legal page

Privacy Policy

Clementine Capital Management GmbH (hereinafter "we" or "Clementine") is the controller within the meaning of Art. 4 no. 7 GDPR for the processing of personal data of (prospective) investors in the context of the management of the funds it has established as well as for general corporate administration.

Clementine Capital Management GmbH
Flora-Neumann-Str. 6
20357 Hamburg

hello@clementine.capital

We have appointed an external data protection officer:

Two Towers Consulting GmbH & Co. KG
Hohenzollernring 51
50672 Köln

datenschutz.ext@two-towers.eu

2. Identification of Data Subjects and Sources of Personal Data

We particularly process personal data of:

  • (Prospective) investors (natural persons)
  • Authorized representatives and contact persons of investors that are legal entities or other legal structures
  • Beneficial owners (where different from the investor)
  • Where applicable, third parties whose data is disclosed in the context of the investor relationship (e.g. reference persons, authorized representatives, close associates, joint account holders)

We refer to personal data of all data subjects named above collectively as "Investor Data" in the following.

We collect Investor Data:

  • directly from you (e.g. in the course of onboarding, subscription, ongoing communications)
  • from third parties nominated or authorized by you (e.g. legal advisors, family offices)
  • from publicly accessible sources (e.g. commercial registers, corporate websites, PEP lists, sanctions lists, press reports/adverse media)
  • via service providers/platforms used by us

Please note: You have an obligation to provide those personal data that are required for the establishment and performance of the investor relationship and for fulfilling the associated legal obligations (in particular obligations from German Investment Code, AML and Sanctions law, tax law). Without this data we will generally not be able to enter into or continue an investor relationship.

3. Data Subject Rights

Under the GDPR, you particularly have the following rights:

  • Right of access (Art. 15 GDPR): You may request information as to whether we process personal data concerning you and, if so, which data and for which purposes.
  • Right to rectification (Art. 16 GDPR): You may request the rectification of inaccurate data and the completion of incomplete data.
  • Right to erasure (Art. 17 GDPR): You may request the erasure of your personal data, provided there are no statutory retention obligations or other legal grounds to the contrary.
  • Right to restriction of processing (Art. 18 GDPR): Under the conditions set out in Art. 18 GDPR, you may request restriction of processing.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format or – where technically feasible – to have it transmitted to another controller.
  • Right to object (Art. 21 GDPR): You may object, on grounds relating to your particular situation, to processing that we base on Art. 6 para. 1 lit. e or lit. f GDPR. You may object to direct marketing (including profiling to the extent related to such direct marketing) at any time without giving reasons.
  • Right to withdraw consent (Art. 7 para. 3 GDPR): You may withdraw any consent given to us at any time with effect for the future (e.g. newsletter opt-in). The lawfulness of processing carried out before withdrawal remains unaffected.

To exercise these rights, you may contact us or our data protection officer using the contact details provided above.

  • Right to Lodge a Complaint with a Supervisory Authority: You also have the right to lodge a complaint with a competent data protection supervisory authority regarding the processing of your personal data (Art. 77 GDPR). The competent authority may in particular be the authority of the federal state of your habitual residence or of our registered office (Hamburg).

4. Purpose of processing investor data

4.1. Performance of the Contract and Fulfilment of related Legal Obligations

Investor acquisition and communication

We use network contacts to initiate investor relationships and provide pitch decks via web-tools. In this context, we process names, email addresses and, where applicable, information on role or company, as well as usage data within the respective tool (for example access to the pitch deck and, potentially, interaction data).

In addition, we use general office communication and collaboration tools from providers, with whom we have concluded data processing agreements, for email, calendar, video conferences and document collaboration in connection with such initial contacts. With your consent, we may record meetings for efficient meeting note production.

