Skip to content Skip to footer

Privacy Policy

HomePrivacy Policy
Close

This Privacy Notice explains how Tomac Cove collects, uses, discloses, and safeguards Personal Information when you visit our Site, communicate with us, apply for a role, or invest with us (collectively, the “Services”). This Notice covers U.S., EU/UK, Canada (including Québec), and other applicable privacy regimes.

Privacy Notice

Last updated: November 1st, 2025

This Privacy Notice explains how Tomac Cove collects, uses, discloses, and safeguards Personal Information when you visit our Site, communicate with us, apply for a role, or invest with us (collectively, the “Services”). This Notice covers U.S., EU/UK, Canada (including Québec), and other applicable privacy regimes.

Regulatory note (summary): We align this Notice with core requirements under the SEC Marketing Rule for website communications, the SEC’s 2024 amendments to Regulation S-P (data-breach notices and incident response for covered firms), major U.S. state privacy laws (e.g., CA/CPRA, CO, CT, VA, UT, TX, FL, OR, DE, etc.), GDPR/UK GDPR, and Québec Law 25. See citations at the end.

1) The Personal Information We Collect

We may collect the following categories:

  • Identifiers & contact data (name, email, phone, address, IP address, device IDs).

  • Professional/firmographic data (company, role, accreditation status, KYC/AML documents when relevant).

  • Internet/network activity (pages viewed, referring URLs, device/browser data; via cookies and similar tech).

  • Financial & investor data (only for investors and prospective investors: subscription documents, bank/wire instructions, tax IDs, beneficial ownership, capital account data) as required for diligence, onboarding, and administration.

  • Compliance data (sanctions screening, KYC/AML, conflicts, audit logs).

  • Recruitment data (CV/resume, work history, references).

We collect data directly from you, automatically (via cookies/analytics), and from third parties (administrators, placement agents, service providers, public sources, or your employer if you engage us in a professional capacity).

2) How We Use Personal Information (Purposes)

  • Provide, operate, secure, and improve the Site and Services.

  • Evaluate opportunities, respond to inquiries, and manage relationships.

  • Conduct investor onboarding, KYC/AML, tax, accounting, reporting, and capital calls/distributions.

  • Perform research, analytics, and Site measurement (in aggregated or de-identified form where feasible).

  • Comply with legal/regulatory obligations (SEC, AML, sanctions, privacy laws) and enforce our rights.

  • Manage recruiting and HR processes for candidates.

Legal bases (GDPR/UK GDPR): consent (where required), performance of a contract, legitimate interests (e.g., communications, security, analytics), compliance with legal obligations, and establishment/defense of legal claims.

3) Cookies & Analytics

We use essential cookies for security and function; and (where permitted) analytics cookies to understand traffic and improve the Site. In jurisdictions requiring consent, we will request it via a banner and honor your opt-in/opt-out choices. You can adjust browser settings or use our cookie controls to manage preferences. See our separate Cookie Notice (optional page) for details.

4) Disclosures of Personal Information

We may share Personal Information with:

  • Service providers/Processors (IT, hosting, analytics, CRM, administrators, fund administrators, KYC/AML providers, auditors, counsel).

  • Affiliates for business operations consistent with this Notice.

  • Transaction counterparties and portfolio companies as needed during diligence and asset management.

  • Regulators and authorities where legally required, or to protect rights, safety, and security.

  • Business transfers (merger, acquisition, restructuring).
    We do not sell Personal Information or share it for cross-context behavioral advertising where prohibited; if that changes, we will provide required notices and opt-out mechanisms.

5) U.S. Privacy Rights (Summary)

Depending on your state of residence (e.g., California (CPRA), Virginia, Colorado, Connecticut, Utah, Texas, Florida, Oregon, Delaware, and others), you may have rights to: access, correct, delete, obtain a portable copy, opt-out of targeted advertising, sale, and certain profiling, and to appeal denials. To exercise rights, email privacy@tomacinfra.com with “Privacy Request” and your state of residence. We will authenticate requests and respond within the timelines required by law.

California disclosures: We provide CPRA categories, purposes, and retention in this Notice; we do not use or disclose sensitive personal information for inferring characteristics beyond permitted purposes. Authorized agent requests and non-discrimination commitments are honored.

6) EU/EEA, UK & Switzerland (GDPR/UK GDPR)

Residents have rights to access, rectification, erasure, restriction, objection (including to processing based on legitimate interests), and data portability; and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your supervisory authority.
Controller: Tomac Cove Asset Management, LLC.
Transfers: Where we transfer Personal Data outside your region (e.g., to the U.S.), we use appropriate safeguards such as the EU/UK Standard Contractual Clauses and supplementary measures.

7) Canada & Québec (Law 25)

For residents of Canada—including Québec—you may request access/correction and, where applicable, de-indexation and portability. We designate a Privacy Officer and conduct privacy impact assessments for high-risk processing as required by Law 25. Contact privacy@tomacinfra.com.

8) Children’s Data

The Site is not directed to children under 16, and we do not knowingly collect their data.

9) Security

We maintain administrative, technical, and physical safeguards designed to protect Personal Information appropriate to the nature of the data and risks. No system is 100% secure.

10) Data Retention

We retain Personal Information only as long as necessary for the purposes described or as required by law (e.g., books and records, tax, AML/KYC, and SEC obligations). When no longer needed, we will delete or de-identify the data.

11) Incident Response & Notifications

Consistent with the SEC’s 2024 amendments to Regulation S-P, we maintain a written incident response program and will notify affected individuals as soon as practicable and no later than 30 days after becoming aware of unauthorized access to “customer information,” where required. Notices will include relevant details and guidance. (This applies to in-scope entities and contexts under Reg S-P.)

12) Your Choices

  • Marketing: You can opt out of non-transactional emails at any time using unsubscribe links or by contacting us.

  • Cookies/Analytics: See Section 3.

  • Do Not Track / GPC: Where required, we will honor Global Privacy Control signals for opt-out preferences.

13) Changes to This Notice

We may update this Notice periodically. Material changes will be posted to the Site with a new “Last updated” date.

14) Contact Us

  • General & privacy requests: privacy@tomaccove.com

  • Mail: Tomac Cove Asset Management, LLC, [Address], New York, NY [ZIP], USA

  • DPO/Privacy Officer (if appointed): Mark Saxe