DERBY LANE PARTNERS LP DATA PROTECTION NOTICE
This is the Investor Data Protection Notice (“Notice”) for Derby Lane Partners LP and its funds and affiliates (collectively, “Derby Lane” or “we” or “us”).
At Derby Lane, we respect the privacy of our investors, and this Notice governs how Derby Lane collects, processes and uses your Personal Information (which we use to mean any data that identifies or could be used to identify an individual person and is in the possession of, or is likely to come into the possession of, Derby Lane or its representatives or service providers), in your capacity as our customer pursuant to United States federal law.
Depending on the jurisdiction in which you reside, you may have certain rights with respect to your Personal Information, which are addressed in this Notice. If you have questions about which rights apply to you, or wish to exercise any such rights, you can contact us using the details set out below.
This Notice was last updated in May 2026. It may change from time to time and you should review it periodically.
For additional information about our privacy practices, including rights that may apply to you if you are a resident of the European Union, the United Kingdom or the state of California, or our processing of your personal information is subject to laws in those jurisdictions, please see the below and our California Data Protection Notice and our EEA-UK Data Protection Notice.
WHAT DOES DERBY LANE PARTNERS LP DO WITH YOUR PERSONAL INFORMATION?
Why?
Financial companies, including Derby Lane Partners LP and its affiliates (collectively, “Derby Lane” or “we”) choose how they share your Personal Information. In the United States, federal law gives customers the right to limit some but not all sharing of Personal Information. Federal law also requires us to tell you how we collect, share, and protect your Personal Information. Please read this Notice carefully to understand what we do.
What?
The types of Personal Information we collect and share depend on the product or service we provide to you. This information can include:
- Social Security number and assets;
- Account balances and transaction history; and
- Investment experience and wire transfer instructions.
How?
All financial companies need to share customers’ Personal Information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ Personal Information; the reasons Derby Lane Partners LP chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information | Does Derby Lane Partners LP share? | Can you limit this sharing? |
|---|---|---|
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus | Yes | No |
For our marketing purposes – to offer our products and services to you | Yes | No |
For joint marketing with other financial companies | No | We don’t share |
For our affiliates’ everyday business purposes – information about your transactions and experiences | Yes | No |
For our affiliates’ everyday business purposes – information about your creditworthiness | No | We don’t share |
For our affiliates to market to you | Yes | Yes |
For nonaffiliates to market to you | No | We don’t share |
To limit our sharing:
Call 646-530-6434 or 646-530-6450
Please note:
If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we may continue to share your information as described in this notice.
However, you can contact us at any time to limit our sharing.
Questions?
Call 646-530-6434 or 646-530-6450
Who we are
Who is providing this notice?
Derby Lane Partners LP, an investment adviser registered with the U.S. Securities & Exchange Commission, and its affiliates.
What we do
How does Derby Lane Partners LP protect my personal information?
To protect your Personal Information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Derby Lane Partners LP collect my personal information?
We collect your Personal Information, for example, when you:
- Give us your contact information;
- Open an account or buy securities from us; and
- Tell us where to send the money or make a wire transfer.
We also collect your Personal Information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?
In the U.S., federal law gives you the right to limit only:
- sharing for affiliates’ everyday business purposes – information about your creditworthiness;
- affiliates from using your information to market to you; and
- sharing for nonaffiliates to market to you.
State laws and individual companies may give you additional rights to limit sharing.
What happens when I limit sharing for an account I hold jointly with someone else?
Your choices will apply to everyone on your account.
Definitions | |
|---|---|
Affiliates | Companies related by common ownership or control. They can be financial and nonfinancial companies.
|
Nonaffiliates | Companies not related by common ownership or control. They can be financial and nonfinancial companies.
|
Joint marketing | A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
|
CALIFORNIA DATA PROTECTION NOTICE
INVESTORS IN CALIFORNIA
California Consumer Protection Act (CCPA)
These CCPA (defined below) disclosures provide additional information applicable to California residents. Please be aware that information about individual (natural person) investors that is obtained in connection with our provision of financial products or services is protected by financial privacy laws, including the Gramm Leach Bliley Act, and is not subject to the CCPA. We request that you supply a copy of these CCPA disclosures to any employees, contractors, trust beneficiaries, or others whose personal information you may provide to us that is not subject to such financial privacy laws. For additional information about our privacy practices with respect to the personal data of non-investors, please also refer to our website privacy policy, available at www.derbyln.com/disclosures/privacy-policy.
