Privacy Policy

Last updated: 13.02.2025

About this Privacy Policy and ÆRA Capital Group
This privacy policy applies to the AERA Capital Group website, which is owned and operated by ÆRA Capital Group, through ÆRA Capital FinCo AS (Org. no.: 934 159 403, Ruseløkkveien 30, 0251 Oslo, Norway), including ÆRA Capital AS (org. no.: 934 400 151) and ÆRA Advisory AS (Org. no.: 934 400 178).

For processing activities related to the website and customer support ÆRA Capital AS and ÆRA Advisory AS acts as joint data controllers. For all other processing activities described in the Privacy Policy ÆRA Capital AS and ÆRA Advisory AS acts as an independent data controller. Which entity who is deemed to be the data controller for what specific personal data is dependent on client relationships, which entity receives job applications and/or which entity performs the activity. See more information under each processing activity describes in this Privacy Policy. ÆRA Capital AS and ÆRA Advisory AS will hereafter be referred to collectively as "we," "us," or “ÆRA Capital”.

ÆRA Capital are obligated to process your personal data in accordance with the Norwegian Personal Data Act of 2018 and the EU General Data Protection Regulation 2016/679 (GDPR), regardless of where you, as a user of the Service, are located in the world. If you reside outside the EEA, you may have additional or supplemental rights under local privacy laws. In such cases, we will inform you of these rights as far as possible and facilitate the exercise of these rights.

It is important that you read this privacy policy and understand how we collect, store, and otherwise process your personal data. You are advised to review this privacy policy periodically to stay informed of any updates made due to legal changes, changes in our practices, or other reasons.

The Information We Process, the Purpose of Processing, and the Legal Basis.

Website and cookies
When you visit the ÆRA Capital website, we automatically collect certain information about your device, including your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the site, we collect information about individual web pages or services you view, what websites or search terms referred you to the site, and how you interact with the site. This information is referred to as "Device Information."

Data Controller: Joint Controllership

Purpose: To analyze website traffic, improve our website, and prevent fraudulent activity

Legal Basis: Our legitimate interest in maintaining the security and functionality of our website (GDPR Article 6(1)(f)).

Client Relationship Management

We collect and process personal data from our clients and potential clients, including names, contact details, investment preferences, and financial information.

Data Controller: ÆRA Capital AS or ÆRA Advisory AS, dependent on the client relationship
Purpose: To manage client accounts, provide tailored investment advice, and maintain effective communication.
Legal Basis: Performance of a contract (GDPR Article 6(1)(b)).

Due Diligence and Compliance
We process personal data in connection with our due diligence obligations, including creditworthiness assessments, AML (Anti-Money Laundering) compliance, and risk management. This may involve collecting identification documents, credit histories, and financial statements, as well as information from public sources, such as sanctions lists, politically exposed persons (PEPs) databases, and national registers.

Data Controller: ÆRA Capital AS or ÆRA Advisory AS, dependent on who performs the activity
Purpose: To assess creditworthiness, mitigate financial risks, and comply with legal and regulatory obligations.
Legal Basis: Compliance with a legal obligation (GDPR Article 6(1)(c)).

Marketing and Communications
If you sign up for newsletters or marketing materials, we collect and process your email address and name.

Data Controller: Joint controllership, ÆRA Capital AS or ÆRA Advisory AS, dependent on who performs the activity, or if the activity is performed collectively. Purpose: To send newsletters, updates, and marketing materials about our services.
Legal Basis: Legitimate interest (GDPR Article 6 (1)(f)) where an existing client relationship exists; otherwise, consent (GDPR Article 6(1)(a)). You may withdraw your consent or opt out of marketing communications at any time.

Contact and Customer Support
If you contact us via the contact information provided on the website, we may process personal data such as your email address, phone number, postal address, and any other information you choose to share.

Data Controller: Joint Controllership
Purpose: To respond to your inquiries and provide customer support.
Legal Basis: Our legitimate interest in assisting you (GDPR Article 6(1)(f)).

Job Applications

You are welcome to apply for a position with us. If you decide to do so, we will process personal data provided in job applications, interviews, and given by references. This includes basic/contact information, information about qualifications, certifications and background, and any assessments we make in relation to our internal assessment of your application.

Data Controller: ÆRA Capital AS or ÆRA Advisory AS, dependent on to whom the job application is sent to.
Purpose: To evaluate job applications, conduct interviews, verify qualifications, and assess candidates for potential employment opportunities.
Legal Basis: Performance of a contract or steps taken at the request of the data subject prior to entering into a contract (GDPR Article 6(1)(b)).

Social Media
If you like, comment or interact in any way with ÆRA Capital’s page on LinkedIn some of your personal information becomes available to us such as your name, profile picture, comments and likes. All this information is specifically and voluntarily provided by you as a visitor.

If you provide personal data to these sites, their privacy policies apply. ÆRA Capital is not responsible for how these sites handle your data. We recommend reading their privacy policies and Terms of Use.

