Privacy and Personal Data Protection Policy

THEOREM FUND SERVICES, LLC
Privacy and Personal Data Protection Policy

As of June 13, 2022

Theorem Fund Services, LLC (“Theorem”) is committed to preserving the privacy of all nonpublic personal information or personal data (“Personal Data”) it receives and maintains. This policy describes what Personal Data Theorem processes, how it is used and what measures are taken to safeguard the confidentiality of this information.

Personal Data Theorem Processes
Theorem may process the Personal Data of the following categories of individuals (“Data Subjects”):

  • Connected Persons of Clients. An individual connected with an entity who entered into an administration agreement or other agreement with Theorem for the provision of services (“Client”) in one of the following ways:
    • An individual controls a Client through ownership or vested executive powers or authority;
    • An individual is employed by or acts as an agent or representative, either directly or indirectly of a Client;
    • An individual is employed by or acts as an agent or representative, either directly or indirectly of a service provider of a Client and Theorem interacts with such individual in connection with its provision of services to the Client; or
    • An individual is not in one of the above categories, but interacts with Theorem in connection with Theorem’s provision of the services to the Client.
  • Investors and Connected Persons of Investors. An investor (partner, member or shareholder) of a Client or an individual connected with such an investor in the following ways:
    • An individual controls a legal entity investor through ownership or vested executive powers or authority;
    • An individual employed by or acting as an agent or representative, either directly or indirectly of an investor;
    • An individual employed by or acting as an agent or representative, either directly or indirectly of a service provider of an investor and Theorem interacts with such individual at the investor’s instruction; or
    • An individual is not in one of the above categories, but interacts with Theorem in connection with an investor’s investment in the Client.


How Theorem Obtains a Data Subject’s Personal Data
A Connected Person of a Client, an Investor, or a Connected Person of an Investor, may have provided Personal Data to Theorem or Theorem may have received Personal Data from its Client.

Reason Theorem Processes Personal Data
The following are the purposes and lawful bases for Theorem’s processing of Personal Data.

  • Performance of Contractual Obligations – Business Purpose. Personal Data is processed in connection with Client’s performance of its obligations pursuant to an agreement an investor entered into with a Client. Such processing is performed for a business purpose. It is done by Theorem for the Client, per the Client’s instruction, as part of the services that Theorem provides to the Client and in accordance with the terms of the agreement between Theorem and the Client.
  • Compliance with Legal Requirements. Clients are subject to the regulation and oversight of many regulatory authorities in various jurisdictions. They may be required to process Personal Data in order to comply with U.S. federal and state and other jurisdictions securities laws, tax laws, anti-money laundering laws and regulations, international treaties and agreements. Theorem provides services to its Clients that support and facilitate Clients’ efforts to comply with these legal requirements.
  • Consent. Theorem may be processing Personal Data because an individual consented to such processing by signing an agreement with Theorem or with a Client. Personal Data processed pursuant to such consent may be used to fulfill the purpose for which the Personal Data was provided to Theorem, such as to respond to an inquiry about the services or to perform and manage the services Theorem provides.


Personal Data Theorem Processes
Personal Data that Theorem processes in connection with the performance of services to its Clients includes:

  • Contact Information. This may include mailing and postal address, email address, and a phone number.
  • Identification Information. Information and documentation maintained to comply with anti-money laundering, tax reporting and similar laws and regulations.
  • Other Information Necessary to Perform Services. Theorem may have to maintain other records such as banking information and transaction history.


Theorem does not sell or distribute user information to unaffiliated third parties.
The Personal Data of Connected Persons of a Client, Investors, or Connected Persons of an Investor is considered Confidential Information under the agreements between Theorem and its Clients. Theorem may transfer such Personal Data to third parties, where authorized by the Client under the agreement between Theorem and the Client. Authorized transfers under the agreement may include: transfers necessary in connection with the performance of the services, such as to other service providers of Client or Theorem; or transfers which are legally required, such as transfers to regulators. Theorem may also transfer Personal Data upon written instructions of the Client.

Security of Personal Data
Theorem is committed to protecting the security and integrity of Personal Data, and will take appropriate measures to ensure the security of processing Personal Data. In pursuit of Theorem’s commitment, it has in place commercially reasonable safeguards and controls to ensure that any Personal Data collected is protected against unauthorized access, disclosure, alteration and destruction.

Retaining Personal Data
Theorem may retain Personal Data indefinitely for recordkeeping and as a result of routine system backup processes. Theorem may be required under various laws and regulations to maintain certain Personal Data for a mandated time period.

Residents of the European Union
The below relates specifically to the processing of Personal Data of natural persons who reside in the European Union by Theorem and provides additional information required under the EU General Data Protection Regulation 2016/679 (“GDPR”).

EU Data Subject’s Rights with Respect to Personal Data

Right to Be Informed. Data Subjects have the right to be informed about Personal Data collected and how this data is used.

  • Right to Access and Portability. Data Subjects have the right to obtain a confirmation whether Theorem is processing their Personal Data and to obtain copies of their Personal Data or to request that Theorem forward such copies to another person.
  • Right to Rectification. Data Subjects have the right to make a request to correct any inaccuracy or incompleteness of their Personal Data.
  • Right to Erasure. Data Subjects have the right to make a request to delete their Personal Data.
  • Right to Restrict Processing. Data Subjects have the right to ask Theorem to restrict the processing of their Personal Data for a period when the accuracy of the data is verified, or if they think that the processing is unwarranted.
  • Right to Object. Data Subjects have a right to object to processing of their Personal Data in certain circumstances, such as, when the data is used for marketing.
  • Right to Withdraw Consent. If a Data Subject has given consent to the processing of Personal Data, Data Subject has the right to withdraw the consent at any time.
  • Right to Lodge a Complaint. Data Subjects have a right to lodge a complaint with a supervisory authority, in the EU state of their residence, place of work or place of the alleged infringement if they consider that the processing of Personal Data infringes GDPR.


