Privacy Policy – Ridgewood

PRIVACY NOTICE

Introduction: Ridgewood, as used on the Site and in this Privacy Notice, refers to Ridgewood Energy Corporation (“REC”), Ridgewood Infrastructure, LLC (“RI”) and Ridgewood Private Equity Partners, LLC (“RPEP”) collectively. REC, RI and RPEP are independent but affiliated private equity investment firms. Ridgewood does not provide financial, advisory or other services to the general public or to any investor contemplating or electing to make an investment.

For purposes of this Privacy Notice the words you and user mean each visitor to this website (the “Site”). This Privacy Notice is intended only for individuals and certain entities that are essentially “alter egos” of individuals (e.g. revocable grantor trusts, IRAs or estate planning vehicles).

Our Commitment to Your Privacy: We have a long-standing policy of protecting the confidentiality and security of information we and our affiliates collect from you. We are providing this Privacy Notice to help you understand why and how we collect certain personal information, the care with which we treat that information, and how we use that information.

Information We May Collect: We may collect, process and use some or all of the following personal data:

Contact information: name, address, email, telephone number;
Identification information: signature, date of birth, place of birth, citizenship, location of residence, social security number, taxpayer identification number, driver’s license, passport, other government identification and numbers;
Background information: information required to perform, or revealed in, know-your-customer (KYC) and anti-money laundering (AML) due diligence, investor accreditation and consents;
Financial information: assets, income, net worth, amounts and types of investments, capital account balances, capital commitments, capital contributions, account data, other investment participation information, funds transfer information, beneficiaries, positions, percentages of fund, share or option numbers and values, vesting information, investment history, transaction information, tax status and information;
Investment information: information about your interest in the relevant investment, including ownership percentage, capital investment, income and losses; and
Technical or account information: electronic device and usage information (for example, from cookies and similar technology), registration information and online account data.

We may collect personal data from you or your representatives in conversations over the telephone, in voicemails, through written correspondence, via email and other electronic communications, or on subscription agreements, investor questionnaires, applications or other forms (including, without limitation, any anti-money laundering, identification and verification documentation). We may also collect information about transactions with us or others, that is captured on our website, virtual data rooms to which you and/or your representatives have been granted access, and/or investor reporting portal (as applicable), including registration information, information provided through online forms and any information captured via “cookies.”

Legitimate Purposes for Collecting Personal Information: We may collect or disclose the personal information we collect about you for one or more of the following legitimate business or commercial purposes:

performing investment selection, management and administrative services, including, among other things, investment vehicle administration (and related communications);
ongoing communications related to the services we provide;
performing obligations under the governing documents and all applicable anti-money laundering, KYC and other related laws and regulations;
ongoing operations, administrative, accounting, reporting, and other processes and communications required for Ridgewood to perform its duties and obligations in accordance with its governing documents, contracts, and other documents;
verifying the quality and effectiveness of services and compliance;
maintaining the safety, security and integrity of our products and services, databases, technology assets and business, including detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity;
facilitating business asset transactions; and
complying with applicable U.S., state, local and non-U.S. laws, rules and regulations.

Disclosure of Information: We may disclose any of the categories of personal information set out in the “Information We Collect” section above as permitted by law or regulation and to affiliates and service providers, including but not limited to, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents.

Retention: We will keep the personal information only for so long as is reasonably necessary to comply with applicable laws, rules and regulations and fulfill our contractual obligations.

Cookies, analytics and traffic Data: Cookies, which are small text files which are transferred from our website, applications or services and stored on your device, are used to improve the functionality of the Site. For the same purpose, we may collect analytics and traffic data, such as browser/device information, internet service provider, referring/exit pages, operating system, date/time stamp, page views and similar usage data.

Information Security: We consider the protection of sensitive information to be a sound business practice, and to that end we employ reasonable physical, electronic and procedural safeguards, which seek to protect your non-public personal information in our possession or under our control. When working with third-parties that handle non-public personal information, such third-parties have agreed to maintain the confidentiality of such information and to use it exclusively for the purpose for which it is shared.