We process personal data for the conclusion and performance of agreements and subscription documents, for the administration of your participation (including capital calls, distributions and investor reporting) and for communications in the context of the investor relationship, potentially also with co-investors and portfolio companies. For these purposes, we use master data (such as name, title, address, contact details and tax number), contract and participation data (including subscription amount, fund, capital calls, distributions and participation status), bank data (such as IBAN, BIC, account holder, payment references and payment amounts), tax-relevant data as well as signatures (where applicable, wet ink or electronic signature/eID).

The processing is based on the performance of a contract or steps prior to entering into a contract pursuant to Art. 6 para. 1 lit. b GDPR, on compliance with legal obligations (in particular under the German Capital Investment Code (KAGB), the German Anti-Money Laundering Act (GwG), corporate and tax law, including FATCA USA and Financial Accounts Information Exchange Act (FKAustG)) pursuant to Art. 6 para. 1 lit. c GDPR, and, where applicable, on our legitimate interests in efficient investor acquisition, fund management and ensuring proper business operations pursuant to Art. 6 para. 1 lit. f GDPR.

Assessment of Investor Qualification

We process personal data to assess whether you qualify as a semi-professional or professional investor within the meaning of the KAGB as part of the onboarding process. For this purpose, we use master data (such as name, contact details and, where applicable, professional details), information on your financial situation, experience with certain asset classes and legal status (e.g. institutional investor, family office), and, in the case of legal entities, relevant corporate data.

This processing is carried out to fulfil legal obligations under the KAGB pursuant to Art. 6 para. 1 lit. c GDPR and for the performance of a contract or steps prior to entering into a contract pursuant to Art. 6 para. 1 lit. b GDPR.

Verification of Authorization to Represent

In addition, we verify that acting individuals are duly authorized to represent legal entities or investment vehicles. In this context, we process names, contact details and roles/positions, as well as proofs of representation (such as commercial register excerpts, powers of attorney and shareholders' resolutions). The legal bases for this processing are the performance of a contract and pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR, compliance with legal obligations (under the GwG) pursuant to Art. 6 para. 1 lit. c GDPR, and our legitimate interests in preventing unauthorized dispositions and ensuring legal and compliance security pursuant to Art. 6 para. 1 lit. f GDPR.

Prevention of Money Laundering/Terrorist Financing and Sanctions Compliance

As a fund manager, Clementine is subject to comprehensive legal and regulatory obligations with regard to the prevention of money-laundering, terrorism financing and sanctions breaches or evasion that require the collection, assessment and transfer of a broad scope of personal data, the depth of which depends on the role of and the specific risk associated with the data subject. This comprises Know Your Customer (KYC) measures such as identification and verification, anti-money laundering and sanctions screenings, identifying sources of wealth and funds, ongoing transaction monitoring of fund flows to detect and assess unusual or suspicious activities within the meaning of the GwG, and the assessment and reporting of the results of such ongoing monitoring (suspicious activity and sanctions reporting).

We take particular care with those data, e.g. we carefully select and conclude specific data protection agreements with our service providers that process those data on our behalf, and we store those personal data separately applying a role-based authorisation concept.

For the onboarding of investors as well as the ongoing monitoring we use specialized platforms by our fund administrator.

Please note that personal data of third parties with whom (prospective) investors are affiliated, e.g. legal representatives, co-owners of investment vehicles, joint account holders, political or business associates may also be processed. Investors are obliged to inform those third parties thereof by making this privacy notice and any supplements and updates thereof available to them.

Depending on the data subject's role in the business relationship (e.g. authorised signatory/director, investor, beneficial owner), we may process some or all of the following personal data: first and last name, role, date and place of birth, nationality or nationalities, addresses and further contact details (such as email address, chat/social media handles and telephone number), ID data (type of ID document, ID number, place and date of issuance, issuing authority, and any video or photo recordings made during the identification procedure), beneficial ownership information (e.g. ownership type, participation), allocation to investor or investment vehicle, type and scope of participation in the fund(s), relevant background information (in particular business interests, affiliations, legal proceedings and source of funds, business conduct, adverse media and other public and press content), political and sanctions exposure (results of PEP and sanctions list checks, including hit/no hit and category), as well as bank and transaction data (capital calls, payments, distributions and transfer data), and, where relevant, information on personal conduct for risk or suspicious activity assessments, risk evaluations and risk status, and suspicious activity reports.

