WHAT WE DO

OUR APPROACH

About us

GET IN TOUCH

WHAT WE DO

OUR APPROACH

About us

GET IN TOUCH

WHAT

APPROACH

About

CONTACT

Information on processing of personal data

1 Introduction

Below you can find the information that Three Lakes Capital ApS ("TLC, "we", "us") according to Regulation (EU) 2016/679 ("GDPR" or "General Data Protection Regulation") is obliged to provide

you with when we process personal data about you as a customer, supplier, business partner or other external persons.

2 Data Controller

Unless otherwise stated in section 3 below, the data controller for the processing is:


Three Lakes Capital ApS

CVR-no.: 45238687

Bredgade 45B

1260 København K

E-mail: info@threelakescap.com

3 Processing activities

3.1 Provision of our services and management of relationships with customers and potential

customers.

In order to deliver our services in a correct and efficient manner, and to manage the relationship we process personal data about (contact persons at) our customers and potential customers.

3.1.1 Categories of personal information

• Name

• Employer

• Title

• Working address

• Working telephone number(s)

• Working e-mail address

• Nature of our relationship

• Contracts

• Historic correspondence

3.1.2 Legal basis

The legal basis for the processing is article 6(1)(f) of the General Data Protection Regulation, as the processing is necessary to pursue our legitimate interests in providing our services and managing the relationship with our customers and potential customers.

3.1.3 Recipients of personal data

We may disclose your personal information to relevant third parties such as advisors, real estate agents or property administrators. Furthermore, we make data available to our IT suppliers (data processors), who store the data for us and process the data in accordance with our instructions.

3.1.4 Retention

For customers, we retain the information for five years from the end of the year in which we had the latest financial transaction with the customer.For potential customers, we re-assess the relevance of the information on a regular basis and delete information when we no longer consider it relevant.

3.2 Purchase of goods and services, including management of relationships with suppliers and

business partners

We process personal data about (contact persons at) our suppliers and business partners in order to manage our business relationships, including agreements on goods and services to be delivered to

us.

3.2.1 Categories of personal information

• Name

• Employer

• Title

• Working address

• Working telephone number(s)

• Working e-mail address

• Nature of our relationship

• Contracts

• Historic correspondence

• CVs and other credentials (for consultants and other providers of similar services)

3.2.2 Legal basis

If you are providing services to us as a natural person (i.e. not through a company) or as the owner of a personally owned company, the legal basis for the processing is article 6(1)(b) of the General Data Protection Regulation, as the processing is necessary for the performance of a contract with you or in order to enter into a contract with you. In all other situations, the legal basis for the processing is article 6(1)(f) of the General Data Protection Regulation, as the processing is necessary to pursue our legitimate interests in managing the relationship with our suppliers and business partners.

3.2.3 Recipients of personal data

We may disclose your personal information to relevant third parties such as advisors, real estate agents or property administrators. Furthermore, we make data available to our IT suppliers (data processors), who store the data for us and process the data in accordance with our instructions.

3.2.4 Retention

We retain the information for five years from the end of the year in which we had the latest financial transaction with you or the company you represent. If we have not yet had any financial transactions with you, we re-assess the relevance of the information on a regular basis and delete information when we no longer consider it relevant.

3.3 Use of our website

When you visit our website, we process personal data about you in order to understand how our website is used. The purpose is to be able to provide a stable and secure site with information that is

assumed to be relevant to you.

3.3.1 Categories of personal information

• Unique identifiers (typically random numbers assigned when you visit the site for the first time)

• IP address

• Information on the device you use to access the site, including

• Type (laptop, tablet, mobile phone)

• MAC address

• Operating system

• Browser and browser version

• Language settings and other preferences

• Your actual use of the site (, how long you stay on the site, which parts of the site you visit, which links you activate and what you search for, etc.)


We collect the information through cookies and similar technologies. Therefore, the types of information we collect depends on which categories of cookies you have consented to. Please refer to our cookie policy for further information.

3.3.2 Legal basis

The legal basis for the processing is article 6(1)(f) of the General Data Protection Regulation, as the processing is necessary to pursue our legitimate interests in providing a stable and secure website meeting the needs of the website visitors.

3.3.3 Recipients of personal data

We may disclose your personal information to our data processors who host and provide support for the use of all our IT systems.

3.3.4 How long we retain the data

The retention period depends on the purpose of each individual cookie – please refer to our cookie policy for further information.

3.4 Applicants and candidates for positions at TLC

When recruiting employees, we process information about applicants and candidates in order to assess who, from an overall perspective would be the best fit for the relevant position.

3.4.1 Categories of personal information

• Name

• Email address

• Phone number

• Address

• Information about educational background, including diplomas

• Information about special competences, including any certifications

• Information about current and previous employment

• Information from the open part of your social media profiles or that is otherwise publicly available

• Other information you may choose to provide us with in your application or CV, or during the recruitment process in general

• Information about criminal offences (criminal record - only obtained for candidates where this is relevant to the specific position)

• Skills and personality test results

• References to the extent that you give us consent to obtain these


A criminal record is obtained from the police. In addition, information is obtained from the references you have permitted us to contact. Other information is generally obtained from yourself, from publicly

available sources, such as the open part of your social media profile, or from advisors (headhunters) who assist us with the recruitment process.

