EIG Management Company, LLC (“EIG”) as a registered investment adviser has adopted this Privacy Policy (this “Privacy Policy”), which governs the activities of each officer, member, manager and employee of EIG (collectively, the “Employees”) relating to the protection of personal information of its customers. EIG or one of its affiliates, as general partner, adviser or sub-adviser of certain private pooled investment vehicles and separately managed accounts (collectively, the “Investment Funds”), has also adopted the Privacy Policy on behalf of the Investment Funds. The term “Customer” as used in this Privacy Policy refers to EIG’s advisory clients and Investment Fund investors meeting the statutory definition of term “Customer.”

1 PURPOSE

The SEC and other regulators with oversight over EIG have adopted rules protecting the non- public personal information of customers. The following is a summary of the material requirements of applicable privacy laws and regulations:

• Individuals that are customers of a regulated financial institution or that invest in an Investment Fund must receive a clear and conspicuous notice that details the financial institution’s privacy policies and practices.
• If a financial institution intends to disclose private information to a nonaffiliated third- party, then the customer must be given (with some exceptions) the right to opt-out (“opt- out rights”), and the financial institution must comply with any opt-out request when sharing information.
• Financial institutions are required to adopt policies and procedures reasonably designed to ensure the security, confidentiality, and integrity of customer records and protect them against anticipated hazards and unauthorized access.

EIG has adopted this Privacy Policy as a result of these requirements. Because EIG does not share non-public personal and financial information with nonaffiliated third parties, except solely for administrative purposes or servicing any pooled investment vehicle managed by EIG, this Privacy Policy does not contain opt-out rights.

The Chief Compliance Officer is responsible for reviewing this Privacy Policy at least annually and for ensuring the annual distribution of this Privacy Policy to Employees.

2 PRIVACY POLICY

2.1 Delivering the Privacy Notice to Investment Fund Investors

For Investment Funds, the Privacy Notice (see Exhibit A for current form of Privacy Notice) will initially be distributed to each investor at the direction of the Chief Compliance Officer with or as part of the subscription agreement and/or posting on the offered fund’s electronic data room. Distribution of the Privacy Notice will be made to investors in the Investment Funds at the direction of the Chief Compliance Officer by posting a copy of the Privacy Notice on the Investor Dashboard.

With respect to investors of the Investment Funds which may be registered with the SEC, any distribution of EIG’s Privacy Policy will be coordinated with such Investment Fund’s fund administrator and investment adviser.

2.2 Delivering the Privacy Notice to Advisory Clients

The Privacy Notice (see Exhibit A for current form of Privacy Notice) and an acknowledgement of receipt of the Privacy Notice will initially be distributed to each advisory client at the direction of the Chief Compliance Officer with or as part of the application for products and services or in the advisory contract.
EIG must send the Privacy Notice once during each calendar year to each advisory client, unless there has been no change to its previously disclosed procedures regarding the handling of client nonpublic personal information. That annual delivery may be combined with EIG’s annual offer to deliver a copy of its Form ADV.

2.3 Consumer Report Information

EIG does not obtain consumer reports or information derived from consumer reports (“Consumer Report Information”), except for employment purposes. Consumer Report Information obtained for employment purposes currently is retained indefinitely. Any other Employee who obtains Consumer Report Information should contact EIG Compliance for direction on the safekeeping and disposition of that information.

2.4 Keeping Information Private

EIG follows procedures reasonably designed to seek to ensure that data is maintained in a controlled and secure manner. The procedures may include:

• Maintaining subscription documents and other investor or client information on password protected drives or sites;
• Reformatting hard drives to physically remove data from personal computers that are retired or reallocated to other Employees;
• Deleting password access for Employees and contractors who have left EIG;
• Deleting data on personal network drives when Employees and contractors leave EIG;
• Maintaining logs regarding the status and disposition of back-up data;
• Maintaining current patch and release levels for operating system, database, and web browsing software;
• Instituting security precautions for remote Employee access to computer systems; and
• Requiring passwords to be maintained by Employees and contractors for access to all network data and applications;
• For paper records, Employees are responsible for maintaining the confidentiality of those records by appropriate means, including:
  • Not leaving confidential information unattended in conference rooms;
  • Storing the information in a locked and restricted file room so that visitors or Employees without a business need for the information do not inadvertently have access; and
  • Shredding or destroying the information by secured disposal services when disposing of the records.

2.5 Use of Social Security Numbers

Employees are prohibited from:

• Intentionally communicating or making available to the general public any individual’s social security number;
• Printing an individual’s social security number on any card required for the individual to access products or services provided by the person or entity;
• Requiring an individual to transmit his or her social security number over the internet unless the connection is secure or the social security number is encrypted;
• Requiring an individual to use his or her social security number to access an internet website unless a password or unique personal identification number or other authentication device also is required to access the website; and
• Printing an individual’s social security number on any materials that are mailed to the individual unless state or federal law requires the number to be on the document to be mailed. However, applications and forms sent by mail may include a social security number.

2.6 Unauthorized Access to Data

EIG is required to protect the personal data of individuals maintained on its data systems.

Personal data of individuals generally means an individual’s name plus one or more of the following for that individual:

• Social security number;
• Passport number, Driver’s license number or state identification card number; or
• Account number, credit card number, or debit card number, in combination with any required security code access code or password that would permit access to an individual’s financial account.

