Carestone Property Fund is a sub-fund of Bluestone Real Estate Fund S.C.A.. Bluestone Real Estate Fund and its units have not been authorized for public distribution. Bluestone Real Estate Fund is only subject to the supervision of the “Commission de Surveillance du Secteur Financier” in the Grand Duchy of Luxembourg and its units are restricted and are suitable only to certain eligible and sophisticated investors, on a private offering basis.

This website uses cookies to store information on your computer. By accessing this site, you consent to the placement of cookies on your machine as described in the privacy policy. If you do not consent to the use of cookies, please either disable cookies or refrain from accessing this site or any pages thereof.

Nothing contained on this website constitutes tax, accounting, regulatory, legal, insurance or investment advice. Neither the information, nor any opinion, contained on this website constitutes a solicitation or offer by Bluestone Real Estate Fund or its affiliates to buy or sell any securities, futures, options or other financial instruments, nor shall any such security be offered or sold to any person in any jurisdiction in which such offer, solicitation, purchase, or sale would be unlawful under the securities laws of such jurisdiction. Decisions based on information contained on this website are the sole responsibility of the visitor. In exchange for using this website, the visitor agrees to indemnify and hold Bluestone Real Estate Fund, its officers, directors, employees, affiliates, agents, licensors and suppliers harmless against any and all claims, losses, liability, costs and expenses (including but not limited to attorneys' fees) arising from your use of this website, from your violation of these terms or from any decisions that the visitor makes based on such information.

The investments and strategies discussed in the website may not be suitable for all investors and are not obligations of Bluestone Real Estate Fund or its affiliates or guaranteed by Bluestone Real Estate Fund or its affiliates. Bluestone Real Estate Fund makes no representations that the contents are appropriate for use in all locations, or that the transactions, securities, products, instruments, or services discussed on this site are available or appropriate for sale or use in all jurisdictions or countries, or by all investors or counterparties. By making available information on the website, Bluestone Real Estate Fund does not represent that any investment vehicle is available or suitable for any particular user. All persons and entities accessing the website agree to do so on their own initiative and are responsible for compliance with applicable local laws and regulations.

All investments involve risk and may lose value. The value of your investment can go down depending upon market conditions. Before acquiring the shares of any investment fund by purchase or exchange, it is your responsibility to read the fund's prospectus or offering materials.

This website is for information purposes only and is not intended to be relied upon as a forecast, research or investment advice. The information on this website does not constitute a recommendation, offer or solicitation to buy or sell any securities or to adopt any investment strategy. Although this material is based upon information that Bluestone Real Estate Fund considers reliable and endeavors to keep current, Bluestone Real Estate Fund does not assure that this material is accurate, current or complete, and it should not be relied upon as such. Any opinions expressed on this website may change as subsequent conditions vary. Past performance is no guarantee of future results.


Privacy policy



  1. General Provisions

Bluestone Real Estate Fund S.C.A., SICAV-SIF, represented by its general partner Bluestone Real Estate Management S.à r.l. (the “Fund”), acts as data controller (the “Data Controller”). The Fund is committed to maintain the privacy and the security of any Personal Data, as defined below, by controlling the collection, the storage, the processing by the Data Processors, as defined below, of such Personal Data of the clients, investors, prospective investors, or other third parties related to them (each a “Data Subject”, all together, the “Data Subjects”).

The purpose of this Data Protection Statement is to explain how the DPC, as defined below, use the Data Subjects’ Personal Data.

By continuing to engage in the provision of services with the Fund, the Data Subjects authorize the Data Controller and the Data Processors (all together the “DPC”) to use and transfer the Personal Data about themselves, their employees, directors, managers, officers or representatives in accordance with this Data Protection Statement, as amended from time to time (the “DPS”). The Data Controller commits to observe confidentiality concerning information it possesses within the conditions as indicated below.

The Data Subjects should be aware that by subscribing for shares of the Fund, they give their consent to processing of their Personal Data by the DPC and any other duly authorized person to which their Personal Data are disclosed, as indicated in this DPS.

Where these DPS uses terms defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended from time to time (the “GPDR”), those terms shall have the meaning as in the GDPR.