Data Controller: Joint Controllership, ÆRA Capital AS or ÆRA Advisory AS, dependent on who performs the activity, or if the activity is performed collectively.
Purpose: We may use this information to track trends, engagement and likes. We do not use this information otherwise, unless it is to get in contact with you directly to respond to your comment or interaction. We do not store this information anywhere, though it will still be available to us on the page.
Legal Basis: We collect this information to uphold our legitimate interest in marketing of our products and services. The processing also upholds our legitimate interest in replying to your requests or questions, and in order to stay updated on trends and likes (GDPR Article 6(1)(f)).

Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy:

Website analytics data: Retained for up to 24 months.
Due Diligence and Compliance data: Retained for up to 10 years after the end of our business relationship or completion of the due diligence assessment, in accordance with anti-money laundering (AML) regulations and other legal obligations.
Accounting records: Retained for up to 10 years in compliance with the Norwegian Accounting Act.
Marketing data: Retained until you withdraw your consent or request deletion.
Customer support inquiries: Retained for up to 12 months after resolution or for as long as there is a legitimate interest in storing the data to improve our services, defend legal claims or ensure consistent support.
Job applications: Retained until the recruitment process is completed unless you provide consent for us to retain your information for future opportunities.

Cookies
The ÆRA Capital website uses cookies to personalize your online experience and ensure the proper functioning of our website. A cookie is a small text file placed on your device by a web page server. Cookies are uniquely assigned to you and can only be read by the web server that issued them. They cannot be used to run programs or deliver viruses to your computer.

We use cookies that are essential for the functionality of the site. These cookies help with core functions such as security, session management, and accessibility.

Optional cookies, including cookies used for analytics and performance, require your consent. You can choose to accept or decline these cookies in out cookie banner when visiting our website.

You can manage your cookie preferences at any time through your browser settings. However, disabling required cookies may impact the functionality of certain website features.

Sharing your personal data

We may share personal data with authorized third parties where necessary to provide our services, fulfill legal obligations, or improve our operations. This includes:

Within the Group Companies
Service providers (e.g., IT providers, auditors, accountants, legal counsel).
Regulatory bodies and public authorities where required by law.
Business partners necessary for the execution of investment services (e.g., custodians, financial institutions).

In the event that we share your personal data with authorised data processors, we have in place legal and organisational measures to ensure compliance with the applicable data protection legislation. When engaging a data processor that processes personal data on our behalf, we have entered into data processing agreements pursuant to GDPR.

International Data Transfers

All personal data is stored and processed within European Economic Area (EEA). But, by using our website, services or sending us an application or inquiry, you acknowledge that your personal data may be transferred outside of the EU/EEA where data protection laws may differ from those within the EEA.

If such transfers should occur, we will comply with the requirements of GDPR Chapter V, implementing appropriate safeguards to ensure the protection of your rights.

Security

We take appropriate technical and organizational measures to safeguard your personal data from unauthorized access, loss, misuse, alteration, or disclosure. In addition, our website hosting services has implemented HTTPS secure access, and regularly monitor systems for possible vulnerabilities and attacks.

Despite these measures, no online platform is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. If you suspect any security breach or unauthorized access to your data, please contact us immediately at info@aeracap.com.

Legal Disclosure
We may disclose your personal data in the following circumstances:

Compliance with legal obligations: If required by law, regulation, or legal process (e.g., subpoena, court order).
Protection of rights and safety: If disclosure is necessary to protect our legal rights, enforce our policies, or investigate fraud.
Government and law enforcement requests: If requested by law enforcement agencies, regulators, or authorities under applicable legal frameworks.
Corporate transactions: In case of mergers, acquisitions, or asset sales, where personal data may be transferred as part of the transaction.

We ensure that any disclosure of personal data is done in accordance with applicable data protection laws and that recipients adhere to confidentiality obligations.

Your rights:
You have the following rights in respect of the personal data processed about you:

Access: You have the right to access the personal data processed by ÆRA Capital. This includes a copy of the data and information about how we process your personal data.
Rectification: You have the right to request that personal data be corrected if they are incomplete or incorrect.
Erasure: You have the right to request ÆRA Capital to delete personal data on you in certain situations. The right to erasure does not apply if ÆRA Capital needs the data to fulfil the purpose for which the data was collected or because processing is necessary to fulfill a legal obligation or to establish, exercise, or defend a legal claim.

Restricted processing: If you dispute the accuracy of the personal data ÆRA Capital processes, you believe the processing is unlawful, or you believe the processing is no longer necessary to achieve the purpose of the processing, you have the right to request that the processing be restricted. The same applies if you have objections to the processing.

Withdraw consent: If the processing of personal data is based on consent, you have the right to withdraw your consent at any time.

Object to processing: You can object to the processing of personal data if the processing in based on ÆRA Capital’s legitimate interest, including direct marketing and profiling in connection to such marketing.

Data portability: You have the right to receive the personal data you have provided to ÆRA Capital in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller, if the processing is based on consent or contract, and is carried out by automated means.

Complain: If you believe that our processing of your personal data is in violation of GDPR, you have the right to file a complaint with the Norwegian Data Protection Authority (“Datatilsynet”). Contact information and procedures are available at www.datatilsynet.no.

To exercise your rights, please contact us. We will process your request within one month in accordance with GDPR.

Contact information:

If you have any questions about this Privacy Policy or wish to exercise your rights, you may contact us at:

Email: info@aeracap.com
Address: Ruseløkkveien 30, 0251 Oslo, Norway