Fortino Capital Partners - Privacy Statement
Effective date: This Privacy Statement was updated on 29 April 2021 and is effective as of that date.
- Scope of the privacy statement
This Privacy Statement describes how Fortino Capital Partners NV/SA, a public limited liability company ('naamloze vennootschap' / 'société anonyme') under Belgian law, with registered office at Borsbeeksebrug 36, 2600 Antwerpen (Belgium), and with enterprise number ('ondernemingsnummer' / 'numéro d'entreprise') 0542.691.739 (RLP Antwerp, division Antwerp) (hereafter "Fortino"), acting as controller, may collect, use, share, and otherwise process Personal Data (defined below), whether online or offline, when interacting with individuals belonging to the following categories:
- visitors and users to this website at www.fortino.be (www.fortinocapital.com, the "Website"), which is administered by Fortino, as well as visitors to Fortino offices and premises ("Visitors");
- Representatives in investee companies and portfolio companies in which Fortino has made or are considering making an investment ("Investee Companies or Portfolio Companies Representatives");
- suppliers of goods or services, investment bankers, consultants, lawyers, accountants, and other third party providers that interact with Fortino, and their Representatives ("Suppliers and Service Providers");
- business partners that interact with Fortino in relation to its business activities, and their Representatives ("Partners");
- Representatives of investors and former investors who have made or are considering making an investment in funds managed by Fortino (“Investors”) / (candidate) shareholders of Fortino ("(Candidate) Shareholders");
- applicants that apply for a position with Fortino online or offline ("Applicants"); and
- any other individuals about whom Fortino obtains and processes Personal Data in relation to Fortino's business activities,
(all those individuals whose Personal Data is processed by Fortino being together referred to as the "Data Subjects" and each such individual a "Data Subject").
In this Privacy Statement, "Personal Data" means any information relating to an identified or identifiable individual, and "Representatives" refers to the individuals that are the contact persons, directors, officers, ultimate beneficial owners, managers, employees, proxyholders and other authorized representatives of a legal entity.
This Privacy Statement describes (1) its scope, (2) how you can contact Fortino about its data protection practices, (3) the types of Personal Data Fortino collects, (4) the consequences of non providing your Personal Data, (5) how and on which basis Fortino uses your Personal Data, (6) with whom Fortino shares your Personal Data, (7) how your Personal Data is transferred outside the EEA,(8) how long your Personal Data is retained, (9) how your Personal Data is protected and (10) the rights you, as an individual, have regarding Fortino´s use of your personal data.
Please read this Privacy Statement before submitting any Personal Data to Fortino. By accessing and using Fortino's Website or otherwise providing Fortino with their Personal Data, for example when interacting with Fortino in relation to its business activities, Data Subjects confirm that they have read this Privacy Statement and that they understand the way Fortino collects, processes, uses and discloses Data Subjects' Personal Data. In case you provide Personal Data relating to another Data Subject to Fortino, you confirm and acknowledge that you are entitled to disclose such Personal Data to us and that you have informed the Data Subject about this Privacy Statement so that the Data Subject understands – and to the extent necessary consent to – the way Fortino processes the Data Subject’s Personal Data.
Please also be aware that the general Privacy Statement is without prejudice to more specific data protection or privacy notices that Fortino may provide from time to time regarding specific data processing activities.
- Contact details of Fortino
Fortino is responsible for the collection and use of your Personal Data ("Data Controller") for the purposes described in this Privacy Statement. Fortino’s Compliance and Legal Officer is in charge, in particular, of monitoring and ensuring compliance with this Privacy Statement and the applicable data protection laws(the "Data Protection Laws"). For any clarification or additional information you may need in order to fully understand this Privacy Statement or exercise your rights under this Privacy Statement, please indicate your name, company name, and contact details and contact:
Fortino Capital Partners NV/SA
Compliance and Legal Officer
+32 2 669 10 50
- Personal data processed
Information that Data Subjects provide
Fortino collects the following types of Personal Data about Data Subjects when they interact with Fortino, either online or offline, including:
- Individual Basic Data (such as name, birth date, address, etc.);
- Business Data (such as name of organization, department and job title);
- Contractual Data (such as date of agreement, type of commercial relationship, etc.);
- Investments and financial Data (such as transactions effected, information on capital calls and distribution notices, bank account numbers, account balances, investment information, etc.);
- Compliance Data: including but not limited to government identifiers, passport or other information regarding identification, individual beneficial ownership data and other "Know Your Customer" due diligence data; and
- CCTV/Images Data: images of Visitors and staff that Fortino collects through CCTV systems installed in Fortino's offices and premises for security and safety purposes (in accordance with applicable local requirements in the countries where Fortino's offices are located).