The legal bases for this processing are the fulfilment of legal obligations, in particular under the GwG and sanctions law, pursuant to Art. 6 para. 1 lit. c GDPR, and, where the processing goes beyond statutory obligations, our legitimate interests in compliance, protection against misuse and the enforcement of rights pursuant to Art. 6 para. 1 lit. f GDPR.

Contract Execution

Where possible, we use eSignatura services by DocuSign Inc., San Francisco, USA, for the electronic signing of LPAs, subscription documents and other contractual documents, and to ensure secure proof of signature. In this context, we process your name, email address, signature image/eSignature and related metadata (such as time, IP address and signature history); for further details on data protection at DocuSign, please refer to the information provided by DocuSign.

The processing is based on the performance of a contract or steps prior to entering into a contract pursuant to Art. 6 para. 1 lit. b GDPR and on our legitimate interests in efficient, verifiable contract signing and maintaining the integrity of documents pursuant to Art. 6 para. 1 lit. f GDPR.

Fund and Payment Administration and Reporting

We use the a fund administrator to administer fund vehicles, provide reporting to investors, map investments, process payment and contact data and support legal documentation and retention obligations. For these purposes, the fund administrator process names, email addresses and, where applicable, phone numbers, on our behalf together with fund and participation data, bank account and payment details, and reporting information such as capital calls and valuation reports.

The processing is based on the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR, compliance with legal obligations pursuant to Art. 6 para. 1 lit. c GDPR and our legitimate interests in professional fund administration and efficient reporting pursuant to Art. 6 para. 1 lit. f GDPR.

4.2. Investor Relations

Communication

We use IT service providers for our communication, both in written form (chat) and in the form of telephone conferences, online meetings / video conferences and webinars.

When using IT service providers, we processes personal data in meetings, chats, voicemails, shared files, recordings and transcriptions, namely data that are shared about you, such as your email address, profile picture, telephone number and other content you share, a history of the telephone calls you make, call quality data, support and feedback data, diagnostic and service data.

To enable the display of video and the playback of audio, data from your device's microphone and from a camera on the device are processed for the duration of the meeting. You can switch off the camera or mute the microphone at any time yourself via the IT service providers applications.

The legal basis for the use of IT service providers in the context of contractual relationships is Art. 6(1)(b) GDPR. In all other cases, the legal basis for the processing of your personal data is Art. 6(1)(f) GDPR. Our legitimate interest lies in the effective conduct of online meetings. If we record online meetings, we will ask for your consent to the recording.

Customer Relationship Management

We use a CRM system to manage investor contacts, including segmentation (for example by fund interests or investor type), documentation of communications and the status of the fund relationship, as well as management of newsletter subscription status. In this context, we process in particular names, contact details, company and position, notes on contacts and meeting history, fund status and segmentation information, as well as newsletter status and, where applicable, interactions with mailings via integrated tools.

The processing is based on the performance or initiation of contracts pursuant to Art. 6(1)(b) GDPR and on our legitimate interests in structured investor relationship management and efficient communication pursuant to Art. 6(1)(f) GDPR. In addition, we use automation services to technically automate workflows between IT systems and to ensure consistent data and status information. Depending on the workflow, this may involve processing contact details (name, email), newsletter status, CRM IDs and log data for error analysis.

The legal bases correspond to those of the underlying processing purposes (in particular newsletter, CRM and reporting), typically Art. 6(1)(b), (c) and (f) GDPR; for newsletter dispatch, processing is based on consent pursuant to Art. 6(1)(a) GDPR.

