1. Who We Are (Data Controller)

Adamas Group SA (also “LeadersCap”, “we”, “us”), a Swiss joint‑stock company (IDE: CHE‑442.653.670), with registered office at Boulevard du Pont‑d’Arve 28, 1205 Geneva, Switzerland, operates the LeadersCap platform for private‑equity club deals.

• Contact (Privacy): b.studer@leaderscap.ch
• Postal: Adamas Group SA, Attn: Privacy, Boulevard du Pont‑d’Arve 28, 1205 Geneva, Switzerland.

We do not currently appoint a statutory Data Protection Officer. For EU/EEA data subjects, an EU representative may be designated if and when required; details will be published in this policy.

2. Scope and Audience

This policy explains how we collect and process personal data of:

• registered Investors and prospective Investors using our Platform;
• representatives of legal‑entity Investors and project sponsors;
• website visitors (including cookie and analytics data);
• service providers and business contacts.

It complements our Terms of Use and applies in addition to any deal‑specific documentation. If a conflict arises, deal documents prevail for the investment itself.

3. Categories of Data We Process

We process the following categories (depending on your interactions):

• Account & Identity Data: Name, email, phone, employer/entity, job title, postal address; login identifiers; verification status.
• KYC/AML Data (where applicable): Copy of ID, date of birth, nationality, residence, beneficial ownership, PEP/sanctions screening results, source‑of‑funds/source‑of‑wealth statements and supporting documents.
• Qualification & Suitability Self‑Declarations: Investor status (professional/institutional/HNWI), knowledge/experience statements, risk acknowledgements, signatures, timestamps and IPs for acceptance.
• Investment Data: Deal interest, ticket indications, commitments, SPV participation details, distributions, carry calculations, communications in deal rooms.
• Financial & Billing Data: Bank details for wires/distributions, invoices, payments, VAT status, tax residence declarations (where required), currency preferences.
• Communications & Support: Emails, messages, meeting notes, recordings where legally permitted (with notice).
• Technical & Usage Data: Device/browser, IP address, log files, security events, pages viewed, referral URLs, session identifiers, cookie IDs (see Cookie Policy).
• Marketing Preferences: Newsletter opt‑in/out, campaign attribution (UTM), event registrations.

We may aggregate/anonymise data for statistics (non‑personal).

4. Purposes and Legal Bases (LPD/FADP & GDPR)

We process data for the following purposes and bases:

• Account Creation and Platform Access: (Contract performance; legitimate interests to operate a secure platform).
• Investor Qualification and Onboarding: (Legitimate interests to restrict access to qualified investors; compliance with financial‑crime prevention).
• KYC/AML Checks Where Required: (Legal obligation if applicable; otherwise legitimate interests to prevent fraud and ensure eligibility).
• Deal Communication and Execution: (Contract performance; legitimate interests to coordinate SPVs and distributions with partners).
• Billing and Payments: (Contract performance; legal obligations – accounting, tax).
• Security and Fraud Prevention: (Legitimate interests – protect accounts, investigate incidents; compliance where applicable).
• Analytics and Service Improvement: (Consent where required for non‑essential cookies; legitimate interests otherwise with privacy safeguards).
• Marketing Communications: (Consent for electronic marketing where required; legitimate interests for B2B communications with opt‑out).
• Legal Claims, Compliance, Audits: (Legitimate interests; legal obligations).

Where we rely on consent, you may withdraw it at any time without affecting prior processing. Where we rely on legitimate interests, we balance our interests with your rights and implement safeguards.

5. Recipients and Disclosures

We share personal data only as needed:

• Intra‑Group and Contractors: Vetted IT, hosting, analytics, KYC, and customer‑support providers under data‑processing agreements.
• Deal Counterparties: SPV administrators, depositary/transaction banks, legal counsel, auditors, and the relevant project sponsor/target company for subscription and shareholder registers.
• Authorities and Regulators: Where required by law (e.g., AML requests, court orders).
• Professional Advisers: Our lawyers, accountants, auditors (confidentiality‑bound).

We do not sell personal data.

6. International Transfers

We host primarily in Switzerland/EEA where feasible. Where data is transferred to countries without an adequacy decision, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, Swiss equivalents) and implement additional technical/organisational measures as needed.

7. Retention

We keep data only as long as necessary:

• Account Data: For the life of the account and up to 24 months after closure.
• KYC/AML Records: Typically 5–10 years after end of relationship/transaction, per legal requirements.
• Deal/Contract Data & Billing: 10 years (Swiss commercial and tax law).
• Marketing: Until you opt‑out or after 24 months of inactivity.
• Logs & Security: 6–24 months depending on purpose.

Data may be archived beyond these periods for legal claims (limitation periods) then securely deleted or anonymised.

8. Your Rights

Under Swiss LPD and (where applicable) GDPR, you may have rights to access, rectify, erase, restrict or object to processing, port your data, and not be subject to solely automated decisions producing legal effects. To exercise rights: email b.studer@leaderscap.ch. We may verify identity and respond within applicable deadlines.

You can complain to the Federal Data Protection and Information Commissioner (FDPIC), and where GDPR applies, to your local EU supervisory authority. We encourage contacting us first.

9. Security

We apply proportionate technical and organisational measures: encryption in transit/at rest where appropriate, access controls, role‑based permissions, audit trails, network protection (e.g., WAF/CDN), secure software lifecycle, vendor due diligence, staff confidentiality and training. No system is 100% secure; we operate on a risk‑based, best‑efforts basis.

10. Children

Our Platform is intended for adults and professional users only and is not directed to minors. We do not knowingly collect data from children. If you believe a minor has provided data, contact us to remove it.

11. Cookies and Similar Technologies

See our Cookie Policy for details on categories, purposes, retention, and how to manage preferences. Non‑essential cookies are used only with your consent via our consent banner/manager.

12. Changes to this Policy

We may update this policy from time to time. Material changes will be notified in advance where practicable. The latest version is always available on our website and indicates its effective date.