NEOS IMPACT Privacy Policy and Cookie Statement

This Privacy Policy and Cookie Statement explains how we use the Personal Data that NEOS IMPACT collects or generates in relation to our products and services, as well as provides information on the cookies used by NEOS IMPACT.

INTERPRETATION

In this policy the following definitions are being used;

“Client” means an institutional investor in our products, a manufacturing, clean technologies, green chemistries, material innovations, up-cycling innovations, and circular economy based company (‘Company’) as the recipient of our services (all legal entities), a party that provides security for the Company as the recipient of our services (‘Security Provider’) or a corporate business partner from our network that advises the Company.

“NEOS IMPACT”, “we” or “us” means NEOS IMPACT with its office at Hofplein 20, 3032 AC, Rotterdam, The Netherlands, or any of its subsidiaries or affiliates, details of which can be found on the NEOS IMPACT website and together referred to as NEOS IMPACT Group.

“NEOS IMPACT Website(s)” means the website(s) operated by NEOS IMPACT.

“NEOS IMPACT Products and Services” means the products and services that we offer to our Clients, including through our related support, mobile or cloud-based services.

“Personal Data” means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, NEOS IMPACT (or its representatives or service providers). In addition to factual information such as a name or address, it could include an expression of opinion about or an indication of intention in respect of an individual.

“You” means each individual to whom this notice is addressed, who may be:

(a) a Client or prospective Client of ours;

(b) a visitor to the NEOS IMPACT website(s);

(c) an employee, director, officer, or representative of a Client or of another organisation with which we have a business relationship; or

(d) a (manager of) ultimate beneficial owner (>25%) of a Client or potential Client.

1. BACKGROUND

1.1 NEOS IMPACT collects and uses certain Personal Data. NEOS IMPACT is responsible for ensuring that it uses that Personal Data in compliance with data protection laws, in particular the General Data Protection Regulation (‘GDPR’).

1.2 At NEOS IMPACT, we respect your privacy and we are committed to keeping your Personal Data secure.

1.3 This Privacy Policy is directed to individuals whose Personal Data we handle in the course of carrying on our activities. Those individuals could be representatives, agents, or appointees, or an employee, director, officer of a Client or prospective Client, or representative of another organisation with which we have a business relationship. This Privacy Policy is also directed to visitors to our websites.

2. OVERVIEW OF CIRCUMSTANCES IN WHICH WE HANDLE YOUR PERSONAL DATA

2.1 This Privacy Policy explains how we handle Personal Data that we collect in the following ways:

(A) Information we receive through NEOS IMPACT Website(s). Details of how we handle the information we receive through NEOS IMPACT Website(s) are set out in paragraph 10 of this Privacy Policy; and

(B) Information we receive as a result of NEOS IMPACT Products and Services.

3. THE TYPES OF PERSONAL DATA WE COLLECT

3.1 The products or services offered by NEOS IMPACT require us to obtain business data amongst which Personal Data in order to provide the products and services we have been engaged to provide. We will collect and process the following Personal Data:

Information that you provide to NEOS IMPACT. This includes information about you that you provide to us. The nature of our relationship with you will determine the kind of Personal Data we might ask for, though such information may include Basic Personal Data such as the first name; family name; national insurance number; email address; phone number; address (including city postcode and country); job title; bank details; ID documentation; date of birth; life events and family information;

• Information that we collect or generate about you. This may include:

– files that we may produce as a record of our relationship with our Clients and prospective Clients, including contact history; and

– any Personal Data that you provide via telephone, email, and/or offline communications with us which we may monitor and record in order to resolve complaints, improve our service and comply with our legal and regulatory requirements.

• Information we obtain from other sources. This may include:

– information from publicly available sources, including third-party agencies such as credit reference agencies; fraud prevention agencies; law enforcement agencies; public databases, registers, and records such as Chamber of Commerce and other publicly accessible sources;

– information obtained from independent financial advisors (IFAs), other professional advisers, product providers, events organisers, corporate business partners, other agents and/or representatives; and

– information obtained from sanctions checking and background screening providers.

