PRIVACY POLICY

EUROPEAN ECONOMIC AREA, UNITED KINGDOM AND SWITZERLAND (the “EEA+”) PRIVACY POLICY

I. Introduction

A.This is the Privacy Policy of First Eagle (which is referred to as “First Eagle”, “us” or “we” throughout this Privacy Policy) relating to the processing of Personal Data in the EEA, the UK or Switzerland (the “EEA+”) or of individuals located in the EEA+. This Policy applies only to the processing of Personal Data of individuals resident in the EEA+ for whom First Eagle acts as a Data Controller or Data Processor. This Privacy Policy provides details of the way in which we Process Personal Data for such individuals in line with our obligations under certain data protection laws and regulations including the General Data Protection Regulation (“GDPR”). For purposes of this Policy, First Eagle includes but is not limited to First Eagle Holdings, Inc.; First Eagle Investment Management, LLC; First Eagle Investment Management Ltd; FEF Distributors, LLC; First Eagle Separate Account Management, LLC; First Eagle Alternative Credit, LLC; First Eagle Investment Management GmbH; and any other First Eagle funds and any sub-funds, as applicable.

B. Capitalised terms used in this Privacy Policy and not defined in context are defined in the Glossary in Annex I.

II. Background and Purpose

A.The purpose of this Privacy Policy is to explain what Personal Data we Process and how and why we Process it. In addition, this Privacy Policy outlines our duties and responsibilities regarding the protection of such Personal Data. The way we Process Personal Data will evolve over time and we will update this Policy from time to time to reflect changing practices.

B. In addition, to meet our transparency obligations under Data Protection Law, we will incorporate this Privacy Policy by reference into various points of data capture used by us, including First Eagle’s website (section applicable to non-U.S. persons), First Eagle’s EU Resident Employee Privacy Notice, and investor subscription application forms.

III. First Eagle as a Data Controller

A. First Eagle will act as a Data Controller in respect of Personal Data provided to us by the following categories of individuals in connection with the management, operation and administration of First Eagle:

  • Shareholders/Unitholders in pooled vehicles and separate accounts for which First Eagle acts as investment manager, and prospective Shareholders/Unitholders;

  • Directors, designated persons and other individuals performing “controlled functions” within First Eagle under regimes of applicable government regulators;

  • Employees of service providers/suppliers/creditors who provide services to First Eagle;

  • Applicants and Employees of First Eagle;

  • Visitors to the First Eagle websites.

B. Which First Eagle entity is Data Controller will depend on the nature of the service:

Data SubjectData Controller
Shareholders/Unitholders of a fund and prospective Shareholders/UnitholdersThe relevant fund or ICAV
Employee or director of First Eagle Investment Management GmbHFirst Eagle Investment Management GmbH
Employee or director of First Eagle Investment Management LtdFirst Eagle Investment Management Ltd
Employees of service providers/suppliers/creditorsThe First Eagle entity to which the goods or services are supplied
Website VisitorsFirst Eagle Investment Management, LLC

 

C. Personal Data is processed by First Eagle for the following purposes:1

Shareholders/Unitholders and Prospects
Purpose of ProcessingLawful Basis under GDPR
For prospects, to communicate with the prospective Shareholder/Unitholder about a potential investment.The legitimate interest of First Eagle to engage new business (per Art.
9(2)(f)).
To manage and administer an investor’s holding in products or accounts managed by First Eagle on an ongoing basis.As required for the performance of the contract between the Shareholder/Unitholder and First Eagle (per Art. 6(1)(b) GDPR).
To carry out statistical analysis and market research.As necessary and proportionate in First Eagle’s legitimate business interests (per Art. 6(1)(f) GDPR).
To comply with legal and regulatory obligations applicable to the investor and/or First Eagle from time to time, including, without limitation, applicable tax, anti-money laundering and other counter terrorist financing legislation. Shareholders’ personal data (including financial information) may be shared with relevant tax authorities. They in turn may exchange information (including personal data and financial information) with foreign tax authorities (including foreign tax authorities located outside
the European Economic Area).
To comply with legal obligations to which First Eagle is subject (per Art. 6(1)(b) GDPR).
1 The notice sent to investors/GDPR disclosure in prospectus and other documents and the wording in this table should be checked for consistency
 
Shareholders/Unitholders and Prospects
Purpose of ProcessingLawful Basis under GDPR
For prospects, to communicate with the prospective Shareholder/Unitholder about a potential investment.The legitimate interest of First Eagle to engage new business (per Art. 9(2)(f)).
For any other specific purposes where the investor has given specific and informed consent based on an appropriate notice.Based on Shareholder/Unitholder consent (per Art. 6(1)(a) GDPR).
 
