Privacy Policy

Effective as of September 2024

One Rock Capital Partners, LLC (together with the Fund, the General Partner, and its or their affiliates, “One Rock”, “we”, or “us”) has adopted this privacy policy (“Privacy Policy”) to inform individuals about the Personal Information One Rock collects about them, including through our website (https://www.onerock.com/) (the “Website”), from individual investors or individuals associated with investors, personnel working on behalf of One Rock’s commercial counterparties, including vendors, and visitors to One Rock offices and events.

For purposes of this Policy, “Personal Information” means information that identifies or relates to, describes, references, is capable of being associated with, or could be reasonably linked, directly or indirectly, with an individual or house hold.  Where applicable, it includes Personal Information or equivalent as defined in the applicable data protection and privacy laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).  One Rock is the data controller in relation to Personal Information it collects through the Website and otherwise described in this Privacy Policy.

How We Collect and Use Personal Information

Depending on the context, we collect Personal Information from various sources, online or offline, including the following:

• directly from you, such as when you enter information on a webpage, provide information for us to conduct our Know Your Customer diligence prior to making an investment or conduct transactions with us;
• automatically from your device(s) or browser;
• from publicly available sources, such as social networking services;
• from third-party sources, including service providers, such as our placement agent, institutional investors with whom individuals may be associated, and Webflow, our web host or website analytics provider.

In the last 12 months, we have collected the following categories of personal information for the purpose of performing regulatory and compliance screenings on individuals accessing information under the Sustainability section of our website: name, email address, company and country of residence.  

Where we rely on the following legitimate interests to process your Personal Information:

• exercising and complying with our rights and obligations at law or under regulation, including where such obligations are not set out under the laws of European Economic Area (“EEA”) member states, the United Kingdom, and the Cayman Islands, or under contract, including for the establishment, exercise, or defense of legal claims;
• managing and administering our business; maintaining and improving relationships with investors, vendors, or other contacts; facilitating ongoing administration and performance; evaluating an investor’s financial needs; sharing marketing and promoting products and services;
• making certain assessments to assess your investment objectives, risk tolerance, and understanding of investment risk to assess the suitability of an investment in a Fund or other product offered by us or our affiliates; as necessary to discharge our legal and/or regulatory obligations, perform any contract with you, or further our legitimate interests in engaging in investment activities with you;
• communicating with you regarding your relationship with us and/or our affiliates;
• conducting risk assessment and control; market research, and statistical and trend analysis; for system administration, operation, testing, and support; and to operate control systems and management information systems;
• managing risk and to further our legitimate interest in, or in some cases legal obligation to, protect against, identify, and prevent fraud and other unlawful activity;
• managing litigation; complying with requests from regulatory, law enforcement, or other governmental agencies;
• investigating and responding to any complaints about our activities and business, maintaining quality, and dealing with complaints and disputes, including as necessary to discharge applicable legal and regulatory requirements;
• maintaining the ongoing safety, security, and integrity of our business, services, and information technology systems and assets, monitoring and managing access to our systems and facilities, and customizing and securing your account with us;
• disclosing information to a governmental, tax or regulatory body, financial market, broker or other intermediaries, counterparties, court, auditors, or other third parties, and to conduct compliance activities, when it is necessary to further our legitimate interests, or those of a third party, in doing so, but where EEA (Member State)or UK law does not require us to make this disclosure or conduct those activities; and
• establishing, exercising, or defending legal claims to protect and enforce or ensure our rights, property, or safety; or to assist LPs and associated individuals, or others, to do this where permissible under applicable law; and

We use Personal Information only for the purposes for which we collected it as set out in this Privacy Policy or otherwise communicate to you and any purpose that is compatible with the same.  If we need to use your Personal Information for an unrelated purpose, we will contact you, in accordance with our obligations under applicable data protection and privacy laws.

Sensitive Personal Information

We use sensitive Personal Information, including social security numbers, bank account numbers, race, gender only as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.