4. HOW WE USE YOUR INFORMATION

4.1 Your Personal Data may be stored and processed by us in the following ways and for the following purposes:

• to allow Clients and prospective Clients to use and access NEOS IMPACT Products and Services;

• to assess Client and prospective Client applications or contracts for NEOS IMPACT Products and Services;

• to set up / on-board prospective Clients to use NEOS IMPACT Products and Services;

• to keep our records up to date;

• to monitor IT systems in order to protect against cyber threats or malicious activity including abuse and misuse;

• to administer or maintain IT systems in order to uphold standards of service;

• for ongoing review and improvement of the information provided on NEOS IMPACT Websites to make them user friendly and prevent potential disruptions or cyber-attacks;

• to understand feedback on NEOS IMPACT Products and Services and to help provide more information on the use of those products and services quickly and easily;

• to communicate with Clients and prospective Clients in order to provide services or information about NEOS IMPACT and other NEOS IMPACT Products and Services;

• to effectively manage and strengthen Client and prospective Client relationships, understand Client and prospective Client needs and interests, and learn more about our Clients and prospective Clients in order to develop, improve and manage the products and services we can offer;

• for the management and administration of our business;

• in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; and/or

• for the administration and maintenance of databases storing your Personal Data.

4.2 When we use your Personal Data, we comply with applicable law. The law allows or requires us to use your Personal Data for a variety of reasons. These include instances where:

• we are performing our contractual obligations;

• we have legal and regulatory obligations that we have to discharge;

• we may need to do so in order to establish, exercise or defend our legal rights or those of our Clients or for the purpose of legal proceedings;

• we have obtained your consent;

• the use of your Personal Data as described is necessary for our legitimate business interests, such as:

• allowing us to effectively and efficiently manage and administer the operation of our business;

• maintaining compliance with internal policies and procedures;

• enabling quick and easy access to information on NEOS IMPACT Products and Services; and

• offering effective, up-to-date security solutions for mobile devices and IT systems.

4.3 Your Personal Data is accessed only by employees of NEOS IMPACT that have a need to access it for the purposes described in this Privacy Policy.

5. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

5.1 We may share your Personal Data within the NEOS IMPACT Group for the purposes described above.

5.2 We may also share your Personal Data outside of the NEOS IMPACT Group as further described below:

• with partners of ours, such as funds and mandates we provide advisory services to, where they are contractually obliged to comply with appropriate data protection obligations;

• with representatives, agents, custodians, intermediaries and/or other third-party product and service providers appointed by the Client or prospective Client (such as accountants, professional advisors, et cetera);

• with third-party agents and contractors for the purposes of them providing services both to us (for example, professional advisors, IT and communications providers, background screening providers, credit reference agencies, and debt collectors) and to Clients or prospective Clients. These third parties will be subject to appropriate data protection obligations;

• with any depository, stock exchange, clearing or settlement system, counterparties, dealers and others where disclosure of your Personal Data is reasonably intended for the purpose of effecting, managing or reporting transactions or establishing a relationship with a view to such transactions;

• to the extent required by law or regulation, for example, if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators, auditors or public authorities), or to establish, exercise or defend its legal rights; and

• if we sell any part of our business or our assets, in which case we may need to disclose your Personal Data to the prospective buyer for due diligence purposes.

6. INTERNATIONAL TRANSFERS OF PERSONAL DATA

6.1 NEOS IMPACT may transfer your Personal Data to locations outside of your country.

6.2 Where we transfer your Personal Data to another country it will be protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of the European Economic Area (the “EEA”), for example, this may be done in one of the following ways:

• the country to which we send your Personal Data might be approved by the European Commission as offering an adequate level of protection for Personal Data;

• the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging it to protect your Personal Data;

• where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or

• in other circumstances the law may permit us to otherwise transfer your Personal Data outside the EEA.

6.3 You can obtain more details of the protection given to your Personal Data when it is transferred outside the EEA by contacting us as described in paragraph Questions and Concerns below.

7. HOW WE SAFEGUARD YOUR PERSONAL DATA

7.1 Data is a critical business asset and must be protected appropriately to its risk as well as its importance or value. We operate layers of safeguards and defences designed to ensure that NEOS IMPACT is able to operate safely. We have extensive controls and mechanisms in place designed to detect, respond and recover in case of any adverse events that may arise.

