PRIVACY NOTICE

This Privacy Notice (the “Notice”) sets out how we, Imprima (Nederland) B.V., a Dutch company with offices at De Boelelaan 7, 1083 HJ Amsterdam, Netherlands  and our group companies and associated offices from time to time (collectively “Imprima”, “we”, “us”, “our”) process the information about individuals (each a “User”, “you”, “your”) who use our website, services, applications, content and related features (collectively, the “Website” or “Website Services”), who visit our premises, contact us or interact with us in their personal or professional capacity, or individuals who use our data room and related services (each an “End User”) provided by us as a data processor to our clients (“Data Room Services”). If you have any questions about this Notice, please contact us by email.

By visiting our Website, you acknowledge the processing described in this Notice. We will let you know, by posting on our website or otherwise, if we make any changes to this Notice from time to time. Your continued use of our Website Services, Data Room Services or your continued dealing with us after notifying such changes will amount to your acknowledgement of the amended Notice. This version of our privacy notice was published in March 2018.

What information do we process?

Generally, you are under no obligation to provide this information, but without it, we may be unable to provide you with some of our Website Services or Data Room Services. We will rely on the information provided by you as accurate, complete and up to date and you agree to ensure that this will be the case.

We may process the following information about you:

• Information provided by you. You may give us information about you by, for example, filling in forms such as the contact form on our Website, subscribing to services, such as email updates, making applications in respect of job postings, corresponding with us by e-mail, phone or otherwise. This information may include your name, email address, phone number, information about your query and similar information.

• Information about others. You may also provide to us information relating to third parties, such as people who you work with, your referees, designated End Users for Data Room Services and others. Information about third parties should only be provided if you have demonstrable permission to do so or if the information is available in the public domain, and you agree to ensure that this will be the case.

• Information about your device.With regard to each visit to our Website we may collect technical information about your device such as IP address, operating system, browser, time zone setting, the Internet address of the website from which you linked directly to our website, URL clickstream data, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

• Information from third party sources. This may include information about you received from background checking providers such as Experian, your referees, End Users of our Data Room Services, our service providers, public sites such as LinkedIn and other third parties.

• Information processed on behalf of our clients. Where we provide Data Room Services to our clients, we will process information as a data processor on behalf of the client, the data controller. The information will in most part include business information relevant to various business activities. Such processing will be in accordance with any privacy notice provided to you by the client or by us on the client’s behalf.

How do we use your information?

We will only process information about you, in accordance with applicable law, for the following purposes:

• Responding to your queries, requests and other communications, for example, if you apply for a job or you send us a query about our services;
• Providing the Website Services;
• Enabling suppliers and service providers to carry out certain functions on our behalf in order to provide our services and operate our business, including webhosting, infrastructure, network, data storage, identity verification, background checks, recruitment services, technical support, word processing, archiving, analytics, logistical and functions, as applicable;
• Allowing you to use features of our Website Services and Data Room Services;
• Carrying out profiling for business administration, recruitment, advertising and other business purposes, such as for example analysing User trends to deliver relevant ads to Users’ devices; using advanced recruitment tools; building interaction profiles about our business contacts and prospects;
• Sending you personalised marketing communications as permitted by law or as requested by you;
• Serving personalised advertising to your devices, based on your interests in accordance with our Cookie Statement below;
• Ensuring the security of our business and preventing and detecting fraud;
• Administering our business, including complaints resolution, troubleshooting of our website, data analysis, quality control, staff training, testing of new features, research, statistical, trend analysis and survey purposes;
• Archiving of emails and other communications;
• Developing and improving our Website and related services;
• Providing and administering Data Room Services. Where you have been designated as an End User by our client we will grant you access, monitor your usage and keep an activity record;
• Complying with applicable law, including in response to a lawful request from a court or regulatory body.