Newsletter

We use newsletter services to send information on funds, market updates and events to (prospective) investors, supported by our CRM, workflow automation tools and MailerLite as our newsletter provider (including dispatch and, where permitted by law, tracking). For this purpose, we process your name and email address, your assignment to newsletter segments (such as investor type and fund interests), your opt-in/opt-out status and, where applicable, statistical usage data (e.g. opens and clicks), insofar as this is technically implemented and legally permissible. The legal bases for this processing are your consent pursuant to Art. 6 para. 1 lit. a GDPR (opt-in), Sec. 7 of the German Unfair Competition Act (UWG) for electronic direct marketing and, to the extent legally permissible, our legitimate interests under Art. 6 para. 1 lit. f GDPR in B2B marketing to existing customers, in each case with a right to object.

Events

We process personal data in connection with the organization and execution of investor events (such as conferences, roundtables and webinars), including participant management as well as sending invitations and follow-up communications. For this purpose, we process names, contact details and company/position, registration data and attendance confirmations, and, where applicable, photo and video recordings (with separate notice and, if required, consent). The processing is based on the performance or initiation of a contract (participation in the event) pursuant to Art. 6 para. 1 lit. b GDPR and on our legitimate interests in investor relationship management and event documentation pursuant to Art. 6 para. 1 lit. f GDPR. Photo and video recordings are generally processed on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR (or, depending on the setting, on legitimate interests combined with a right to object).

Social media

We use our LinkedIn company account for public relations, brand presence and communication, including interactions with (prospective) investors via comments, messages and similar functions. In this context, we process publicly displayed profile data as well as the content and metadata of your interactions (such as comments, likes and direct messages), while LinkedIn itself additionally processes usage and tracking data under its own responsibility. The processing is based on our legitimate interests in maintaining a presence with relevant target groups and communicating with them pursuant to Art. 6 para. 1 lit. f GDPR; for direct approaches in individual cases, the legal basis is Art. 6 para. 1 lit. f GDPR (B2B communication) or Art. 6 para. 1 lit. b GDPR where the communication directly relates to a contractual relationship.

4.3. Corporate Administration

Information management

Apart from the aforementioned platform and web-tools we store and share documents containing Investor Data using corporate IT and telecommunications services from providers to operate phone, email, calendar, file storage and collaboration. In this context, we process communication content (such as emails, itemized phone invoices, documents and chat logs), investors' master and contact data, as well as contract and transaction documents.

The processing is based on the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR, compliance with legal obligations (such as statutory retention requirements) pursuant to Art. 6 para. 1 lit. c GDPR and our legitimate interests in efficient internal organization and IT operations pursuant to Art. 6 para. 1 lit. f GDPR.

Tax and Legal advice

We engage external advisors such as tax firms, law firms and external data protection officers for the provision of tax and legal advice as well as to review, enforce or defend legal claims. For these purposes, we process master data, contract and transaction data, KYC/AML documentation where required for the advisory services, and correspondence with and about investors, and disclose such data to tax advisors, auditors, lawyers, external data protection officers and similar recipients. The processing is based on the fulfilment of legal obligations (e.g. under tax law) pursuant to Art. 6 para. 1 lit. c GDPR and on our legitimate interests in obtaining legal advice and in the defence and enforcement of claims pursuant to Art. 6 para. 1 lit. f GDPR.

Audits

In addition, we carry out statutory and contractual audits of financial statements (for the company and the funds) and audits of compliance with anti-money laundering obligations, including the review of sample KYC documentation. In this context, we process financial and accounting records, KYC information and transaction/reporting data and make these available to auditors. This processing is required for compliance with legal obligations (e.g. under the German Commercial Code (HGB), the KAGB and the GwG) pursuant to Art. 6 para. 1 lit. c GDPR and is also based on our legitimate interests in transparency and demonstrating proper business conduct pursuant to Art. 6 para. 1 lit. f GDPR.

