Privacy Statement Emendo Capital B.V.

 

This privacy statement applies to the processing of personal data as a data controller within the meaning of the General Data Protection Regulation ("GDPR") by Emendo Capital B.V. (Chamber of Commerce number: 55629652), having its registered office at Locatellikade 1, 1076AZ Amsterdam (hereinafter "Emendo Capital"). Processing responsibility means that Emendo Capital determines the purposes and means of processing personal data.

This privacy statement applies to the processing of personal data of:

I. Website visitors
II. Customers
III. Applicants
IV. Suppliers
V. Third parties

Emendo Capital considers the protection of your privacy highly important. Emendo Capital has therefore, among other documents and policies, prepared this privacy statement. The purpose of this privacy statement is to be transparent about how Emendo Capital collects, uses and protects your personal data in accordance with Articles 13 and 14 of the GDPR.

What is personal data?

Under the GDPR, personal data is any information regarding an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to that person.

For what purposes do we process personal data?

We process your personal data only for specified, explicit and legitimate purposes. Below you will find more information on the different purposes for each category of data subject.

I. WEBSITE VISITORS

1. For handling questions/comments/complaints

What does this purpose imply?

Our website contains our contact details and we use web forms. This allows you to contact us. When you contact us and/or fill in a web form, we process the personal data you provide in order to contact you and handle your question/comment/complaint. The legal basis for this processing lies in our legitimate interest to contact you in response to your question/comment/complaint (Article 6(1)(f) GDPR).

What personal data do we process for this purpose?

We only process the personal data you provide to us, for example through a web form. This may include, for example, name, contact details and the information you provide in your message/during our contact.

II. CUSTOMERS

We process personal data of customers, their employees, contact persons and third parties engaged by them. The customer is responsible for informing third parties engaged by the customer of the content of this privacy statement. A copy of this privacy statement can be found on our website.

1. To execute our agreement (day-to-day business)

What does this purpose imply?

To perform our services, including cost estimation, financial administration (such as invoicing, calculating and recording fees and expenses, making payments, collecting receivables and paying our invoices), we process personal data of the client or her contacts. This allows us to perform our services efficiently and effectively and maintain contact with you. The processing of personal data for this purpose is necessary for the conclusion or execution of a contract with you (Article 6(1)(b) GDPR), our legitimate interest in the efficient and effective performance of our services (Article 6(1)(f) GDPR) and the fulfilment of our statutory administration obligations (Article 6(1)(c) GDPR).

What personal data do we process for this purpose?

For this purpose, we process your name, salutation, position, telephone number, employer, e-mail address and other relevant information provided during the execution of the agreement.

2. Communication purposes, including relationship management

What does this goal entail?

You can contact us at any time, through, inter alia, our website, phone, and/or e-mail. When you contact us, we process the personal data you provide in order to contact you and answer your question. In addition, contact during our service may also be important or occur in other areas, for example to handle queries about our agreement or to maintain our relationship.

The legal basis for this processing lies in our legitimate interest to contact you in response to your enquiry (Article 6(1)(f) GDPR).

What personal data do we process for this purpose?

We process your name, address details, phone number, e-mail and possibly position for this purpose.

3. Marketing (sending of newsletter)

What does this goal entail?

If you give us your consent, we may use your personal data for Emendo Capital's marketing activities. For example, we may send you our newsletter. The legal basis for this processing is your consent (Article 6(1)(a) GDPR) and/or our legitimate interest to undertake marketing activities (Article 6(1)(f) GDPR).

What personal data do we process for this purpose?

We process your e-mail address, name, employer, position, phone number and e-mail pixel (reading behavior) for this purpose.

III. APPLICANTS

1. For a responsible, effective and efficient recruitment and selection process

What does this goal entail?

To recruit and select new employees or contractors (self-employed persons without personnel who perform temporary work on an interim basis by means of an assignment agreement), we process personal data. We do this to assess whether the applicant or contractor is suitable for the open position.

This personal data is kept as standard for up to two months after the closing date of the vacancy. This way, we can still discuss potential questions on the outcome of your application during this period. If the application results in an appointment of a position, the relevant personal data is retained in accordance with our retention policy and our privacy statement for employees and/or contractors.

The legal basis is our legitimate interest in carrying out the recruitment and selection procedure efficiently and to be able to discuss any questions with the applicant about the outcome of the application (Article 6(1)(f) GDPR).

What personal data do we process for this purpose?

We process your contact details (such as name and address, e-mail address and telephone number), personal data from your CV and motivation letter, diplomas, an interview report, if relevant a salary proposal, results of an assessment (intelligence and personality) and in some cases the data as a result of calling up the references you provided.

When entering into an employment contract or assignment contract, additional data may be processed, such as the salary proposal, Citizen Service Number (Burgerlijk Service Nummer; BSN), bank details (bank account number and name of account holder), copy of identity document and other data whose processing is required when entering into an employment contract or assignment contract.

