EN 简体 繁體
Contact
Home Approach News Contact
EN简体繁體
Legal

Privacy Policy

Last Updated: May 2026

1. Introduction

Aulis Capital Limited and its affiliate companies (“Aulis Capital”, “we”, “us”, “our”) is committed to protecting your privacy and handling personal data with transparency and care. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you visit our website at auliscapital.com (the “Site”) or otherwise interact with us.

This Privacy Policy applies to information we collect through the Site and through general business communications. It does not apply to information collected from limited partners, prospective investors, or portfolio companies in the course of fund operations, which is governed by separate fund-level disclosures and agreements.

By using the Site, you acknowledge the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Site. To make a privacy request, contact us at info@auliscapital.com or through the channels in Section 16.

This Privacy Policy is reviewed at least annually and may be updated as described in Section 15.

2. Who We Are; Data Controller; Privacy Contact

Aulis Capital is the data controller (or, where applicable, the “business” under California law and the “data user” under Hong Kong law) responsible for personal data collected through the Site.

Privacy contact (Data Protection / Privacy Officer): info@auliscapital.com (subject line: “Privacy Request”). For Hong Kong PDPO data access and correction requests, this is the address of our designated data protection officer for the purposes of section 4 of Schedule 1 of the Personal Data (Privacy) Ordinance.

3. Governing Legal Framework

Because Aulis Capital operates from offices in the United States (California) and Hong Kong, and because our investors and counterparties are located across multiple jurisdictions, several privacy and financial-services regimes may apply to information we process. This Privacy Policy is intended to be read consistently with each of them.

  • Hong Kong: the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”), including the six Data Protection Principles.
  • United States – California: the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA/CPRA”), and the California Online Privacy Protection Act (“CalOPPA”). See Section 9.C for California-specific disclosures.
  • United States – Federal: Aulis Capital is an Exempt Reporting Adviser (“ERA”) with the U.S. Securities and Exchange Commission (“SEC”) in reliance on the venture capital fund adviser exemption under Section 203(l) of the Investment Advisers Act of 1940. As an ERA, Aulis Capital is not registered as an investment adviser with the SEC, and SEC Regulation S-P does not directly apply; nevertheless, we voluntarily apply equivalent administrative, technical, and physical safeguards to nonpublic personal information consistent with industry best practice and applicable state financial-information privacy laws (including the California Financial Information Privacy Act where applicable).
  • Cayman Islands: the Data Protection Act (As Revised) of the Cayman Islands (“Cayman DPA”), to the extent personal data is processed by Aulis Capital entities or service providers established in the Cayman Islands.
  • European Union / United Kingdom: the General Data Protection Regulation (“GDPR”) and the UK GDPR, where applicable to visitors located in the EU or UK. See Section 9.D.

Where the rights or protections available under one of these regimes are broader than those provided under another, we will honour those broader rights to the extent applicable to you.

4. Information We Collect

A. Information You Provide Directly

When you contact us through the Site, by email, or in business meetings, you may provide:

  • Name and professional title;
  • Business email address and telephone number;
  • Company or firm name and role;
  • Country and, where you choose to share it, accredited-investor or professional-investor status;
  • Subject of inquiry and any information voluntarily included in your message.

Where you indicate that you are an investor, prospective investor, or otherwise interact with us in connection with our regulated investment-management activities, additional information may be collected through separate subscription, due diligence, and know-your-client processes that are not governed by this Privacy Policy.

B. Information We Collect Automatically

When you visit the Site, we and our service providers may automatically collect:

  • Internet Protocol (IP) address and approximate location derived from it;
  • Browser type, language, and version;
  • Device type, operating system, and screen size;
  • Pages viewed, time on page, and navigation paths within the Site;
  • Referring website or traffic source and date/time of access;
  • Aggregated and anonymised usage statistics.

C. Cookies and Tracking Technologies

See Section 10 for full details, including how we treat opt-out preference signals such as the Global Privacy Control.

D. Categories of Personal Information under California Law

For purposes of the CCPA/CPRA, the categories of personal information we have collected through the Site within the preceding twelve (12) months are:

  • Identifiers (e.g., name, email, IP address);
  • Customer records information under Cal. Civ. Code § 1798.80(e) (e.g., contact details and business affiliation);
  • Commercial information (e.g., topics of inquiry and engagement history);
  • Internet or other electronic network activity information (e.g., browsing on the Site, interaction with the Site);
  • Geolocation data (approximate, derived from IP address);
  • Professional or employment-related information (e.g., title, employer);
  • Inferences drawn from the above to characterise interest in our business.