The DPS shall be read and interpreted in the light of the provisions of the GPDR. Such DPS shall not be interpreted in a way that runs counter to the rights and obligations provided for in the GPDR or in a way that prejudices the fundamental rights or freedoms of the Data Subjects. The DPC shall apply respectively (i) Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries or (ii) Decision (EU) 2021/915 of 4 June 2021 on standard contractual clauses between controllers and processors under Article 28 (7) of GPDR and Article 29 (7) of Regulation (EU) 2018/1725, as applicable and as amended from time to time (the “Clauses”). In the event of a contradiction between the Clauses and the provision of this DPS, the Clauses shall prevail.

  1. Personal Data definition

In accordance with the GDPR, the Personal Data means any information relating to the Data Subjects, such as a name, an identification number, location data, email address, bank account information, source of funds and wealth, personal net worth, driver’s license number, social security or national insurance number, an online identifier or to one or more factors specific to the physical, economic, cultural or social identity that the Data Subjects provide. The Data Processors may also, in appropriate cases and to the extent permitted by the GDPR, control, process and use certain data inter alia regarding anti-money laundering (AML) and “Know Your Customer” (KYC).

Where the processing involves Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (sensitive data), the Data Processors apply specific restrictions and/or additional safeguards.

  1. Data Processors

In the course of business relationships between the Data Subjects and the Fund (the “Business Relationship”), the following Data Processors may collect, record, organize, store, consult and process, only on documented instruction from the Data Controller, unless required to do so by relevant applicable laws, Personal Data:

  • The employees, board members, partners, managers, officers, advisors, lawyers or representatives of the Data Controller;
  • The service providers of the Fund, as disclosed in the Fund’s offering documents (g. the depositary bank, the administrative, registrar, transfer and paying agent, the investment advisor, if any, the investment manager, if any, the auditor) including their employees, directors, affiliates, officers, advisors, lawyers and representatives;

The Data Processors shall immediately inform the Data Controller if, in the Data Processors’ opinion, instructions given by the Data Controller infringe the GDPR or the applicable data protection laws provisions. The Data Processors are responsible for the processing of the Personal Data with any applicable law.

The DPC may, during the course of the Business Relationship, transfer the Personal Data, to the extent permitted by the GDPR, to:

  • domestic and foreign authorities, tax authorities, governments, tribunals, and any other authorities or official bodies and their representatives (the “Authorities”);
  • any service providers as indicated in the Fund’s offering documents or in the relevant agreements entered into by the Fund (as mentioned in the Fund’s offering documents), their employees, directors, affiliates, officers, advisors, lawyers and representatives;
  • any person that the Data Subjects request or permit the Data Controller to keep informed. If the Data Subjects no longer wish to share their Personal Data with such person(s) or wish to change their preferences in this respect, please inform: frederik.denys@carestonepropertyfund.com.

The Personal Data of the Data Subjects may be transferred to any Data Processors identified in this section 3 in connection with the Business Relationship or authorized by the Data Controller, some of which may be outside the European Economic Area (EEA). In such case, please refer to the section 5 of this DPS.

  1. Ways of processing the Personal Data of the Data Subjects

The Data Processors may process, use or transfer the Personal Data of the Data Subjects for the following purposes connected to the Business Relationship which are inter alia:

  • administering the provision of services provided by the DPC g. billing, internal reporting, analysis, and other ancillary matters;
  • processing subscriptions, redemptions and conversions of shares of the Fund and payments of dividends or interests to the shareholders of the Fund;
  • complying with any present or future law, rule, regulation, guidance, decision or directive (including those concerning antiterrorism, fraud, AML and anti-corruption) and, in appropriate cases, carrying out KYC checks and other procedures that the DPC undertake prior the Data Subject becoming a shareholder of the Fund;
  • establishing, exercising or defending rights;
  • complying with demands and requests made by, or making voluntary disclosures to Authorities;
  • obtaining advice, receiving services or providing a third party with information about matters that may impact the Fund;
  • providing the Data Subjects with marketing information relating to the Fund’s products or services; and
  • any other purposes that are incidental to or directly connected with the foregoing purposes or otherwise in the course of the Business Relationship.

