Privacy Policy

1. Who We Are

YMC Capital Limited (“YMC Capital”, “we”, “us”, “our”) is a British Virgin Islands Approved Manager and the investment manager of Nodal SPC, a Cayman Islands Segregated Portfolio Company registered with the Cayman Islands Monetary Authority (CIMA).

References to YMC Capital in this policy include our affiliates and group entities operating under the YMC name (including in Singapore and the Dubai International Financial Centre) to the extent they process personal data described here. The YMC group entity that determines the purposes and means of a given processing activity is the data controller for that activity; for website enquiries and investor onboarding initiated through this site, that controller is YMC Capital Limited.

Data protection contact: our Data Protection Officer can be reached via ymc.capital/contact (please mark your message “for the attention of the Data Protection Officer”).

2. Laws That Apply to Us

Depending on where you are located and where our processing takes place, the following data protection regimes may apply to our handling of your personal data, and we commit to comply with each where applicable:

• the Singapore Personal Data Protection Act 2012 (PDPA);
• the DIFC Data Protection Law No. 5 of 2020 and the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data;
• the Cayman Islands Data Protection Act (2021 Revision);
• the EU General Data Protection Regulation and the UK GDPR, where you are located in the EEA or the United Kingdom; and
• any other data protection law applicable to you or to a YMC group entity that engages with you.

Where more than one regime applies, we apply the standard that gives you the greater protection.

3. Personal Data We Collect

3.1 Enquiries and assessment requests

When you contact us or request a confidential assessment, we collect the details you provide — typically your name, email address, telephone number, the firm or family office you represent, your indicated enquiry or mandate type, approximate transaction or portfolio size, how you heard of us, your message, and your confirmation that you are a qualified, professional, accredited, or institutional investor.

3.2 Investor portal and onboarding (KYC/AML)

If you proceed toward an investment, we and our independent fund administrator collect the information required to satisfy know-your-customer, anti-money-laundering, counter-terrorist-financing, and tax-transparency obligations. This may include: identification documents (passport, national identity card, or driver’s licence); date of birth and nationality; residential and tax-residence address; tax identification details and FATCA/CRS self-certifications; source-of-wealth and source-of-funds information and supporting evidence; politically-exposed-person (PEP) declarations; bank and subscription details; and the results of sanctions, PEP, and adverse-media screening. Some of this is sensitive and is handled with corresponding care.

3.3 Insights subscription and communications

If you subscribe to our insights, we collect your email address and may record technical delivery and engagement data (for example, whether an email was delivered, opened, or its links clicked) to operate the service and measure its effectiveness. Correspondence you send us, and our records of calls and meetings, are also retained.

3.4 Messaging channels and outreach

Where you message us through a permitted channel, or where we conduct professional outreach (including via business networking platforms such as LinkedIn), we process the contact and message data necessary to respond, verify the contact, and maintain a record. We do not solicit investment, capital, or wire instructions through consumer messaging apps — see our imposter notice.

3.5 Information collected automatically

Standard web server logs may record your IP address, browser and device type, operating system, referring URL, and pages visited. This is used for security, fraud prevention, and basic aggregate analytics, and is not used to build advertising profiles.

4. How and Why We Use Your Data

• Responding to you — to answer enquiries, schedule calls, and provide information about YMC Capital and its strategies.
• Eligibility and onboarding — to verify investor qualification and to conduct KYC/AML, sanctions, PEP, tax-transparency (FATCA/CRS), and related due-diligence checks before and during an investment.
• Operating the investor portal — to authenticate you, provide access to data rooms and documents, and maintain a secure record of portal activity.
• Insights — to send insights you have subscribed to and to operate and improve that service.
• Legal and regulatory compliance — to meet our obligations under applicable financial-services, AML/CFT, tax, and sanctions law, and to respond to lawful requests from regulators and authorities.
• Security and integrity — to protect the website, our systems, our clients, and us from fraud, impersonation, and abuse.

We do not sell your personal data, and we do not use it for third-party advertising or to build advertising profiles.

5. Legal Basis for Processing

We process personal data only where a lawful basis applies under the relevant regime:

• Consent — for insights subscriptions and certain communications. You may withdraw consent at any time (see Section 7).
• Performance of a contract — where processing is necessary to assess, onboard, or service an investment (GDPR Art. 6(1)(b); equivalents under PDPA, DIFC, and Cayman law).
• Legal or regulatory obligation — for KYC/AML, sanctions, tax-reporting, and record-keeping requirements (GDPR Art. 6(1)(c)).
• Legitimate interests — for responding to enquiries, professional outreach to qualified parties, fraud prevention, and securing our systems, balanced against your rights (GDPR Art. 6(1)(f); “legitimate interests” under the PDPA and DIFC law).

