Privacy Policy for Fortress Fund Management AS

Last updated: August 19th 2024

This privacy policy applies for processing of personal data when Fortress Fund Management AS “Fortress Fund“, “we” or “us“) processes personal data in the capacity of data controller, for instance related to visitors of our websites and contact information to contact persons of our customers and suppliers.

Below you will find information about the personal data we collect, why we do this and your rights in relation to the processing of your personal data.

1 WHO WE ARE

Fortress Fund is a pre-seed and seed investor supporting Norwegian tech startups, focusing on Energy systems, Artificial Intelligence, and Climate. We offer initial investments and potential seed funding. Our hands-on approach provides insights, connections, and domain expertise. We take board seats to guide key decisions and help ventures grow to international markets.  

Fortress Fund acts as the data controller for the processing of personal data described in this Privacy Policy.

Our contact information is:

Fortress Fund Management AS

Håkon Melbergs vei 16

1783 Halden

Norway

Business registration number: 928 502 406

For any questions regarding our processing of your personal data, please contact Lorenzo Ruscelli lorenzo@fortressfund.no You can also contact us if you want to exercise your rights in accordance with the GDPR, as described below in section 7.

2 WHO WE PROCESS PERSONAL DATA ABOUT

The Privacy Policy addresses the processing of personal data about the following persons:

  • Ultimate owners of funds
  • Fund investors
  • Prospective investors
  • Suppliers
  • Visitors to our website fortressfund.no

3 PURPOSE, CATEGORIES OF PERSONAL DATA, LEGAL BASIS AND RETENTION PERIOD

All processing of personal data is carried out in accordance with the applicable data protection rules, including the Norwegian Personal Data Act and the General Data Protection Regulation (GDPR).

Below you will find an overview of the purposes for which Fortress Fund processes personal data, what personal data is processed, the legal basis for the processing and retention periods.

Creation, administration and fulfillment of fund investors, potential investors and ultimate owner agreements

When entering into agreements with investors and ultimate owners, we collect personal data about the contact person or representative at the prospective investor, investor or ultimate owner. This includes their contact information. The purpose of this is to fulfill the agreement with fund investors and ultimate owners.

When private fund investors enter into agreements with us, we collect information about your name, telephone number, payment and financial information, email address and postal address. The legal basis for this processing of personal data is GDPR Article 6 (1) (b), as the processing is necessary to fulfil the agreement with the private customer.

If you do not enter into an agreement with Fortress Fund by virtue of being a private individual, but instead act as a contact person or representative on behalf of a company, we will process the same personal data as mentioned above. However, the legal basis for this processing of personal data is GDPR Article 6 (1) (f), our legitimate interest in managing contract offers, contractual relationships and communicating with fund investors and ultimate owners.

We also process personal data to ensure compliance with our anti-money laundering and “know your customer” procedures, before entering into agreements with fund investors or ultimate owners. For natural persons, we process personal data about contact information, personal identity number and the same information for anyone who acts behalf of the natural person in questions and beneficial owners. For legal entities, the personal data we process is limited to contact information of general managers, directors or persons holding an equivalent position. The legal basis for this processing is the GDPR article 6 (1) (c), cf. the Norwegian Anti-Money Laundering Act sections 12 and 13. 

The data processed for this purpose is as a main rule deleted after 3-5 years, in accordance with the rules of the Norwegian Bookkeeping Act.

Creation, administration and fulfillment of supplier agreements

When entering into agreements with suppliers, we collect personal data about the contact person or representative at the supplier. This includes their contact information. The purpose of this is to fulfill the agreement with our suppliers.

The personal data is processed on the basis of GDPR Article 6 (1) (f). The processing of the personal of contact persons at suppliers will be based on our legitimate interest and purpose of being able to manage our contractual offer, contractual relationship or communication in connection with the contractual relationship, towards our suppliers.

The data processed for this purpose is as a main rule deleted after 3-5 years, in accordance with the rules of the Norwegian Bookkeeping Act.

Inquiries through contact form and social media

When you contact Fortress Fund through the contact form on our website and in social media, we process information about your name, username, email address and any personal data you provide through free text fields.

The legal basis for the processing is Fortress Funds’ legitimate interest in responding to inquiries, cf. Article 6(1)(f) of the GDPR.

The personal data we receive in connection with this processing will be deleted one month after the inquiry has been answered. If the inquiry is regarding a potential investment, the personal data received in connection with the inquiry will be stored until the potential investment is completed. 