Directors and Employees and Applicants
Purpose of ProcessingLawful Basis under GDPR
To communicate with directors, employees and applicantsLegitimate interest of First Eagle to contact directors, employees and applicants (per Art. 6(1)(f) GDPR).
To hire and manage employees, interns and contractorsPerformance of the employment contract or in order to take steps at the request of an applicant/employee prior to entering into a contract (per Art. 6(1)(b) GDPR).
To train, manage and promote employeesLegitimate interest of First Eagle to manage its employees (per Art. 6(1)(f) GDPR).
To compensate employees and administer benefits

Performance of the employment contract (per Art. 6(1)(b) GDPR).

Performance of obligations under employment and social security and social protection law (per Art. 9(2)(b) GDPR) or for the purposes of preventative or occupational medicine or the assessment of working capacity of an employee (per Art. 9(2)(g) GDPR)

To comply with relevant employment and tax lawsCompliance with legal obligations under employment and tax laws (per Art. 6(1)(c) GDPR).
To comply with regulatory laws applicable to directors and other individuals performing
“controlled functions” within First Eagle
Compliance with regulatory obligations (per Art. 6(1)(c) GDPR).

 

Directors and Employees and Applicants
Purpose of ProcessingLawful Basis under GDPR
To ensure the security of our IT systems and proprietary information in accordance with company policies
To investigate a breach of company policies and apply disciplinary measures where appropriate
Legitimate interest of First Eagle to manage its IT systems and to enforce its company policies (Art. 6(1)(f) GDPR).
To establish, exercise or defend any legal claims

Legitimate interests of First Eagle to asserts its legal rights (per Art. 6(1)(f) GDPR)

To establish, exercise or defend any legal claims (per Art. 9(2)(f) GDPR)

 

Employees of Service Providers/Supplier/Creditors
Purpose of ProcessingLawful Basis under GDPR
To communicate with such employees for the purposes of receiving servicesLegitimate interest of First Eagle to communicate with its providers (per Art. 6(1)(f) GDPR).

 

Website Visitors
Purpose of ProcessingLawful Basis under GDPR
Use of identifying information to remember a visitor, permit login or improve the websiteLegitimate interest of First Eagle to deliver and improve its website (per Art. 6(1)(f) GDPR).

 

IV. First Eagle and Data Processors
First Eagle will engage certain service providers to perform certain services on its behalf, which may involve the Processing of Personal Data. To the extent that such Processing is undertaken based on the instructions of First Eagle and gives rise to a Data Controller and Data Processor relationship, First Eagle will ensure that such relationship is governed by a contract which includes the data protection provisions prescribed by the GDPR or other applicable data protection laws.
 
V. Record Keeping
As part of our record keeping obligations under Art. 30 of the GDPR, First Eagle retains a record of the Processing activities under its responsibility. This comprises the following:
Art. 30 GDPR Requirement
First Eagle’s Record
Name and contact details of the Data Controller
Relevant First Eagle entity as described in paragraph B of Section 3 of this Privacy Policy.
The purposes of the processing
See Section 3 of this Privacy Policy.
Description of the categories of data subjects and of the categories of personal data.
See Annex II of this Privacy Policy.
The categories of recipients to whom the Personal Data have been or will be disclosed.
See Section 9 of this Privacy Policy.
Where applicable, transfers of personal data to a third country outside of the EEA+.
See Sections 9 and 11 of this Privacy Policy.
Where possible, the envisaged time limits for erasure of the different categories of data.
See Section 10 of this Privacy Policy.
Where possible, a general description of the technical and organisational security measures referred to in Article 32(1).
See Section 8 of this Privacy Policy.