Fortino also collects the following types of Personal Data regarding specific categories of Data Subjects:
- Partner Data: information that Fortino collects, generates and receives from or about (potential) Partners or their Representatives, including income, assets, other financial information, bank details, investment history, tax residency and tax identification information;
- Investee Data: information that Fortino collects, generates or receives from or about (potential) Investee Companies or Portfolio Companies in which Fortino has made or is considering making an investment or Representatives of such (potential) Investee Companies or Portfolio Companies;
- Supplier Data: information such as history of purchase, invoicing details, payments history, evaluation and feedback and other information that Fortino receives from or about its (potential) Suppliers or their Representatives or that is generated in relation to products and services Fortino acquires from them;
- (Candidate) Investor or Shareholder Data: information that the Fortino collects, generates and receives from or about its (Candidate) Investors and Shareholder(s) and their Representatives, including information provided in an Identification and Verification form such as name, contact details, place and date of birth, national registry number (as required by law), bank account details ;
- Applicant Data: information provided by Applicants in connection with employment opportunities, including professional qualifications and experience, skills, preferences, motivation, interests, as well as any information that may typically be found on a curriculum vitae; and
Fortino collects the Personal Data listed above from a number of sources, either directly from the Data Subject (for example, when they fill in a form on the Website), from other third parties such as Investee Companies or Portfolio Companies, government or public bodies, as well as from publically available sources such as public websites (such as extract from company register, etc).
Information collected automatically
- Consequences of non providing Personal Data
Data Subjects are not required to provide all Personal Data described herein to interact with Fortino online or offline, but certain services or features may not be available if Data Subjects do not provide Personal Data. In some instances, the provision of Personal Data is a requirement necessary to enter into a contract with Fortino or a requirement by law or regulation for Fortino to administer your contractual relationship. The Personal Data processed is limited to the data necessary for carrying out the purpose for which such Personal Data is collected. For example, if Data Subjects do not provide their Personal Data, Fortino may not be able to respond to their specific requests, manage the relationship with the Data Subjects or to provide Fortino's services to them.
Please note that processing necessary to comply with anti-money laundering and counter-terrorism financing could lead to a refusal to contract by Fortino, a termination of your contract and/or a reporting to the relevant law enforcement authorities.
Fortino does not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning Data Subjects or otherwise significantly affects Data Subjects.
Fortino processes Personal Data in accordance with applicable Data Protection Laws and only for specified, explicit and legitimate purposes. Fortino will not use Personal Data for any purpose that is incompatible with the purpose for which it was initially collected unless you provide your consent for further use.
Fortino collects and processes Personal Data (identified under Section 3) about the categories of Data Subjects (identified under Section 2) for the purposes described herein on one or more of the following legal bases:
- the processing of Personal Data is necessary for the performance of a contract - or to take steps prior to entering into a contract - between Fortino and the relevant Data Subject ("Contract Performance");
- the processing of Personal Data is necessary for compliance with a legal obligation to which Fortino is subject ("Legal Obligation");
- the processing of Personal Data is necessary for the purposes of the legitimate interests pursued by Fortino or by a third party and those interests are not overridden by the Data Subject's interests and fundamental rights and freedoms ("Legitimate Interests"). Such Legitimate Interests include measures to administer the relationship with Data Subjects, managing the Fund, establishing, exercising or defending the legal rights of Fortino, operating intended mergers and acquisitions, preparing reports in relation to Fortino’s activities; and
- in specific circumstances, the processing of Personal Data can be based on the Data Subject's freely given consent ("Consent"). Such consent will be collected through an affirmative action.