If you are a California resident, the California Consumer Protection Act, as amended (together with its implementing guidelines and regulations, the “CCPA”) may provide you with certain rights:
- The right to request, up to twice in a twelve-month period, information about or a copy of your Personal Information collected by Derby Lane.
- The right to request that Derby Lane delete your Personal Information, subject to exceptions such as where Derby Lane is legally entitled to retain Personal Information regardless of any such request.
- The right to correct inaccurate Personal Information collected by Derby Lane.
- The right to opt out of any sale of your Personal Information to any third parties or the sharing of such information with third-parties for purposes of cross-contextual behavioral advertising. Note that Derby Lane does not currently sell Personal Information or share such information for purposes of cross-contextual behavioral advertising, and has not done so within the past twelve months.
- The right to limit our use of sensitive Personal Information, subject to exceptions.
- The right to exercise the rights otherwise described without experiencing any discrimination, as defined under the law, as a result of your exercise of such rights.
These rights are not absolute, and we reserve all of our rights available under law. If you are a California resident, Personal Information will include the full definition of “Personal Information” under the CCPA. If you wish to exercise any of the rights set out in this section, please contact Derby Lane using the details below.
Information We Collect and Retain
We may collect the following categories of Personal Information about you from the sources identified as follows.
Note that we may combine Personal Information collected from different sources for any of the purposes listed in the section below entitled “Why We Collect Information and How We May Disclose It.”
- Communications Data. We collect from you when you become a client, and as you may provide updates from time to time, communications-related data such as your name and contact details (i.e. home and email address, home and mobile phone numbers).
- Financial Data. In connection with the administering of necessary financial transactions associated with your investment in a fund managed by Derby Lane, we may collect from you and / or financial service providers with which we engage, and may create about you, information obtained as a result of your investment in any of our funds (such as advisor details, investment details, banking details, and financial details); as well as banking information, tax information, your social security number or other tax identification number and details of tax residency.
- Identity Data. As you may provide to us when you become a client, and as you may provide updates from time to time, we may collect from you data in the context of us carrying out anti-money laundering, regulatory, tax and know your client checks (such as data included in identification documents, details of sanctions); as well as your nationality, age, gender and other information from related documents, such as your passport.
- IT Data. We may collect from you, create about you, and/or collect from other sources (such as third party software that we use for our Business Purposes) information about your use of our Information Technology, communication and other systems such as our computer networks and connections.
We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. Consistent with the above, we will retain Personal Information as required by law to comply with applicable recordkeeping rules.
Why We Collect Information and How We May Disclose It
Derby Lane does not sell Personal Information to third parties or share such information for purposes of cross-contextual behavioural advertising. We do not disclose Personal Information to third parties for those third parties’ own direct marketing purposes. We may disclose your Personal Information to Derby Lane’s affiliated entities, as well as with third parties, as detailed in the sections immediately below. Any recipient of your Personal Information will be subject to confidentiality obligations as and to the extent required by law. Derby Lane may share anonymous or aggregated data with third parties such as service providers in order to facilitate our business operations.
In general, Derby Lane may also use and disclose any Personal Information it maintains about you as follows:
Purpose for Processing | Possible Disclosures |
|---|---|
To manage and mitigate risk and to assess and ensure compliance with applicable laws, legal requirements, and company policies, including to maintain the privacy and security of our data, to conduct internal audits or investigations, and to obtain legal advice or to establish, exercise or defend legal rights. | Service Providers, law enforcement, governmental authorities, regulators or other bodies, courts, insurers, tax or financial authorities or consultants, legal advisors. |
As needed to protect our assets or to investigate or defend against any claims of illegality or wrongdoing or in response to a court order or judicial or other government subpoena or warrant. | Law enforcement, governmental authorities, regulators or other bodies, courts, tax authorities, insurers, legal advisors, mediators. |
In the event Derby Lane undertakes or is involved in or contemplating (e.g., in connection with due diligence) any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event. | Buyers or purchasers (or potential buyers or purchasers) and their representatives. |
In addition to Derby Lane’s general purposes for processing and disclosing any category of your Personal Information, the chart below includes other purposes for which we may process specific categories of your Personal Information and to whom such information is disclosed.