Notifications and reporting

Furthermore, we process personal data to fulfil statutory notification, registration and reporting obligations vis-à-vis authorities, registers and other public bodies (such as tax authorities, financial supervisory authorities, the transparency register or commercial register, the Financial Intelligence Unit or the German Federal Bank and for statistical reports). For this purpose, we process identity and contact data, shareholding data, tax identification data and transaction data, and, where applicable, information on beneficial owners, and transmit these to tax authorities, financial supervisory authorities, register-maintaining bodies and, where relevant, other competent authorities. This processing is carried out to comply with legal obligations in accordance with Art. 6 para. 1 lit. c GDPR.

AI support

As an analytics and Artificial Intelligence support tool we use AI tools, for example for analysing and preparing information through document review, summaries and research support. Its use may involve access to corporate data within defined permission frameworks. The data processed can include content from documents, emails, CRM entries and similar sources, insofar as they are part of the respective workflows. The tool is not used for autonomous profiling of investors or for automated individual decisions that produce legal effects, and training on our own data is configured as an optout option. The processing is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR, in particular efficiency gains and support for staff; where document processing is directly related to contractual purposes, the legal basis is Art. 6(1)(b) GDPR.

5. Profiling and Automated Decision-Making

We do not use profiling or solely automated decision-making within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you. Scoring or risk classifications may occur in the context of KYC/AML processes (e.g. risk categorisation). These assessments serve the fulfilment of legal obligations and are not purely automated; an appropriate human review takes place.

6. Recipients of Investor Data

In summary, Investor Data may be transferred to and processed by the following recipients to the respective extent necessary and legal permitted, as described in Section 4 above:

  • Internal departments, affiliated entitites relevant for the management of investor accounts
  • IT and cloud service providers
  • Platform and SaaS providers
  • Bank(s)
  • Portfolio companies and co-investors
  • Tax and legal advisors, auditors, external data protection officer
  • Supervisory and other authorities, courts, registry bodies

Where service providers act on our behalf, this is based on data processing agreements pursuant to Art. 28 GDPR.

7. International data transfers

While we aim to reduce international data transfers, some of the service providers or their parent companies may be located outside the EU/EEA or may process data from there (e.g. USA).

Furthermore, the investment strategy of Clementine' funds does not exclude investments in Third Countries. Thus, it cannot be ruled out that personal data must be disclosed to recipients in Third Countries in order to implement the respective fund's investment strategy.

In such cases, we aim to ensure an adequate level of data protection, for example through:

  • adequacy decisions of the European Commission (e.g. EU–US Data Privacy Framework, where applicable)
  • the conclusion of EU Standard Contractual Clauses pursuant to Art. 46 para. 2 lit. c GDPR
  • where necessary, additional technical and organizational safeguards (encryption, access and permission concepts).

8. Storage period

We generally store Investor Data only for as long as necessary for the purposes described or as we are legally obliged to do so. In particular:

  • Contract and transaction data: retention in accordance with commercial and tax law obligations (generally 6–10 years).
  • KYC/AML data: retention in line with the requirements of the German AML law (usually 5 years after termination of the business relationship, with possible extension in case of pending proceedings).
  • Newsletter data: until you withdraw your consent or object or until your consent is rendered invalid for other reasons
  • Data from legal disputes: until completion of the proceedings and expiry of the relevant limitation periods.

Afterwards, data is deleted or anonymized unless longer statutory retention obligations apply.

Clementine
Home
Approach
People & Company
Team
Interact
Contact
LinkedIn
Investors
Legal
Imprint
Privacy Policy
SFDR

© 2026 Clementine Capital
All content, materials, and information presented on this website are provided for general informational purposes only and do not constitute professional advice, representation, or services of any kind. Accessing, browsing, or using this website does not establish any contractual, advisory, or client relationship.

Partial logo with a stylized sunburst icon and the word 'clementine' in lowercase letters.