The legal basis for our processing of personal data for the purposes described above will typically include:

• Processing necessary to fulfil a contract that we have in place with you or other data subjects, such as processing for the purposes set out in paragraphs (a), (b), (c), (d) and (e);
• Your consent, such as processing for the purposes set out in paragraphs (e), (f) and (g);
• Processing necessary for our or a third party’s legitimate interests, such as processing for the purposes set out in paragraphs (a), (b), (c), (h), (i), (j) and (k), which is carried out on the basis of our legitimate interest to ensure that our website, content and services are provided at a high competitive standard, without delays and in an efficient, user-friendly and personalised manner taking into account user feedback, data and profiles, to ensure the security of our business and our Users and the proper and efficient administration of our business;
• Our agreements with, and instructions provided by, our clients for whom we act as a data processor, as set out in paragraph (l);
• Processing necessary for compliance with a legal obligation to which we are subject, such as processing for the purposes set out in paragraph (m); and
• Any other applicable legal ground from time to time.

Cookie Statement

What exactly are cookies? In order to collect the information as described in this Notice, we may use cookies and similar technology on our website. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive, mobile phone or other device. Cookies can be first party, i.e. cookies that the website you are visiting places on your device, or third party cookies, i.e. cookies placed on your device through the Website but by third parties, such as, Google. For more information please visit www.allaboutcookies.org.

The cookies placed through our Website. We use the following cookies on our website:

• Strictly necessary cookies. These cookies are essential in order to enable you to move around our website and use its features. Without these cookies, the Website and related services you have asked for cannot be provided. They are deleted when you close the browser. These are first party cookies.
• Performance cookies. These cookies collect information in an anonymous form about how visitors use our website. They allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it and the approximate regions that they are visiting from. These are first party cookies.
• Functionality cookies. These cookies allow our website to remember choices you make (such as your user name, language or the region you are in, if applicable) and provide enhanced, more personal features. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. These are first party cookies.
• Analytics cookies. We use Google Analytics, Hotjar, Communigator and other service providers to help us analyse patterns of user behaviour in our Services. These providers will collect your IP address and other information by automated means in order to report on your user activity and tell us, for example, which organisation you came from. These service providers may retain and use anonymised, aggregated data collected from users of our website in connection with their own businesses, including in order to improve their products and services. Authentication and tracking logs will be used to compile user statistics.
• Targeting or advertising cookies. These cookies allow us and our advertisers to deliver information more relevant to you and your interests by remembering your past visits, helping us understand our visitor demographics and compile profiles. Cookies help us measure the effectiveness of advertising campaigns and stop us from showing you the same ad too many times. We use Remarketing with Google Analytics to advertise on third party sites to you after you visited our Website. We and our third-party vendors, like Google, use first party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) to inform, optimize and serve ads based on your past visits to our Website. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.
• Social Media cookies. These cookies allow you to connect with social media networks such as Facebook, Twitter, LinkedIn and Google+. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.

We may combine information from these types of cookies and technologies with information about you from other sources.

Your right to opt-out

If you would like us to stop sending you marketing emails you may use the opt-out link at the bottom of any marketing email we send. Although we encourage you to use the opt-out link because it is automated, you may also send us a request by email here.

If you, or another user of your device, wish to withdraw your cookies consent at any time, you have the ability to accept or decline cookies by modifying your browser setting. You can find out more by using the links below:

Disable cookies in Chrome
Disable cookies in Firefox
Disable cookies in Edge
Disable cookies in Internet Explorer and Opera
Disable cookies in Safari

You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page. Google also recommends installing the Google Analytics Opt-out Browser Add-on for your browser which will prevent your data from being collected and used by Google Analytics. You can opt-out from Hotjar by clicking here.

For more information about which cookies may be placed on your device and how to opt-out, please access the tools of the DAA here or Your Online Choices here. In some instances, when you opt-out, a new cookie (Opt-Out-Cookie) is placed on your device. This tells the third party provider to cease data collection from your browser and prevents advertisements from being delivered to you.

If you choose to decline cookies, you may not be able to fully experience the interactive features of our website, our content and services.

