Privacy Policy

1. Scope of this Policy

This Privacy Policy applies to any natural person whose personal data are processed by EOS Global Investors AIFM S.A. in the context of its business activities as an alternative investment fund manager. In particular, it covers current, prospective and former investors in the alternative investment funds (the "AIFs") that we manage, the ultimate beneficial owners and other related persons of such investors, directors, officers, authorised signatories and other representatives or contact persons of our corporate or institutional investors, business partners, portfolio companies and prospects, individual business partners and suppliers and their staff, as well as visitors to our premises and visitors to or users of our website and any other online services that we make available.

2. Who is responsible for your personal data?

"EOS Global Investors Société Anonyme for Management of Alternative Investment Organizations" ("EOS Global Investors AIFM"), seated at 8 - 10 , Sorou street, Maroussi, Attica, Greece, mail info@eosglobalinvestors.com, telephone +30 216 2005500, fax +30 216 2005566, website www.eosglobalinvestors.com acts as the data controller with respect to the processing of personal data described in this Privacy Policy (the "Controller"). EOS Global Investors AIFM has designated Mrs Sotiris Chinos as the contact point for any questions about this Privacy Policy, about the way in which we process your personal data or in order to exercise your rights. You may contact him at the following contact details: postal address: 8 - 10 , Sorou street, Maroussi, Attica, Greece, e-mail: s.chinos@eosglobalinvestors.com, telephone: +30 216 900 1619.

3. Which personal data do we collect?

The personal data we collect may include:

• Contact information, such as names, job title, postal address (including home address, where this has been provided to us), business address, telephone number, mobile phone number, fax number and e-mail address. Identification and KYC data, such as date and place of birth, nationality, identity card or passport details, tax identification number or similar identifiers, signature specimens, information relating to your capacity and authority to act (for example as director, legal representative or authorised signatory), information relating to your status as ultimate beneficial owner and, where required, information on whether you qualify as a politically exposed person (PEP) or are subject to international sanctions, to the extent necessary for us to comply with applicable anti-money laundering, counter-terrorist financing and sanctions legislation.
• Payment data necessary for processing payments and fraud prevention, such as bank account details and other related billing or payment information.
• Business information necessarily processed in the context of a project or potential investment, or in the context of an investment by you or your organisation in an AIF managed by us, or of another contractual relationship with us, or which is voluntarily provided by you, such as instructions given, payments made, requests, enquiries and information relating to transactions and projects. Information collected from publicly available sources, such as commercial or company registers, corporate websites, the press and information made publicly available by public authorities or supervisory bodies.
• Financial and investment information relating to your financial situation, assets, holdings, source of funds and source of wealth and other information about your fortune and ownerships, where this is relevant to the investment and management services that we provide.
• Details of your visits to our premises.

From time to time, it may include personal data about your membership of a professional body or industry or trade association, where this is relevant to our relationship with you or your organisation.

Such processing will only take place where strictly necessary and subject to the safeguards required by applicable data protection law, including your explicit consent or another applicable legal basis under Article 9 of the GDPR.

4. For which purposes do we collect your data?

We may use your personal data for the following purposes only:

• Investment management (portfolio management and risk management)
• Management of AIOs such as legal requirements, accounting, customer service, portfolio valuation and valuation of its shares (including tax returns), regulatory compliance monitoring, unit-holders / shareholder registration, payment of payable amounts, issue and redemption of shares, transaction of shares, dispatch of forms and certificates and recordkeeping,
• Advertisement of AIOs and their commercial promotion,
• Activities relating to the assets of AIΟ, such as services necessary to fulfil the AIΟ's lending obligations, infrastructure and plant management, real estate management, business consultancy on the capital's structure and on the structure of their industrial strategy and related issues , advice and services relating to mergers and acquisitions and other services associated with the management of the AIO and the companies and other assets to which it has invested;
• Managing and administering your or your organisation's business relationship with us, including processing payments, accounting, auditing, billing and collection, support services;
• Compliance with our business and legal obligations (such as record keeping obligations), compliance screening or recording obligations;
• To analyse and improve our services and communications to you;
• Protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
• For monitoring and assessing compliance with our policies and standards;
• To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
• To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
• To comply with court orders and exercises and/or defend our legal rights; and
• For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.

