1. Scope & Application

This policy applies to personal data collected by Tigris Asset Management Pte Ltd (“Tigris”, “we”, “our”) through our website at tigrisfunds.com, through direct communications, and in the course of providing fund management and external asset management (EAM) services.

By accessing our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. This policy does not apply to third-party websites linked from our site.

2. Data We Collect

We collect personal data in the following categories:

2.1 Information You Provide Directly

• Name, designation, and contact details (email, phone, address)
• Professional information (employer, role, qualifications)
• Financial information required for investor onboarding and KYC/AML purposes
• Correspondence and enquiry records submitted via our website or email
• Identification documents where required by law

2.2 Information Collected Automatically

• IP address and browser type
• Pages visited, time spent, and referral source
• Device identifiers and operating system
• Cookie and tracking data (see Section 9)

2.3 Information from Third Parties

• Due diligence data from authorised screening providers
• Publicly available business registries and professional databases
• Referrals from existing investors or business partners

3. How We Use Your Data

We use personal data for the following purposes:

• Service delivery: Fund administration, investor onboarding, portfolio reporting, and EAM partnership management
• Regulatory compliance: KYC, AML/CFT screening, MAS reporting, and other legal obligations under the Securities and Futures Act and relevant regulations
• Communication: Responding to enquiries, distributing investor updates, and notifying you of material changes
• Business operations: Internal record-keeping, risk management, and audit purposes
• Marketing: Sending information about our services to accredited investors and professional partners, where you have not opted out

We rely on the following legal bases under the PDPA: your consent (where obtained), performance of a contract, compliance with legal obligations, and our legitimate interests as a regulated fund manager.

4. Disclosure of Personal Data

We may disclose personal data to:

• Fund administrator: Bolder Group, acting as independent fund administrator for NAV calculation and investor reporting
• Regulatory authorities: MAS, ACRA, and other competent authorities as required by law
• Professional advisors: Legal counsel, auditors, and compliance consultants engaged under confidentiality obligations
• Technology providers: IT service providers and data processors acting on our behalf under data processing agreements
• Business transfers: In the event of a merger, acquisition, or restructuring, subject to equivalent privacy protections

We do not sell personal data to third parties. We do not share personal data with advertisers.

5. Cross-Border Data Transfers

Where personal data is transferred to countries outside Singapore, we ensure that such transfers comply with the PDPA’s data transfer obligations. This includes binding contractual clauses, adequacy assessments, and other mechanisms approved by the Personal Data Protection Commission (PDPC).

Our primary data storage and processing operations are conducted within Singapore or in jurisdictions providing equivalent data protection standards.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes set out in this policy, or as required by applicable laws and regulations. Specifically:

• Investor KYC and onboarding records: minimum 5 years after the end of the business relationship, or as required by MAS Notice SFA 04-N02
• Transaction and financial records: minimum 5 years, as required by applicable regulations
• General correspondence: 3 years from the date of last interaction
• Website analytics data: 26 months in aggregated or pseudonymised form

After the applicable retention period, data is securely destroyed or anonymised.

7. Your Rights Under the PDPA

As a data subject under the PDPA, you have the right to:

• Access: Request confirmation of whether we hold your personal data and obtain a copy
• Correction: Request correction of inaccurate or incomplete personal data
• Withdrawal of consent: Withdraw consent to the collection, use, or disclosure of your personal data, subject to legal and contractual restrictions
• Data portability: Request transfer of your data in a machine-readable format (where applicable under the PDPA)

To exercise your rights, please contact our Data Protection Officer at the details in Section 12. We will respond within 30 days. Certain rights may be limited where legal obligations or legitimate interests apply.

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include:

• Encryption of data in transit (TLS) and at rest where applicable
• Role-based access controls and multi-factor authentication for internal systems
• Regular security reviews and vulnerability assessments
• Staff training on data protection obligations

In the event of a data breach that is likely to result in significant harm, we will notify the PDPC and affected individuals as required under the PDPA’s mandatory breach notification provisions.

9. Cookies & Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse site usage. We use:

• Strictly necessary cookies: Essential for website operation and cannot be disabled
• Analytics cookies: Collect anonymised data on usage patterns to help us improve the site
• Preference cookies: Remember your settings and preferences

You may manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of certain parts of the website. We do not use advertising or behavioural targeting cookies.

10. Minors

Our website and services are directed exclusively at adults. We do not knowingly collect personal data from individuals under the age of 18. Our investment products are restricted to accredited and institutional investors as defined under the Securities and Futures Act of Singapore.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be notified via our website or by direct communication. The “Last Updated” date at the top of this policy indicates when it was last revised. Continued use of our services following notification constitutes acceptance of the updated policy.

12. Contact Us

For any questions, concerns, or to exercise your data protection rights, please contact: