Iceberg Capital Limited Notice v1 (effective July 2022)

Data Privacy Notice

We value your privacy and are committed to using your personal data in compliance with applicable data protection laws. This privacy notice describes the types of personal data that we may collect, the purposes of collecting it and how it is used, shared and safeguarded during and after your relationship with us.

1. General information about this privacy notice

This privacy notice is in relation to Iceberg Capital Limited (which we refer to as “ICEBERG”, or “we”/ “us”/ “our” and we may also refer to our “Associates” which consist of our related legal entities, details of which can be obtained by contacting us).

ICEBERG is subject to the Abu Dhabi Global Markets (“ADGM”) Data Protection Regulations 2021, (which we refer to as “ADGM Data Law”), for purposes of which we are the data controller.

This privacy notice applies to (a) parties we conduct business with (such as current or potential clients, suppliers, business partners, professional advisers or anyone connected with a transaction or client’s matter we are involved with) (b) visitors to our offices or website or other business contacts.

You may contact us in relation to this privacy notice on [EMAIL ADDRESS] or writing to [NAME OF PERSON], Office [add] , UAE (which are also available in ‘Section 9: Contacting ICEBERG at the end of this notice).

1. What personal data we collect

In the ordinary course of our business and operations, ICEBERG, and its affiliates, collect, use, and share personal data pertaining to you. The term “personal data” or “personal information” means any information about an individual from which that person can be identified, which we have in our possession or control.

The personal data on that we collect, use, store, share or otherwise process includes information that:

• Information that you or someone acting on your behalf provides to us or our Associates. This includes personal data that you provide to ICEBERG by filling in forms or by communicating with ICEBERG, whether face-to-face, by phone, e-mail or otherwise, or giving us your business card (or similar).

• Information that we obtain from other sources. This includes personal data that we obtain from various third parties such as databases, your employer, other parties relevant to the services we are providing (e.g. counterparties in transactions) and others such as regulators and authorities.

• Information that we collect or generate about you. This includes information that we collect when you use our services or when we otherwise interact with you. We also use various technologies to collect and store information when you visit our website (please see our cookies policy below).

If you are a party we conduct business with (such as current or potential clients, suppliers, business partners, professional advisers or anyone connected with a transaction or client’s matter we are involved with), such information may include:

• name, job title, employer organisation and contact details
• identity documents (may include nationality, photograph, date of birth and biometric information)
• reports and information obtained for tax reporting or compliance with legal or regulatory obligations
• information about your transactions, financial information, holdings and relationship to others
• due diligence results and references provided by third parties
• recordings of telephone calls between you and ICEBERG (where we have a specific legal basis)
• data collected by our website or technology systems (which we do not share with any person)

If you are a visitor to our office/ website or other business contact (such as a person who has emailed us or met one of our representatives but does not conduct business with us), such information may include:

• name, job title, employer organisation and contact details
• data collected by our website or technology systems (which we do not share with any person)

1. How we use your personal data and our legal basis for doing so

We may collect, process and store this personal data for the purposes of:

• conducting compliance and due diligence procedures pursuant to applicable regulations and our related policies
• providing our services to you or to a client to whom you are connected
• organising meetings between you and your ICEBERG’s representatives or inviting you to events
• informing you of potential transactions or business opportunities we are involved in or you may be interested in
• maintaining and administering records in relation to:

• work we have carried out or are carrying out for our clients such as investor lists, acquisition targets etc.
• our database of business contacts and their respective business interests and activities

• seeking and receiving products and services from our professional advisors or suppliers (including keeping records)
• conducting statistical analysis and market research
• billing, invoicing, accounting, auditing and making or receiving payments
• identifying and preventing fraud and other unlawful activity
• safeguarding our legal rights and interests and complying with our legal and regulatory obligations
• providing updates on our services and activities (please notify us on the details provided in ‘Section 9: Contacting ICEBERG’ if you do not wish to receive such updates)

ICEBERG is entitled to use personal data in these ways because:

• consent - we may (but generally do not) need your consent to use your personal data (you can withdraw your consent by notifying us on the details provided in ‘Section 9: Contacting ICEBERG’)
• performance of a contract - we may need to collect and use your personal data to enter into a contract with you or to perform our obligations under a contract with you or a client to whom you are connected
• legitimate interest - we may use your personal data for our legitimate interests, some examples of which are provided above, and your fundamental rights do not override those interests
• compliance with law or regulation - we may use your personal data as necessary to comply with law and regulation applicable to us and/or contracts that we may have entered with you

1. Disclosure and transfer of personal data

Data sharing with ICEBERG’s Associates

ICEBERG may share your personal data its Associates for internal management and administrative purposes or to provide the services or perform its obligations in connection with your contract or transaction. In such cases, ICEBERG will take steps to ensure that the personal data is accessed only by those persons who need to do so for the purposes described in this privacy notice.