Employees who become aware of a breach of the security of data systems maintained by EIG or by third-parties on behalf of EIG that resulted in, or that reasonably may have resulted in, the acquisition of the personal data of individuals by an unauthorized person, must notify the General Counsel and Chief Compliance Officer immediately of that breach. The General Counsel will coordinate the investigation and response, which may include, where appropriate or required by law, notification of the individual(s) whose data may have been acquired by an unauthorized person

A breach of the security of data systems does not include the good faith acquisition of personal information by an Employee or agent of EIG or its third-party vendors for the purposes of EIG’s or the vendor’s business provided that the personal information is not used for or subject to further, unauthorized disclosure.

2.7 Defining Non-Public Personal Information

Non-public personal information includes:

• All personally identifiable financial information (including names, addresses, telephone numbers, social security and other tax identification numbers, financial circumstances and income and account balances); and
• Any list, description, or other grouping of customers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available information – e.g., a list of persons (and their publicly listed telephone numbers) who have disclosed assets or wealth in excess of $1,000,000.00.

2.8 Policy Statement Regarding Use and Treatment of Confidential Information

No confidential information, including non-public personal information, whatever the source, regarding any customer, may be disclosed to anyone except as follows:To other Employees in connection with EIG’s business.

• To an affiliate, but the affiliate may disclose the information only to the same extent as EIG.
• To any person expressly authorized by a customer.
• To certain of EIG’s outside service providers (including its attorneys, custodians, fund administrators, accountants, brokers and consultants).
• To regulators and others when required by law.
• To nonaffiliated third parties with whom EIG has a contractual agreement to jointly offer, endorse or sponsor a financial product or service; and to service and maintain customer accounts including effectuating a transaction.

Contracts with nonaffiliated third parties creating a joint marketing or servicing agreement with EIG must contain language prohibiting the disclosure of all non-public personal information by the nonaffiliated third party except as necessary to carry out the purpose of the agreement. The General Counsel reviews relevant contracts for inclusion of the requisite disclosure.

2.9 Procedures Regarding Disclosure of Non-public Personal Information

• Personal data may not be disclosed to any nonaffiliated third parties unless customers have been previously informed of the disclosure, as required by law.
• Non-public personal information may be disclosed to the extent specifically permitted or required under other provisions of law.
• Otherwise there may be no disclosure of that information except pursuant to an express disclosure authorization from the customer.

2.10 Penalties for Violation of Procedures

Any violation of the procedures set forth in this Privacy Policy will subject the violating Employee to disciplinary action, including possible termination of employment.

2.11 Questions

Any questions regarding EIG’s policies or procedures with respect to non-public personal information should be directed to the EIG Compliance.

3 CALIFORNIA CONSUMER PRIVACY ACT
3.1 Applicability and Notice

EIG is subject to the California Consumer Privacy Act of 2018, as amended (“CCPA”) when (A) it does business in California and collects “CA Personal Information”¹ from “CA Consumers”² and either (i) has gross annual revenue in excess of $25,000,000 in the preceding calendar year (as may be increased from time to time), (ii) annually buys, sells, or shares for commercial purposes the CA Personal Information of over 100,000 consumers or households, or (iii) derives 50% or more of their annual revenue from selling or sharing California residents’ CA Personal Information; (B) they control or are controlled by a business qualifying under the foregoing clause (A) and share common branding, such as shared name, servicemark or trademark, with such business, and share applicable personal information or (C) they are a joint venture or partnership composed of businesses qualifying under the foregoing clauses (A) and (B) that hold at least a 40% interest.

The CCPA does not apply to CA Personal Information collected, processed, sold or disclosed pursuant to the Gramm-Leach-Bliley Act (GLBA), including Regulation S-P; however, to the extent EIG is subject to the CCPA, as a matter of practice EIG generally will deliver to investors and post to the website, the Privacy Policy including the California Privacy Notice, which will be updated annually as necessary. In addition, EIG has adopted the procedures set forth herein to comply with the CCPA, to the extent applicable. EIG may, based on the advice of legal counsel and/or other privacy and data experts, elect to modify these procedures in practice.

EIG does not sell CA Personal Information, or otherwise making CA Personal Information available for monetary consideration or for the purpose of cross-context behavioral advertising.

3.2 Data Mapping
EIG may periodically perform a data mapping exercise to examine and document the categories of CA Personal Information that are collected, where such CA Personal Information is stored, with whom such CA Personal Information is shared and when and how such CA Personal Information is used and deleted.

3.3 Requests by CA Consumers Generally
To the extent any CA Consumer makes a request pursuant to the California Privacy Notice, such request should promptly be directed to the Chief Compliance Officer. The Chief Compliance Officer shall consider additional alternative steps in the event that a request is received from a CA Consumer that is not an investor. Upon receiving a request to know, to delete or to correct, EIG will respond to the CA Consumer within the time and in the manner required by the CCPA. The confirmation may be given in the same manner in which the request was received (e.g., if the request is made by phone, confirmation may be given orally by phone). Confirmation also may be given through an email, including an auto-reply email.

3.4 Verification of Requests
The Chief Compliance Officer shall promptly take steps to determine whether the request is a “verifiable consumer request” by a CA Consumer under the CCPA by requiring authentication that is reasonable in light of the nature of the CA Personal Information requested, but shall not require such CA Consumer to create an account to make a verifiable consumer request. The Chief Compliance Officer or their designee will match the identifying information provided by the CA Consumer and the CA Personal Information already maintained by EIG, and may request the CA Consumer’s investor portal access credentials (if applicable). The Chief Compliance Officer shall determine the appropriate level of additional stringency, if any, of the verification process for each request upon consideration of certain factors, which may include the following in relation to the nature of the request:

• the type, sensitivity and value of personal information collected and maintained about the CA Consumer;
• the risk of harm to the consumer posed by unauthorised deletion, correction, or access;
• the likelihood that fraudulent or malicious actors would seek the personal information;
• whether the personal information to be provided by the consumer to verify their identity is sufficiently robust to protect against fraudulent, spoofed or fabricated requests;
• the manner in which EIG interacts with the CA Consumer; and
• available verification technology.

