Privacy Policy – Converginvest Capital Partners

Privacy Notice

Converginvest Capital Partners S.A. — Last updated: April 2026

Who We Are

This Privacy Notice is issued by Converginvest Capital Partners S.A. (“CCP”, “we”, “us” or “our”), a public limited liability company (société anonyme) incorporated under the laws of Luxembourg, registered with the Luxembourg Trade and Companies Register under number B264081, with registered office at 2A, rue des Capucins, L-1313 Luxembourg.

CCP is registered as a de minimis alternative investment fund manager (“AIFM”) with the Commission de Surveillance du Secteur Financier (“CSSF”) under number A00003402 and focuses exclusively on private equity investments.

For the purposes of Regulation (EU) 2016/679 (the “GDPR”) and applicable Luxembourg data protection legislation (including the Law of 1 August 2018), CCP acts as data controller in respect of the personal data described in this Notice.

You can contact us at:

Entity	Converginvest Capital Partners S.A.
Address	2A, rue des Capucins, L-1313 Luxembourg, Grand Duchy of Luxembourg
Email	[email protected]

Scope of This Notice

This Notice applies to all personal data processed by CCP in the context of its activities as an AIFM and manager of alternative investment funds (“AIFs”), including personal data collected through:

our website at www.converginvest.com (the “Website”), including through cookies and contact forms;

subscription agreements and investor onboarding processes in connection with the AIFs managed by CCP;

ongoing investor relations and reporting;

compliance with legal and regulatory obligations (including AML/KYC and tax reporting); and

our general business operations and communications with counterparties, service providers and other contacts.

This Notice should be read alongside our Cookie Policy, which provides specific information about the cookies used on our Website.

Personal Data We Collect

3.1 Investors and Prospective Investors (Natural Persons)

In connection with subscriptions to the AIFs managed by CCP, we collect the following categories of personal data from individual investors and prospective investors:

Identification data: full name, date of birth, nationality, place of birth, identity document details;

Contact details: postal address, email address, telephone number;

Financial data: bank account details, invested amounts, source of funds and wealth;

Tax data: tax identification number(s), tax residence, FATCA/CRS status;

AML/KYC data: including, where applicable, data relating to politically exposed person (PEP) status, sanctions screening results, and criminal convictions or offences, to the extent required by applicable anti-money laundering legislation.

3.2 Representatives and Beneficial Owners of Legal Entity Investors

Where the investor is a legal entity, we collect personal data relating to its contact persons, employees, trustees, agents, representatives and/or beneficial owners (as defined under applicable AML legislation), including the categories described in section 3.1 above as relevant to each such person.

3.3 Website Visitors

When you visit our Website, we may collect:

Technical data: IP address, browser type and version, device type, operating system;

Usage data: pages visited, time spent on the Website, referring URLs;

Cookie data: as described in our Cookie Policy.

If you contact us via the Website or by email, we will also collect the content of your message and any personal data you include therein.

3.4 Business Contacts and Service Providers

In the context of our business operations, we collect professional contact details (name, job title, employer, business email and telephone) of counterparties, service providers and other professional contacts.

Purposes and Legal Bases for Processing

The table below sets out the purposes for which we process personal data and the corresponding legal basis under the GDPR.

Purpose	Description	Legal basis (GDPR Art. 6)
Investor onboarding and subscription processing	Processing subscription agreements, performing KYC/AML checks, maintaining the register of investors.	Art. 6(1)(b) — contract; Art. 6(1)(c) — legal obligation; Art. 9(2)(g) for special category data
Investor relations and portfolio management	Processing capital calls, distributions, investor reporting, valuations, and monitoring of investments.	Art. 6(1)(b) — contract; Art. 6(1)(f) — legitimate interests
Compliance with legal and regulatory obligations	AML/CFT compliance, FATCA/CRS reporting, CSSF regulatory reporting, response to regulatory enquiries.	Art. 6(1)(c) — legal obligation
Tax reporting	Identification of investors for tax purposes under Luxembourg and foreign law, including FATCA and CRS.	Art. 6(1)(c) — legal obligation
Marketing and investor communications	Sending updates, newsletters and marketing materials relating to CCP and its AIFs to existing and prospective investors. You may opt out at any time.	Art. 6(1)(f) — legitimate interests
Legal claims and risk management	Establishing, exercising or defending legal claims; managing legal and financial risk.	Art. 6(1)(f) — legitimate interests
Website operation and analytics	Operating the Website, ensuring its security, and (with your consent) analysing Website usage via cookies.	Art. 6(1)(f) — legitimate interests; Art. 6(1)(a) — consent (for non-essential cookies)
Business contact management	Managing relationships with service providers, counterparties and other professional contacts.	Art. 6(1)(f) — legitimate interests

