0110 Capital

Privacy Policy

Last updated: November 09, 2025

Introduction

This Privacy Policy explains how 0110 Capital ("0110", "we", "us" or "our") collects, uses, stores, discloses and protects personal information in connection with the provision of investment platform services, portfolio reporting, investor relations, and related activities (collectively, the "Services"). 0110 is committed to maintaining high standards of data protection and to complying with applicable privacy laws, including the EU General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA"), and U.S. financial privacy rules where applicable.

Use of our Site or Services, or provision of your information to us, constitutes acceptance of this Policy. Where required by law, we will obtain explicit consent prior to processing certain categories of personal data.

Scope & Applicability

This Policy applies to all natural persons whose personal information we process in connection with the Services, including prospective and existing investors, counterparties, employees, contractors and website visitors. It applies to information collected online, offline, directly from you, or from third parties.

Information We Collect

We collect categories of information necessary to provide Services, perform legal and regulatory obligations, and manage relationships. Categories include, but are not limited to:

  • Identifiers: name, address, email, telephone, government identifiers (e.g., passport, national ID, SSN/TIN) for verification and tax reporting.
  • Financial & Investment Data: bank account and routing numbers, account balances, transaction histories, investment holdings, tax status, source of funds/wealth, income statements, and risk profile / suitability information collected for onboarding, portfolio construction, and reporting.
  • Beneficial Ownership & Corporate Data: entity documents, ownership structures, corporate contacts, and authorized signatories for corporate investors.
  • Compliance & Screening Data: sanctions/PEP screening results, adverse media search results, and records created in connection with KYC/AML investigations required by law enforcement or regulators.
  • Technical & Usage Data: IP addresses, device and browser characteristics, cookies, analytics, log files, and interactions with our Site and communications.
  • Sensitive Categories: as strictly necessary only for compliance (e.g., nationality for sanctions screening, limited criminal-history information where required). We do not collect health or biometric data except where required by law.

We obtain information directly from you, from third-party service providers (custodians, KYC vendors, credit reference agencies), public sources, and automated technologies.

How We Use Personal Information

We process personal information on lawful bases including performance of a contract, compliance with legal obligations, legitimate interests, and where required, consent. Core uses include:

  • Onboarding and account administration, including KYC, CDD and beneficial ownership verification to satisfy AML and sanctions obligations.
  • Execution, settlement and reconciliation of investment transactions; custody and transfer of assets; tax reporting and regulatory filings.
  • Portfolio analytics, performance reporting and investor communications (reporting required by contract or requested by users).
  • Fraud prevention, sanctions and watchlist screening, risk management, and regulatory compliance activities (legal obligation/legitimate interest).
  • Service operation and improvement, product development, website analytics and security monitoring (legitimate interest).
  • To respond to legal process, law enforcement requests, or to exercise or defend legal rights.

We will not use personal information for materially adverse profiling or automated decision-making that affects your legal rights without meaningful human review and where required, prior explanation and consent.

Sharing and Disclosure

We disclose personal information only as necessary and under strict safeguards. Typical disclosures include:

  • Service Providers: custodians, fund administrators, auditors, KYC/AML providers, payment processors, cloud and IT providers — all engaged under written contracts requiring appropriate technical and organizational measures.
  • Investment Partners & Counterparties: to facilitate due diligence, co-investments, trade execution, and settlement; disclosures are limited to data necessary to complete such transactions.
  • Regulators & Law Enforcement: when required by law, regulation, subpoena, or to prevent fraud or financial crime.
  • Corporate Transactions: in the event of a merger, sale, reorganization or acquisition, subject to confidentiality obligations.

We do not sell your personal information. Where required by law, we will provide notices and opt-out mechanisms (e.g., CCPA opt-out pathways for California residents).

International Transfers

Personal information may be transferred and processed in jurisdictions outside your country of residence. Where transfers occur from the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or explicit consent where required.

Data Security and Retention

We maintain administrative, technical and physical safeguards designed to protect data confidentiality, integrity and availability. Examples of our measures:

  • Encryption at rest and in transit (TLS/HTTPS; AES-256 or industry-equivalent where supported).
  • Role-based access control, least-privilege access, multi-factor authentication for privileged users, and regular access reviews.
  • Secure software development lifecycle (SDLC), vulnerability scanning, penetration testing, and third-party security assessments (e.g., SOC 2 readiness practices where applicable).
  • Incident response and breach notification procedures, including statutory notification timelines where applicable.
  • Retention policies: we retain personal information as required for contract performance, legal, regulatory and tax obligations (for example, regulatory records typically retained up to seven years or longer where required). When no longer required, data will be securely deleted or anonymized.

Your Privacy Rights

Depending on your jurisdiction, you may have the following rights. To exercise rights, contact privacy@0110.capital. We will verify requests and respond in accordance with applicable law.

  • Access: obtain a copy of personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion where lawful (subject to legal retention obligations).
  • Restriction/Portability: request restriction of processing or portability of data in a structured, commonly used format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdrawal of Consent: where processing is based on consent, withdraw consent at any time (withdrawal does not affect prior lawful processing).

California (CCPA/CPRA)

California residents have additional rights under CCPA/CPRA, including the right to know categories of personal information collected and to request deletion or opt-out of sale/sharing (where applicable). Submit requests to privacy@0110.capital; we will authenticate requests consistent with legal requirements.

European Union / EEA (GDPR)

EU/EEA residents may exercise data subject rights under the GDPR. Where required by law, we maintain a lawful basis for processing and provide data protection information at collection. For complex requests we may need to perform identity verification and may restrict rights where legal exceptions apply.

Children's Privacy

Our Services are not directed to children under the age of 13 (or higher age where local law requires). We do not knowingly collect personal data from children; if discovered, we will promptly delete it.

Contact & Data Protection Officer

For privacy inquiries, data subject requests, or to discuss this Policy, contact: privacy@0110.capital. If you are located in the EU/UK and prefer to escalate, we will provide contact details for our DPO where required by law.

Changes to this Policy

We may update this Policy to reflect legal, regulatory or business changes. Material updates will be posted with a revised effective date and, where required, notified to you.

© 2025 0110 Capital. All rights reserved. This Policy is governed by applicable law; in matters of interpretation, please refer to applicable statutes and regulatory guidance.