This privacy policy explains how GRO Capital A/S ("we", "us" or the "Manager") process your personal data, namely what kind of information is collected, used, disclosed and stored, who the information is about, and for what purposes the information is processed, as well as the rights of the individuals.

‍

We manage investments in GRO Fund I K/S, GRO Fund II K/S, GRO Fund III K/S, GRO CV I K/S and GRO Generation Fund I K/S (the "AIF"). In order for us to provide fund management services, we must process certain personal data about investors who are natural persons and the beneficial owners of investors that are legal persons and related individuals, cf. below.

‍

‍
‍

Application process
‍

Purpose

During the application process the Manager processes your personal data to assist in completing the subscription application. When the subscription application has been submitted the Manager assesses the application in order to admit or reject investment applicants. If an investment applicant gets admitted as an investor the personal data is also processed to onboard investors to the AIF, e.g. verifying submitted data and carrying out the investment.

Categories of personal data

For natural persons who are investors: name, gender, citizenship, email, postal addresses, telephone numbers, subscription application data, investments made, bank account information, investment information (including previous investments, current holdings, portfolio, risk profile and purpose of investment), transcripts from company registers, PEP status, national identification numbers, passport copies and/or health insurance card copies, and in special circumstances salary/income and tax information.

‍

For natural persons who have a status as opt-in professionals: former and current employment records, information about ownership of assets.

For beneficial owners of the legal person as investor: name, gender, citizenship, contact details, PEP status, company register transcripts, national identification numbers, passport copies.

‍

For members of management and individual(s) signing the subscription application on behalf of the investor: name, gender, citizenship, contact details, complaints information, company register transcripts, national identification numbers, passport copies.

‍

For other contact persons at the investor: name, email address, postal address, and telephone number.

Sources

Directly from you; GRO Capital as Manager (where permitted); publicly available information; third party service providers; mutual third-party acquaintances (e.g. placement agents); banks and other financial institutions; other contacts within the potential or actual investors.

Legal basis

For natural persons who are investors: Article 6(1)(b) GDPR (performance of contract) and Article 6(1)(c) GDPR (compliance with AML Act, AIFM Act, AIFM Regulation, MiFID II Directive). National identification numbers: section 11(2)(1) DPA. Political opinions: Article 9(2)(e) or 9(2)(g) GDPR.

‍

For semi-professional investors and opt-in professionals: Article 6(1)(c) GDPR (investor protection regulations).

‍

For beneficial owners, management members, and other contact persons: Article 6(1)(f) GDPR (legitimate interest) and Article 6(1)(c) GDPR
(AML/financial legislation compliance).

Recipients

The AIF; the Danish Business Authority; the Manager's and AIF's advisors (e.g. Plesner Advokatpartnerselskab, Ernst & Young); government bodies including Finanstilsynet and Skattestyrelsen; certain US corporations (withholding tax requirements); IT suppliers including Microsoft; KYC/CDD service providers; GRO Capital International Limited, 12 Hay Hill, London W1J8NR, UK; GRO Capital International AS, Tjuvholmen Allé 1, 0252 Oslo, Norway.

Storage

Generally five (5) years after the end of the year in which the matter ceases or an isolated transaction is completed, in compliance with the AML Act, the Danish Acts on Certain Commercial Undertakings, Public and Private limited Companies, and Bookkeeping. Information about applicants where no investment is made: up to two (2) years from the last date of contact.

‍

Investor relationship

Purpose

We process information regarding investors in order to report to the investors and organize meetings.

Categories of personal data

Name, gender, citizenship, email, postal address, telephone number, and information related to contact and correspondence.

Sources

Directly from you.

Legal basis

Article 6(1)(f) GDPR — legitimate interest in communicating with you about the investment.

‍

Recipients and storage

As described under Application process above.

General contact
‍

Purpose

We process information regarding investors in order to handle day-to-day questions and handle potential complaints.
‍

Categories of personal data

Information related to contact and correspondence with the individuals; complaints from the individuals.

Sources
Directly from you.

Legal basis

Article 6(1)(f) GDPR — legitimate interest in communicating with
investors on a day-to-day basis, handling complaints, and establishing, exercising and defending legal claims.

Recipients and storage

As described under Application process above.

General administration

Purpose

We process investors' personal data in order to manage the AIF, including: documenting investments; facilitating mandatory auditing; complying with AML Act obligations (customer due diligence, reporting of suspected irregularities); registering owners and beneficial owners; and obtaining legal, tax and financial advice. For semi-professional investors and opt-in professionals: compliance with investor protection rules under the AIFM Act, AIFM Regulation, and MiFID II Directive.

‍

Categories of personal data, sources, legal basis, recipients and storage

As described under Application process above, with the addition that tax information in relation to FATCA and/or CRS reporting may be processed in special circumstances.

‍

The Manager is legally required to examine the background and purpose of all complex and unusually large transactions as well as all unusual patterns of transactions and activities that do not have a clear financial or identifiable lawful purpose in order to determine whether there is any suspicion or reasonable grounds to assume that such transactions are or have been associated with money laundering or financing of terrorism, cf. section 25 of the AML Act.

‍

If the Manager becomes aware of, suspects or has reasonable grounds to suspect that a transaction, funds or activities are or have been associated with money laundering or the financing of terrorism, it has a duty to notify the authorities without informing you, cf. section 26 of the AML Act.

‍

Information, including personal data, may in this context be shared with: the Danish Money Laundering Secretariat (Hvidvasksekretariatet); the Danish Bar and Law Society (Advokatsamfundet); businesses and individuals falling within section 1(1) paras 1-14, 16, 18, 20 and 20-22 of the AML Act; and external advisors and investigators. The notification duty is subject to certain exceptions.

‍

When we collect personal data directly from you for the above-mentioned purposes, you provide the personal data to be able to apply for and carry out investments in the AIF and for the Manager to fulfil statutory requirements. You are legally obliged to provide the personal data. The consequences of not providing it are that the application cannot be assessed, the investment cannot be made, and the Manager cannot perform its services.

‍

As part of our processing activities, we may transfer personal data to third countries when using data processors and subprocessors, including Microsoft Ireland Operations Limited and its subprocessors. We generally process personal data within the EU/EEA but may receive support from subprocessors in third countries.

‍

Third countries we may transfer personal data to include: USA (adequacy decision for EU-U.S. Data Privacy Framework recipients), Canada (adequacy decision), United Kingdom (adequacy decision), Israel (adequacy decision), Australia, Chile, Hong Kong, Egypt, Singapore, India, Serbia, South Africa, United Arab Emirates, and China.

‍

Where the European Commission has not made an adequacy decision, transfers take place on the basis of standard contractual clauses under GDPR Article 46. You may request a copy by contacting gk@grocapital.dk.

‍

‍

You have the following rights:

• To request access to, rectification of, or deletion of your personal data.
• To restrict the processing of your personal data.
• To withdraw your consent at any time (without affecting the lawfulness of prior processing).
• To receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (data portability).
• To lodge a complaint with a data protection supervisory authority, such as the Danish Data Protection Agency.
• To object to processing based on Article 6(1)(f) GDPR at any time for reasons relating to your particular situation.
• To object unconditionally to processing for direct marketing purposes.

To exercise your rights, email gk@grocapital.dk specifying the rights you wish to exercise. Conditions or limitations may apply depending on the specific processing activity.

‍

Last updated: May 2026

‍