Sensitive personal information: Aulis Capital does not collect or process sensitive personal information through the Site for the purpose of inferring characteristics about you. We do not use or disclose sensitive personal information for any purpose that would trigger the right to limit under Cal. Civ. Code § 1798.121.

Sources. We collect personal information directly from you, automatically through your interaction with the Site, and from service providers that support the Site (e.g., analytics and hosting providers).

5. How We Use Your Information

We use the information we collect for the following business purposes:

  • Responding to your inquiries and providing requested information;
  • Operating, maintaining, securing, and improving the Site;
  • Understanding how visitors interact with the Site (analytics);
  • Detecting, preventing, and responding to security incidents, fraud, or misuse;
  • Performing internal recordkeeping, audit, accounting, and risk management;
  • Complying with legal, regulatory, and licensing obligations applicable to a U.S. Exempt Reporting Adviser and our affiliated entities (including obligations under the Investment Advisers Act of 1940, the Securities and Futures Ordinance, anti-money-laundering / counter-terrorist-financing laws, sanctions screening, and tax reporting obligations such as FATCA and CRS);
  • Establishing, exercising, or defending legal claims; and
  • Other purposes compatible with those listed above and disclosed at or before the point of collection.

Aulis Capital does not sell or “share” personal information for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA, and we do not engage in profiling that produces legal or similarly significant effects about you.

6. Legal Bases and Basis for Collection

A. Hong Kong PDPO

Under the PDPO, we collect personal data for the lawful and directly related purposes set out in Section 5 above. Provision of personal data to Aulis Capital through the Site is voluntary; if you choose not to provide requested information we may be unable to respond to your inquiry or provide the relevant service. The classes of persons to whom we may transfer personal data are described in Section 7.

B. California (CCPA/CPRA)

We collect personal information for the business and commercial purposes described in Section 5 and use it consistent with those purposes. We will not collect additional categories of personal information, or use personal information for materially different purposes, without providing you notice and, where required, obtaining your consent.

C. EU / UK (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Legitimate interests — to respond to inquiries, manage our business, and secure and improve the Site (we have weighed these interests against your rights and freedoms);
  • Consent — for non-essential cookies and optional communications, where required;
  • Compliance with legal obligations — including financial, tax, anti-money-laundering, and securities regulatory obligations; and
  • Performance of a contract — where we are taking steps at your request before entering into a contract.

You may withdraw any consent at any time by contacting us at info@auliscapital.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

7. Disclosure and Sharing of Information

We disclose personal information only to the categories of recipients set out below, and only for the business purposes described in Section 5.

A. Service Providers and Processors

Third-party vendors who assist us in operating the Site and our business, including:

  • Website hosting and cloud infrastructure providers;
  • Analytics and Site performance providers;
  • Email, customer relationship management, and communications platforms;
  • IT security, monitoring, and maintenance providers; and
  • Compliance and regulatory technology providers (e.g., sanctions screening, KYC/AML tooling).

Each service provider is bound by written terms requiring it to process personal information only on Aulis Capital’s documented instructions, to apply appropriate technical and organisational security measures, and to comply with applicable law (including, where relevant, the CCPA/CPRA service-provider/contractor restrictions, GDPR Article 28 obligations, and PDPO Data Protection Principle 2(3) / 4(2) requirements).

B. Affiliates

Members of the Aulis Capital group of companies, including our U.S., Hong Kong, and Cayman Islands entities, where access is necessary for the purposes set out in Section 5 and subject to internal data-sharing safeguards.

C. Legal, Regulatory, and Government Authorities

Including the SEC, the U.S. Internal Revenue Service, the Hong Kong Inland Revenue Department, the Cayman Islands Monetary Authority, courts, law-enforcement agencies, tax authorities, and other regulators or self-regulatory organisations, where required by applicable law, court order, lawful regulatory request, subpoena, or to establish, exercise, or defend legal claims.

D. Professional Advisers

Legal, audit, tax, accounting, fund-administration, and other professional advisers, in each case subject to applicable confidentiality obligations.

E. Business Transfers

In connection with any merger, acquisition, restructuring, sale of assets, or similar transaction involving Aulis Capital. We will notify you of any such transfer to the extent required by applicable law.

F. With Your Direction or Consent

Other parties when you direct or consent to the disclosure.