3.5 Requests for Disclosure
To the extent the Chief Compliance Officer determines that EIG has received a verifiable request for information, the Chief Compliance Officer will associate the information provided by such CA Consumer to any CA Personal Information previously collected for purposes of identifying such CA Consumer. EIG will then disclose and deliver the requested information that is required to be delivered under the CCPA to the CA Consumer. EIG will use reasonable security measures when transmitting personal information to the CA Consumer. EIG will not disclose a CA Consumer’s social security number, driver’s license number or other government-issued identification number, financial account number, an account password or security questions and answers. The Chief Compliance Officer will notify the CA Consumer in writing if EIG cannot comply with a specific request for disclosure and provide an explanation of the reasons.

3.6 Requests for Deletion
To the extent the Chief Compliance Officer receives a verifiable consumer request for deletion of a CA Consumer’s CA Personal Information and upon receipt of a separate confirmation of such request from such CA Consumer, the Chief Compliance Officer will cause the deletion of such CA Personal Information and direct any service providers and contractors to delete such CA Personal Information, in each case subject to certain deletion exceptions set forth in the CCPA, including compliance with legal obligations (including compliance with books and records requirements) and/or to the extent such CA Personal Information is necessary to complete EIG’s services to such CA Consumer. No CA Personal Information shall be deleted without prior authorisation from the Chief Compliance Officer. The Chief Compliance Officer will notify the CA Consumer in writing if EIG cannot comply with a specific request for deletion and provide an explanation of the reasons (e.g., EIG’s compliance obligations under the U.S. Investment Advisers Act of 1940).

3.7 Requests for Correction
To the extent the Chief Compliance Officer receives a verifiable consumer request for the correction of a CA Consumer’s CA Personal Information and upon the determination by the Chief Compliance Officer that the CA Personal Information subject to the request is inaccurate based on the totality of the circumstances (including the nature and source of such information) related to such contested CA Personal Information, the Chief Compliance Officer will cause the correction of such CA Personal Information, or deletion if such deletion does not negatively impact the CA Consumer, and direct any service providers and contractors to do the same. The Chief Compliance Officer may require additional documentation based on the following factors:

• The nature of the personal information at issues (e.g., whether it is objective, subjective, unstructured, sensitive, etc.).
• The nature of the documentation upon which EIG considers the personal information to be accurate.
• The purpose for which the business collects, maintains, or uses the personal information.
• The impact on the CA Consumer.

The Chief Compliance Officer will otherwise accept, review and consider any documentation provided by the CA Consumer related such consumers request to collect and will maintain such documentation as required by applicable law. No CA Personal Information shall be corrected without prior authorisation from the Chief Compliance Officer or a member of the EIG Investor Relations Group. The Chief Compliance Officer will notify the CA Consumer in writing if EIG cannot comply with a specific request for correction and provide an explanation of the reasons (e.g., EIG’s compliance obligations under the Advisers Act, inadequacy of documentation, compliance requiring impossible or disproportionate effort).

3.8 Service Providers/Contractors
Any sharing of CA Personal Information by EIG shall be done in accordance with, and supported by, appropriate legal contracts entered into between EIG and its service providers/contractors.

3.9 Training
The Chief Compliance Officer shall train individuals responsible for handling inquiries from CA Consumers regarding the notice and response requirements set forth in this Section 3.

3.10 Recordkeeping
EIG shall retain records of any requests received pursuant to the CCPA for a period of at least two (2) years. Such records shall include: (i) the date the request was received; (ii) the nature of the request; (iii) the manner in which the request was made; (iv) the date of any response(s) provided by EIG; (v) the nature of the response; and (vi) if applicable, the basis for denial.

4 EU-UK DATA PROTECTION LAWS
In addition to the foregoing, EIG has adopted supplementary data protection policies and procedures pertaining to EU-UK Data Protection Laws (described in this Section 4) and will comply with such procedures, including the delivery of a relevant EU-UK Privacy Notice as set forth in Exhibit A to this Privacy Policy to which each employee and individual processing personal data on behalf of EIG must familiarize themselves with.
EIG is subject to the EU-UK Data Protection Laws, when EIG: (i) Processes Personal Data inside or outside the EU or the UK relating to any individual, where the Processing is in connection with an establishment in the EU or the UK; or (ii) is established outside the EU or the UK but Processes Personal Data relating to individuals located in the EU or UK in each case where EIG is offering goods or services to, or monitoring the behavior, of such individuals. Capitalized terms used but not otherwise defined herein have the meanings ascribed to them in the Privacy Policy.

4.1 Definitions
“Breach” means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.

“Data Subject” means any natural person covered by EU-UK Data Protection Laws whose Personal Data is Processed (e.g., EU/UK-based investors, prospective investors, investor representatives and beneficial owners of EU/UK-based investors; EU/UK-based employees; EU/UK-based employees of portfolio companies; and any individuals (no matter where located) whose Personal Data is Processed in the context of the activities of an EU or UK establishment).

“EU-UK Data Protection Laws” include (without limitation): (a) Regulation (EU) 2016/679 (the General Data Protection Regulation) (the “EU GDPR”); (b) the EU GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of Section 3 of the EU Withdrawal Act 2018 (the “UK GDPR”); and (c) any other national implementing or successor legislation), and including any amendment or re-enactment of the foregoing.

“Personal Data” means any information relating to an identified or identifiable natural person covered by EU-UK Data Protection Laws who can be identified either directly or indirectly by reference to an identifier (e.g., name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a Data Subject).

