PRIVACY POLICY

Last Updated: May 27, 2025

1. Introduction

Luna Mare Capital Limited ("we", "us", "our"), a hedge fund manager licensed by the Securities and Futures Commission of Hong Kong, respects your privacy and is committed to protecting your personal data in accordance with:

- Hong Kong Personal Data (Privacy) Ordinance (Cap. 486)

- General Data Protection Regulation (GDPR) (where applicable)

- SFC Code on Conduct for Persons Licensed by or Registered with the SFC

This policy applies to: Investors, prospective investors, website visitors, and business partners.

2. Data We Collect

| Category | Examples |

| Identification Data | Full name, passport/ID number, date of birth, nationality |

| Transactional Data | Subscription/redemption records, investment history |

| Due Diligence Data | Politically exposed person (PEP) status, KYC documents |

3. How We Use Your Data

We process personal data for:

- Investor Onboarding: Compliance with anti-money laundering (AMLO) and KYC requirements

- Fund Operations: Processing subscriptions/redemptions, NAV calculations

- Regulatory Obligations: Reporting to SFC, tax authorities, and other regulators

- Risk Management: Credit checks, investment suitability assessments

- Communication: Sending fund reports and regulatory updates (opt-out available)

4. Legal Basis for Processing

We rely on:

- Contractual Necessity: To execute investment agreements

- Legal Obligations: Under SFC rules, AMLO, and Companies Ordinance

- Legitimate Interests: Fraud prevention, network security

- Consent: For marketing communications (may be withdrawn anytime)

5. Data Sharing & Disclosures

We may disclose data to:

| Recipient | Purpose |

| Regulatory Authorities | SFC, Hong Kong Monetary Authority, tax bodies |

| Service Providers | Fund administrators, prime brokers, legal/compliance consultants |

| Affiliates | Group companies for risk control |

| Third Parties | Upon legal request (e.g., court order) |

Note: Cross-border transfers follow PDPO’s Data Protection Principle 3.

6. Data Security Measures

We implement:

- AES-256 encryption for data at rest and in transit

- Multi-factor authentication for investor portals

- Strict access controls (role-based permissions)

- Annual penetration testing and SOC 2 audits

- Employee training on data protection

7. Data Retention

We retain personal data:

- Active Investors: 7 years post-redemption (per SFC requirements)

- Prospects: 2 years after last contact

- KYC Records: Minimum 6 years under AMLO

Data is securely destroyed thereafter.

8. Your Rights

Under PDPO, you may:

- Access/correct your personal data (Form OPS003)

- Withdraw consent for marketing

- Request deletion (subject to legal limitations)

- Data portability (for machine-readable formats)

Submit requests to: martin.zuo@lunamarecapital.com. Response within 40 days.

9. Cookies & Tracking

We use:

- Essential Cookies: Session management (cannot be disabled)

- Analytical Cookies: Google Analytics (anonymized IPs)

- Marketing Cookies: LinkedIn tracking (opt-in required)

Manage preferences via browser settings or our cookie banner.

10. Policy Updates

Material changes will be:

- Posted on our website (with version history)

- Emailed to active investors

- Archived for 5 years

Contact Our Data Protection Officer (DPO):

Martin Zuo

Email: martin.zuo@lunamarecapital.com

Address: Unit 2055, Level 20, Infinitus Plaza, 199 Des Voeux Road Central, Hong Kong