5. What is the legal basis of processing your data?

We process the personal data that we collect as above solely upon legal basis to do so.

In order to comply with our legal and regulatory obligations, we are requesting information necessary for our Know Your Customer and Anti-Money Laundering checks. In this respect, we will require information relating to the Ultimate Beneficial Owners (UBO) of the relevant investors in our fund(s), such as data covered in other parts of this document.

In addition to the investors of our fund(s), we will be carrying out Know Your Customer and Anti-Money Laundering checks, through an outsourced provider of relevant services, for the target companies of our portfolio, including the shareholders of such companies, the executive management and other relevant persons, as deemed necessary on a case by case basis.

Where you do not provide the personal data that we are required to collect by law or that we need in order to enter into or perform our contractual relationship with you or your organisation, we may not be able to accept you or your organisation as an investor in an AIF that we manage, or to enter into or continue the relevant business relationship.

The following legal bases apply on the processing to which we proceed:

• The compliance with legal obligations to which EOS Global Investors is subject includes, indicatively, L. 4548/2018, L. 4209/2013, Delegated Regulation (EU) 231/2013, L. 4557/2018, the AML/CFT regulatory framework applicable to the AIFs and the rules and regulations of the Hellenic Capital Market Commission. Where, in the context of such obligations or of the investigation of actual or suspected fraudulent or criminal activities, we process personal data relating to criminal convictions and offences, this takes place only under the conditions and safeguards laid down in Article 10 of the GDPR and the applicable Greek implementing legislation, including Law 4624/2019 and Law 4557/2018, and only to the extent strictly necessary for those purposes.
• Your consent, where required by the applicable legal framework, for example in order for us to send you newsletters, information about our services, investment opportunities and other marketing communications relating to the AIFs we manage, in accordance with the GDPR and the applicable rules on electronic communications, such as Law 3471/2006, as in force.
• The legitimate interests of EOS Global Investors AIFM, such as ensuring the security of our premises and IT systems, managing and defending legal claims, monitoring and improving our internal governance and risk management processes, and managing our relationship with investors, portfolio companies and business partners, provided that such interests are not overridden by your interests or fundamental rights and freedoms. Where we rely on legitimate interests as a legal basis, we have carried out and documented a balancing test in accordance with Article 6(1)(f) of the GDPR.

6. With whom will we share your personal data?

We may instruct service providers, such as auditors, consultants, legal advisors, fund administrators, depositaries, custodians, IT and cloud service providers and other professional advisers, in Greece, in the European Economic Area (EEA) or, subject to the conditions set out below, in third countries outside the EEA (for example, shared service centres), to process personal data for the aforementioned purposes on our behalf and in accordance with our instructions only. However, EOS Global Investors will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.

In these cases, we sign agreements with the third parties to whom we assign processing of personal data on our behalf, in order to ensure that processing takes place in accordance with the current legislative framework and that any natural person may freely exercise the rights conferred upon the latter, including, where required, by entering into the European Commission's Standard Contractual Clauses or by relying on an adequacy decision. Where we transfer personal data to recipients located outside the EEA in countries which have not been recognised by the European Commission as providing an adequate level of data protection, we will ensure that appropriate safeguards are in place in accordance with Articles 44–49 of the GDPR, such as Standard Contractual Clauses, and that you may obtain a copy of or access to the relevant safeguards by contacting us.

We may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.

Otherwise, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.

7. For how long do we retain your personal data?

• Your personal data will be deleted when it is no longer reasonably required for the purposes mentioned above and more specifically, in accordance with the criteria set out below.
• When processing is required by law, your personal data will be stored for as long as required by the relevant provisions. In particular, for anti-money laundering and counter-terrorist financing purposes, personal data relating to your identification and to your business relationship with us will generally be retained for a period of five (5) years after the end of the business relationship or the date of an occasional transaction, in accordance with Law 4557/2018, as in force, and any other applicable sector-specific legislation. In any case, if no specific statutory retention period is prescribed, such data will be retained for five (5) years after the regulatory obligation has ceased. For particular reasons, such as tax obligations, ongoing or potential litigation, or the establishment, exercise or defence of legal claims, retention may extend up to twenty (20) years, in line with the applicable limitation periods under Greek law.
• When you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. Following the withdrawal of your consent, your personal data will be erased as quickly as possible, subject to technical and operational limitations. Withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal.
• Where the processing relates to the performance of a contract, your personal data will be retained for five (5) years following the termination or completion of the contractual relationship. For specific reasons, such as tax compliance, regulatory requirements, the establishment, exercise or defence of legal claims, or other legitimate business needs, retention may extend up to twenty (20) years.