“Process” or “Processing” means any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Special Categories of Personal Data” means Personal Data concerning a Data Subject’s race or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health, sexual orientation, etc.

4.2 Application of EU-UK Data Protection Laws to EIG
Employees may handle and Process Personal Data. This Section 4 sets out each Employee’s obligations with regard to Personal Data that they may have access to or need to collect, use or otherwise Process in the course of their employment or engagement that is subject to EU-UK Data Protection Laws. It is each Employee’s duty to familiarize themselves with this Section 4 and consider how it may apply to their day-to-day role. Employees may be required to participate in training designed to understand how to comply with the EU-UK Data Protection Laws in relation to Personal Data accessed or used. Any breach of this Section 4 by any Employee may result in disciplinary action (which may include dismissal) and could constitute a criminal offense. Please direct any questions or concerns about the EIG’s compliance with EU-UK Data Protection Laws to the Chief Compliance Officer.

EIG’s failure to comply with the requirements imposed by the EU GDPR or UK GDPR may give rise to private and public enforcement action, and a threat of reputational damage. In particular, EU and UK data protection regulators may impose fines of up to the higher of 4% of total annual worldwide turnover or €20 million (£17.5 million for breaches of the UK GDPR). The decision as to when to fine and how much depends on a wide range of factors, including the type and severity of the breach. Regulators can also take other enforcement action which has the potential to significantly impact EIG (such as an order to suspend processing or to delete personal data, as well as audits and inspections).

4.3 Chief Compliance Officer
The Chief Compliance Officer will be responsible for ensuring overall compliance with EU-UK Data Protection Laws and this Section 4, including but not limited to:

• Educating and training Employees about this Section 4;
• Ensuring each applicable Data Subject receives fair processing information prior to their Personal Data being Processed by EIG, where possible;
• Periodically assessing both internal and external risks to Personal Data and implementing safeguards to control such risks, as needed;
• Periodically testing and monitoring the effectiveness of such safeguards;
• Periodically evaluating and amending this Section 4 (and any other applicable EU or UK policies which relate to the Processing of Personal Data), as needed, to improve the safeguarding of Personal Data;
• Determining whether disciplinary measures are appropriate for Employees who breach this Section 4 (which may include a letter of censure, suspension or termination of employment); and
• Taking appropriate action in the event of a Breach, which may include:
  o Notifying the applicable data protection authority (“DPA”) in the EU or UK; and
  o Notifying any affected Data Subjects, but only where the Breach is likely to result in a high risk to the Data Subjects concerned.

Any questions or comments about this Section 4 or EU-UK Data Protection Laws should be directed to the Chief Compliance Officer.

4.4 Employees
We believe that an effective EU-UK Data Protection Laws compliance program necessarily requires the assistance and cooperation of our Employees in complying with this Section 4. If an Employee becomes aware of any loss, damage, unauthorized access or security threat to any Personal Data, the Employee must promptly notify the Chief Compliance Officer. Disciplinary measures may be imposed on Employees that violate this Section 4, including, among other measures, a letter of censure, suspension or termination of employment.

4.5 EU-UK Privacy Policies, Procedures and Requirements
The EU-UK Data Protection Laws sets out the following “data protection principles,” which in summary state that any Personal Data Processed by EIG must be (i) processed lawfully, fairly and in a transparent manner; (ii) collected for specified, explicit and legitimate purpose(s), and not further Processed in a manner that is incompatible with those purpose(s); (iii) adequate, relevant and limited to what is necessary in relation to the purpose(s); (iv) accurate and, where necessary, kept up to date, and with every reasonable step taken to ensure that personal data is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay; (v) kept in a form which permits identification of Data Subjects for no longer than is necessary for the purpose(s) for which Personal Data is Processed; and (vi) Processed in a manner that ensures appropriate security of Personal Data, using appropriate technical and organizational measures. EIG is also responsible for, and must be able to demonstrate compliance with, the principles outlined above.

Security of Personal Data
EIG will implement and ensure that adequate and appropriate technical and organizational measures to safeguard Personal Data Processed by EIG is taken, including, without limitation, and to the extent required or deemed advisable, (i) pseudonymization; (ii) data minimization; (iii) deletion of unnecessary Personal Data; (iv) encryption; and (v) monitoring cybersecurity and information security processes to ensure that employees, service providers and third parties do not have unauthorized access to Personal Data.

Lawfulness, Fairness and Transparency/Purpose Limitation
4.5.1 The EU-UK Data Protection Laws require EIG to Process Personal Data fairly and lawfully. This means that EIG must:

1. have lawful grounds for collecting and Processing the Personal Data;
2. not Process the Personal Data in ways that have unjustified adverse effects on the individuals concerned;
3. be transparent about how EIG intends to Process the Personal Data, and give individuals appropriate privacy notices when collecting their Personal Data (see further below);
4. Process an individual’s Personal Data only in ways they would reasonably expect; and
5. take care that EIG does not intentionally do anything unlawful with the Personal Data.

EIG processes Personal Data based on one or more lawful bases for Processing, as stipulated in the EU GDPR and UK GDPR (e.g., individual consent, Processing necessary for the performance of a contract, Processing that is necessary for EIG’s legitimate interests, etc.). For investors, generally and employees, this will generally be Processing necessary for the performance of a contract, i.e., in connection with their investment in an EIG Investment Fund or their employment contract with EIG (as applicable). In certain circumstances, EIG will also rely on the legal basis of its compliance with a legal obligation. If Personal Data is being collected from or about individuals located in the EU and/or UK who are not investors in an EIG fund or employees of EIG, please contact the Chief Compliance Officer.