IV. SUPPLIERS

1. To settle agreements, such as orders and commissions (day-to-day business)

What does this goal entail?

For the execution and settlement of our orders and assignments with you as a supplier, we process personal data of (employees of) our suppliers. This personal data helps us to provide you with the right information for placing an order or placing an assignment. The legal basis for processing personal data for this purpose is the conclusion or performance of a contract (Article 6(1)(b) GDPR).

What personal data do we process for this purpose?

For this purpose, we process your name, salutation, position, telephone number, Chamber of Commerce number, employer, e-mail address, address details, account and VAT numbers and other relevant information provided during the execution of the agreement.

V. THIRD PARTIES

1. For carrying out our services and consultancy

What does this goal entail?

To perform our services and consultancy, we process personal data of third parties with whom we do not have a direct (contractual) relationship. These include:

  • employees of third parties or counterparties;

  • clients’ suppliers, third parties and counterparties;

  • advisers to clients, third parties and counterparties;

  • other third parties engaged by customer, third parties and counterparties;

  • other stakeholders and/or involved parties

  • other parties in the event of a dispute;

  • regulators and the tax authorities;

  • government agencies;

  • shareholders customers of the target;

  • employees;

  • directors; and

  • contracting parties.

The basis for this processing is our legitimate interest to carry out our (consultancy) services with customers (Article 6(1)(f) GDPR).

What personal data do we process for this purpose?

To this end, we process your contact details (name, e-mail address) and data provided to us by customers or other third parties or obtained from public sources in the context of our services and advice.

Your rights

You have the right to be properly informed about what we do with your data and why we need your data. We do so through this privacy statement. In addition to the right to be informed in a transparent manner, you have the following rights:

  • Right to access (if you want to know what personal data we collect from you);

  • Right to rectification (we will amend any personal data that is no longer correct);

  • Right to be forgotten (in some cases, you can request us to delete your personal data);

  • Right to restrict processing (in some cases, you may request us to restrict the processing of your personal data);

  • Under circumstances, right to data portability (if you wish, we can transfer your personal data to another party or give you a copy of your personal data);

  • Right to object (in some cases, you may object to the use of your personal data).

If you wish to exercise any of your rights, please contact us by emailing info@emendocapital.com. To prevent abuse, we may ask you to adequately identify yourself before we process your request. Circumstances may arise which prevent us from fulfilling or not fully fulfilling your request. If such a circumstance arises, we will notify you. We will always respond to your request within one month.

With whom do we share personal data?

Emendo Capital does not sell or trade your personal data to any third party. Emendo Capital may be required by specific laws and regulations to provide certain personal data to third parties, such as government agencies. In addition, we may share your personal data with third parties to protect our own rights or those of others.

Internally, only employees of ours have access to personal data to the extent relevant to their work (on a need-to-know basis) and all of our employment contracts have a confidentiality clause included.

We also engage processors who process personal data on our behalf. We conclude processing agreements with them that meet the requirements of the GDPR. For example, with regard to reporting data breaches and taking appropriate technical and organisational measures. In addition, personal data may be shared with:

  • A dispute resolution institute and/or competent judicial authority. This may apply to personal data of clients and/or third parties.

  • Shareholders

  • ICT service providers. While maintaining, managing and supporting our systems and applications, they may have limited access to various personal data.

  • Other service providers involved in our services, such as external consultants, lawyers and accountants. This may apply to clients and/or third parties.

  • Government agencies (to the extent necessary under a legal provision).

For how long do we retain your personal data?

We retain your personal data for as long as necessary for the purpose for which we use your personal data and/or as long as the law requires us to keep the personal data. Exactly how long varies. From a few months to many years, for example because it is necessary for our accounting purposes. We have defined the retention periods for each processing activity in our retention policy. We retain personal data of job applicants for up to 2 months after the recruitment and selection procedure. With your consent, we keep your data for an additional 12 months for any future vacancies.

Consent

If we process your data on the basis of your consent, you always have the right to withdraw your consent. This can easily be done by sending an e-mail to info@emendocapital.com. In that case, if we have no other basis for processing, we will no longer use your data for this purpose.

How do we protect your data?

Under Article 32 GDPR, we are obliged to take appropriate technical and organisational measures to prevent the loss of personal data or unlawful processing. So we have taken physical, administrative, organisational and technical measures. Periodically, we evaluate the technical and organisational measures and adjust them if necessary. Our organisation is set up in such a way that we do everything possible to prevent data leaks. If there is a data breach, we will act in accordance with the data breach protocol.

Contact and complaints

If you have any questions about this privacy statement or wish to exercise your rights as a data subject, please contact us at info@emendocapital.com.

In case of complaints about, for example, how we use your data or how we respond to privacy-related queries, you can file a complaint with the Data Protection Authority.

Amsterdam, December 2024