Mana Tupu Capital Limited (MTCL, "we", "us", "our") is a New Zealand-based fund manager registered on the Financial Service Providers Register. We are committed to protecting personal information in accordance with the Privacy Act 2020 and applicable financial services regulations.

This Privacy Policy describes what personal information we collect, why we collect it, how we use and share it, how long we retain it, and how you may access, correct, or make a complaint about our handling of your information.

By engaging with us — whether through our website, subscription process, investor portal, or correspondence — you acknowledge that your personal information will be handled in accordance with this policy.

We collect information through the following means:

We use personal information to:

Our legal basis includes contractual necessity, compliance with legal obligations, and our legitimate interests in providing and operating investment products.

We may share personal information with:

We require all third parties to maintain appropriate confidentiality, security, and data protection safeguards consistent with applicable law.

Personal information may be transferred overseas to service providers in jurisdictions where our providers operate — including Australia, Singapore, and other countries where our operational and investment partners are based.

We take reasonable steps to ensure overseas recipients provide a comparable level of protection and enter appropriate contractual safeguards before any transfer takes place. Where required, we comply with the cross-border disclosure provisions of the Privacy Act 2020.

We retain personal information for as long as required to meet contractual and legal obligations, respond to queries and complaints, and for record keeping consistent with regulatory requirements.

Typical retention periods comply with financial services and tax record retention rules and may be 7 years or longer where required by law. When personal information is no longer required, we take reasonable steps to destroy or de-identify it securely.

We implement technical, administrative, and physical safeguards to protect personal information from unauthorised access, misuse, alteration, and disclosure. Access to personal information is restricted to authorised personnel on a need-to-know basis.

Investor onboarding and KYC processes are managed through our investor portal with appropriate encryption and access controls. If you become aware of any potential security issue or data breach, please contact us immediately at hello@manatupu.co.nz.

Under the Privacy Act 2020, you have the right to request access to personal information we hold about you, and to request correction of inaccurate or misleading information. We will respond promptly and in accordance with the Act.

To request access or correction, please contact us by email. We may ask you to verify your identity before processing your request. In some circumstances, we may decline to provide access where permitted by law, in which case we will explain our reasons.

If you believe we have breached the Privacy Act 2020 or otherwise mishandled your personal information, you may make a complaint to us. We will promptly investigate and respond. Our five-step complaints process is set out below.