4 RECIPIENTS OF YOUR PERSONAL DATA

In some cases, Fortress Fund may disclose personal data to others to the extent necessary for the administration of our operations and to carry out our business.

Fortress Fund may, among other things, share your personal data with our supplier of IT systems and technical assistance. These parties process personal data about our customers and suppliers by virtue of their role as data processors, and their processing is subject to a data processing agreement. The suppliers are required to act according to documented instructions from Fortress Fund and may not use personal data for their own purposes.

In addition, we may in some cases disclose your personal data to other companies who will themselves be responsible for how they process your personal data. For example, we may disclose your personal data to partners who handle payment services and public authorities if this is required by law or by a legally enforceable judgment or order.

If Fortress Fund sells or buys any business or assets, Fortress Fund may transfer your personal data to a prospective seller or buyer of such business or assets.

If Fortress Fund or a significant part of Fortress Funds’ assets are sold to another company, the personal data of our customers and suppliers may also be shared in connection with the sale.

We always implement appropriate technical and organizational security measures in accordance with applicable data protection legislation to ensure that your personal data is handled in a secure manner when transferring or sharing personal data with a third party.

5 TRANSFERS OF YOUR DATA TO COUNTRIES OUTSIDE THE EU/EUROPEAN UNION

Generally, we process your personal data within the EU/EEA. If the personal data is processed outside the EU/EEA, there is either an adequacy decision from the European Commission in place, which ensures that the third country in question guarantees an adequate level of protection, or we ensure that appropriate safeguards are in place to ensure that your rights under the GDPR are safeguarded. Examples of such appropriate safeguards are that the data transfer is subject to the European Commission’s Standard Contractual Clauses (SCC’s) or that the relevant third party follows approved standards of conduct.

If you would like more information about the security measures we have implemented, please contact us using the contact details set out at the beginning of this Privacy Policy.

6 SECURITY OF THE PROCESSING

All our processing of personal data is secured by necessary technical and organizational measures.

We handle personal data so that it is accurate, accessible and processed in accordance with the degree of sensitivity of the data. We also use a range of security technologies and information security procedures to protect personal data from unauthorized access, use or disclosure.

We have entered into data processing agreements with all our suppliers that process personal data.

We restrict access to personal data to the staff or third parties who will process the data on our behalf. These parties are subject to a duty of confidentiality.

7 YOUR RIGHTS WHEN WE PROCESS PERSONAL DATA ABOUT YOU

Below is information about your rights in relation to the processing of your personal data. To exercise your rights, you can contact Lorenzo Ruscelli at lorenzo@fortressfund.no.

Your inquiry will be answered as quickly as possible, and within one month at the latest. If it takes longer than one month, you will be notified.

The Right to Information and Access

You have the right to receive information about the personal data we process about you. Through this statement, we inform you about our processing of personal data. For further information, please contact us by using the above-mentioned email address.

You also have the right to demand access to the personal data processed about you.

The Right to Erasure and Rectification

You can also ask us to correct inaccurate information we hold about you or ask us to delete personal data. We will, as far as possible, comply with a request to delete personal data.

The Right to Restriction and Object

In certain cases, you have the right to have the processing restricted, see GDPR article 21:
  1. You contest the accuracy of the personal data – processing is suspended for a period of time that allows us to verify the accuracy of the personal data.
  2. The processing is unlawful and you object to the erasure of the personal data and instead request that the use of the personal data is restricted.
  3. We no longer need the personal data to fulfill the purpose of the processing, but you need it to establish, exercise or defend legal claims.

You may also object to processing under Article 21(1) of the GDPR pending the verification of whether our legitimate interests override your privacy.

The right to data portability

For data that you have provided to us and that is necessary for the performance of a contract with us and that is processed automatically, you may request that your personal data be disclosed or transferred to another provider in a structured, commonly used, and machine-readable format.

8 COMPLAINANT

If you feel that our processing of personal data does not comply with what we have described here or that we are otherwise in breach of the data protection regulations, you can complain to the Norwegian Data Protection Authority:

Datatilsynet

Postboks 458 Sentrum

0105 Oslo

E-mail: postkasse@datatilsynet.no

You can find more information about complaints to the Norwegian Data Protection Authority on their websites.

9 CHANGES

If there are changes made in how we process your personal data, we will update or change our Privacy Policy. In the event of major changes, we will inform you of this.