 

VI. Special Categories of Data
First Eagle will not ordinarily obtain or Process Special Categories of Data for Shareholders/Unitholders, employees of service providers/suppliers/creditors or website visitors. First Eagle will Process certain Special Categories of Data of employees and directors, for example, health information in order to manage sick leave, provide benefits such as sick pay, administer accommodations for certain employees or to assess the working capacity of an employee. Where First Eagle Processes Special Categories of Data it shall ensure that appropriate technical and organisational measures are in place.
 
VII. Individual Data Subject Rights
A. The GDPR and other applicable data protection laws provide certain rights in favour of data subjects. The rights in question are as follows (the “Data Subject Rights”):
the right of a data subject to receive detailed information on the processing (by virtue of the transparency obligations on the Data Controller);
  • the right of access to a copy of Personal Data;
  • the right to amend and rectify any inaccuracies in Personal Data;
  • the right to erase Personal Data (right to be forgotten);
  • the right of data portability;
  • the right to restrict Processing;
  • the right to object to Processing;
  • the right to object to automated decision making, including profiling; and
  • the right to complain to the local supervisory authority.
B. These Data Subject Rights will be exercisable by data subjects subject to limitations as provided for Data Protection Law. In certain circumstances it may not be feasible for First Eagle to discharge these rights, for example because of the structure of First Eagle or the way the Shareholder/Unitholder holds Shares/Units in a Fund. Data subjects may make a request to First Eagle to exercise any of the Data Subject Rights by contacting the Legal and Compliance Department at firsteagleprivacy@feim.com. Requests shall be dealt with in accordance with Data Protection Law.
 
VIII.  Data Security and Data Breach
First Eagle undertakes to process any Personal Data subject to this Privacy Policy in accordance with the Data Protection Law. Accordingly, we and our service providers have technical and organisational measures in place to protect Personal Data from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access. Personal Data are held securely using a range of security measures including, as appropriate, physical measures such as locked filing cabinets, IT measures such as encryption, and restricted access through approvals and passwords.
The GDPR obliges Data Controllers to notify the relevant Supervisory Authority and affected data subjects in the case of certain types of Data Breaches. Any Data Breaches identified in respect of Personal Data controlled by First Eagle will be dealt with in accordance with Data Protection Law and First Eagle’s Personal Data Security Breach Procedure (for use in connection with EU residents only).
 
IX. Disclosing Personal Data
From time to time, we may disclose Personal Data within the First Eagle group, to third parties, or allow third parties to access Personal Data which we Process (for example, where a law enforcement agency or regulatory authority submits a valid request for access to Personal Data) and for the purposes of fraud prevention or investigation. In relation to Shareholders/Unitholders, First Eagle may be required to disclose Personal Data relating to U.S. Reportable Persons to the U.S. Internal Revenue Service for purposes of FATCA compliance.
We may also disclose Personal Data to delegates, professional advisors, service providers (e.g., investment managers, distributors, administrators and depositaries) regulatory bodies, auditors, technology providers and any of the respective related, associated or affiliated companies of the foregoing for the same or related purpose(s).
We may also disclose certain Personal Data of employees and directors (for example employment contracts, salaries, grievances) to a potential purchaser of all or a portion of our business and their advisors.

X. Data Retention
We will keep Personal Data for:
(a)    the duration of the investment by an investor in a product or account managed by First Eagle and afterwards in accordance with First Eagle’s legal and regulatory obligations and any applicable record retention policy of First Eagle;
(b)    such period as may be deemed by us to be necessary in light of applicable statutory limitation periods; and
(c)    otherwise only for as long as the retention of such Personal Data is deemed necessary for the purposes for which that Personal Data are Processed (as described in this Privacy Policy).