Data sharing with Third Parties

ICEBERG may also share your personal data with Third Parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so. “Third Parties” include third-parties that provide products and services to ICEBERG including vendors and contractors).

We share personal data with Third Parties as follows:

• to third party agents, service providers or contractors, bound by obligations of confidentiality, who will only use personal data on ICEBERG’s behalf for in connection with the management and administration of our business
• to third parties relevant to the services outlined in the contract with you or the contract of a client/supplier with whom you are connected (this may include for example counterparties to transactions, professional advisers, stock exchanges or regulators)
• to the prospective counterparty, for due diligence purposes, if ICEBERG and/ or our Associates restructure or sell any of its or their business or assets (for the avoidance of doubt, your personal data would only be transferred in such circumstances to the extent that such a transfer was required for the purposes of due diligence and was subject to appropriate security protections e.g. anonymisation and/or confidentiality restrictions);
• to the extent required by law, regulation or court order for example if ICEBERG is under a duty to disclose personal data in order to comply with any legal or regulatory obligation; and
• in order to establish, exercise or defend ICEBERG’s legal rights, for example if ICEBERG needs to obtain external legal advice or provide personal data in connection with judicial proceedings.

Transfers of data outside the Abu Dhabi Global Markets

As our Associates and many of our third party service providers are based outside of the ADGM, personal data may be transferred to or stored at a destination outside the ADGM (including staff operating outside of the ADGM who work for ICEBERG and/or its Associates and its third party service providers or contractors.

When we transfer your personal data out of the ADGM, we will ensure a similar degree of protection is afforded to it, which may be achieved in one of the following ways:

• we will transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the ADGM (for further details see ADGM: Adequate Data Protection Regimes at https://www.adgm.com/operating-in-adgm/office-of-data-protection/jurisdictions
• recipients of personal data will have entered into a contractual agreement which provide similar protections as in the ADGM (such contracts are generally based on the ‘Standard Data Protection Clauses’ approved for use by the ADGM)

In other circumstances the law may permit or require ICEBERG to otherwise transfer personal data outside the ADGM. In all cases, however, ICEBERG will ensure that any transfer of personal data is compliant with applicable data protection law.

You can obtain further details of the protection given to your personal data when it is transferred outside the ADGM by contacting us on the details provided in ‘Section 9: Contacting ICEBERG”).

1. Web Data

We may also collect information on how the service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking and Cookie Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collet and track information and to improve and analyse our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies are

• Session Cookies – We use session Cookies to operate our Service
• Preference Cookies – We use Preference Cookies to remember your preferences and various settings
• Security Cookies – We use Security Cookies for security purposes

1. Data security

We have put in place appropriate measures to protect the security of your personal information.

Third parties will only process your personal information where they have agreed to treat the personal information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to access it. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

1. Retention of personal data

The time period for which we retain your personal data will be determined by various criteria as described below. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and the applicable legal requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

1. Your rights in relation to personal data

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Under certain circumstances, under the ADGM Data Law you have the right to:

• request access to or information about the personal data we hold about you or its processing, which also includes your right to receive a copy of the personal data that you have provided to ICEBERG or request for it to be transferred to a third party to the extent it is feasible
• request rectification or correction to the personal data that we hold about you, if it is inaccurate or incomplete
• request erasure of the personal data we hold about you (please note that there may be certain circumstances where you request erasure but we are entitled or required to retain it pursuant to applicable law or regulation)
• object to processing or request restriction of processing of the personal data we hold about you (please note that there may be certain circumstances where you object or request restrictions but we are entitled or required to continue processing your personal data and / or to refuse that request pursuant to applicable law or regulation)
• withdraw your consent provided in relation to processing of the personal data we hold about you (please note that in certain circumstances it may be lawful for us to continue processing your data where we have another legitimate reason (other than consent) for doing so, and that we generally do not rely on your consent in order to process your personal data for the purposes and in the manner set out in this privacy notice)
• right to complaint with the office of the ADGM Commissioner of Data Protection if you think that any of your rights have been infringed by ICEBERG
• Right to data portability to receive your personal data in a structured, commonly used and machine-readable format

You can exercise your rights by contacting ICEBERG using the details set out in "Section 9” Contacting ICEBERG" section below. You can also find out more information about your rights by contacting the office ADGM Commissioner of Data Protection.

1. Contacting ICEBERG

If you would like further information about ICEBERG’s processing of your personal data or would like to exercise of any of your rights referred to above, please contact us as follows:

By Email:  [ENTER]

By Writing to us:      Attn: Ms.

                                   [address]

By Phone:                  [Phone Number]

‍