Privacy

Privacy notice for suppliers, service providers and other business partners of One Equity Partners Europe GmbH

For One Equity Partners Europe GmbH (hereinafter "OEP") the protection of your personal data and your privacy is an important concern. The purpose of this privacy notice is to inform you which personal data of our suppliers, service providers, consultants and other (potential) business partners or their contact persons (hereinafter collectively "business partners") we process and which rights you are entitled to in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the Federal Data Protection Act with regard to the processing of your personal data.

1. Responsibility for the processing of personal data

One Equity Partners Europe GmbH, Neue Mainzer Str. 84, 60311 Frankfurt am Main, Germany, is the controller for the processing of your personal data for the purposes set out under section 3.

2. Personal data processed

We process the following categories of personal data of our business partners:

• Professional contact and organisational data (e.g. name, title, business address, business telephone number and email address, job title/position, bank details if necessary);
• Communications data (content and traffic data, particularly emails);
• other information that you provide to us or that we become aware of in the course of our business relationship and communications (including information that we obtain in the course of M&A transactions about persons related to the relevant target company, e.g. as employees or business partners).

3. Purposes of the processing

We process your personal data for the following purposes:

• Managing the receipt of goods (e.g. IT equipment and consumables) and services (e.g. consultancy services);
• Management, optimisation and processing of our business relationships with our business partners as well as the initiation or establishment of new business relations;
• Prevention and investigation of fraud or other criminal activities;
• Security of our IT systems, architecture and networks;
• Compliance with legal obligations of OEP and other companies of the OEP Group (including compliance with orders of public authorities) as well as for legal and tax advice.

4. Legal basis of the processing

We process your personal data on the basis of the following legal grounds:

• for the performance of the contract concluded with you or in order to take steps at your request prior to entering into a contract (Article 6 para. 1 lit. b GDPR);
• to comply with legal obligations to which we are subject (e.g. to comply with tax obligations; Article 6 para. 1 lit. c GDPR); and
• to the extent the processing is necessary for the purposes of legitimate interests pursued by us or a third party and these interests are not overridden by your interests or fundamental rights and freedoms (Article 6 para. 1 lit. f GDPR), in particular to enable cooperation with other companies within the OEP Group, to maintain and safeguard business operations and company processes, to protect OEP and our employees, to perform contracts with a business partner with whom you are employed, and to establish, exercise or defend legal claims.

5. Recipients of the personal data

We will transfer your personal data to the following categories of recipients and grant them access to the extent necessary in each case and, where necessary, on the basis of a data processing agreement concluded between us and the recipient:

• Employees of OEP;
• Other companies of the OEP Group;
• Technical service providers (particularly IT system providers and cloud service providers);
• Legal and tax consulting firms;
• Courts and other public authorities;
• Third parties in the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or part of the business or assets of OEP (including any insolvency or similar proceedings), if applicable; and
• Other third parties and service providers, to the extent this is necessary in individual cases.

6. Place of processing of personal data

Your personal data will be processed within the European Union ("EU") and the European Economic Area ("EEA") as well as outside the EU/EEA in so-called third countries by the parties specified in section 5, in particular by service providers in the USA. In doing so, we take into account contractual confidentiality and non-disclosure obligations as well as the applicable data protection laws. We will not disclose your personal data to parties who are not authorized to process them.

Please note that there may be differences with regard to the applicable data protection laws between the respective member states of the EU/EEA and all other countries. The level of protection of personal data, especially when processed outside the EU/EEA, may therefore be lower than within the Federal Republic of Germany. If processing takes place outside the EU or EEA, we will ensure that the recipient of your personal data guarantees an adequate level of protection (in particular by concluding the so-called EU standard contractual clauses and, if necessary, by implementing additional protective measures).

7. Data sources

We process personal data that we have received in the course of our business relationship from you, the company that employs you, other business partners or third parties, or from publicly accessible sources.

8. Retention periods

We store your personal data only as long as it is necessary for the purpose pursued with the respective processing and as long as we are legally obliged to store it (e.g. due to retention obligations under commercial or tax law).

9. Rights of the data subject

Under the applicable data protection laws and provided that the relevant statutory prerequisites are met, you as a data subject have various rights against any controller, e.g. a right to request from us access to your personal data. Furthermore, these rights may include a right to rectification, erasure or restriction of processing as well as the right to data portability.

Where we process your data on the basis of the legitimate interests of OEP or a third party, you have the right to object to such processing on grounds relating to your particular situation at any time. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

You can exercise these rights by sending a request to Dunja Mauser, who can be contacted by email at dunja.mauser@oneequity.com.

Furthermore, you have the right to lodge a complaint about the processing of your personal data with the competent data protection authority.