Accordingly, in order to Process Personal Data at least one of the following conditions must be true. Processing is:

• Necessary (i) to perform a contract to which the Data Subject is a party (e.g., investor reporting, K-1s, capital calls, distributions) or (ii) to take steps before entering into a contract the Data Subject has asked to enter into (e.g., investor questionnaires prior to subscription in a private fund).
• Necessary because of a legal obligation imposed by EU or Member State or UK law that applies to EIG (e.g., EU/Member State/UK securities laws, AML, KYC, tax laws, EU/Member State/UK privacy regulations, governmental or regulatory investigations).
• Necessary to serve the “legitimate interests” of EIG or a third party (e.g., fraud prevention, cybersecurity, recordkeeping and administrative purposes, identifying conflicts of interest), except where such interests are overridden by the protection of the Data Subject’s rights.
• Engaged in after obtaining clear consent in accordance with EU-UK Data Protection Laws from the Data Subject (i.e., consent has been freely given, specific, informed and unambiguous).

If, and to the extent applicable, EIG will comply with heightened requirements if Processing Special Categories of Personal Data. EIG does not typically Process Special Categories of Personal Data.

EIG is also required under EU-UK Data Protection Laws to provide certain minimum information, using clear and plain language, about EIG’s data processing activities to Data Subjects. EIG generally provides investors from whom they collect Personal Data with the Privacy Notice (set out in Exhibit A to the Privacy Policy) at the point at which EIG collects Personal Data for Processing, which for investors, is included in the relevant subscription booklet and/or investor data portal.

Data Mapping
EIG may periodically perform a data mapping exercise to examine and document the types of Personal Data it collects, where such Personal Data is stored, who has access to such Personal Data, when and how such Personal Data is deleted, and the security measures taken to protect such Personal Data.

Transfers of Personal Data Outside of the EEA or UK
Under the EU-UK Data Protection Laws, EIG may not transfer Personal Data outside the European Economic Area (“EEA”) or the UK, unless: (i) there is an “adequate level of data protection” in such jurisdiction, as determined by the European Commission or the Government of the United Kingdom (as applicable); or (ii) appropriate safeguards have been put in place as provided by EU-UK Data Protection Laws, the European Commission or the Government of the United Kingdom (as applicable), including, without limitation, the European Commission’s standard contractual clauses, the UK’s international data transfer agreement/addendum, binding corporate rules, the EU-US Data Privacy Framework (and the UK extension), or, in certain circumstances, a limited derogation may apply, including such transfer being:

• made with the Data Subject’s informed consent;
• necessary for contract performance between the controller and another person in the interests of the Data Subject;
• necessary in establishing, exercising or defending legal claims; or
• necessary for the compelling legitimate interests of the controller, except where overridden by the protection of the Data Subject’s rights (and only where no other safeguard or derogation exists, the Processing is justified, and transfers are not repetitive and only concerns a limited number of Data Subjects).

Please contact the Chief Compliance Officer if there is any doubt as to whether a proposal will constitute or involve a ‘transfer’ of and access to Personal Data outside the EEA or the UK.

Sharing and Disclosing Personal Data
In the course of its business, EIG may need to share Personal Data relating to customers, investors, investees, suppliers, and employees with other organisations (including affiliates, auditors, advisors, pension providers, banks, external administrators, other service providers, and law enforcement authorities) for various purposes, including the provision of services. EIG will only share Personal Data with third parties in accordance with the EU-UK Data Protection Laws.

Please contact the Chief Compliance Officer if you have any questions regarding whether Personal Data should be disclosed and to refer any requests received from law enforcement authorities for disclosure of Personal Data.

Data Subject Rights
Under the EU-UK Data Protection Laws, Data Subjects have the following rights:

• Data Subject Access Requests: Each Data Subject has the right to receive information about their Personal Data that is being processed or held by EIG, including a copy of such Personal Data. Data Subjects can make formal requests for the Personal Data that EIG holds about them verbally or in writing (a “Subject Access Request”). EIG is required to respond to Subject Access Requests in accordance with EU-UK Data Protection Laws.
• Correction of Inaccurate Personal Data: Each Data Subject has the right to request that inaccurate Personal Data which EIG holds about them is corrected.
• Restrictions on Use: Each Data Subject may request that EIG stops Processing their Personal Data under certain circumstances (e.g., if the accuracy of the Personal Data is contested).
• Objections to Processing: In addition, each Data Subject has the right to object to specific types of Processing by EIG on the grounds relating to his/her particular situation (e.g., the Processing of their Personal Data for direct-marketing purposes). The Data Subject may also lodge a complaint with the competent data protection supervisory authority in their relevant jurisdiction.
• Withdrawal of Consent: Further, where processing is based on consent, Data Subjects have the right to withdraw consent to the processing of their Personal Data by EIG at any time.
• Data Portability: Each Data Subject has the right to receive the Personal Data which EIG holds on them in a structured, commonly used and machine readable format, and to transmit such Personal Data to another controller without hindrance in certain circumstances.
• Right to be Forgotten: Data Subjects have the right to have their Personal Data ‘erased’ by EIG in certain specified situations. The right to erasure is not absolute and it may not always be possible to erase Personal Data on request, including where the Personal Data must be retained to comply with legal obligations.

If a Data Subject requests to exercise any of their aforementioned rights, please contact the Chief Compliance Officer without undue delay.

Personal Data Breaches
Breaches carry significant legal and reputational risk for EIG, who is committed to maintaining robust controls and procedures to mitigate against the risk of a Breach. It is therefore critical that, where an actual or suspected Breach occurs, it is recorded and reported appropriately in order for remedial action to be taken.