Further Information: We reserve the right to change our privacy policies and this Privacy Notice at any time. The examples contained within this notice are illustrations only and are not intended to be exclusive. This notice complies with the privacy provisions of Regulation S-P under the Gramm-Leach-Bliley Act and certain privacy provisions of other laws. You may have additional rights under other foreign or domestic laws that apply to you, including as set forth in our additional privacy notices.

Contact Us: If you have any questions or concerns about this Privacy Notice, wish to exercise any rights, submit requests, request this Privacy Notice in an alternate format or appeal any of our decisions in connection with this Privacy Notice (each, a “Communication”) please contact us at 201-447-9000 or via email at: lpcommunications@ridgewood.com.

We verify Communications by matching information provided in or in connection with your Communication to information contained in our records. Depending on the sensitivity of the Communication and the varying levels of risk in responding to such Communications (for example, the risk of responding to fraudulent or malicious communications), we may request further information from you in order to verify your Communication.

RESIDENTS OF THE STATE OF CALIFORNIA: Under California law, individuals who are residents of California and whose personal information is collected and processed by Ridgewood may have certain legal rights with respect to their personal information. This notice (the “California Privacy Notice”) supplements the Privacy Notice set forth above with respect to specific rights granted under the California Consumer Privacy Act of 2018 (the “CCPA”) to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. This California Privacy Notice is only relevant to you if you are a resident of California as determined in accordance with the CCPA. Information required to be disclosed to California residents under the CCPA regarding the collection of their personal information that is not set forth in this CCPA supplement is otherwise set forth above in the Privacy Notice. To the extent there is any conflict with the privacy requirements under the Gramm-Leach-Bliley Act and/or Regulation S-P (“GLB Rights”), GLB Rights shall apply.

Categories of Personal Information We Collect: We have collected some or all of the following categories of personal information from individuals within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers	Name, contact details and address (including physical address, email address and Internet Protocol address), and other identification (including social security number, passport number and driver’s license or state identification card number).	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I)	Telephone number, signature, bank account number, other financial information (including accounts and transactions with other institutions and anti-money laundering information), and verification documentation and information regarding investors’ status under various laws and regulations (including social security number, tax status, income and assets).	YES
C. Protected classification characteristics under California or federal law	Date of birth, citizenship and birthplace.	YES
D. Commercial information	Account data and other information contained in any document provided by investors to authorized service providers (whether directly or indirectly), risk tolerance, transaction history, investment experience and investment activity, information regarding a potential and/or actual investment in the applicable fund(s), including ownership percentage, capital investment, income and losses, source of funds used to make the investment in the applicable fund(s).	YES
E. Biometric information	Imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns and voice recordings or keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contains identifying information.	NO
F. Internet or other similar network activity	Use of our website, data room and investor reporting portal (e.g., cookies, browsing history and/or search history), as well as information you provide to us when you correspond with us in relation to inquiries	YES
G. Geolocation data	Physical location or movements.	NO
H. Sensory data	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information	Current or past job history or performance evaluations.	NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO
L. Sensitive Personal Information (see further information on use of sensitive personal information below)	Social security, driver’s license, state identification card, or passport numbers; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; the contents of a consumer’s mail, email, and text messages unless you are the intended recipient of the communication; biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation.	YES, as to the following types of information: social security, driver’s license, state identification card, or passport numbers, account log-in, financial account in combination with any required security or access code password, or credentials allowing access to an account only.

We do not collect or use sensitive personal information other than:

To perform services, or provide goods, as would reasonably be expected by an average consumer who requests those goods or services;
As reasonably necessary and proportionate to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
As reasonably necessary and proportionate to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for such actions;
For short-term, transient use (but not in a manner that discloses such information to another third party or is used to build a profile of you or otherwise alter your experience outside of your current interaction with us);
To perform services on behalf of our business;
To verify or maintain the quality or safety of a service or to improve, upgrade, or enhance such service or device; and
To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about a consumer.