Purpose(s) for Processing | Possible Disclosures |
|---|---|
Communications Data
|
|
Financial Data
|
|
Identity Data
|
|
IT Data
|
|
Depending on our relationship with you, we may collect Personal Information that is also considered “sensitive personal information” under the CCPA, including certain financial information such as financial account number as well as identifying information such as social security, driver’s license, or passport numbers. We use sensitive Personal Information only for limited, lawful purposes in compliance with the CCPA and do not use sensitive Personal Information to infer characteristics about you. We may use such information for KYC purposes, to otherwise comply with legal or regulatory obligations, and to provide our services to you.
We seek to ensure that the collection and processing of information by us is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it. Please note that if you do not provide certain Personal Information to Derby Lane when requested (and where relevant, provide your consent), we may not be able to provide you with some or all of our services and products (including those set out in this Policy or in other agreements we enter into with you).
Questions
If you are a California resident and you have questions about your rights under the CCPA or wish to exercise any of the rights provided to you by the CCPA you may contact us as follows:
Call: 646-530-6434 or 646-530-6450
Email: DerbyIR@derbyln.com
EEA-UK DATA
PROTECTION NOTICE
INVESTORS IN THE EUROPEAN UNION AND UNITED KINGDOM
This EEA-UK Data Protection Notice (“EEA-UK Privacy Notice”) applies to the extent that EEA-UK Data Protection Legislation (as defined below) applies to the processing of personal data by an Authorized Entity (as defined below). If this EEA-UK Data Protection Notice applies, the relevant data subject has certain rights with respect to such processing of their personal data, as outlined below.
For this EEA-UK Data Protection Notice, “EEA-UK Data Protection Legislation” means all applicable legislation and regulations relating to the protection and/or processing of personal data in force from time to time in the European Union (the “EU”), the European Economic Area (the “EEA”), and/or the United Kingdom (the “UK”) including, as applicable, the following: (a) Regulation (EU) 2016/679 (the “EU GDPR”); (b) the EU GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018 (the “UK GDPR”); (c) any other legislation which implements any other current or future legal act of the EU, EEA or the UK concerning the protection and/or processing of personal data (including any other national implementing or successor legislation); and (d) any amendment or re-enactment of any of the foregoing.
The terms “controller”, “processor”, “data subject”, “personal data” and “processing” in this EEA-UK Data Protection Notice shall have the meanings given to them under the applicable EEA-UK Data Protection Legislation. Unless otherwise defined herein, capitalized terms used in this EEA-UK Data Protection Notice will have the meanings ascribed to such terms in the Subscription Agreement or the Partnership Agreement.
Categories of personal data collected and lawful bases for processing
In connection with the formation, offering and operation of private investment funds for investors, the Partnership, the General Partner, the Management Company, the Administrator, their respective affiliates and, in each case, their respective administrators, legal and other advisors, service providers and agents (the “Authorized Entities”) may collect, record, store, adapt, and otherwise process and use personal data, either relating to investors or to their partners, officers, directors, employees, shareholders, ultimate beneficial owners or affiliates or to any other data subjects, from the following sources (and all references to “investor(s)” in this EEA-UK Privacy Notice shall be to such investor(s) and, as applicable, any of these other persons as relate to such investor(s)):
(1) information received in telephone meetings, conversations, in voicemails, through written correspondence, via e-mail or other forms of communications or in subscription agreements, investor questionnaires, applications or other forms (including, without limitation, any anti-money laundering, “know-your-client” identification, and verification documentation);
(2) information about transactions with any Authorized Entity or other persons;
(3) information captured on any Authorized Entity’s website, fund data room and/or investor reporting portal (as applicable) including registration information, information provided through online forms or any information captured via “cookies” and/or similar technologies;
(4) information containing photographic image or specimen handwriting; and
(5) information from available public sources, including from:
(a) publicly available and accessible directories and sources;
(b) bankruptcy registers;
(c) tax authorities, including those that are based outside the UK and the EEA if the applicable data subject is subject to tax in another jurisdiction;
(d) governmental and competent regulatory authorities to whom any Authorised Entity has regulatory obligations;
(e) credit agencies; and
(f) fraud prevention and detection agencies and organisations.
