Privacy Policy | VERDANTIS Impact Capital

VERDANTIS Impact Capital, a product platform of Prosperise Capital LLP, is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites or interact with us in connection with VERDANTIS products and services. It applies in accordance with the EU General Data Protection Regulation (GDPR) and applicable UK data protection law.

1 Data Controller

Prosperise Capital LLP

Operating the VERDANTIS Impact Capital platform

Registered Address

Prosperise Capital LLP
1 Knightsbridge Green
London SW1X 7QA
United Kingdom

Data Protection Officer (DPO)

Prosperise Capital LLP — Data Protection
E-Mail: [email protected]

For all data protection enquiries, complaints or to exercise your rights under GDPR, please contact the DPO directly.

Prosperise Capital LLP is authorised and regulated by the Financial Conduct Authority (FCA), United Kingdom.

Fund Vehicle

VERDANTIS RAIF — Reserved Alternative Investment Fund, Luxembourg, regulated by the Commission de Surveillance du Secteur Financier (CSSF). Personal data processed in connection with investor relations concerning VERDANTIS RAIF is subject to Luxembourg data protection law and GDPR as implemented in Luxembourg.

2 Data We Process

We process personal data in three primary contexts:

a) Website Analytics & Technical Logs

When you visit our websites (verdantis.capital, verdantiscapital.com and related domains), our servers automatically record standard technical data, including:

IP address (anonymised where possible)
Browser type, version and operating system
Referring URL and pages visited
Date, time and duration of visit
Device type and screen resolution

This data is used solely for security monitoring, server administration and aggregate statistical analysis. We do not use cross-site tracking or behavioural advertising networks.

b) Contact Forms & E-Mail Enquiries

When you submit a contact form or send us an e-mail, we collect the information you provide, which may include:

Name and e-mail address
Organisation and job title (if provided)
Content of your message
Any attachments you choose to include

We use this data exclusively to respond to your enquiry and, where relevant, to maintain a record of our correspondence.

c) Investor Inquiries & Due Diligence

For prospective and existing investors in VERDANTIS RAIF or related vehicles, we may process additional personal data required by applicable financial regulation and anti-money laundering (AML) obligations, including:

Identity documents (passport, national ID)
Proof of address
Source of funds documentation
Investor classification status (professional / qualified)
Subscription and redemption transaction data

Processing in this context is mandatory and is required for regulatory compliance. We cannot enter into an investor relationship without this data.

3 Legal Basis for Processing (Art. 6 GDPR)

Processing Activity	Legal Basis
Server logs & security monitoring	Art. 6(1)(f) — Legitimate interests (IT security & website operation)
Responding to contact enquiries	Art. 6(1)(b) — Pre-contractual measures / Art. 6(1)(f) — Legitimate interests
Investor onboarding & KYC/AML	Art. 6(1)(c) — Legal obligation (AMLD, MiFID II, AIFMD)
Investor relationship management	Art. 6(1)(b) — Performance of contract
Regulatory reporting obligations	Art. 6(1)(c) — Legal obligation (CSSF, FCA requirements)
Marketing communications (with consent)	Art. 6(1)(a) — Consent (withdrawable at any time)

4 Your Rights as a Data Subject

Under GDPR, you have the following rights with respect to your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Right of Access (Art. 15)

You may request a copy of the personal data we hold about you and information about how it is processed.

Right to Rectification (Art. 16)

You may request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure (Art. 17)

You may request deletion of your personal data where there is no overriding legal obligation to retain it.

Right to Data Portability (Art. 20)

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.

Right to Restriction (Art. 18)

You may request that we restrict processing of your data in certain circumstances, for example while a rectification request is being assessed.

Right to Object (Art. 21)

You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless compelling legitimate grounds override your interests.

Supervisory Authority: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or with the competent supervisory authority in your country of residence.

5 Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal and regulatory obligations:

Website technical logs: Maximum 90 days, then permanently deleted or anonymised.
General enquiries and correspondence: 3 years from the date of last contact, unless an ongoing relationship exists.
Investor KYC/AML documentation: 10 years following the end of the business relationship, as required by anti-money laundering regulations (AMLD5/6, FATF standards).
Investor transaction records: 10 years, in compliance with FCA and CSSF record-keeping obligations under MiFID II and AIFMD.
Marketing consent records: Until consent is withdrawn, plus 3 years thereafter as proof of compliance.

After the applicable retention period expires, data is securely deleted or irreversibly anonymised.

6 International Data Transfers

Our primary operations are based in the United Kingdom and Luxembourg. Personal data may be processed in these jurisdictions and, where necessary, transferred to service providers located within the European Economic Area (EEA) or to countries that benefit from an adequacy decision by the European Commission.

Where data is transferred to countries not covered by an adequacy decision, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules where applicable
UK International Data Transfer Agreements (IDTAs) for transfers from the UK

In connection with VERDANTIS RAIF's operations in Spain (cultivation and land management via New Innovia S.L.), personal data of relevant counterparties may be shared with Spanish legal and operational entities, within the EEA and therefore subject to GDPR.

7 Cookie Policy

Our websites use a minimal set of cookies necessary for their operation. We do not use third-party advertising cookies or cross-site tracking technologies.

Cookie Type	Purpose	Duration
Strictly Necessary	Session management, security tokens, language preference	Session / up to 12 months
Analytics (first-party)	Aggregate page-view statistics — no individual profiling	Up to 24 months

Strictly necessary cookies are placed without consent as they are essential for the website to function. First-party analytics cookies are placed only with your consent. You may withdraw consent or manage cookies at any time through your browser settings.

8 Third-Party Service Providers

We engage third-party processors to support our operations. All processors are bound by data processing agreements and are required to implement appropriate technical and organisational security measures. Categories of processors include:

Cloud hosting and content delivery providers
E-mail and communication platform providers
Legal, compliance and KYC/AML service providers
Fund administration and accounting firms
Audit and certification partners (TUV Austria, Deloitte)

We do not sell, rent or trade personal data to third parties for their own marketing purposes.

9 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. The date of the most recent revision is shown at the top of this page.

Where changes are material, we will notify existing investors and registered contacts by e-mail prior to the change taking effect. We encourage you to review this page periodically to stay informed about how we protect your personal data.

Continued use of our websites or engagement with our services after a revised Privacy Policy has been posted constitutes your acknowledgement of the changes.