Purposes for Collecting Personal Information: We collect personal information for the business or commercial purposes and from the sources set forth in “Purposes for Collecting Personal Information” and “Sources of Non-Public Information,” respectively, in the Privacy Notice above. We retain the categories of personal information set forth above in the “Categories of Personal Information We Collect” section of this California Privacy Notice only as long as is reasonably necessary for those business or commercial purposes set forth in “Purposes for Collecting Personal Information” in the Privacy Notice above, except as may be required under applicable law, court order or government regulations.

Disclosure of Information: We do not share for the purpose of cross-context behavioral advertising or sell (as such terms are defined in the CCPA) any of the personal information we collect about you to third parties.

We disclose or within the last twelve (12) months have disclosed personal information collected from you for a business or commercial purpose to the categories of third parties indicated in the chart below. We may also disclose your information to other parties as may be required by law or regulation, or in response to regulatory inquiries.

Personal Information Category	Category of Third-Party Recipients
A. Identifiers	Lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I)	Lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents.
C. Protected classification characteristics under California or federal law	Lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents.
D. Commercial information	Lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents.
E. Biometric information	N/A
F. Internet or other similar network activity	Lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents.
G. Geolocation data	N/A
H. Sensory data	N/A
I. Professional or employment-related information	N/A
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))	N/A
K. Inferences drawn from other personal information	N/A
L. Sensitive Personal Information	Lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents.

Rights Under the CCPA

Deletion Rights: You have the right to request that we delete any of your personal information that we retain, subject to certain exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.

Disclosure and Access Rights: You have the right to request that we disclose to you certain information regarding our collection, use, and disclosure of personal information specific to you over the last twelve (12) months. Such information includes:

The categories of personal information we collected about you;
The categories of sources from which the personal information is collected;
Our business or commercial purpose for collecting such personal information;
Categories of third parties to whom we disclose the personal information;
The specific pieces of personal information we have collected about you; and
Whether we disclosed your personal information to a third party, and if so, the categories of personal information that each recipient obtained.

Correction Right: You have the right to request that we correct any inaccuracies in the personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.

No Discrimination: We will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you.

How to Exercise Your Rights: To exercise any of your rights under the CCPA, or to access this notice in an alternative format, please submit a request using any of the methods set forth below.

Call us using the following toll-free number: 212-867-0050.

Email us at the following address: lpcommunications@ridgewood.com.

We will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (for example, the risk of responding to fraudulent or malicious requests), we may request your investor portal access credentials in order to verify your request. You may designate an authorized agent to make a request under the CCPA on your behalf, provided that you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above. If we request you verify your request and we do not receive your response, we will pause processing your request until such verification is received.

Please contact the Chief Compliance Officer of Ridgewood at the email address above with any questions or concerns about this Privacy Notice.

RESIDENTS OF EUROPE – THE UK: EU-UK PRIVACY NOTICE

This EU-UK Privacy Notice (“EU-UK Privacy Notice”) applies to the extent that EU-UK Data Protection Legislation (as defined below) applies to the processing of personal data by an Authorized Entity (as defined below). If this EU-UK Privacy Notice applies, the relevant data subject has certain rights with respect to such processing of their personal data, as outlined below.

In this EU-UK Privacy Notice, (i) “EU-UK Data Protection Legislation” means all applicable legislation and regulations relating to the protection and/or processing of personal data in force from time to time in the European Union (“EU”), the European Economic Area (“EEA”) or the United Kingdom (“UK”), including the following: (a) Regulation (EU) 2016/679 (the “EU GDPR”), (b) the EU GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”), and (c) any other legislation that implements any other current or future legal act of the EEA, EU or the UK concerning the protection and processing of personal data and any national implementing or successor legislation and any amendment or re-enactment of any of the foregoing. The terms “controller,” “processor,” “data subject,” “personal data” and “processing” in this EU-UK Privacy Notice shall be interpreted in accordance with the applicable EU-UK Data Protection Legislation. Unless otherwise defined herein, capitalized terms used in this EU and UK Privacy Notice will have the meanings ascribed to such terms in the Subscription Agreement.

Please direct any questions arising out of this EU-UK Privacy Notice to the Chief Compliance Officer of Ridgewood at lpcommunications@ridgewood.com.