XI. Data Transfers outside the EEA+
From time to time, First Eagle may transfer Personal Data to countries outside the EEA+ (mainly to the US) which may not have the same or equivalent Data Protection Law. If such transfer occurs, First Eagle will ensure that such processing of Personal Data is in compliance with Data Protection Law and, either that appropriate measures are in place such as entering into Standard Contractual Clauses (as published by the European Commission) or that First Eagle can rely on an appropriate transfer derogation. First Eagle has in place an intra-group agreement which incorporate the Standard Contractual Clauses. More detail on the appropriate transfer mechanisms is available on request.
 
XII. Further Information/Complaints Procedure
Further information about this Privacy Policy and/or the Processing of Personal Data by or on behalf of First Eagle may be made available, if necessary, by contacting firsteagleprivacy@feim.com. While any individual may make a complaint in respect of compliance with Data Protection Law directly to the relevant regulatory commission, investors are requested to contact firsteagleprivacy@feim.com in the first instance to give us the opportunity to address any concerns that they may have.

Amended Dates: August 31, 2021; June 3, 2021
Adopted Date: November 1, 2018

ANNEX I

Glossary

In this Privacy Policy, the terms below have the following meaning:

“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.

“Data Controller” means the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“Data Processor” means the party that Processes Personal Data on behalf of the Data Controller.

“Data Protection Law” means the General Data Protection Regulation (No 2016/679) (“GDPR”), the UK GDPR and any other laws which apply to First Eagle in relation to the Processing of Personal Data.

“European Economic Area” or “EEA” means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Iceland, Liechtenstein, and Norway.

“Personal Data” is any information relating to a living individual who is resident in the EEA+ which allows the identification of that individual. Personal Data can include:
•    a name, an identification number;
•    details about an individual’s location; or
•    any other information that is specific to that individual.

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Process” and “Processing” are interpreted accordingly.

“Special Categories of Data” are types of Personal Data that reveal any of the following information relating to an individual: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Special Categories of Data also include the Processing of genetic data, biometric data (for example, fingerprints or facial images), health data, data concerning sex life or sexual orientation and any Personal Data relating to criminal convictions or offences.

“Supervisory Authority” means an independent public authority which is established by a Member State pursuant to Article 51 of the GDPR.
 

ANNEX II

Types of Personal Data

Categories of Data SubjectType of Personal Data
1. Shareholders/Unitholders of products/accounts managed by First Eagle and prospectsName, mailing and residential addresses, email address, telephone number (the preceding are collected in relation to prospects), beneficiary name, nationality, date of birth, account number, bank account details, tax identification number, certain tax forms, etc.
2. Directors, designated persons and other individuals performing “controlled functions” within First Eagle under regimes of applicable government regulators. See also Employees of First Eagle below, which will apply to relevant people.Name, mailing and residential addresses, email address, telephone number, date of birth, nationality, passport number, etc.
3. Employees of Fund service providers.Name, mailing address, email address and telephone number, etc.
4. Employees (including applicants) of First EagleSee categories of Personal Data listed on Annex III attached hereto.
5. Website VisitorsIP address, device identifier, location, type of browser and operating system, domain name of internet service provider, information on which pages you visit and for how long.

 

ANNEX III

Examples of Employee Personal Data

Categories of personal dataExample of type of personal data in each category
Contact detailsName, title, personal address, personal telephone number etc.
Personal detailsAge, gender, marital status etc.
Business contact detailsBusiness address, business telephone number, professional titles etc.
Next of kin contact informationNames, address, telephone number etc.
Financial informationBank account details, debit/credit card numbers, credit check records, salary and any other benefit information
Criminal convictions or proceedingsDBS searches etc. (where lawful)
National identifiersPassport number, social security number etc.
PhotographsID cards, CCTV images etc.
Location informationPhysical location including where location can be identified from IP address etc.
Log Data, Device and Browser informationDevice information such as computer, tablet and mobile phones (including BYOD) as well as monitoring information such as browsing history and access logs for documents and systems etc.
Performance informationAppraisals, talent information like ratings, scores feedback etc.
Recruitment informationCV, application form, background checks
HR recordsContract of employment and any side/variation letters, remuneration and other benefits (e.g. pension), expenses claims, records of leave taken, details of any complaints/grievances raised, documents connected with disciplinary proceedings, flexible working request, resignation letter, documents in relation to any actual or threatened claim, settlement agreement