Introduction

CAPZA, operating under the trade name Atalante SAS, along with its affiliates and branches—including Artemid SAS and CAPZA Transition, as well as Atalante (CCAPZA) Spain Branch, Atalante SAS Dutch Branch, Atalante German Branch, and Atalante SAS Italy Branch—part of the BNP Paribas Group, is committed to ensuring that all processing activities on its website and within its asset management operations comply with the General Data Protection Regulation (GDPR) and applicable local legislation.

This policy explains how CAPZA collects and processes your personal data, as well as the rights you have regarding your data.

Who is covered by this policy?

Any individual interacting with CAPZA in the context of its asset management activities (including websites), such as representatives, directors, officers, or ultimate beneficiaries of prospective, existing, or business relationships with CAPZA.

What personal data does Capza collect and process?

Personal data refers to any information relating to an identified or identifiable individual. An individual can be identified directly (e.g., name and surname) or indirectly (e.g., phone number, client ID, postal or email address, voice).

CAPZA strives to minimize the collection of personal data, keep it up-to-date, and ensure its security through appropriate technical and organizational measures to protect against unauthorized access, loss, destruction, alteration, or disclosure.

Depending on your relationship with CAPZA, the following types of personal data may be processed:

• Information you provide: collected directly when you fill out contact forms, submit applications, request subscriptions related to our funds, or communicate via phone, email, or other channels.

This may include:
• Identification data: name, surname, job title, date of birth

• Contact details: personal or professional contact information, interaction history (including recorded calls)

• Professional background: CV, job title, work history, education

• Form content

• Details of transactions, investments, and relationship management

• Physical access data (visits to our premises)

• Dietary preferences (e.g., for catering purposes)

• Profile and usage data : website interactions, pages viewed, search queries, response times, errors, session duration, mouse movements, clicks, email opens

• Technical data: IP address, connection data, browser type and version, device type, time zone settings, browser plugins, operating system, platform

• Data required for legal compliance:
To meet anti-money laundering, counter-terrorism financing, sanctions, and anti-corruption laws (e.g., Sapin II), we may collect identity verification documents, address proof, financial situation, and transaction details.

• Data for fraud prevention: additional information such as personal, family, professional data, financial details, irregularities, or anomalies related to fraud investigations.
• Data collected under MiFID II regulations: when providing investment advice or portfolio management, we gather data regarding your investment experience, financial situation, and risk appetite.
• Information generated by us: statistical data about your investments and preferences.
• Data from external sources: public sources, sanctions lists, or data provided by financial advisors or brokers involved in your investment.

Legal basis for processing and purposes:

Your data may be processed based on the following legal grounds:

• Performance of a contract: opening, managing, and administering your account and investments, including subscription, redemption, transfer, and payment processing.
• Legal compliance: to comply with legal obligations such as fiscal laws, anti-money laundering, sanctions, and anti-corruption regulations, including identity verification and transaction monitoring.
• Legitimate interests: managing relationships, improving our services, conducting market analysis, sharing information internally within the BNP Paribas Group, handling complaints, marketing, personalising communications, and fraud detection.

What happens if you do not provide the requested data?

Failure to provide necessary data may prevent us from processing your requests or offering our services, and we may need to terminate our relationship.

Who has access to your data?

Only authorized personnel within Capza and its affiliates who need the data for their duties will have access. Data may also be shared within the BNP Paribas Group, with service providers, authorities (such as tax or financial regulators), or partners, always respecting confidentiality and legal obligations.

International Data Transfers

Due to our global organization and use of international service providers, your data may be transferred outside your country or the EU. To ensure adequate protection, we rely on standard contractual clauses or binding corporate rules approved by the European Commission.

Data retention

We retain your data for as long as necessary for the purposes outlined, including legal or regulatory obligations, typically during the duration of our relationship plus a few years afterward.

Your rights

Under GDPR and applicable laws, you have rights to access, rectify, oppose, restrict, erase, or port your data. You can exercise these rights by contacting our Data Protection Officer: dpo@capza.co. You may also withdraw consent or object to marketing communications at any time.

If you feel that your request has not been handled properly, you can submit a complaint to the European Data Protection Authority to which you are subject.

• For France (Atalante SAS, Artemid SAS and Capza Transition) : Commission Nationale de l’Informatique et des Libertés | CNIL ;
• For Spain (ATALANTE (CAPZA) SUCURSAL EN ESPAÑA) : Agencia Española de Protección de Datos | AEPD ;
• For Netherlands (Atalante SAS, Dutch Branch) : Autoriteit Persoonsgegevens | AP ;
• For Spain (Atalante German Branch) : Bundesbeauftragte für den Datenschutz und die Informationsfreiheit | BfDI ;
• For Italy (Atalante SAS Italian Branch) : Garante per la protezione dei dati personali | GPDP .

Update of this policy

This policy was last updated in April 2026. Changes may occur, and the latest version is available on our website.

Contact

For any questions regarding data collection, processing, or exercising your rights, please reach out to our Data Protection Officer: dpo@capza.co.