Categories of Personal Data Collected and Lawful Bases for Processing

In connection with creating and operating private investment vehicles, Ridgewood and its affiliates and, in each case, including their respective administrators, legal and other advisors and agents (the “Authorized Entities”) may collect, record, store, adapt and otherwise process and use personal data, either relating to investors or to any other data subjects, including from the following sources (and all references to “investor(s) in this EU and UK Privacy Notice shall be to such investor(s) and, as applicable, any of these other persons as related to such potential investor(s)):

information received in telephone conversations, meetings, in voicemails, through written correspondence, via e-mail or on subscription agreements, investor questionnaires, applications or other forms (including any anti-money laundering, “know-your-client”, identification and verification documentation);
information about transactions with any Authorized Entity or other Person;
information captured on any Authorized Entity’s website, data room and/or investor reporting portal (as applicable) including registration information and/or any information provided through online forms and/or any information captured via “cookies” and/or similar technologies; and
information from available public sources, including from:

○ publicly available and accessible directories and sources;

○ bankruptcy registers;

○ tax authorities, including those that are based outside the UK and the EEA if the applicable data subject is subject to tax in another jurisdiction;

○ governmental and competent regulatory authorities to whom any Authorized Entity has regulatory obligations;

○ credit agencies; and

○ fraud prevention and detection agencies and organizations.

Any Authorized Entity may process the following categories of personal data:

names, dates of birth and birthplace;
contact details and professional addresses (including physical addresses, email addresses and telephone numbers);
account data and other information contained in any document provided by investors to the Authorized Entities (whether directly or indirectly);
information regarding an investor’s use of any Authorized Entity’s website(s), data room(s) and/or investor reporting portal(s) (e.g., cookies, browsing history and/or search history);
risk tolerance, transaction history, investment experience and investment activity;
information regarding an investor’s status under various laws and regulations, including social security number, tax status, income and assets;
accounts and transactions with other institutions;
information regarding an investor’s interest investment vehicles, including ownership percentage, capital commitment (or investment), income and losses;
information regarding an investor’s citizenship and location of residence;
source of funds used to make the investment in investment vehicles or related funds; and
anti-money laundering, identification (including passport and drivers’ license) and verification documentation.

Any Authorized Entity may, in certain circumstances, combine personal data it receives from an investor with information that it collects from or about such investor. This will include information collected in an online or offline context.

The Authorized Entities are each “controllers” of personal data collected in connection with investment vehicles. In simple terms, this means such Authorized Entities: (a) “control” the personal data that they or other Authorized Entities collect from investors or other sources; and (b) make certain decisions on how to use and protect such personal data.

There is a need to process personal data for the purposes set out in this EU-UK Privacy Notice as a matter of contractual necessity under or in connection with investment vehicles or limited liability company agreement (as applicable) and associated partnership documentation, and other investment documents (collectively, “Governing Documents”), pursuant to applicable legal obligations and, in the legitimate interests of the Authorized Entities (or those of a third party), to operate their respective businesses. From time to time, an Authorized Entity may need to process the personal data on other legal bases, including the following: with consent or if it is necessary to protect the vital interests of an investor or other data subjects.

A failure to provide the personal data requested to fulfil the purposes described in this EU-UK Privacy Notice may result in the applicable Authorized Entities being unable to provide the services as contemplated by the Governing Documents.

Purpose of Processing

The applicable Authorized Entities process the personal data for the following purposes (and in respect of paragraphs (3), (4), (6), (8), (9), (10) and (12) in the legitimate interests of the Authorized Entities):