Disclosure of information

There are circumstances where we may wish to disclose or are compelled to disclose your information to third parties. These scenarios include disclosure to:

• Our affiliates, parent companies or associated offices;
• Our suppliers, service providers and contractors to facilitate the provision of Website Services, Data Room Services and to operate our business;
• Subject to appropriate legal basis such as consent, our advertising and marketing partners who enable us, for example, to deliver personalised ads to your devices or who may contact you by post, email, telephone, SMS or by other means;
• Successor or partner legal entities, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event relating to our business. In the case of a merger or sale, your information will be permanently transferred to a successor company;
• Our clients, End Users and third parties as directed by our clients, where we process information as a data processor on behalf of our clients;
• Public authorities, such as law enforcement agencies, courts and other public bodies where we are required by law to do so; and
• Other third parties where you have provided your consent.

International transfer of your personal data

If we transfer information to private organisations abroad, such as our suppliers and service providers, we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means. You may contact us for a copy of such safeguards in these circumstances.

Retention of personal data

We retain personal data for as long as is necessary for the purposes listed above or longer as may be required by the law. Please contact us for further details of applicable retention periods.

We may keep an anonymized form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

We will retain personal data in accordance with our clients’ instructions where we act on their behalf as a data processor.

Security of personal data

We will use appropriate technical and organisational information security measures to try to prevent unauthorised access to your personal data. However, please be aware that the transmission of information via the internet is never completely secure. Whilst we can do our best to keep our own systems secure, we cannot control the whole of the internet and we cannot therefore guarantee the security of your information as it is transmitted to and from our website.

Where you have created or received a password or authentication code which enables you to access certain parts of our website, you are responsible for keeping this password or authentication code confidential. We ask you not to share your password or authentication code with anyone.

Data subject rights

You may have numerous rights in relation to your personal data, as set out below. However, where we processed your personal data as part of Data Room Services on our clients’ behalf you should contact the client directly in relation to your rights. For further information about your data privacy rights please visit the website of your local data privacy authority.

• Right to make a subject access request (SAR). Data subjects may request in writing copies of their personal data. However, compliance with such requests is subject to certain limitations and exemptions and the rights of other individuals. Each request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and payment, where applicable.
• Right to rectification. Data subjects may request that we rectify any inaccurate or incomplete personal data.
• Right to withdraw consent. Data subjects may at any time withdraw their consent to the processing of their personal data carried out by us on the basis of their previous consent. Such withdrawal will not affect the lawfulness of processing based on such previous consent.
• Right to object to processing including profiling. We will comply with valid objection requests unless we have a compelling overriding legitimate ground for the continuation of our processing or we have another lawful reason to refuse such request. We will comply with each valid opt-out request in relation to marketing communications.
• Rights in relation to automated decisions about you. Where we make a decision about you based solely on automated processing which significantly affects you, you will have you the right to contest the decision, express your point of view and obtain human intervention.
• Right to erasure. Data subjects may request that we erase their personal data. We will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping the personal data, such as, our business record retention obligations that we have to comply with.
• Data subjects may request that we restrict our processing of their personal data in various circumstances. We will comply, unless there is a lawful reason for not doing so, such as, a legal obligation to continue processing your personal data in a certain way.
• Right to data portability. In certain circumstances, data subjects may request the controller to provide a copy of their personal data in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. We do not consider that this right applies to our Website. However, to the extent it does, we will comply with such transfer request. Please note that a transfer to another provider does not imply erasure of the data subject’s personal data which may still be retained for legitimate and lawful purposes.
• Right to lodge a complaint with the supervisory authority. We suggest that data subjects contact us about any questions or complaints in relation to how we process their personal data. However, each data subject has the right to contact the relevant supervisory authority directly. A list of supervisory authorities is available here.

Where we act on behalf of our clients as a data processor, we will pass on any rights requests to our respective clients who will then be in touch with the requestor.