The purposes for which Fortino collects and processes Personal Data, and the corresponding legal bases for such processing, are as follows:
|Purpose||Types of Data||Legal basis|
|Managing commercial and contractual relationship with Data Subjects, for payment and invoicing and/or to answer a Data Subject's questions about Fortino's activities.||Individual Basic Data Business Data Contractual Data Investments and financial Data Investee Data Partner Data (Candidate) Investor/ Shareholder Data Supplier Data||Contract Performance Legitimate Interests|
|Managing business operations, administering investments in shares of the Fund, issuing and redeeming shares, carrying out Fortino's business activities and administering Investee Companies or Portfolio Companies/Supplier/Partner/ (Candidate) Shareholder relationships, as well as preparing reports and performing investor servicing functions.||Individual Basic Data Business Data Contractual Data Investments and financial Data Investee Data Partner Data (Candidate) Investor /Shareholder Data Supplier Data||Contract Performance Legitimate Interests|
|Providing Data Subjects with information about Fortino's business activities, sharing reports and other information relevant to Data Subjects, by email or other communication means.||Individual Basic Data Business Data Contractual Data Investments and financial Data Investee Data Partner Data (Candidate) Investor /Shareholder Data Supplier Data||Contract Performance Legitimate Interests Consent (it being noted that Fortino shall obtain a Data Subject's prior express opt-in consent where required under applicable law and that consent may be withdrawn at any time).|
|Addressing compliance and legal obligations, such as checking the identity of Data Subjects in relation to know-your-client procedures (which include anti-money laundering procedures, counter-terrorist financing procedures, politically-exposed-person checks and sanctions checks).||Individual Basic Data Business Data Compliance Data||Contract Performance and Legal Obligation|
|Considering individuals for employment and contractor opportunities and manage recruitment processes.||Individual Basic Data Business Data Compliance Data Job Applicant Data||Contract Performance Legal Obligation Legitimate Interests|
|Ensuring safety and security at Fortino‘s premises.||CCTV/Images Data||Legitimate Interests|
|Promoting its services and activities, organizing events and carry out marketing activities, such as providing Data Subjects with tailored and relevant marketing and updates.||Individual Basic Data Business Data Contractual Data Investments and financial Data||Legitimate Interests Consent (it being noted that Fortino shall obtain a Data Subject's prior express opt-in consent where required under applicable law and that consent may be withdrawn at any time).|
|Fulfilling other legitimate purposes disclosed to Data Subjects at the time they provide Personal Data or as otherwise permitted or required to comply with applicable laws and regulations.||Individual Basic Data Business Data Contractual Data Investments and financial Data Investee Data Partner Data (Candidate) Investor/ Shareholder Data Supplier Data||Legitimate Interests|
Fortino will only grant access to Personal Data on a need-to-know basis, and such access will be limited to the Personal Data that is necessary to perform the function for which such access is granted. Authorization to access Personal Data will always be linked to the function, so that no authorization will be extended to access Personal Data on a personal basis.
For the purposes identified under section 5 above, Personal Data may be shared with
- Fortino's affiliates, such as AIFs managed by Fortino, i.e. Fortino Capital I Arkiv CVA, Fortino Capital II Growth Arkiv NV, Fortino Capital Venture II CommV, as well as Fountain Plaza International BVBA) for the purposes described in this Privacy Statement, primarily for business and operational purposes;
- Fortino’s trusted third party service providers (acting on our behalf and as per our instructions, as processors), such as IT and cloud services providers and other service providers providing services on behalf of Fortino related to the management of the funds managed by Fortino, as well as other third parties acting as controllers such as accountants, statutory auditors, internal auditors, depositary banks, fund reporting tools services providers, attorneys, fiduciaries and financial institutions; and
- certain third parties in the event of a merger, acquisition, sale of assets, joint venture, or any other transaction that results in a change in control or ownership of Fortino, in whole or in part; or in the event of a corporate reorganization, bankruptcy, insolvency proceeding, or similar circumstance, if permitted by and done in accordance with applicable law.
Except as described above, Fortino shall not provide a Data Subject's Personal Data to other third parties without obtaining their prior permission, unless it is required to do so for the performance of its obligations under a contract with the Data Subject or under a statutory provision or court order. In particular, Fortino may disclose a Data Subject's Personal Data in the following circumstances:
- to respond to authorized information requests from law enforcement authorities or judicial authorities or when otherwise required or permitted by law; or
- to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, Visitors to the Website or the public.