Where we process sensitive or special-category data (such as identity documents or PEP status), we do so on the basis of your explicit consent, substantial public-interest grounds, or compliance with our legal obligations, as permitted by the applicable regime.

6. Screening and Automated Processing

As part of onboarding and ongoing monitoring we screen names against sanctions, PEP, and adverse-media data using automated tools. These tools may surface potential matches (including false “namesake” matches) for review. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing — a qualified person reviews any match before an onboarding outcome is reached. You may request human intervention, express your view, and contest a decision by contacting us.

7. Marketing and Withdrawing Consent

We send insights and updates only where you have asked to receive them. Every such message includes an unsubscribe mechanism, and you may withdraw your consent at any time via ymc.capital/contact or the unsubscribe link. Withdrawal does not affect processing carried out before withdrawal, or processing we are legally required to continue. Where the Singapore PDPA’s Do Not Call provisions apply, we honour registered preferences for telephone and message marketing.

8. Disclosure to Third Parties

We disclose personal data only as necessary, to the following categories of recipients, each bound to protect it:

• our fund administrator, custodian, banks, and other service providers involved in onboarding and servicing an investment;
• identity-verification, sanctions, PEP, and adverse-media screening providers;
• email-delivery, secure-hosting, and IT infrastructure providers;
• our legal, tax, audit, and compliance advisers;
• regulators, tax authorities, courts, and law-enforcement or governmental bodies where required or permitted by law; and
• a successor entity in connection with a reorganisation, merger, or transfer of our business.

We do not sell personal data to any third party. Where a recipient acts as our processor, it acts only on our instructions under a written agreement.

9. International Transfers

YMC Capital operates across multiple jurisdictions, and your personal data may be transferred to and processed in countries other than your own — including the British Virgin Islands, the Cayman Islands, Singapore, and the United Arab Emirates. Where we transfer personal data across borders, we do so only where the destination provides a comparable standard of protection or where an appropriate safeguard or lawful transfer condition is in place (such as standard contractual clauses, an adequacy finding, or your consent), as required by the PDPA’s Transfer Limitation obligation, the DIFC and UAE laws, the Cayman DPA, and the GDPR.

10. Data Retention

• Enquiries that do not proceed: retained for up to 12 months from your last communication, then securely deleted.
• Investor and KYC/AML records: retained for at least the period required by applicable law — generally a minimum of 5 to 7 years from the end of the relationship or the date of the last transaction, depending on the governing jurisdiction.
• Insights subscription data: retained until you unsubscribe, then suppressed only as needed to honour your opt-out.
• Web server logs: retained for up to 90 days for security purposes.

We retain personal data no longer than necessary for the purposes for which it was collected or as required by law.

11. Security

We apply appropriate technical and organisational measures to protect personal data, including HTTPS encryption in transit, access controls and authentication for the investor portal, segregation of confidential documents, and restriction of access to personnel with a legitimate need. No transmission over the internet is wholly secure, but we work to protect your data and to limit access to it.

12. Data Breach Notification

If a personal data breach occurs that is likely to result in significant harm or that is otherwise notifiable, we will notify the relevant supervisory authority — and, where required, affected individuals — within the timeframes set by applicable law (for example, the Singapore PDPA, the DIFC and UAE laws, the Cayman DPA, and the GDPR).

13. Your Rights

Subject to the law that applies to you, you may have the right to:

• access the personal data we hold about you, and information about how it is used;
• request correction of inaccurate or incomplete data;
• request erasure of your data where there is no overriding legal basis to retain it;
• restrict or object to certain processing, including profiling;
• withdraw consent where processing relies on consent;
• request portability of data you provided to us; and
• not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see Section 6).

To exercise any right, contact ymc.capital/contact. We may need to verify your identity first, and we will respond within the period required by the applicable law (and in any event within 30 days where practicable). There is normally no charge.

14. Cookies

This website does not use third-party tracking or advertising cookies. We use only essential cookies necessary for website and portal functionality (such as maintaining your authenticated session). Email engagement measurement for insights is described in Section 3.3.

15. No Retail or Minors

This website and our services are directed only at qualified, professional, accredited, or institutional investors and are not intended for retail clients or for anyone under 18. We do not knowingly collect data from minors.

16. Complaints

If you have a concern about how we handle your personal data, please contact us first via ymc.capital/contact so we can address it. You also have the right to lodge a complaint with the relevant supervisory authority — for example, the Personal Data Protection Commission (Singapore), the DIFC Commissioner of Data Protection or the UAE Data Office, the Office of the Ombudsman (Cayman Islands), or your local EU/UK supervisory authority (such as the UK ICO).

17. Changes to This Policy

We may update this privacy policy from time to time. Changes take effect when posted, and the “Last updated” date above will reflect the most recent revision. We encourage you to review this policy periodically.

For questions about this policy, contact: ymc.capital/contact