How We Disclose the Personal Information We Collect  

We disclose the Personal Information to third parties for business, commercial, and legal purposes, depending on the context.  In the past 12months we have disclosed Identifiers and Official Government Identification Information  with the following parties: affiliated companies (including, where applicable, a fund administrator and service providers that provide services necessary to effect a transaction that you request, to service your account, or to otherwise provide services to us, such as accountants, attorneys, other advisors, portfolio managers, custodians, banks, insurers, or other administrators in the ordinary course of business.

One Rock also may disclose information:

• to comply with our legal and regulatory obligations and as necessary to further our legitimate interest in protecting our business interests and legal rights;
• to cooperate in any government, law enforcement, or similar investigation, or to conduct any internal investigation or similar function, either where required by applicable law or regulation or where it is in our legitimate interest to do so to protect our business, those we work with, and/or other third parties;
• when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss;
• when we believe in good faith that such disclosure is necessary or appropriate in preventing any activity that violates the law (including relating to intellectual property, fraud, contracts, and privacy) or may expose us to liability, and it is in our legitimate interest to make such disclosure to minimize potential harm to our business or third parties; and
• in the event of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of our business and where it is in our legitimate interest to share information to further that process for our benefit or that of our employees or other third parties.

One Rock has not sold or shared for cross-contextual behavioral advertising purposes Personal Information in the past 12 months

Cookies & Tracking Technologies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser.  The identifier is then sent back to the server each time the browser requests a page from the server.

We use cookies (“Cookies”). Insofar as those Cookies are not strictly necessary for the provision of our Website and services, we will ask individuals to consent to our use of Cookies.  

First-Party Cookies

First-Party Cookies are set by us.

How We Respond to “Do Not Track” Signals 

We do not recognize or respond to automated browser signals regarding tracking mechanisms, which may include “do not track” instructions.  

How Long Do We Retain Your Personal Information?

We will retain your Personal Information for as long as we require it for the purposes specified in this Privacy Policy, subject to your right, under certain circumstances, to have certain of your Personal Information erased (see Your Rights below), unless a longer period is required under applicable law or to resolve disputes or establish, defend, or exercise our legal rights.  In determining data retention periods, we consider local laws, regulatory requirements and guidance, as well as contractual obligations and your reasonable expectations and requirements.

International Data Transfers

We are located in the United States (“US”)and the United Kingdom (“UK”).  Our operations involve affiliated entities and non-affiliated service providers based in various global locations, including jurisdictions outside of the EEA, Cayman Islands, and UK. Personal Information may, therefore, be transferred to, or processed in, those jurisdictions to enable us to operate and fulfil your investment, and meet our legal and regulatory obligations. Sometimes, the data protection laws and professional secrecy requirements in those jurisdictions are less protective than those in the EEA or the UK.

When we transfer Personal Information outside of the EEA, the UK, or the Cayman Islands to a jurisdiction with a less robust data protection regime than the EEA, the UK, or the Cayman Islands, we will take appropriate steps to ensure it is adequately protected as required by applicable data protection laws.  Where necessary, we will do this by entering into appropriate data transfer agreements with third-party recipients of Personal Information incorporating standard contractual clauses approved by the European Commission governing the transfer of Personal Information from a country in the EEA to a country outside the EEA not offering an adequate level for the protection of personal data, including the US.  Please contact us using the details in the “How to Contact Us” section of this notice if you would like more information or a copy of those clauses, where relevant.

Where no appropriate safeguards can be put in place, we may transfer the Personal Information outside of the EEA, the UK, or the Cayman Islands on another legal ground, such as:

• if the transfer is necessary for the performance of our obligations under a contract between you and One Rock, or if the transfer is necessary to the performance of a contract between One Rock and a third party, and the contract was entered into in your interest; or
• explicit consent.

If we rely on your consent to the transfer you will be able to withdraw your consent at any time. If you withdraw your consent you may, depending on the circumstances, no longer be able to participate in your investment.  We will inform you of the exact consequences of withdrawing your consent to a specific transfer at the relevant point in time.

In addition, we may transfer your Personal Information outside the EEA, the UK, or the Cayman Islands if the transfer is necessary to establish, exercise, or defend legal claims or to protect your vital interests.