The above-mentioned recipients are located within or outside the European Economic Area (EEA), including in non-EEA countries which are not recognized by the European Commission as providing an adequate level of protection of Personal Data, namely in the United States, Singapore and Taiwan, as further described under section 7 below.
- International transfers of Personal Data
The recipients listed under Section 6 may be located in countries other than the country in which Personal Data was originally collected, inside or outside the European Economic Area ("EEA"), including in countries that have not been recognized by the European Commission as providing an adequate level of protection of personal data within the meaning of the applicable Data Protection Laws (i.e. the country is not subject to an ‘adequacy decision’ of the European Commission).
Any transfer of Personal Data to one of the above recipients located in a country outside the EEA that is not recognized by the European Commission as providing an adequate level of protection of Personal Data, will be subject to (i) appropriate safeguards such as the entering into of data transfer agreements conforming to the European Commission’s Standard Contractual Clauses and supplementary measures (Article 46, 2., (c) of the GDPR) , or (ii) derogations for specific situations in accordance with applicable Data Protection Laws, in particular collecting the Data Subject's explicit consent, after having informed the Data Subject of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards, or the transfer is necessary for the performance of a contract between you and Fortino, or for the implementation of pre-contractual measures that were taken in response to your request, or for the establishment, exercise or defense of legal claim (Article 49 GDPR).
More detailed information about the recipient of your personal data and international data transfers can be obtained by contacting the Compliance and Legal Officer of Fortino (see section 2 for contact details).
- Retention period of personal data
Personal Data will not be kept for longer than reasonably necessary for the purposes identified herein, which may be for up to ten years after the end of a Data Subject's contractual relationship with Fortino (if any), unless shorter or longer retention periods apply under applicable law, including applicable statute of limitation for invoicing, payment, accounting, tax and regulatory compliance, and the establishment, exercise or defense of legal claims.
Fortino may retain a Data Subject's Personal Data relating to a specific job application and selection process to which such Data Subject participated for a period of 5 years following the selection process.
- How your personal data are protected
Fortino is committed to maintaining the confidentiality, integrity, security and resilience of your Personal Data. To this effect, Fortino endeavors to implement, or to have implemented, appropriate technical and organizational measures to prevent the personal data processed by or on behalf of Fortino from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
However, please note that no electronic transmission or storage of information is 100% secure. Therefore, despite the security measures that we have put in place to protect your Personal Data, we cannot guarantee that loss, misuse, or alteration of data will never occur.
The Website may include references (in a hyperlink, banner or button) to other sites related to (a specific aspect of) this Website. This does not automatically mean that Fortino is associated with these other sites or its owners. These websites are not under Fortino's control. We are not responsible for the content of these websites, any products or services that may be offered through these websites or any other use of these websites nor for any data processing and privacy practices associated with such websites. We invite you to review these websites' privacy notices if you visit them or provide any Personal Data to them.
Under the applicable Data Protection Laws, a Data Subject has the following rights (under the conditions set out in the applicable Data Protection Laws, as further descried under Annex 1 below):
- to access Personal Data Fortino holds about the Data Subject,
- to request rectification or erasure of the Data Subject's Personal Data,
- to request Fortino to restrict the collection, processing or use of the Data Subject's Personal Data,
- in certain circumstances, to object for legitimate reasons to the processing of the Data Subject's Personal Data (including the right to object, upon request and free of charge, to the processing of Personal Data for direct marketing purposes), and
- to request data portability.
A Data Subject also has the right to lodge a complaint with the competent supervisory authority.
These rights can be exercised by you at any time by contacting the Compliance and Legal Officer of Fortino (see section 2 for contact details).
Except to the extent limited by applicable law, Fortino may decide at any time - at its discretion - to change, modify, and/or make additions to, any part of this Privacy Statement in the future as permitted by applicable law. Any change to this Privacy Statement will be posted on this page and notified to Data Subjects by e-mail (where appropriate or required by applicable law and to the extent that the Data Subject's e-mail address is available to Fortino). Fortino will indicate the date on which this Privacy Statement was last modified.