If an actual or suspected Breach occurs, Employees must report such Breach to the Chief Compliance Officer in order for remedial action to be taken and for EIG’s controls and procedures to be improved, as necessary, and so such Breach may be reported to the applicable DPA (if appropriate). EIG will maintain a log to record all suspected and actual Breaches.

Training
EIG provides data protection training to help Employees understand the requirements of the EU- UK Data Protection Laws applicable to their day-to-day roles. Please contact the Chief Compliance Officer if you have any questions regarding such training.

4.6 Changes to this EU-UK Data Protection Section
EIG may change this Section 4 at any time and will notify Employees of any material changes.

Exhibit A

EIG Management Company: Privacy Notice

January 2024

What You Should Know

As used herein, the term “EIG”, “we” or “our” shall mean EIG Management Company, LLC or its affiliates, including certain affiliates that act as manager, investment adviser or general partner for pooled investment vehicles, separately managed accounts (collectively, the “Investment Funds”). EIG recognizes the importance of keeping information about you secure and confidential.

EIG provides this privacy notice (the “Privacy Notice”) to current and prospective investors of Investment Funds that are natural persons (including “alter egos” and natural persons related to current and prospective investors that are not natural persons) (referred to herein as “Subscribers”, “investors”, “your”, “you”) in order to help you better understand why and how we collect certain personal information, the care with which we treat such information, and how we use such information.

EIG takes precautions to maintain the privacy of personal information concerning, or in connection with Subscribers, including the adoption of certain procedures designed to maintain and secure a Subscriber’s personal information from inappropriate disclosure to third parties. EIG does not sell or share your personal and financial information with marketers or others outside its affiliated group of companies other than as described herein.

Information We Collect: In connection with forming and operating our Investment Funds and/or performing asset management services for our Subscribers, we collect and maintain the following categories of personal information about our individual Subscribers:

•  names, dates of birth and birth place;
• contact details and professional addresses (including physical address, email address and telephone number);
• account data and other information contained in any document provided by Subscribers (whether directly or indirectly);
• information regarding the use of any our website, fund data room and investor reporting portal (as applicable) (e.g., cookies, browsing history and/or search history);
• risk tolerance, transaction history, investment experience and investment activity;
• information regarding a Subscriber’s status under various laws and regulations, including their social security number, tax status, income and assets;
• accounts and transactions with other institutions;
• information regarding a Subscriber’s interest in our funds, including ownership percentage, capital investment, income and losses;
• information regarding a Subscriber’s citizenship and location of residence
• source of funds used to make the investment in our funds; and
• anti-money laundering, identification (including passport and drivers’ license), verification documentation, and identification numbers such as social security number.

Sources of Personal Information: EIG collects personal information about its Subscribers from the following sources:

1. information received in telephone conversations, in voicemails, through written correspondence, via e-mail, or on subscription agreements, investor questionnaires, applications or other forms (including, without limitation, any anti-money laundering, identification, and verification documentation);
2. information received from a Subscriber in subscription documents or other related documents or forms;
3. information about transactions with EIG or others;
4. information EIG may receive from a consumer reporting or similar agency;
5. information captured on EIG’s website, fund data room and/ or investor reporting portal (as applicable), including registration information, information provided through forms and any information captured via “cookies”; and
6. information from available public sources, including from:
   • publicly available and accessible directories and sources;
   • bankruptcy registers;
   • tax authorities, including those that are based in another jurisdiction;
   • governmental and competent regulatory authorities to whom EIG has regulatory obligations;
   • credit agencies; and
   • fraud prevention and detection agencies and

EIG may, in certain circumstances, combine personal information it receives from an investor with information that it collects from, or about such investor. This will include information collected in an online or offline context.

You may refuse, at your discretion, to communicate your personal data to EIG. In this event however, EIG or its agent may reject your request for subscription for interests in an Investment Fund if the relevant personal information is necessary to the subscription of interests.

Purpose of processing: EIG may process, use and/or disclose personal information we collect about you for one or more of the following business or commercial purposes:

1. The performance of obligations under the governing documents of the Investment Funds (and all applicable anti-money laundering, “know-your-client” and other related laws and regulations) in assessing suitability of potential Subscribers in the applicable Investment Funds;
2. The administrative processes (and related communication) in preparing for the admission of Subscribers to the Investment Funds, including administering, managing and setting up a Subscriber’s account(s) to allow such potential Subscriber to purchase interests in the Investment Funds;
3. Ongoing communication with existing and potential Subscribers and their respective representatives, advisors and agents, (including the negotiation, preparation and signature of documentation), including during the process of admitting potential Subscribers to the Investment Funds and the execution of all relevant agreements;
4. The ongoing administrative, accounting, reporting, account maintenance and other processes and communication required to operate the business of an Investment Fund in accordance with the Partnership Agreement and other applicable documentation between the parties, including customer service, processing or fulfilling transactions, verifying personal information, processing contributions and distributions and financing;
5. Complying with laws, rules and regulations;
6. Keeping existing and potential investors informed about the business of EIG and its affiliates generally, including offering opportunities to make investments other than in the applicable Investment Fund;
7. facilitating the execution, continuation or termination of the contractual relationship between a Subscriber, EIG, the general partner or managing member for the relevant Investment Fund;
8. facilitating the transfer of Investment Fund interests, and administering and facilitating any other transaction, between a Subscriber, EIG, the general partner or managing member for the relevant Investment Fund;
9. auditing and performing verifications related to Subscriber interactions, including but not limited to, verifying the quality and effectiveness of services and compliance;
10. maintaining the safety, security and integrity of our products and services, databases, technology assets and business, including detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity;
11. enabling any actual or proposed assignee or transferee of the Investment Fund(s), to evaluate proposed transactions;
12. facilitating business asset transactions involving the Investment Funds; and
13. Any other purpose that has been notified, or has been agreed, in

EIG monitors communications where the law requires them to do so. EIG also monitors communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect their respective businesses and the security of their respective systems.