Any Authorized Entity may process the following categories of personal data:
(1) names, dates of birth, and birth place;
(2) contact details and professional addresses (including physical addresses, email addresses and telephone numbers);
(3) account data and other information contained in any document provided by investors to the Authorized Entities (whether directly or indirectly);
(4) information regarding the investor’s use of any Authorized Entity’s website, fund data room and/or investor reporting portal(s) (as applicable);
(5) risk tolerance, transaction history, investment experience and investment activity;
(6) accounts and transactions with other institutions;
(7) information and documents regarding an investor’s status under various laws and regulations, including their identification/social security number, tax status, income and assets, PEP status, sanctions status and related parties’ power of attorney;
(8) accounts and transactions with other institutions;
(9) information and documents regarding an investor’s interest in the Partnership, related funds, including ownership percentage, capital commitment and contributions, income and losses;
(10) information regarding an investor’s nationality, citizenship and location of residence;
(11) source of funds used to make the investment in the Partnership or related funds; and
(12) anti-money laundering, identification (including passport and drivers’ license) and verification documentation.
As part of its compliance with legal obligations such as anti-money laundering requirements, the Authorized Entities may be required to process special categories of personal data (as defined in the EEA-UK Data Protection Legislation), including personal data relating to political opinions as well as criminal convictions and offencesvdata.
Any Authorized Entity may, in certain circumstances, combine personal data it receives from an investor with information that it collects from, or about such investor. This may include information collected in an online or offline context. In addition, personal data of investors could be processed and controlled by an Authorized Entity irrespective of whether such investor is admitted to the Partnership as a limited partner.
The Authorized Entities are each “controllers” of personal data collected in connection with the Partnership. In simple terms, this means such Authorized Entities: (i) “control” the personal data that they or other Authorized Entities collect from investors or other sources; and (ii) make certain decisions on how to use and protect such personal data.
There is a need to process personal data for the purposes set out in this EEA-UK Privacy Notice as a matter of contractual necessity under or in connection with the Partnership Agreement, the Subscription Agreement and associated documentation, pursuant to applicable legal obligations, and in the legitimate interests of the Authorized Entities (or those of a third party) to operate their respective businesses. From time to time, an Authorized Entity may need to process the personal data on other legal bases, including: with consent; if it is necessary to protect the vital interests of an investor or other data subjects; or if it is necessary for a task carried out in the public interest. To the extent that an Authorized Entity processes personal data relating to political opinions of data subjects having a public political exposure, such personal data is processed on the basis that it is personal data which has manifestly been made public by the data subject and/or is necessary for reasons of substantial public interest.
Purpose for Processing
The applicable Authorized Entities process the personal data for the following purposes (and in respect of paragraphs (3), (4), (6), (8), (9), (10) and (12) in the legitimate interests of the Authorized Entities (or those of a third party)):
(1) The performance of its contractual and legal obligations (including applicable anti-money laundering, “know-your-client” and other related laws and regulations) including in assessing suitability of investors in the Partnership.
(2) The administrative processes (and related communication) carried out between the Authorised Entities in preparing for the admission of investors to the Partnership.
(3) Ongoing communication with investors, their representatives, advisors and agents, (including the negotiation, preparation and execution of documentation) during the process of admitting investors to the Partnership.
(4) The ongoing administrative, accounting, reporting and other processes and communication required to operate the business (including any websites, fund data rooms, and/or investor reporting portals) of the Authorised Entities (as applicable) in accordance with the Partnership Agreement and/or other applicable documentation between the parties.
(5) To administer, manage and set up investor account(s) to allow investors to purchase a holding (of shares or other interests) in the Partnership (and any other funds operated by the General Partner or its affiliates).
(6) To facilitate the execution, continuation or termination of the contractual relationship between investors and the General Partner, the Partnership and/or any other Authorised Entities (as applicable).
(7) To facilitate the transfer of funds, and administering and facilitating any other transaction, between an investor and the Partnership and/or any other Authorised Entity (as applicable).
(8) To enable any actual or proposed assignee or transferee, participant or sub-participant of the Partnership of the Partnership’s rights or obligations to evaluate proposed transactions.
(9) To facilitate business asset transactions involving the Partnership and/or the Partnership’s related vehicles.
(10) To facilitate business asset transactions involving the Partnership or Partnership’s related vehicles and/or including due diligence carried out by any third party that acquires, or is interested in acquiring or securitising, all or part of the Partnership’s assets or shares, or that succeeds to it in carrying on all or a part of its businesses, or services provided to it, whether by merger, acquisition, financing, reorganisation or otherwise.