No sale; no sharing for cross-context behavioural advertising. Aulis Capital has not sold personal information, and has not “shared” personal information for cross-context behavioural advertising, in the preceding twelve (12) months, and does not currently intend to do so. Accordingly, no “Do Not Sell or Share My Personal Information” link is required; if our practices change, we will update this Privacy Policy and provide an opt-out mechanism in compliance with the CCPA/CPRA.

8. International Data Transfers

Personal data may be transferred to and processed in jurisdictions other than the one in which you reside, including the United States (California), Hong Kong SAR, and the Cayman Islands, and any other location where Aulis Capital, its affiliates, or its service providers operate.

Where such transfers occur, we apply appropriate safeguards:

  • Hong Kong (PDPO). We comply with Data Protection Principle 3 of the PDPO and only transfer personal data outside Hong Kong where the transfer is consistent with the purpose for which the data was collected and where appropriate contractual or other safeguards are in place.
  • California / United States. Information may be processed in the United States. We apply contractual and technical safeguards consistent with the CCPA/CPRA service-provider framework.
  • EU / UK. Where the GDPR or UK GDPR applies, we rely on transfer mechanisms recognised under those regimes, such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Agreement (or UK Addendum to the SCCs), supplemented as necessary by additional safeguards.
  • Cayman Islands. Transfers to or from the Cayman Islands are conducted in accordance with the Cayman DPA, which provides protections substantially similar to those required under the GDPR.

Aulis Capital does not currently transfer personal data collected through the Site to recipients in mainland China for marketing or analytics purposes. Where any cross-border transfer to mainland China is required for regulatory reasons, we will assess the transfer under the PDPO and applicable mainland law (including, where relevant, the Personal Information Protection Law).

You may request information about the safeguards applicable to a specific transfer by contacting us at info@auliscapital.com.

9. Your Rights

A. Rights Common to All Visitors

Regardless of where you reside, you may contact us to:

  • Ask whether we hold personal data about you and obtain a copy of that data;
  • Request correction of inaccurate or incomplete personal data;
  • Withdraw any consent you previously gave;
  • Receive a copy of this Privacy Policy.

B. Hong Kong PDPO

Under sections 18 and 22 and Data Protection Principle 6 of the PDPO, you have the right to:

  • Ascertain whether we hold personal data about you;
  • Request access to that personal data;
  • Require correction of any personal data that is inaccurate;
  • Be informed of our policies and practices in relation to personal data.

Data access and correction requests should be addressed to our Privacy Officer at info@auliscapital.com. We may charge a fee not exceeding the level permitted under the PDPO and will respond within forty (40) days.

C. California (CCPA/CPRA)

If you are a California resident, subject to verification of your identity, you have the right to:

  • Know the categories and specific pieces of personal information we have collected, the categories of sources, the business or commercial purposes for collecting, and the categories of third parties to whom we disclose personal information;
  • Delete personal information we have collected from you, subject to exceptions including legal recordkeeping obligations applicable to investment advisers and licensed corporations;
  • Correct inaccurate personal information we maintain about you;
  • Opt out of the sale or sharing of personal information (as noted in Section 7, we do not sell or share personal information as those terms are defined under the CCPA/CPRA);
  • Limit the use and disclosure of sensitive personal information (as noted in Section 4.D, we do not use sensitive personal information for purposes that trigger this right); and
  • Non-discrimination — we will not deny you services, charge you different prices, or provide you a different level of service because you exercised any CCPA/CPRA right.

Submitting a request. To exercise these rights, email info@auliscapital.com (subject line: “California Privacy Request”) or write to our California office at the address in Section 2. We will acknowledge your request within ten (10) business days and respond within forty-five (45) days, with a possible 45-day extension as permitted by law. We will verify your request by matching information you provide with information we hold; we may ask you to provide additional information to confirm your identity. You may designate an authorised agent to submit a request on your behalf by providing the agent with written, signed permission and verifying your identity directly with us, in accordance with 11 CCR § 7063.

Opt-out preference signals. Where required, we treat browser-based opt-out preference signals such as the Global Privacy Control (GPC) as a valid opt-out of sale/sharing for the device or browser transmitting the signal.

Shine the Light. California Civil Code § 1798.83 (“Shine the Light”) permits California residents who have an established business relationship with us to request a list of categories of personal information disclosed to third parties for those third parties’ direct-marketing purposes during the preceding calendar year. Aulis Capital does not disclose personal information to third parties for their direct-marketing purposes.

Notice of Financial Incentive. We do not offer financial incentives or price/service differences in exchange for personal information.