ANNEX 1 - YOUR DATA PROTECTION RIGHTS
Subject to applicable Data Protection Laws, you will benefit from the rights listed in this Annex 1. These rights can be exercised by you at any time by contacting the Compliance and Legal Officer of Fortino (see section 2 of the Privacy Statement for contact details).
- Right to access
You are entitled to obtain confirmation from Fortino as to whether or not any Personal Data concerning you is processed by Fortino. In the affirmative, you have the right to access such Personal Data, to obtain a copy of it free of charge (except for manifestly unfounded or excessive requests) and to be provided with the following information: (i) purposes of such processing, (ii) categories of Personal Data concerned, (iii) recipients or categories of recipients of Personal Data, (iv) anticipated retention period or, if not possible, the criteria used to determine it, (v) existence of the right to request rectification or erasure of Personal Data, as well as the right to object to or request restriction of processing, (vi) the right to lodge a complaint with a supervisory authority, (vii) information relating to any third party source of Personal Data if the data were not collected from you, and (viii) the existence, the logic involved, the significance and the consequences of any automated decisions, including profiling.
Where Personal Data is transferred outside of the EU, you will be informed of the appropriate safeguards relating to such transfer.
- Right to rectification
You have the right to obtain without undue delay the rectification of inaccurate, incomplete or outdated Personal Data concerning you. If your Personal Data is stored in multiple locations, the rectification will occur at all such locations.
- Right to erasure
You have the right to obtain the erasure of your Personal Data in one of the following cases:
- The Personal Data is no longer necessary in relation to the purpose(s) for which it was collected or otherwise processed.
- You withdraw the consent on which the processing was based, and there are no other legal grounds for the processing.
- You object to the processing, as provided in section (e) below; and there are no overriding legitimate grounds for the processing.
- Your Personal Data has been unlawfully processed.
- Your Personal Data has to be erased for compliance with a legal obligation.
However, Fortino may refuse the erasure of Personal Data if the processing of such data is necessary for (i) exercising the right of freedom of expression and information, (ii) compliance with a legal obligation or for the performance of a task carried out in the public interest, (iii) reasons of public interest in the area of public health, scientific or historical research purposes or statistical purposes, or (iv) establishment, exercise or defense of legal claims.
- Right to restriction
You have the right to obtain restriction of processing in the following cases:
- Where you claim inaccuracy of your Personal Data processed by Fortino (the restriction being provided for a period enabling Fortino to verify the accuracy).
- Where the processing appears unlawful, and you oppose the erasure and request the restriction of use of your Personal Data instead.
- Where Fortino does not need your Personal Data for the purposes of processing, but the Personal Data is required by you for the establishment, exercise or defense of legal claims.
- Where an objection is raised by you in relation to the processing, pending the verification whether the legitimate grounds of Fortino override those of you.
When you have obtained a restriction of processing of your Personal Data, you will be informed prior to lifting of such restriction.
- Right to object
As a general rule, you have the right to object, at any time and on legitimate grounds relating to your particular situation, to the processing of your Personal Data. Provided that such objection is justified, Fortino will no longer process the Personal Data concerned unless Fortino can demonstrate compelling legitimate grounds for the processing which override your interests. In addition, where your Personal Data are processed for direct marketing purposes, you have the right to object at any time to the processing of your Personal Data for such marketing, which includes profiling to the extent that it is related to such direct marketing, and Fortino will no longer process your Personal Data for such purposes.
- Right to data portability
In cases where the data processing is based on your consent or on your contract, and where such processing is carried out by automated means, you can request (i) to communicate to you the Personal Data concerning you, in a structured, commonly used and machine-readable format, in order to be able to further transmit such Personal Data to another data controller, or (ii) to directly transmit such Personal Data to such other data controller, if technically feasible.
However, Fortino can refuse such request if the processing concerned is necessary for the performance of a task carried out in the public interest or if responding to such request risks to adversely affect the rights and freedoms of others.
- Right to withdraw consent
Where the processing of your Personal Data is based on consent, you have the right to withdraw such consent at any time by contacting the Compliance and Legal Officer of Fortino (see section 2 for contact details). Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint
You also have the right to lodge a complaint with the Belgian Data Protection Authority or another competent supervisory authority, in particular in the Member State where you have your habitual residence or place of work.