7.2 Backup and recovery procedures;

• Security of network connections (managed internally and externally)

• Powers are functionally assigned to a limited number of people who are charged with the execution of the processing (including periodic checking)

• Encryption of personal data during electronic transfer (system-to-system links) to external parties

• Security policy

• Code of Conduct

• Confidentiality declarations in employment contracts

• Logical access control by means of passwords and/or personal access codes

• Sub-contractual agreements with third parties.

7.3 We also try to ensure that we keep all Personal Data accurate and up-to-date. We therefore kindly request you to inform us of any changes.

8. HOW LONG WE KEEP YOUR PERSONAL DATA

8.1 Your Personal Data is not stored any longer than is necessary for the purposes for which the Personal Data was collected and processed. The length of time for which we hold your Personal Data will vary as determined by the following criteria:

• the purpose for which we are using it (as further described in this Privacy Policy) – we will need to keep the data for as long as is necessary for that purpose; and

• our legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.

9. YOUR RIGHTS

9.1 In all the above cases in which we collect, use, or store your Personal Data, you may have the following rights, and in most cases, you can exercise them free of charge. These rights include:

• the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;

• the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain your Personal Data to comply with a legal or regulatory obligation or to satisfy our internal audit requirements;

• in some circumstances, the right to receive some Personal Data in a structured, commonly used, and machine-readable format and/or request that we transmit such data to a third party where this is technically feasible. Please note that this right only applies to Personal Data that you have provided directly to NEOS IMPACT;

• the right to request that we rectify your Personal Data if it is inaccurate or incomplete;

• the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data, but we are required or entitled to retain it;

• the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict our processing of your Personal Data but we are required or entitled to refuse that request; and

• the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.

9.2 You can exercise your rights by contacting us using the details provided in paragraph Questions and Concerns below.

10. NEOS IMPACT WEBSITE(S) AND OTHER WEBSITES

10.1 If you use a NEOS IMPACT Website, we may collect technical information through the use of cookies. For example, what websites were visited by each user, any documents downloaded, security incidents, and prevention measures taken by the gateway. For more information on the cookies used by NEOS IMPACT, please see our Cookie Notice.

10.2 If you use a NEOS IMPACT Website and follow a link from it to another website (including a website operated by NEOS IMPACT), different privacy policies may apply. Prior to submitting any Personal Data to a website, you should read the privacy policy applicable to that website.

11. CHANGES TO THIS PRIVACY POLICY

11.1 Any changes we make to our Privacy Policy in the future will be posted on this website and where appropriate, notified to you by email.

11.2 If significant changes are made to the Privacy policy, we will actively inform you about this.

11.3 You can also always ask us to provide you with a copy of the most recent version of this Privacy Policy.

COOKIES

NEOS IMPACT uses cookies on this website. A cookie is a small text file that NEOS IMPACT offers to your internet browser (for example to Internet Explorer, Safari, Google Chrome, or Mozilla). The cookie makes it possible to recognize surfing behaviour on the various pages you visit. The cookie also ensures that you can surf the website quickly and efficiently.

Why does NEOS IMPACT follow surfing behaviour on the website?

NEOS IMPACT can monitor your behaviour on the website for a number of reasons, for example:

• to make analyses for research;

• to improve the website;

• for safety purposes;

• to manage our relationship with you as a customer.

Turn off cookies

You can disable all cookies on your computer. You do this by adjusting the settings of your internet browser so that it refuses all cookies. Please note that this may mean that some services will no longer work properly on your computer.

QUESTIONS AND CONCERNS

If you have any questions or concerns about the handling of your Personal Data by NEOS IMPACT, or about this Privacy Policy, please contact us using the following contact information:

• info@NEOSdirect.com; or

• NEOS IMPACT, Hofplein 20, 3032 AC, Rotterdam, The Netherlands

We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive, you may escalate concerns to the applicable privacy regulator in your jurisdiction. The contact details of the Dutch Data Protection Authority are as follows: Dutch Data Protection Authority, PO Box 93374 (2509 AJ) The Hague, telephone number 088 1805 250.