Disclosure of Information: EIG does not disclose any of the categories of personal information set out in the “Information We Collect” section above to anyone, except: (i) as permitted or required by law and regulation; (ii) to affiliates; and (iii) to our service providers and other third parties in accordance with the agreement governing your investment in our Investment Funds, including:

• financial service providers, such as broker-dealers, custodians, banks lenders and others used to finance or facilitate transactions by, or operations of, our Investment Funds;
• actual and potential portfolio companies, purchasers thereof and potential co-investors, and each of their respective advisors if requested in connection with an investment or disposition;
• other service providers to our Investment Funds and/or their general partners, managers and affiliates, such as those who provide accounting, legal, consulting, administration, auditing or tax preparation services and placement agents;
• other partners and potential investors in our Investment Funds; and
• transfer agents, portfolio companies, brokerage firms and the like, in connection with distributions to our partners.

Former Subscribers: We maintain personal information of our former Subscribers, and apply the same policies that apply to current Subscribers.

Information Security: We consider the protection of sensitive information to be a sound business practice. EIG restricts access to personal information about its Subscribers to those employees and agents of EIG who need to know that information in order to provide services to its investors. To the extent any personal information of a Subscriber is disclosed for necessary business purposes to a third party, EIG will require such parties to protect the confidentiality of the investors’ personal information and to use the information only for purposes for which it is disclosed to them. EIG maintains physical, electronic, and procedural safeguards that comply with applicable federal standards to safeguard the Subscriber’s personal information and which EIG believes are adequate to prevent unauthorized disclosure of such information.

Further Information: We reserve the right to change our privacy policies and this Privacy Notice at any time and will keep Subscribers informed of changes. In the event that we update this Privacy Notice, we will make an updated draft available to you via our investment portal or notify Subscribers through other routine communications. The examples contained within this notice are illustrations only and are not intended to be exhaustive. This Privacy Notice is intended to comply with the privacy provisions of applicable U.S. federal law and certain privacy provisions of other laws.

Further Privacy Notice Supplements: A Subscriber may have additional rights under other laws that apply to you, including as set forth in the EU-UK Privacy Notice, the California Privacy Notice, and in the section below titled “Supplement for Australian Investors”.

Supplement for Australian Investors:¹ EIG is providing this Supplemental Notice to you to comply with the requirements of The Privacy Act 1988 (“Privacy Act”) which is an Australian law which regulates the handling of personal information about individuals.

EIG may from time to time transfer personal information outside Australia in accordance with the Privacy Act to countries whose privacy laws do not provide the same level of protection as Australia’s privacy laws. For example, EIG may transfer your personal information to the Asia-Pacific, European Union or the United States of America. EIG may also use cloud storage and IT servers that are located offshore.

Contact us, complaints and exercising your rights:

If you have any questions concerning this Privacy Notice, or wish to exercise any of your rights, submit requests, or appeal any of our decisions in connection with this Privacy Notice, or to view this Privacy Notice in an alternative format, please contact our Privacy Officer on the contact details below.

You can contact EIG by calling on +1 202.600.3300, emailing at compliance@eigpartners.com or by writing to:

The Privacy Officer

C/O Chief Compliance Officer EIG

600 New Hampshire Ave. NW Suite 1200

Washington, DC 20037

CALIFORNIA PRIVACY NOTICE

This California Privacy Notice supplements the Privacy Notice set forth above with respect to specific rights granted under the California Consumer Privacy Act of 2018, as amended (the “CCPA”), to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. This California Privacy Notice is only relevant to you if you are a resident of California as determined in accordance with the CCPA. Information required to be disclosed to California residents under the CCPA regarding the collection of their personal information that is not set forth in this CCPA supplement is otherwise set forth above in the Privacy Notice. To the extent there is any conflict with the privacy requirements under the Gramm-Leach-Bliley Act and/or Regulation S-P (“GLB Rights”), GLB Rights shall apply.

Categories of Personal Information We Collect: We collect, or have collected, some or all of the following categories of personal information from individuals:

Category	Examples	Collected
A. Identifiers	Name, contact details and address (including physical address, email address and Internet Protocol address), and other identification (including social security number, passport number and driver’s license or state identification card number).	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Telephone number, signature, bank account number, other financial information (including accounts and transactions with other institutions and anti-money laundering information), and verification documentation and information regarding investors’ status under various laws and regulations (including social security number, tax status, income and assets).	YES
C. Protected classification characteristics under California or federal law	Date of birth, citizenship and birthplace.	YES
D. Commercial information	Account data and other information contained in any document provided by investors to authorized service providers (whether directly or indirectly), risk tolerance, transaction history, investment experience and investment activity, information regarding a potential and/or actual investment in the applicable fund(s), including ownership percentage, capital investment, income and losses, source of funds used to make the investment in the applicable fund(s).	YES
E. Biometric information	Imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns and voice recordings or keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contains identifying information.	NO

F. Internet or other similar network activity	Use of our website, fund data room and investor reporting portal (e.g., cookies, browsing history and/or search history), as well as information you provide to us when you correspond with us in relation to inquiries.	YES
G. Geolocation data	Physical location or movements.	NO
H. Sensory data	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment- related information	Current or past job history or performance evaluations.	NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO
L. Sensitive personal information (see further information on use of sensitive personal information below)	Social security, driver’s license, state identification card, or passport numbers; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; the contents of a consumer’s mail, email, and text messages unless you are the intended recipient of the communication; biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation.	YES, as to the following types of information: social security,   driver’s license, state identification care, or passport numbers, account log-in, financial account in combination with any required security or access code password,  or credentials allowing access to an account only.

