This EU Privacy Notice (this “EU Privacy Notice”) applies to the extent that Data Protection Legislation (as defined below) applies to the processing of personal data by an Authorized Entity (as defined below) or to the extent that a data subject is a resident of the United Kingdom (the “UK”), the European Union (the “EU”) or the European Economic Area (the “EEA”). If this EU Privacy Notice applies, the data subject has certain rights with respect to such personal data, as outlined below.
For purposes of this EU Privacy Notice, “Data Protection Legislation” means all applicable legislation and regulations relating to the protection of personal data in force from time to time in the EU, the EEA, or the UK, including (without limitation): Regulation (EU) 2016/679 (the “GDPR”), the GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”), the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, or any other legislation which implements any other current or future legal act of the EU or the UK concerning the protection and processing of personal data (including any national implementing or successor legislation), and including any amendment or re-enactment of the foregoing. The terms “data controller”, “data processor”, “data subject”, “personal data” and “processing” in this EU Privacy Notice shall be interpreted in accordance with the applicable Data Protection Legislation.
Please direct any questions arising out of this EU Privacy Notice to [email protected].
Categories of personal data collected and lawful bases for processing
In connection with the partial cash offer (the “offer”) by Ignite Luxembourg Holdings Sàrl for shares in RHI Magnesita N.V. (the “target”), Ignite Luxembourg Holdings Sàrl and certain of its affiliates (collectively, “Ignite”) and, in each case, their administrators, legal and other advisors and agents (the “Authorized Entities”) collect, record, store, adapt, and otherwise process and use personal data either relating to shareholders or potential shareholders of target that are considering whether to accept the offer or to their partners, officers, directors, employees, shareholders, ultimate beneficial owners, lenders or affiliates or to any other data subjects from the following sources (and all references to “potential selling shareholder(s)” in this EU Privacy Notice shall be to such potential selling shareholder(s) and, as applicable, any of these other persons as relate to such potential selling shareholder(s)):
a) information received in telephone conversations, in voicemails, through written correspondence, via e-mail, or on acceptance forms or other forms (including, without limitation, any anti-money laundering, identification, and verification documentation);
b) information about transactions with any Authorized Entity or others;
c) information captured on any Authorized Entity’s website, including registration information and any information captured via “cookies”; and
d) information from available public sources, including from:
- publicly available and accessible directories and sources;
- bankruptcy registers;
- tax authorities, including those that are based outside the UK and the EEA if you are subject to tax in another jurisdiction;
- governmental and competent regulatory authorities to whom any Authorized Entity has regulatory obligations;
- credit agencies; and
- fraud prevention and detection agencies and organisations.
Any Authorized Entity may process the following categories of personal data:
a) names, dates of birth and birth place;
b) contact details and professional addresses (including physical address, e-mail address and telephone number);
c) account data and other information contained in any document provided by potential selling shareholders to the Authorized Entities (whether directly or indirectly);
d) information regarding a potential selling shareholder’s status under various laws and regulations, including their social security number, tax status, income and assets;
e) accounts and transactions with other institutions;
f) information regarding a selling shareholder’s interest in the target, including ownership percentage, capital investment, income and losses;
g) information regarding a potential selling shareholder’s citizenship and location of residence; and
h) anti-money laundering, identification (including passport and drivers’ license), and verification documentation.
Any Authorized Entity may, in certain circumstances, combine personal data it receives from a potential selling shareholder with information that it collects from, or about such potential selling shareholder. This will include information collected in an online or offline context.
One or more of the Authorized Entities are “data controllers” of personal data collected in connection with the offer. In simple terms, this means such Authorized Entities: (i) “control” the personal data that they or other Authorized Entities collect from potential selling shareholders or other sources; and (ii) make certain decisions on how to use and protect such personal data.
There is a need to process personal data for the purposes set out in this EU Privacy Notice as a matter of contractual necessity under or in connection with the offer and associated documentation, and in the legitimate interests of the Authorized Entities (or those of a third party) to carry out the offer and/or operate their respective businesses. From time to time, an Authorized Entity may need to process the personal data on other legal bases, including: with consent; to comply with a legal obligation; if it is necessary to protect the vital interests of a potential selling shareholder or other data subjects; or if it is necessary for a task carried out in the public interest.
A failure to provide the personal data requested to fulfil the purposes described in this EU Privacy Notice may result in the applicable Authorized Entities being unable to consider a potential selling shareholder’s purported acceptance of the offer to be a valid acceptance.
Purpose of processing
The applicable Authorized Entities process the personal data for the following purposes (and in respect of paragraphs (c) and (d) in the legitimate interests of the Authorized Entities):
a) The performance of its contractual and legal obligations (including applicable anti-money laundering, know your customer and other related laws and regulations) in assessing eligibility of potential selling shareholders to participate in the offer.
b) The administrative processes (and related communication) carried out between the Authorized Entities in connection with the offer.
c) Ongoing communication with potential selling shareholders, their representatives, advisors and agents, (including the negotiation, preparation and signature of documentation) during the process of the offer.
d) To facilitate the execution, continuation or termination of the contractual relationship between potential selling shareholders and Ignite.
e) To facilitate the transfer of funds, and administering and facilitating any other transaction, between potential selling shareholders and Ignite.
f) Any legal or regulatory requirement.
g) Any other purpose that has been notified, or has been agreed, in writing.
The Authorized Entities monitor communications where the law requires them to do so. The Authorized Entities also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect their respective businesses and the security of their respective systems.
Sharing and transfers of personal data
In addition to disclosing personal data amongst themselves, any Authorized Entity may disclose personal data, where permitted by Data Protection Legislation, to other service providers, employees, agents, contractors, consultants, professional advisers, lenders, data processors and persons employed and/or retained by them in order to fulfil the purposes described in this EU Privacy Notice. In addition, any Authorized Entity may share personal data with regulatory bodies having competent jurisdiction over them, as well as with the tax authorities, auditors and tax advisers (where necessary or required by law).
Any Authorized Entity may transfer personal data to a Non-Equivalent Country (as defined below), in order to fulfil the purposes described in this EU Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to perform and administer the offer, and to implement requested pre-contractual measures. For information on the safeguards applied to such transfers, please reach out to [email protected]. For the purposes of this EU Privacy Notice, “Non-Equivalent Country” shall mean a country or territory other than (i) a member state of the EEA; or (ii) a country or territory which has at the relevant time been decided by the European Commission in accordance with Data Protection Legislation to ensure an adequate level of protection for personal data.
Retention and security of personal data
Ignite and its affiliates consider the protection of personal data to be a sound business practice, and to that end, employ appropriate technical and organisational measures, including robust physical, electronic and procedural safeguards to protect personal data in their possession or under their control.
Personal data may be kept for as long as it is required for legitimate business purposes, to perform contractual obligations, or where longer, such longer period as is required by applicable legal or regulatory obligations.
Data Subject Rights
It is acknowledged that, subject to applicable Data Protection Legislation, the data subjects to which personal data relates, have certain rights under Data Protection Legislation: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data; to access and receive a copy of their personal data; to request rectification of their personal data; to request erasure of their personal data; to exercise their right to data portability; and the right not to be subject to automated decision-making. Please note that the right to erasure is not absolute and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, erasure of the personal data requested to fulfil the purposes described in this EU Privacy Notice, may result in the inability to participate in the offer.
In case the data subject to whom personal data relate disagrees with the way in which their personal data is being processed in relation to the offer, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.
The data subject may raise any request relating to the processing of his or her personal data with [email protected].