Person Responsible for Proper Handling of Personal Data
With respect to a Connected Person of a Client or an Investor or a Connected Person of an Investor, the person who is responsible for the proper handling of Personal Data, known as the data controller, is the Client. As the data controller, the Client determines the purpose and means of the processing of Personal Data. Pursuant to GDPR, Theorem must only act on the written instructions of a Client, unless required by law to act without such instructions, and Theorem must take appropriate measures to ensure the security of processing. Theorem executive officers will designate specific personnel to process Personal Data, and will train such personnel accordingly.

Cayman Islands
The below relates specifically to the processing of Personal Data of any individual invested in a Client domiciled in the Cayman Islands and provides information relevant under The Data Protection Law, 2017 (Law 33 of 2017) (“DPL”).

Rights of Data Subjects Granted in the Cayman Islands

  • Right to Be Informed. Data Subjects have the right to be informed of the identity of the organization processing their Personal Data, and about the purposes for processing the Personal Data.
  • Right to Access. Upon making a subject access request in writing, Data Subjects have the right to obtain a confirmation whether their Personal Data is being processed, a copy of their Personal Data, and other supplemental information which is contained in this Privacy Policy Notice.
  • Right to Rectification. Data Subjects have the right to make a request to correct any inaccuracy or incompleteness of their Personal Data.
  • Right to Cease or Restrict Processing. Data Subjects have the right to request to cease processing, or not to begin processing, or to cease processing for a specified purpose or in a specified manner, the Data Subject’s Personal Data.
  • Rights Related to Processing by Automatic Means. Data Subjects have the right to request that a decision which significantly affects him or her is not made solely by the processing by automatic means of Personal Data.
  • Rights Related to Direct Marketing. Data Subjects have the right to request that processing of their Personal Data for the purpose of direct marketing cease, or not begin.
  • Right to Rectification, Blocking, Erasure, and Destruction. Data Subjects have the right to seek from the Ombudsman an order for rectification, blocking, erasure or destruction of inaccurate Personal Data and opinions based on such.
  • Right to Compensation. Data Subjects have the right to seek compensation for damages caused by contravention of the DPL.
  • Right to Complain to Ombudsman. Data Subjects have the right to complain to the Office of the Ombudsman about any perceived violation of the DPL.

Person Responsible for Proper Handling of Personal Data
With respect to a Connected Person of a Client or an Investor or a Connected Person of an Investor, the person who is responsible for the proper handling of Personal Data, known as the data controller, is the Client. As the data controller, the Client determines the purpose and means of the processing of Personal Data. Pursuant to the DPL, Theorem must only act on the written instructions of a Client, unless required by law to act without such instructions, and Theorem must take appropriate measures to ensure the security of processing. Theorem executive officers will designate specific personnel to process Personal Data, and will train such personnel accordingly.

Residents of California
The below relates specifically to the collecting of Personal Data of individuals who reside in California by Theorem and provides additional information relevant under the California Consumer Privacy Act of 2018 (Cal. Civ. Code §§1798.100 et. seq.) (“CCPA”).

Rights of Data Subjects Granted in California

  • Right to Access and Portability. Data Subjects have the right to request the information about the categories of Personal Data being collected and the purposes for which the Personal Data is being collected, as well as, the categories of the sources from which the Personal Data is collected, the categories of third parties with whom the business shares Personal Data, and the specific pieces of Personal Data that was collected. Data Subjects have the right to obtain copies of their Personal Data in a readily useable format that allows the consumer to transmit this information from one entity to another entity without hindrance.
  • Right to be Forgotten. Data Subjects have a right to make a request to delete Personal Data.
  • Non-Discrimination. Theorem may not discriminate against a Data Subject because the Data Subject exercises any of the rights under the CCPA. Theorem will not deny Data Subjects services, charge different prices or rates for services, or provide a different level or quality of service in retaliation for exercising CCPA rights.
  • Right to Opt Out. Data Subjects have the right to request that a business that sells Personal Data about the Data Subject to third parties not sell the Data Subject’s Personal Data.

The rights enumerated above are subject to certain conditions and exemptions. Where such conditions or exemptions apply, Theorem has a right not to comply with the request. Additionally, while in most circumstances requests based on the above listed rights shall be fulfilled free of charge, Theorem is allowed and may charge reasonable fees to fulfill the request.

Theorem has a policy not to sell any Personal Data and it has not sold any Personal Data in the last 12 months.

Theorem may transfer such Personal Data, including identification, commercial and geopolitical information, to third parties, where authorized by the Client under the agreement between Theorem and the Client. In the last 12 months, the authorized transfers under the agreement included transfers to other service providers of Client or Theorem as necessary in connection with the performance of the services, and transfers which are legally required, such as transfers to regulatory or governmental entities. Theorem may also transfer Personal Data upon written instructions of the Client.

Interpretation; Revisions of Policy
Theorem reserves the right to interpret its privacy policy as it deems fit, and to revise its privacy policy at any time and at its sole discretion.