The performance of its contractual and legal obligations (including applicable anti-money laundering, know-your-client and other related laws and regulations), in assessing suitability of investors in investment vehicles.
The administrative processes (and related communication) carried out between the Authorized Entities in preparing for the admission of investors to investment vehicles.
Ongoing communication with investors (including the negotiation, preparation and execution of documentation) during the process of admitting investors to investment vehicles.
The ongoing administrative, accounting, reporting and other processes and communications required to operate the business (including any website(s), fund data room(s), and/or investor reporting portal(s)) of investment vehicles and/or any other applicable Authorized Entity, including in accordance with the Governing Documents and other applicable documentation between the parties.
To administer and manage the process to allow investors to purchase their holdings, shares or other interests in investment vehicles (and any other funds operated by the General Partner or its affiliates).
To facilitate the execution, continuation or termination of the contractual relationship between an investor and Authorized Entity (as applicable).
To facilitate the transfer of funds, and administering and facilitating any other transaction, between an investor and Authorized Entity (as applicable).
To enable any actual or proposed assignee or transferee, participant or sub-participant of investment vehicles or investment vehicles’ rights or obligations to evaluate proposed transactions.
To facilitate business asset transactions involving investment vehicles and/or related vehicles.
To facilitate business asset transactions involving investment vehicles or Partnership’s related vehicles and/or including due diligence carried out by any third party that acquires, or is interested in acquiring or securitizing, all or part of investment vehicles’ assets or shares, or that succeeds to it in carrying on all or a part of its businesses, or services provided to it, whether by merger, acquisition, financing, reorganization or otherwise.
Any legal or regulatory requirement.
Keeping investors informed about the business of the General Partner, investment vehicles and their respective affiliates generally, including offering opportunities to make investments other than in investment vehicles.
Any other purpose that has been notified, or has been agreed, in writing.

The Authorized Entities may also monitor communications where the law requires them to do so. The Authorized Entities also monitor communications, where permitted to do so, to protect their respective businesses and the security of their respective systems.

Sharing and Transfers of Personal Data

In addition to disclosing personal data amongst themselves, any Authorized Entity may disclose personal data, where permitted by EU-UK Data Protection Legislation, to other service providers, employees, agents, contractors, consultants, professional advisors, lenders, processors and persons employed and/or retained by them in order to fulfil the purposes described in this EU-UK Privacy Notice and any third party that acquires, or is interested in acquiring or securitizing, all or part of investment vehicles’ assets or interests, or that succeeds to it in carrying on all or a part of its businesses, or services provided to it, whether by merger, acquisition, reorganization or otherwise. In addition, any Authorized Entity may share personal data with regulatory bodies having competent jurisdiction over them, as well as with tax authorities, auditors and tax advisors (where necessary or advisable to comply with law).

Any Authorized Entity may transfer personal data to a Non-Equivalent Country (as defined below), in order to fulfil the purposes described in this EU-UK Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to enter into, perform and administer the Subscription Agreement and Governing Documents, and to implement requested pre-contractual measures. For information on the safeguards applied to such transfers, please contact the General Partner. For the purposes of this EU-UK Privacy Notice, “Non-Equivalent Country” shall mean a country or territory other than (a) a member state of the EEA; (b) the UK; or (c) a country or territory which has at the relevant time been decided by the European Commission or the Government of the UK (as applicable) in accordance with EU-UK Data Protection Legislation to ensure an adequate level of protection for personal data.

Retention and Security of Personal Data

The General Partner and its Affiliates consider the protection of personal data to be a sound business practice, and to that end, employ appropriate technical and organizational measures, including physical, electronic and procedural safeguards to protect investors’ personal data in their possession or under their control.

Personal data will not be retained for longer than necessary with regard to the purposes described in this EU-UK Privacy Notice or as long as is required to comply with applicable legal or regulatory obligations. Personal data will be retained throughout the life cycle of any investment in investment vehicles. Investment vehicles maintains personal data of former investors which is subject to the same policies that apply to current investors.

Data Subject Rights

It is acknowledged that, subject to applicable EU-UK Data Protection Legislation, the data subjects to which personal data relates have the following rights under EU-UK Data Protection Legislation: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data; to access and receive a copy of their personal data; to request rectification of their personal data; to request erasure of their personal data; to exercise their right to data portability; and the right not to be subject to automated decision-making. Please note that the right to erasure is not absolute, and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, erasure of the personal data requested to fulfil the purposes described in this EU-UK Privacy Notice may result in the inability to provide the services as contemplated by the Governing Documents and/or the Subscription Agreement.

In case a data subject to whom personal data relates disagrees with the way in which his or her personal data is being processed in relation to the Governing Documents and/or the Subscription Agreement, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.

A data subject may raise any request relating to the processing of his or her personal data with the General Partner at the contact information provided above.