for security purposes.
- Purpose: The sole purpose of the video surveillance is to prevent and detect crime (such as theft, vandalism, or unauthorized access) and to protect Capital Four assets and employees.
- Legal Basis: The processing of images is based on the legitimate interests of Capital Four (cf. GDPR Article 6, 1, f, and Section 12 of the Danish Data Protection Act) in securing our premises.
- Storage Period: Recordings are automatically deleted on a rolling basis, typically not more than 30 days after recording, unless they are required in connection with a specific investigation of a criminal act. Only a limited number of authorized personnel have access to view and retrieve the recordings.
7. How long we keep your personal data
We will only retain your personal data for as long as needed for the purposes of which the data was collected and processed or for as long as it is required by laws and regulations, e.g. the Danish Bookkeeping Act and the Danish Anti-Money Laundering Act.
When a client relationship is terminated, information regarding KYC is stored for 5 years according to the Danish Anti-Money Laundering Act.
8. Your privacy rights
You have certain rights under the GDPR. These include the following:
- Access to your personal data: You have the right to obtain a copy of the personal data that we hold about you.
- Correction of incorrect or incomplete data: You have the right to rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
- Erasure: If there is no longer a legal basis for our processing of personal data you have the right to obtain the erasure of personal data concerning you and we have the obligation to erase personal data without undue delay. However, due to financial regulation, we are in many cases obliged to retain personal data during a client relationship, and even after that, e.g. to comply with a legal or regulatory obligation or where processing is carried out to manage legal claims.
- Limitation of processing: You have the right to ask us to suspend processing of personal data in special cases.
- Object to processing: In certain specific cases you have the right to object to processing of personal data concerning you. We may not be able to comply with such request where there are compelling legitimate grounds for us to process your personal data or where the processing of your personal data is required for compliance with a legal or regulatory obligation or relating to legal proceedings.
- Data portability: You have in certain cases the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance.
Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case.
9. Updating your personal data
It is important for us that we maintain accurate records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible and we will update our records accordingly.
10. Data protection authority
You have a right to file a complaint about the processing of your personal data with the Danish Data Protection Agency. You can find contact information here: www.datatilsynet.dk.
11. Notification of changes
This Privacy Policy is dated 3 November 2025. We may amend this Privacy Policy from time to time as required by applicable data protection legislation.