The provision of the Personal Data of the Data Subjects is necessary for DPC to:

  • fulfil legal obligations;
  • perform obligations under contract with the Data Subjects; or
  • fulfill legitimate interests of the DPC for the performance of the services.

When users surf to this website, the Data Processor stores certain information from the user in statistics (Google Analytics). This information includes inter alia the browser type, IP address, the operating system the user uses and the domain name of the website that guided the user to such website. The Data Processor uses these statistics to analyze the surfing behavior of the visitors. Based on this, the Fund can optimize such website for its users. The statistics are completely anonymous. In addition, when users subscribe to the newsletter of the website, the relevant Data Processor stores the e-mail address of the user. Such storage is needed for the Fund to have the ability to send to the users the subscribed newsletter. The e-mail address is stored securely at Mailchimp. Mailchimp secures the data of the user and is part of a certified EU-US Privacy Shield Framework and respects its privacy.

Personal Data are processed for various purposes. However, the DPC ensure that they only collect and process the data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.

If Data Subjects do not wish to provide their Personal Data, in whole or in part, for any of the purposes listed immediately above, the DPC may not be able to provide their financial services to the Data Subjects.

  1. Transfer of the Personal Data of the Data Subject abroad

The Personal Data of the Data Subjects may be transferred to any Data Processors identified in section 3 in connection with the Business Relationship or authorized by the Data Controller, some of which may be outside the European Economic Area (EEA). The countries to which the Personal Data of the Data Subject are transferred may not offer an equivalent level of protection for Personal Data to the laws applicable in Luxembourg. However, such transfer will be carried out in accordance with the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries. For such transfer, the relevant DCP implements measures to ensure an adequate level of protection and security of the Personal Data. This includes protecting the Personal Data against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to the Personal Data.

  1. Updating and retaining Personal Data

It is important for DPC to maintain accurate records of the Personal Data. The Data Subjects should inform as soon as possible the Data Controller of any changes to or errors in their Personal Data and the DPC will update their records accordingly. The DPC will only retain the Personal Data for as long as, in their reasonable opinion and in line with their data retention policy, is necessary to comply with applicable laws or for the purposes for which the DPC process the Personal Data (as set out in this statement). The Personal Data shall never be used for marketing purposes, unless the Data Subject has accepted otherwise.

  1. Security of the Personal Data of the Data Subjects

The Data Controller will take steps to protect the Personal Data of the Data Subjects against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held.

  1. The rights of the Data Subjects

The Data Subjects have certain rights under data protection laws and GDPR. The Data Subjects have a right to:

(i) request access to and rectification, modification, correction or erasure of their Personal Data;

(ii) obtain restriction of processing or to object to processing of their Personal Data;

(iii) obtain a copy of their Personal Data being processed;

(iv) request the cessation of data processing, under certain circumstances;

(v) data portability; and

(vi) withdraw any consent given at any time.

The Data Subjects also have the right to lodge a complaint about the processing of their Personal Data with their local data protection regulator. Please note that these rights are not absolute: they do not always apply and exemptions may be engaged. The Data Controller may, in response to a request, ask the Data Subjects to verify and to provide information that helps the Data Controller to understand its request better. If the Data Controller does not comply with the request of the Data Subject, the Data Controller must explain why. If the Data Subjects require further information in relation to their rights under data protection laws and GDPR, the Data Controller invites the Data Subjects to visit the website of the relevant data protection regulators (a list is available under https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) or contact the Data Controller via the contact details below.

  1. Contacting the Data Controller

If the Data Subjects have any questions or comments on this DPS, the Data Controller invites to contact it by email:

  1. Frederik Denys

Email address: frederik.denys@carestonepropertyfund.com

  1. Notification of changes


This DPS is dated July 2022. From time to time, the Data Controller may amend this DPS without notice and an amended DPS will be available by contacting M. Frederik Denys at frederik.denys@carestonepropertyfund.com. This may be for a number of reasons, including changes in law, market practice or the DPC’s treatment of the Personal Data of the Data Subject.

  1. Applicable laws / data protection regulator


This DPS is regulated by the GDPR, the Clauses and any other applicable Luxembourg laws. The data protection regulator of the Luxembourg is the National Commission for Data Protection (Commission Nationale pour la Protection des Données – CNPD).

Rachel Beljulji

Mark Norman