3.4.2 Legal basis

The legal basis for processing information about criminal offences (criminal record) is Section 8(3) of the Danish Data Protection Act, as the processing is necessary for us to pursue our legitimate

interest in ensuring that candidates for positions at TLC have not been convicted of offences that may be considered incompatible with the position they are to hold in the event of employment.

The legal basis for the processing of other data is Article 6(1)(b) of the General Data Protection Regulation, as the processing is necessary for the implementation of measures taken at yourPage 5

request prior to the conclusion of a contract, and Article 6(1)(f) of the General Data Protection Regulation, as the processing is necessary for us to pursue our legitimate interest in assessing

candidates for positions at TLC in order to select the candidate who, after an overall assessment, is the most suitable for the specific position. However, the legal basis for processing data obtained from references is Article 6(1)(a) of the General Data Protection Regulation.


3.4.3 Recipients of personal data


The data is made available to our IT suppliers (data processors) who store the data for us and process it according to our instructions.

In addition, we may disclose the information to external advisors who assist us in connection with recruitment, such as recruitment companies or legal advisors.


3.4.4 Retention


If you are hired, the information will be included in your personnel file with us. You will receive information about how we process information about current and former employees, including how

long we store the information at the commencement of your employment with us. If you are not hired, we generally store the data for up to 12 months from the end of the month in which you received a final rejection. We may ask for your consent to store the data for a longer period of time, and if you consent, we will store the data in accordance with what you have consented to.


3.5 General business administration


In order to handle queries and other interactions with other persons than the categories covered in sections 3.1 – 3.4 above, we process personal data about such other persons.


3.5.1 Categories of personal data


• Name

• Email address

• Telephone number

• Address

• The reason for TLC to interact with the person (e.g., a query from the person) and any information relevant to this interaction such as communication between the parties.


3.5.2 Legal basis for the processing


The legal basis of our processing of non-sensitive personal data depends on the specific reason for the interaction and may be:


• Article 6(1)(b) of the GDPR, as the processing is necessary for the conclusion or performance of a contract with you, or

• Article 6(1)(f) of the GDPR, as the processing is necessary for a proper and professional handling of queries and other interactions with stakeholders and others, with whom we may

be interacting.


3.5.3 Recipients of personal data


Depending on the reason for the interaction, we may disclose information to other third parties where necessary for proper handling of the matter. This could include insurance companies, external advisors or public authorities as appropriate.

Furthermore, data is made available to our IT suppliers (data processors), who store the data for us and process the data in accordance with our instructions.


3.5.4 Retention


If the relationship involves financial transactions, we will retain the information for five years from the end of the year of the latest transaction. For other situations, we will retain the information for three years from the end of the year of the

latest interaction.


4. Retention


As a general rule, we retain information as stated for each of the separate processing activities described in section 3.


We may, however, store your information for a longer period if this is necessary to comply with legal obligation, we are subject to, or in order to establish, exercise or defend legal claims.


5. Transfers of personal data to countries outside the EU/EEA


We use Microsoft services for the processing, including the storage of personal data. Therefore, personal data may be transferred to USA – a country outside the EU/EEA (third countries). The

transfer is based on an adequacy decision in accordance with article 45 of the General Data Protection Regulation, as Microsoft is an active participant under the EU/US Data Privacy

Framework.


6. Your rights


When we process personal data about you, you have the following rights:


Right to withdraw consent. If we process the data on the basis of your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the contact details provided in section 0 above. Withdrawal of consent only applies to the processing of personal data after the time you have withdrawn your consent and thus does not affect the lawfulness of previous processing.


Right of access. You have the right to know what data we process about you and the conditions for this processing. In this connection, you have the right to receive a copy of the data we process about you.

Right to rectification. You have the right to have the data we process about you rectified if it is incorrect, and you have the right to have the data we process about you supplemented if

it is incomplete.

Right to erasure. In certain cases, you have the right to have personal data we process about you erased (right to be forgotten)

Right to restriction of processing. In certain cases, you have the right to have the processing of the personal data we process about you restricted.

Right to data portability. If we process data about you on the basis of your consent or for the fulfilment of a contract, you have the right to receive the personal data we process about

you in a structured, commonly used and machine-readable format

Right to object to processing. If we process personal data about you on the basis of Article 6(1)(f) of the General Data Protection Regulation, you have the right to object to the processing on grounds relating to your particular situation. You can exercise your rights by contacting us - our contact details can be found in section 2 above.

Please note that certain conditions and restrictions apply to your rights. We are therefore not necessarily obliged to fulfil your requests.

However, you always have the right to file a complaint with a supervisory authority - in Denmark it is the Danish Data Protection Agency. You can read more about your options for complaining to the

Danish Data Protection Agency on their website.


7. Updating our privacy policy


TLC may update this privacy policy on an ongoing basis when this is necessary to provide a fair description of our processing of personal data. In the event of material changes to our processing of your personal data already in our possession, you will be notified directly of the update (e.g. by email).


This privacy policy was last updated in January 2025.

Back to top