8. How do we collect your personal data?

We may collect personal data about you in a number of circumstances, including in particular:

When you or your organization seek an investment from us or invest in an AIF managed by us;

When you or your organization offer to provide or provide services to us;

When your personal data are provided to us by third parties, such as fund administrators, depositaries, custodians, banks, other service providers, business partners or public authorities, in the context of our relationship with you or your organisation and in accordance with applicable law;

When we collect information from publicly available sources, such as commercial or company registers, corporate websites, the press and information made publicly available by public authorities or supervisory bodies.

9. Do we use automated decision-making or profiling?

We do not carry out decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you. If in the future we were to rely on automated decision-making, we would ensure that all safeguards required by the GDPR are in place and that you are provided with appropriate information, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

10. What rights do you have with respect to personal data?

Right of Access

You have the right to be aware and verify the lawfulness of the processing. Therefore, you enjoy the right of access to your data and to receive supplementary information with respect to their processing.

Right to Rectification

You have the right to study, rectify, update or amend your personal data by contacting us in the aforementioned contact details.

Right to Erasure

You have the right to submit a request of your personal data's erasure as long as we process it upon your consent or in order to protect our legitimate interests. In all other cases, such as for instance upon provision of management services of Alternative Investment Organizations, or compliance with legal obligation such right might be subject to restrictions or may not exist at all.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data in the following cases: (a) when the accuracy of your personal data is contested and until the respective verification is concluded, (b) when you object to the erasure of your personal data and you request instead of erasure, the restriction of its use, (c) when your personal data is not required for the purposes of processing, however it is required for the management reasons of an AIO, and (d) when you object to processing and until the verification that legitimate grounds override the reasons you invoke to object to processing.

Right to object processing

You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data, where such processing is based on our legitimate interests as data controller. In this case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You also have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, in which case your personal data will no longer be processed for such purposes.

Right to Data Portability

You have the right to receive at no cost your personal data in a form allowing you to have access, to use and process them in a commonly used method of processing. Furthermore, you have the right to request, provided that this is technically feasible, to transmit the data to another data controller. Such right exists for the data you have provided and their processing is carried out by automated means upon your consent or the performance of a contract.

Right to withdraw the consent

When processing is based upon your request, you have the right to freely withdraw your consent at any time; Withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal.

Right to Lodge a Complaint with the Hellenic Data Protection Authority

You have the right to lodge a complaint to the Hellenic Data Protection Authority (www.dpa.gr), Phone Number: +30 210 6475600, Fax: +30 210 6475628, Email Address: contact@dpa.gr.

11. Security of Personal Data

EOS Global Investors applies appropriate technical and organizational measure in order to safeguard processing of personal data and to avoid accidental loss or destruction and non-authorized or/and unlawful access to the data, use, amendment or disclosure. In any case Internet's performance and the fact that it is free to anyone, does not allow to provide guarantees that non- authorized third parties will not obtain the possibility to violate the technical and organizational measures, having access and potentially proceeding to use of personal data for non-authorized or/ and unlawful purposes.

12. Approval and Amendment of this Policy

This Privacy Policy has been approved by the Board of Directors following a recommendation from the Regulatory Compliance Unit, which is responsible for reviewing the content of the policy on an annual basis. In the event that any amendments to the policy are necessary due to changes in the regulatory or legal framework, and the obligations arising therefrom, the Regulatory Compliance Unit shall prepare a revised draft and submit it to the Board of Directors for approval. Once the revised draft is approved by the Board of Directors, it shall be published without delay on the Company's official website.