1. Introduction and Scope
This is the Privacy Statement of HAL Investments B.V. (“HAL”). This Statement provides a summary of how HAL collects and processes personal data and how HAL protects such personal data, in compliance with applicable laws and regulations, in particular the GDPR. HAL believes that proper protection of the personal data HAL collects and/or processes in the course of HAL’s business is very important. The management board of HAL is responsible for adequate data protection. However, all Employees and Consultants (both as defined below) in daily practice are also responsible for adequate data protection. If it concerns data protection, HAL distinguishes the following groups of persons (together, “Data Subjects”):
– employees of HAL (“Employees”);
– potential candidates for roles / jobs at HAL or a HAL portfolio company (“Candidates”);
– senior employees of HAL portfolio companies (“Managers”);
– a few consultants under contract with HAL and having access to HAL systems (“Consultants”);
– other persons from whom HAL receives personal data in connection with HAL’s activities as a long term investment company (“Others”)
Questions regarding this Statement may be directed to the HAL management board. Please refer to the information under the “Contact button” on HAL’s website.
2. Confidentiality and Security
HAL processes personal data received from Data Subjects. HAL considers it of great importance to carefully deal with personal data and to adequately protect the privacy of Data Subjects. HAL will ensure confidential treatment of personal data and will take suitable and reasonable measures to prevent misuse or loss of, unauthorized access to and unauthorized use of personal data. In doing so, HAL will distinguish different categories of Data Subjects (refer to item 1) and different categories of personal data. HAL will ensure that its organization and the IT systems and procedures and other systems and procedures used by HAL – including HAL’s Information Security Policies – are fit for this purpose.
3. Purpose for Processing Personal Data
HAL collects and processes personal data only if and to the extent HAL considers this necessary in the context of its activities as a long term investment company, taking into account the nature of the relationship with the relevant Data Subject (contractual or otherwise), taking into account the interests of the relevant Data Subject and always subject to applicable laws and regulations (such as the GDPR). Within the preceding context, HAL strives to process as few as possible personal data.
4. Personal Data to Third Parties
For the purpose of processing personal data, HAL will only provide personal data to third parties if this is strictly necessary in connection with HAL’s activities. Subject to applicable laws and regulations, HAL will enter into a processing agreement with any such third party, including provisions to ensure that personal data are dealt with appropriately. Thus, we strive to ensure confidentiality and security of personal data. HAL remains responsible for the manner in which the third party processes personal data. Personal data will not be processed outside the EU / EEA. HAL provides any such third party with as few as possible personal data, where possible only in pseudonymised form.
5. Rights of Data Subjects
Each Data Subject always has the right to access, to rectify, to request transfer and/or to erase his / her personal data, unless this would be in breach of applicable laws or regulations, and unless the contrary would be required for the implementation of HAL’s duties in connection with the activities referred to in item 3 above. Questions in this regard may be directed to the HAL management board. Please refer to the information under the “Contact button” on HAL’s website. In case any Data Subject believes that his or her data protection rights are not or not sufficiently safeguarded by HAL, he orshe may raise a complaint with the Data Protection Authority (Autoriteit Persoonsgegevens) in the Netherlands.
HAL will keep personal data for no longer than is necessary for the purpose for which they are kept, as referred to in item 3 above. Any Data Subject has the right to request premature erasure of his or her personal data, as referred to in item 5 above.