This privacy statement sets out how CIS Management B.V. (“CIS Management”) processes personal data and the rights of the data subjects.

THE PERSONAL DATA CIS MANAGEMENT PROCESSES

CIS Management processes personal data which has been provided to CIS Management by data subjects, (potential) clients of CIS Management or the agents, intermediaries or other service providers of (potential) clients of CIS Management or which CIS Management has obtained from publicly available sources (like the Chamber of Commerce). Examples of personal data CIS Management processes are: name, private address, telephone number, email address, cv, (financial) background, passport copies and whether a person can be qualified as a Prominent Political Person.

OBJECTS OF AND LEGAL GROUNDS FOR PROCESSING OF PERSONAL DATA

CIS Management processes personal data on the following legal grounds:

- For the performance of a contract or for entering into a contract

- To comply with legal obligations

Pursuant to laws and regulations, like the Dutch Act on the Supervision of Trust Offices (Wet toezicht trustkantoren), the Regulation on Sound Operational Management Relating to the Dutch Act on the Supervision of Trust Offices (Regeling integere bedrijfsvoering Wtt), the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme) and the Implementing Rules Money Laundering and Terrorist Financing (Prevention) Act (Uitvoeringsregeling Wet ter voorkoming van witwassen en financieren van terrorisme), CIS Management is obliged to process certain personal data.

- Consent from the data subjects

CIS Management may process personal data based on the consent from the data subjects, for example analytics cookies on this website, for invitations for webinars, or when it is necessary for performance of services. For the processing of personal data for this object, CIS Management obtains consent of the data subjects, whichmay be withdrawn at any moment by informing CIS Management (please find our contact details below). The personal data which CIS Management process based on consent will not be shared with other commercial organizations, save in case CIS Management organizes an event (like a webinar) in cooperation with another organization.

- Legitimate interest

CIS Management processes personal data based on a legitimate interest in the following cases

· For KYC (Know Your Customer) research that goes further than the legal obligations, in order to identify and manage risks associated with a client and to prevent unlawful or socially indecent practices such as money laundering or terrorist financing;

· For establishment, exercise or defense of legal claims.

RIGHTS OF THE DATA SUBJECTS

The rights of the data subjects the personal data of which CIS Management processes include:

- a right to receive information on and access to the personal data;

- a right to have the personal data rectified and erased;

- a right to restrict the processing;

- a right to data portability;

- a right to object the processing;

- a right to withdraw consent.

CIS Management may refuse a data subject’s request to exercise the above-mentioned rights in accordance with applicable laws and regulations.

STORAGE AND PROTECTION OF PERSONAL DATA

CIS Management stores personal data on its internal cloud. Apart from CIS Management, only the external supporting IT service provider of CIS Management may have access to this cloud (upon such request from CIS Management). CIS Management and its external supporting IT service provider have entered into a processing agreement to safeguard the protection of personal data.

CIS Management has tasked its external supporting IT service provider with implementing and keeping up-to-date the technical protection of the cloud of CIS Management (against leakage of personal data).

TRANSFER OF PERSONAL DATA (OUTSIDE THE EU/EEA)

CIS Management may share personal data (with state authorities) when it has a statutory or regulatory obligation to do so or pursuant to a court order or verdict.Personal data may be shared with the external (compliance) auditors and other professional service providers of CIS Management.

CIS Management will only transfer personal data outside the EU/EEA when:

- the country to which the personal data is sent is recognized by the European commission as providing adequate protection;

- CIS Management and the (legal) person to which the personal data is sent have entered into a model contract for the transfer or personal data to third countries as established by the European Commission; or

- the data subject has given its consent.

HOW LONG DOES CIS MANAGEMENT KEEP PERSONAL DATA

Personal data which CIS Management processes in the context of KYC (Know Your Customer) check will be kept until five years after the termination of the contractual relationship with the client.

Personal data which CIS Management processes pursuant to consent given by the data subject will be kept as long as CIS Management until the data subject has withdrawn his/her consent or the personal data are no longer necessary for the specified purpose, whichever is earlier.

All other personal data will be kept as long as necessary for the specified purpose or as otherwise prescribed by any applicable law or regulation.

DETAILS OF CIS MANAGEMENT

The details of CIS Management are:

CIS Management B.V.

Strawinskylaan 613

1077 XX Amsterdam

Registered with the Business Register of the Netherlands Chamber of Commerce under file number: 21016442

For any questions, requests or complaints, please contact CIS Management at [email protected] or +31 (0)20 333 1691. Alternatively, CIS Management’s data protection officer can be reached at [email protected] or +31 (0)20 333 1692.

For more information on data protection, please, see the website of the Dutch Data Protection Authority the Autoriteit Persoongsgegevens: https://autoriteitpersoonsgegevens.nl. Data subjects may file a complaint at the Autoriteit Persoonsgegevens.

This privacy statement is effective from 22 March 2024