D. EU / UK GDPR

If you are located in the EU or UK, you also have the right to: erasure (“right to be forgotten”), restriction of processing, objection to processing, data portability, withdrawal of consent, and to lodge a complaint with your local data protection supervisory authority (in the UK, the Information Commissioner’s Office).

E. Cayman Islands

If you are located in the Cayman Islands or your data is processed by a Cayman Islands controller, you have the rights set out in Part 2 of the Cayman DPA, including rights of access, rectification, stop-processing, erasure, and to complain to the Office of the Ombudsman.

10. Cookies and Tracking Technologies

A. What Cookies Are

Cookies are small data files placed on your device when you visit a website. We use cookies and similar technologies to support Site functionality and to understand how the Site is used.

B. Categories of Cookies We Use

  • Strictly necessary cookies — required for the Site to function (e.g., session management, security). These cannot be disabled.
  • Analytics cookies — help us understand how visitors interact with the Site. Where required by applicable law (including in the EU/UK), these are placed only with your consent collected through our cookie banner.

We do not use advertising cookies or third-party tracking technologies for cross-context behavioural advertising.

C. Managing Cookies and Opt-Out Preference Signals

You may manage cookies through your browser settings. Disabling certain cookies may affect Site functionality. For California residents, where applicable, browser-based opt-out preference signals such as the Global Privacy Control (GPC) will be honoured as an opt-out of sale/sharing as described in Section 9.C.

This Site does not respond to legacy “Do Not Track” (DNT) signals because no consensus standard has been adopted; however, see GPC above.

11. Data Retention

We retain personal information only for as long as is reasonably necessary for the purposes for which it was collected and to comply with our legal obligations. The general retention criteria, by category, are:

  • General Site inquiries (name, email, message): retained for up to twenty-four (24) months from last contact, unless a longer period is required to respond to or resolve the inquiry.
  • Site analytics and log data: retained in identifiable form for up to thirteen (13) months, after which the data is aggregated or anonymised.
  • Records relating to investors, prospective investors, or counterparties: retained for the duration of the relationship and thereafter for the longer of (i) seven (7) years and (ii) any longer period required by applicable law, including SEC books-and-records rules applicable to investment advisers, the SFC’s Code of Conduct and record-keeping rules under the Securities and Futures Ordinance, anti-money-laundering recordkeeping obligations, and applicable tax laws.
  • Compliance, audit, and litigation hold records: retained for the period required by the relevant legal obligation or hold notice.

When personal data is no longer required, it is securely deleted, destroyed, or anonymised in accordance with our records-management procedures.

12. Security

We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, loss, theft, alteration, and misuse. Safeguards include access controls, encryption in transit, network monitoring, vendor due diligence, and personnel training.

Although Aulis Capital is not directly subject to SEC Regulation S-P as an Exempt Reporting Adviser, we voluntarily apply the Regulation S-P safeguards rule and the Regulation S-ID identity-theft red-flags principles as a matter of internal policy.

Despite these measures, no method of internet transmission or electronic storage is completely secure. We cannot guarantee absolute security.

13. Third-Party Links

The Site may contain links to third-party websites, including social media platforms such as LinkedIn. We are not responsible for the privacy practices, security, or content of those external sites. We encourage you to review the privacy policies of any third-party website before providing personal information.

14. Children’s Privacy

The Site is intended for adults engaged in business activities. It is not directed to children, and we do not knowingly collect personal information from individuals under sixteen (16) years of age. Consistent with the U.S. Children’s Online Privacy Protection Act (“COPPA”), we do not knowingly collect personal information from children under thirteen (13). Consistent with the CCPA/CPRA, we do not sell or share the personal information of consumers we know to be under sixteen (16). If we learn that we have collected personal information from a child, we will delete it promptly. To make a report, contact info@auliscapital.com.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. We will review it at least annually. Material changes will be highlighted on this page, and the “Last Updated” date above will be revised. Where required by applicable law, we will obtain your consent to material changes or provide you a meaningful opportunity to object before they take effect. Continued use of the Site following posting of a revised Privacy Policy constitutes acceptance of the changes to the extent permitted by law.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise any of your rights, or have concerns about how we process your personal information, please contact:

Aulis Capital — Privacy Officer
Email: info@auliscapital.com (subject line: “Privacy Request”)

We value your privacy

This site uses only the essential cookies needed for it to function. We do not use tracking, analytics, or advertising cookies.

Privacy Policy