We do not collect or use sensitive personal information other than:

• To perform services, or provide goods, as would reasonably be expected by an average consumer who requests those goods or services;
• As reasonably necessary and proportionate to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
• As reasonably necessary and proportionate to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for such actions;
• For short-term, transient use (but not in a manner that discloses such information to another third party or is used to build a profile of you or otherwise alter your experience outside of your current interaction with us);
• To perform services on behalf of our business;
• To verify or maintain the quality or safety of a service or to improve, upgrade, or enhance such service or device; and
• To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about a consumer.

Purposes for Collecting Personal Information: We may collect or disclose the personal information we collect about you for one or more of the following business or commercial purposes:

• performing services to you, including, but not limited to:
  • the administrative processes (and related communication) in preparing for the admission of investors to the fund(s), including administering, managing and setting up an investor’s account(s) to allow such potential investor to purchase interests in the fund(s);
  • ongoing communication with potential investors, their representatives, advisors and agents (including the negotiation, preparation and signature of documentation) during the process of admitting potential investors to the fund and the execution of all relevant agreements;
  • the performance of obligations under the governing documents of the funds (and all applicable anti-money laundering, KYC and other related laws and regulations) in assessing suitability of potential investors in the applicable fund;
  • ongoing operations, administrative, accounting, reporting, account maintenance and other processes and communication required to operate the business of (each) fund in accordance with its governing documents and other documentation between the parties, including customer service, processing or fulfilling transactions, verifying personal information, processing contributions and distributions and financing;
  • keeping investors informed about the business of the general partner or managing member of the applicable fund and its affiliates generally, including offering opportunities to make investments other than to the applicable fund and related advertising;
  • facilitating the execution, continuation or termination of the contractual relationship between an investor and the general partner or managing member, the investment adviser and/or the fund(s);
  • facilitating the transfer of fund interests, and administering and facilitating any other transaction, between an investor, the general partner or managing member, the investment adviser and/or the fund(s);
  • auditing and verifications related to investor interactions, including, but not limited to, verifying the quality and effectiveness of services and compliance;
  • maintaining the safety, security and integrity of our products and services, databases, technology assets and business, including detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity;
  • enabling any actual or proposed assignee or transferee of the fund(s), to evaluate proposed transactions;
  • facilitating business asset transactions involving the funds; and
  • complying with U.S., state, local and non-U.S. laws, rules and regulations.

We collect personal information for the business or commercial purposes and from the sources set forth in “Purposes for Collecting Personal Information” and “Sources of Non-Public Information” in the Privacy Notice above. We retain the categories of personal information set forth above in the “Information We Collect” section of this California Privacy Notice only as long as is reasonably necessary for those business or commercial purposes set forth above in “Purposes for Collecting Personal Information,” except as may be required under applicable law, court order or government regulations.

Disclosure of Information: We do not share for the purpose of cross-context behavioral advertising or sell (as such terms are defined in the CCPA) any of the personal information we collect about you to third parties.

We disclose, or have disclosed within the last twelve (12) months, personal information collected from you for a business or commercial purpose to the categories of third parties indicated in the chart below. We may also disclose your information to other parties as may be required by law or regulation, or in response to regulatory inquiries.

Personal Information Category	Category of Third-Party Recipients
A. Identifiers	Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, vendors of IT, software and similar services, consultants and placement agents.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, vendors of IT, software and similar services, consultants and placement agents.

C. Protected classification characteristics under California or federal law	Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, vendors of IT, software and similar services, consultants and placement agents.
D. Commercial information	Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, vendors of IT, software and similar services, consultants and placement agents.
E. Biometric information	N/A
F. Internet or other similar network activity	Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, vendors of IT, software and similar services, consultants and placement agents.
G. Geolocation data	N/A
H. Sensory data	N/A
I. Professional or employment-related information	N/A
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))	N/A
K. Inferences drawn from other personal information	N/A
L. Sensitive Personal Information	Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, vendors of IT, software and similar services, consultants and placement agents.

Rights Under the CCPA

Deletion Rights: You have the right to request that we delete any of your personal information that we retain, subject to certain exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.

Disclosure and Access Rights: You have the right to request that we disclose to you certain information regarding our collection, use, disclosure and sale of personal information specific to you. Such information includes:

• The categories of personal information we collected about you;
• The categories of sources from which the personal information is collected;
• Our business or commercial purpose for collecting such personal information;
• Categories of third parties with whom we disclose the personal information;
• The specific pieces of personal information we have collected about you; and
• Whether we disclosed your personal information to a third party, and if so, the categories of personal information that each recipient obtained.

Correction Right: You have the right to request that we correct any inaccuracies in the personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.

No Discrimination: We will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you.

How to Exercise Your Rights: To exercise any of your rights under the CCPA, or to access this California Privacy Notice in an alternative format, please submit a request on your behalf using any of the methods set forth below.

If you would like to contact us by telephone without incurring telephone charges, please submit your request and telephone number by email at compliance@eigpartners.com and we will return your call.

Email us at the following email address: compliance@eigpartners.com.

We will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (for example, the risk of responding to fraudulent or malicious requests), we may request further information or your investor portal access credentials, if applicable, in order to verify your request. You may designate an authorized agent to make a request under the CCPA on your behalf, provided that you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above. If we request that you verify your request and we do not receive your response, we will pause processing of your request until such verification is received.

Please contact the Chief Compliance Officer of EIG Management Company, LLC, at compliance@eigpartners.com with any or concerns about this California Privacy Notice.