Privacy Statement

How we protect and manage your personal data

At IBI Corporate Finance, we take your privacy seriously. It is important that you know exactly what we do with personal information that you and others provide to us, why we gather it and what it means to you.

This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR), which is effective from 25 May 2018. From that date, the GDPR, together with applicable Irish requirements, will amend existing data protection law and place enhanced accountability and transparency obligations on organisations when using your information. The GDPR will also introduce changes which will give you greater control over your personal information, including a right to object to processing of your personal information where that processing is carried out for our business purposes.

Please take time to read this statement carefully. If you have any questions about how we use your information, please contact us by mail to IBI Corporate Finance, 33 Fitzwilliam Place, Dublin 2, D02 W899, by email to [email protected] or by phone on 01 963 1200.

Please note that this Privacy Statement is subject to the Legal Statement of the IBICF website.

Section 1. Who we are

Throughout this document, “we”, “us’, “our” and “ours’ refer to IBI Corporate Finance Limited and IBI Corporate Finance Holdings Limited. We provide corporate finance advisory services to clients.

Section 2. The information we collect about you

We will hold:

- data to identify you, including your contact information;

- information, including financial details/circumstances, which you have consented to us using; and

- information provided when exercising your rights under Section 10 below.

Sometimes we may use your information even though you are not our client. For example, you may be a beneficiary, director, representative or staff member of a client of ours or be a potential client contacting us about the provision of corporate finance advisory services.

Section 3. When we collect your information

We collect information: (i) you give us; (ii) information from your use of our services or our website; and; (iii) information provided to us by third parties.

We will not collect any personal information from you on our website without your consent. Where you volunteer information by emailing us or by using online forms, such information will only be used in line with the purpose for which you provided it.

We don’t use cookies to track visitors to our website.

Log data is collected by the IBICF website to record the IP addresses of visitors to the IBICF website, which may be used for security purposes. By continuing to use our website, you consent to the use of such log data.

Section 4. How we use your information and the legal basis

We use, and share, your data where:

- you have agreed or explicitly consented to the using of your data in a specific way (you may withdraw your consent at any time);

- use is necessary in relation to a service or a contract that you have entered into (e.g. to provide you with corporate finance advisory services when you enter into a contract for such services with us) or because you have asked for something to be done so you can enter into a contract with us (e.g. you have asked us to provide you with a fee quotation for corporate finance advisory services);

- use is necessary because we have to comply with a legal obligation (e.g. complying with our “know your client” obligations and reporting to regulatory authorities and law enforcement);

- use is necessary to protect your “vital interests” in exceptional circumstances;

- use for our legitimate interests (which you may object to) such as managing our business including credit risk management, providing service information, conducting marketing activities, training and quality assurance, portfolio management and strategic planning and the purchase or sale of assets.

We use industry standard security measures to protect your information and to prevent the loss, misuse or alteration of any information in our control. As effective as modern security practices are, no physical or electronic security system is entirely secure and we cannot ensure that all of your personally identifiable information will never be accessed. However, we will use industry standard security measures to ensure that such information is kept as secure as possible.

Section 5. Who we share your information with

When providing our services to you, we may share your information with:

- your authorised representatives;

- third parties with whom: (i) we need to share your information to facilitate services and/or transactions you have requested, and (ii) you ask us to share your information;

- service providers who provide us with support services;

- statutory and regulatory bodies (including central and local government) and law enforcement authorities;

- credit reference/rating agencies;

- third parties in connection with a sale or purchase of assets by us;

- persons making an enquiry or complaint;

- debt collection agencies, tracing agencies, receivers, liquidators, examiners, Official Assignee for Bankruptcy and equivalent in other jurisdictions;

- trade associations and professional bodies, non-statutory bodies and members of trade associations; and

- business or joint venture partners.

Section 6. How long we hold your data

We only retain personal information for as long as necessary to provide our services and information or as permitted / required by applicable law and/or regulatory rules.

Section 7. Implications of not providing your data

If you do not provide information, we may not be able to provide requested services to you and/or continue to provide existing services to you.

We will tell you when we ask for information which is not a contractual requirement or is not needed to comply with our legal obligations.

Section 8. Using companies to process your information outside the European Economic Area (EEA) and the United Kingdom (UK)

In some cases, we may transfer information about you and your services with us to organisations outside the EEA and the UK where you have agreed or explicitly consented to this or where the transfer is necessary in relation to a service or a contract that you have entered into or because you have asked for something to be done so you can enter into a contract with us. We will always take steps to ensure that any transfer of information outside of the EEA and the UK is carefully managed to protect your privacy rights.

Section 9. How to exercise your information rights including the right to object

You have the following information rights (all without undue delay) to:

- find out if we use your information, access your information and receive copies of your information;

- have inaccurate/incomplete information corrected and updated;

- object to particular use of your personal data for our legitimate business interests or direct marketing purposes;

- in certain circumstances, have your information deleted or our use of your data restricted;

- exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider); and

- withdraw consent at any time where processing is based on consent.

If you wish to exercise any of your data rights or have any questions about how we use your information, please contact us by mail to Jacinta Brosnan, Chief Operations Officer, IBI Corporate Finance, 33 Fitzwilliam Place, Dublin 2, D02 W899, by email to [email protected] or by phone on 01 963 1200. You may be asked to provide a copy of your identification.

If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests), we may extend this period by a further two calendar months and shall explain the reason why. If you make your request electronically, we will try to provide you with the relevant information electronically.

You also have the right to complain to the Data Protection Commission or another supervisory authority.

You can contact the Office of the Data Protection Commissioner at:

Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231

Fax: +353 57 868 4757

E-mail: [email protected]

Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.

Section 10. Updates

We will update our Data Privacy Statement from time to time. Any updates will be made available on our website and, where appropriate, notified to you e-mail or by post.