Privacy Statement

At Obenan, we believe it to be important to inform you clearly and well in this privacy statement about which data we process ourselves and how and why we do that.

OBENAN B.V. and its affiliates (including, but not limited to, OBENAN Holding B.V. and OBENAN UK B.V.) (‘Obenan, ‘we’, ‘our’ or ‘ourselves’) process personal data in the role of controller as set out in the General Data Protection Regulation (the ‘GDPR’).

1. Which personal data do we process

Personal data comprises information by which a natural person (the data subject) can be identified or is identifiable. The personal data that we can process (i.e. from receiving and saving through to amending, transferring and deleting) include: • basic information, such as your first and last name, title, gender, the company where you work or your job title; • contact details, such as postal address, (mobile) telephone number or e-mail address; • additional personal data, such as identity document, date of birth, nationality and marital status; • financial information, such as your bank account number; • technical details, such as your IP address, the device you use to visit our website and the pages you view; • the personal data you provide us with when you apply for a job with us, such as educational and work experience details; • all other personal data that we acquire from you or about you, or that we are able to acquire ourselves and which we use for the purposes cited below.

2. How do we acquire personal data?

In most cases, we acquire your personal data from you, for example if you ask us to carry out an assignment for services (whether by subscription or otherwise), you visit our website, you complete a form on our website, you apply for a job with us, you give us your business card or from information we acquire during (telephone) conversations and e-mail contact with you.

In addition, we may also acquire your personal data in other ways, such as from third parties in connection with an assignment for you that we are handling, from (public) registers (such as the Commercial Register of the Chamber of Commerce) or from public sources and websites.

3. For what purposes do we process personal data?

Personal data is necessary for all the relationships we enter into so that we are able to offer the best possible services for you and collaboration with you. We process your personal data for the following purposes: Services

We only process the data that is necessary for the preparation, implementation and completion (including invoicing) of the assignment in question. Seeing as part of the services/tools on the Obenan platform are provided by third parties, this may also entail sharing such data with such third parties.

Complying with statutory obligations and (professional) rules

We process personal data in order to fulfil statutory obligations as well as the applicable legislation. Marketing and business development objectives

In order to maintain and expand our client base, we may approach you with information, publications or invitations that are relevant to you. We also do that in order to maintain the relationship we have with our partners, suppliers and other business contacts.

Use and improvement of our website

You can sign up for a newsletter through our website. You can also register yourself as user of our products. In order to follow and to improve the contents and use of our website, we collect and analyse data about the browsing behavior's of the visitors to our website. Participation in our events

When you sign up for one of our events, we will request your personal data. We use that in order to confirm your application, to provide you with up-to-date information about the event in question, to register your presence and to be able to send you proof of participation. Satisfaction surveys

We believe it is important for us to know what your experience is of our services. This means that we invite you to complete a client satisfaction survey once an assignment has been completed. We may also send you an invitation to assess an event after you have participated in that event. Job applications and recruitment

In order to handle your job application or when you register for one of our recruitment activities, we will request your personal data. We will retain the data you provide us with via e-mail, the application form on our website and during (telephone) conversations until four weeks at the latest after the end of the job application procedure. If we want to contact you again for a job vacancy in the future, then we ask your permission to save your personal data for a longer period. That period will be no longer than one year.

4. On which grounds do we process your personal data?

We are only permitted to process your personal data if there is a legal ground for that. The processing cited above is carried out on the basis of the following legal grounds from the GDPR (‘Algemene Verordening Gegevensbescherming’): • For the implementation of an agreement (e.g. carrying out our services pursuant to an agreement with you) • Due to a statutory obligation • With your permission • Due to a justifiable interest and balancing of interests

5. With whom do we share your personal data?

Sometimes it is necessary to share your personal data with third parties. That may include the following situations: • In order to provide our services; • In order to comply with statutory obligations; • External suppliers who we engage for processing of personal data and for provision of our services, such as those described in this privacy statement, including our IT suppliers Seeing as part of the services/tools on the Obenan platform are provided by third parties, this may also entail sharing such data with such third parties; • Third parties who are involved in provision of our services or the hosting or organisation of our events; • If necessary, written agreements are made with non-processors based on privacy covenants. Third parties to whom we provide your personal data are also responsible themselves for the processing of those data and for compliance with the GDPR. In order to follow and to improve the contents and use of our website, we collect data about the browsing behavior's of our website visitors.

6. For how long do we retain your personal data?

We retain your personal data no longer than is necessary for the purpose for which we have collected and recorded the data. If a statutory obligation exists to retain data or there is a retention period on grounds of professional or conduct regulations, then we observe such periods correctly.

7. How is the personal data safeguarded?

We have taken suitable technical and organizational measures based on ISO 27001 in order to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized amendment of your personal data. If you have any questions concerning the security of your personal data or if you suspect any misuse, please contact us via legal@obenan.com.

8. Facebook Integration?

By granting the requested permissions and using our app, you consent to the practices described in this policy. We utilize the page information and metadata to assist you in managing your pages effectively. We take appropriate security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. Information We Collect: When you use our app through the Facebook platform and grant the permissions like pages_show_list and pages_manage_metadata, we collect the following information: • Page Information: We may access a list of pages you manage using the pages_show_list permission. This includes the names and IDs of the pages. • Page Metadata: With the pages_manage_metadata permission, we collect and manage metadata for your pages. This includes information about the page, its settings, and related data.

9. What are your rights?

You may inspect the personal data we have recorded about you. You have the right to have your personal data amended or even deleted if the data is not or no longer correct, or if the processing is not or no longer justified. Under certain circumstances you may limit the processing, request us to transfer your data or object to the processing. We will assess whether we can comply with your request pursuant to the law. The Data Protection Officer (DPO) will process your request or any complaint and can be reached by email: legal@obenan.com. We will provide a response within 30 days. However, this may take longer depending on the complexity of your request. We may not be able to respond to your request within the period of one month. This could be because the processing of certain personal data is required in order for us to fulfil our legal and statutory obligations and/or professional requirements or due to other exceptions, such as the rights and freedoms of third parties or the interests of conducting legal proceedings. If we are unable to comply with a particular request, then we will of course provide you with substantiation for that. You also have the right to submit any questions to the supervisory authority (the Data Protection Authority).

10. Contacting us

If you would like to know more or you have questions or any complaints about our processing of your personal data, you can contact our DPO as follows: legal@obenan.com. Because we may amend this statement from time to time, we recommend that you view this page regularly so that you can be aware of any changes we make. Should we need to make significant changes to our privacy statement, then we will publish that in a clear statement on our website. If we want to use your data for a different purpose of processing, then we will actively inform you of that.