(11) Any legal or regulatory requirement.
(12) Keeping investors informed about the business of the General Partner, the Partnership and their respective affiliates generally, including offering opportunities to make investments other than in the Partnership.
(13) Any other purpose that has been notified, or has been agreed, in writing.
The Authorized Entities may monitor communications where the law requires them to do so. The Authorized Entities may also monitor communications, where permitted to do so, to protect their respective businesses and the security of their respective systems.
Recipients of Data
In addition to disclosing personal data amongst themselves, any Authorized Entity may disclose personal data, where permitted by EEA-UK Data Protection Legislation, to other service providers, investors, portfolio companies, regulators or other governmental entities, custodians, administrators, transfer agents, employees, agents, contractors, consultants, professional advisers, lenders, processors and persons employed and/or retained by them and/or any other third parties in order to fulfil the purposes described in this EEA-UK Data Protection Notice and any third party that acquires, or is interested in acquiring or securitizing, all or part of the Partnership’s assets or interests, or that succeeds to it in carrying on all or a part of its businesses, or services provided to it, whether by merger, acquisition, reorganization or otherwise. In addition, any Authorized Entity may share personal data with regulatory bodies having competent jurisdiction over them, as well as with tax authorities, auditors and tax advisers (where necessary, required or advisable to comply with law).
International Transfer of Data
The disclosure of personal information to the third parties set out above may involve the transfer of data by any Authorized Entity to a Non-Equivalent Country (as defined below), in order to fulfil the purposes described in this EEA-UK Data Protection Notice and in accordance with applicable law, rule or regulation, including where such transfer is a matter of contractual necessity to enter into, perform and administer the Subscription Agreement and/or the Partnership Agreement, and to implement requested pre-contractual measures. Transfers of personal data may be made further to applicable adequacy decisions, appropriate or suitable safeguards permitted under the EEA-UK Data Protection Legislation, or any other valid means permitted by applicable law. For information on the safeguards applied to such transfers, please contact the General Partner.
For the purposes of this EEA-UK Data Protection Notice, “Non-Equivalent Country” shall mean a country or territory other than (i) a member state of the EEA; (ii) the UK; or (iii) a country or territory which has at the relevant time been decided by applicable authority, including the European Commission or the Government of the UK and/or the UK Information Commissioner’s Office (as applicable) in accordance with EEA-UK Data Protection Legislation to ensure an adequate level of protection for personal data.
Retention Period
The General Partner and its affiliates consider the protection of personal data to be a sound business practice, and to that end, employ appropriate technical and organizational measures, including robust physical, electronic and procedural safeguards which seek to protect personal data in their possession or under their control.
The Authorized Entities will not retain your personal data for longer than necessary with regard to the purposes described in this EEA-UK Privacy Notice or as long as is required to comply with applicable legal/regulatory obligations.
Personal data will be retained throughout the life cycle of any investment in the Partnership. The Partnership maintains personal data of our former investors and apply the same policies that apply to current investors.
Consequences of Not Providing Required Data
Where an Authorized Entity requires your personal information to fulfil the purposes described in this EEA-UK Data Protection Notice, failure to provide this information means the applicable Authorized Entity may not be able to provide the services in connection with the Partnership Agreement and/or the Subscription Agreement. We will tell you when we ask for your information whether it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.
Data Subject Rights
It is acknowledged that, subject to applicable EEA-UK Data Protection Legislation, investors or the data subjects to which personal data relates, have various rights under EEA-UK Data Protection Legislation, including: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data; to request and receive a copy of their personal data, to request rectification of their personal data, to request erasure of their personal data, the right to data portability, and the right not to be subject to automated decision making. Please note that the right to erasure is not absolute and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, erasure of the personal data requested to fulfil the purposes described in this EEA-UK Data Protection Notice may result in the inability to provide the services required in connection with the Partnership Agreement and/or the Subscription Agreement.
In case a data subject to whom personal data relate disagrees with the way in which their personal data is being processed in relation to the Partnership Agreement and/or the Subscription Agreement, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.
We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after of receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. For more details in relation to your rights, including how to exercise them, please contact us at the contact information provided below.
How to Contact the Fund
If you have any questions about this EEA-UK Privacy Notice, please contact us at DerbyIR@derbyln.com, or call us at 646-530-6434 or 646-530-6450.