Links to Third-Party Websites

In some areas of the Website, links to other websites and digital services operated by third parties may be provided as a convenience, or widgets (such as plugins) hosted by third parties may be featured.  These external websites and services have their own policies regarding privacy and security, and we encourage you to review these policies.  This Privacy Policy does not apply to, and we are not responsible for the content of, privacy policies or data practices of third parties that collect your information.  

Updates to the Privacy Policy

If we make any such changes in the way we use your Personal Information, we will notify you by prominently posting notice of the changes on the Website and updating the last updated date above, or, where required by law, obtain explicit consent to use your Personal Information for this new purpose.

Any update to this Privacy Policy will be effective upon posting of a modified Privacy Policy on our Website and revising the “Last Updated” date.  We encourage you to periodically consult this Privacy Policy to learn about any modifications and updates.  

If you have any questions or comments about this Privacy Policy, you can contact us as described in the “How to Contact Us” section below.

Your Rights

Depending on the jurisdiction and applicable laws and other circumstances, you may have certain rights with respect to your Personal Information.

For individuals in the EEA/UK and for investors in funds established in the EEA/UK or whose managing general partner is established in the EEA/UK, these may include the following:

• the right to be informed as to how we collect and use your Personal Information;
• the right to access and receive a copy of the Personal Information we hold about you, free of charge, with a prescribed time limit for us to respond;
• the right to rectify or correct any Personal Information held about you that is inaccurate or incomplete;
• in some circumstances, the right to request the deletion of Personal Information held about you without undue delay or within a prescribed time limit when the use or other processing of such Personal Information is no longer necessary for the purposes for which it was collected or otherwise processed, and in certain other circumstances;
• the right to request that your Personal Information is used only for restricted purposes, including the right to object to direct marketing;
• the right to object to your Personal Information being processed, if the lawful basis for processing your personal information is either our or a third party’s legitimate interests;
• the right to be informed of a personal data breach (unless the breach is unlikely to be prejudicial to you);
• the right to require certain of your Personal Information to be transferred to you or a third party; and
• the right to lodge a complaint with the relevant data protection authority in your jurisdiction (for example, the Commission Nationale pour la protection des Données in Luxembourg, the Information Commissioner’s Office in the United Kingdom, and the Cayman Islands Ombudsman).

For individuals residing in California, these rights include the following:  

• the right to request that we disclose to you the Personal Information we collect, use, and disclose, specifically:
  • the categories of the Personal Information collected about you;
  • the categories of sources from which your Personal Information is collected;
  • the business or commercial purposes for collecting your Personal Information;
  • the categories of third parties to whom we disclose your Personal Information; and
  • the specific pieces of your Personal Information we have collected about you;
• the right to request that we delete certain Personal Information we have collected from you.  Please note that we may not be able to delete your data if we need it to comply with legal obligations or otherwise have reason to retain your information for a lawful purpose; and
• the right to not receive discriminatory treatment by us if you choose to exercise any of your privacy rights under the CCPA.  

How to Exercise Your Rights and Submit a Request

To exercise any of the rights above, or if you consider that we have processed your Personal Information in violation of applicable law, or have any concerns about your privacy, call us at +1 (212)605-6000 or email us at compliance@onerock.com.

Verifying Requests

We may take steps to verify your identity before granting you access to your Personal Information or complying with your request.  If you request access to or deletion of your Personal Information, we may require you to provide any of the following information:  full name, address, email address, and/or phone number.  

Request by an Authorized Agent

If you designate an authorized agent to make an access, deletion, or request on your behalf, under the GDPR, CCPA, or otherwise, (a) we may require you to provide the authorized agent written permission to do so, and (b) for access and deletion requests, we may require you to verify your own identity directly with us (as described above).

How to Contact Us

If you have any questions regarding this Privacy Policy or other privacy-related practices, or wish to notify us of any errors or changes as to any Personal Information you provide us through the Website, you can contact us in the following ways:

Email: compliance@onerock.com

Phone: +1 (212) 605-6000

For GDPR purposes, please contact the above email or phone number.

This Privacy Policy is available in alternative formats upon request.