Recipients of Personal Data

We may share your personal data with the following categories of recipients, to the extent necessary for the purposes described in this Notice:

CCP’s Board of Directors and staff, acting in their professional capacity;

External auditors appointed to audit CCP and/or the AIFs;

Legal counsel and other professional advisers;

Banking institutions holding accounts of CCP or the AIFs;

Luxembourg regulatory and tax authorities (including the CSSF and the Administration des Contributions Directes), and, via the Luxembourg tax authorities, foreign tax authorities;

Other governmental or regulatory agencies, in Luxembourg or abroad, where required by applicable law;

Third parties involved in a merger, acquisition or restructuring of CCP or any AIF, to the extent necessary in connection with such transaction; and

Other service providers acting as data processors on our behalf (e.g. IT service providers, outsourced compliance or accounting functions), subject to appropriate contractual protections.

Recipients may further disclose personal data to their own agents or sub-contractors (i.e. sub-recipients) solely for the purposes of assisting them in performing their services to CCP or fulfilling their own legal obligations.

International Transfers of Personal Data

Some recipients and sub-recipients may be located outside the European Economic Area (EEA). Where personal data is transferred to a country that does not benefit from an adequacy decision of the European Commission, CCP will ensure that appropriate safeguards are in place, such as:

Standard contractual clauses approved by the European Commission; or

Other appropriate safeguards pursuant to Chapter V of the GDPR.

You may request a copy of the relevant transfer mechanism by contacting us at the address set out in section 1.

Retention of Personal Data

We retain personal data for no longer than is necessary for the purposes for which it was collected, taking into account applicable statutory limitation periods and regulatory requirements. As a general indication:

Investor personal data collected in connection with a subscription: retained for the duration of the investment relationship and for a period of 10 years following its termination, in accordance with applicable AML and contractual law requirements;

AML/KYC documentation: retained for a minimum of 5 years following the end of the business relationship, as required by Luxembourg AML legislation;

Tax-related data (FATCA/CRS): retained for the period required under applicable tax legislation;

Website and cookie data: retained in accordance with our Cookie Policy;

Business correspondence and professional contact data: retained for the duration of the business relationship and for a reasonable period thereafter.

At the end of the applicable retention period, personal data is securely deleted or anonymised.

Your Rights

Subject to the conditions laid down by the GDPR and applicable Luxembourg data protection law, you have the following rights in relation to your personal data:

Right of access: you may request a copy of the personal data we hold about you and information on how it is processed.

Right to rectification: you may request that inaccurate or incomplete personal data be corrected.

Right to erasure: you may request that your personal data be deleted, subject to applicable legal retention obligations.

Right to restriction: you may request that the processing of your personal data be restricted in certain circumstances.

Right to object: you may object to processing based on our legitimate interests, including for direct marketing purposes. Where you object to marketing, we will cease such processing immediately.

Right to data portability: where processing is based on your consent or on a contract, you may request that your personal data be provided to you in a structured, commonly used and machine-readable format.

Right to withdraw consent: where processing is based on your consent (e.g. for non-essential cookies), you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us in writing at the address set out in section 1. We will respond within one month of receipt of your request, subject to extension in cases of complexity.

Please note that certain rights are subject to limitations under applicable law (e.g. we may be required to retain data to comply with legal obligations or to establish, exercise or defend legal claims).

Right to Lodge a Complaint

If you consider that the processing of your personal data infringes the GDPR or applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Luxembourg, this is:

Authority	Commission Nationale pour la Protection des Données (CNPD)
Address	15, Boulevard du Jazz, L-4370 Belvaux, Grand Duchy of Luxembourg
Website	www.cnpd.lu

You may also lodge a complaint with the supervisory authority of your EU Member State of habitual residence or place of work.

Updates to This Notice

We may update this Privacy Notice from time to time to reflect changes in applicable law, our data processing activities, or our organisational structure. We will notify you of any material changes by posting the updated Notice on our Website. The date of the latest update is indicated at the top of this document.

We encourage you to review this Notice periodically.