Privacy Notice

1.    Who we are

Holtara B.V, Holtara (US) Limited and Holtara (UK) Limited (“Holtara”, “we”, “us” or “our”) are group company members of Apex Group Limited. Holtara offers a range of ESG and sustainability-related advisory services, including licences for the use of Holtara’s ESG data collection platform. For more information on Apex Group please visit www.apexgroup.com.

2.    About this notice?

This privacy notice covers how Holtara, acting as data controller, collects, uses, transfers and stores your personal data in connection with your interactions with Holtara via our website and Holtara.io, our platform, as a client, as a prospective client or as a vendor. This notice summarises the nature of the information that is stored by Holtara, why and how it is used, and your rights in regard to this data, as well as the protections in place to safeguard it.

In relation to personal data processed under this privacy notice Holtara is responsible for ensuring that such processing complies with applicable data protection laws, including the European Union General Data Protection Regulation (the “GDPR”). Your privacy is important to us. Please be aware that Holtara employees are required to comply with Holtara's data privacy practices as set out in this privacy notice and other data privacy-related policies.

3.    What personal information Holtara collects and where we get it from

‘Personal information’ is any information that can be used to identify you or that we can link to you and which we have in our possession or control.

We will collect and process the following personal information about you:

• personal details such as your full name, job title, contact details,  such as your business postal address and business email addresses and telephone numbers;
• personal information including the above that you submit and that is collected via Holtara.io
• information required by Holtara to meet legal and regulatory requirements in respect of anti-money laundering legislation;
• details of meetings and telephone calls with our offices and employees; ; and
• any other information you may provide to us in the course of corresponding with us including via email or might be provided to us by our clients, third parties etc.

Special category data: we may collect this where we are required to do so for the purposes of our legal and/or regulatory obligations including but not limited to those in relation to anti-money laundering and combatting the financing of terrorism. This may include information relating to your racial or ethnic origin or information relating to criminal records.

We collect this information in a variety of ways but mainly directly from you when you contact us or request information from us where we are providing services to you or we receive services from you including:

• when you register for our events, subscribe to our newsletters or mailing lists;
• information set out in any agreements entered into with us;
• as part of the client due diligence process and through onboarding documentation;
• when you use the Holtara.io platform; and
• personal data provided by you by way of correspondence with us by telephone, email or otherwise.

4.    How do we use your data?

We collect and use your personal information to:

• provide, and perform our obligations with respect to the services or otherwise in connection with fulfilling instructions;
• contact nominated individuals in connection with services we provide;
• respond to enquiries and fulfill requests from you/our clients who may require information for providing services and manage our relationships;
• protect the security of accounts on Holtara.io and monitor its functionality;
• risk management/audit, and compliance with our legal and regulatory obligations;
• the processing is in Holtara’s legitimate interests;
• for marketing and promotion of complementary services and to tell you about changes to the law and regulations in relation to ESG;
• monitor and record communications, including emails, for investigation and fraud prevention purposes, crime detection, prevention and investigation; and
• for client research and management, and

5.    Disclosure and Sharing of Data

Personal data may be disclosed to third parties in connection with the services we are providing. The recipients of such information will depend on the services that are being agreed and provided.

Subject to any restrictions around confidentiality such disclosures may include disclosures:

• to third party storage providers (including archive service providers and document repositories) and trade data repositories;
• to our third party service providers (including in relation to website hosting, data analysis, client research, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services) and to our professional advisers and agents;
• to other entities in the Apex Group for the purposes described in this privacy notice;
• to third party advisers of clients (including external legal counsel, notaries, auditors and tax advisers);
• to third party distribution platforms and to operators of private or common carrier communications or transmission facilities, time sharing suppliers and mail or courier services;
  • to portfolio companies, and other entities connected with our clients;
  • to other persons as agreed with a client or as required or expressly permitted by applicable law; and
  • to courts, litigation counterparties,  law enforcement, foreign authorities and others, pursuant to subpoena or other court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings and to comply with legal and regulatory requirements.

Where there is a transfer within Holtara or to a third party in a different jurisdiction, including, but not limited to transfers outside of the European Economic Area, we will take appropriate steps to ensure there is an adequate level of protection for personal information (which includes a legal agreement and appropriate security measures) in place in accordance with applicable legal requirements. The third parties are permitted to use the personal data only for the purposes which we have identified, and not for their own purposes, and they are not permitted to further share the data without our express permission.

6.    Retention of your data

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

7.    Data security

We have put appropriate security measures in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

8.    Your choices and rights as a data subject

You have a number of legal rights in relation to the personal information that Holtara holds about you, and you can exercise your rights by contacting us using the details set out in section 11 below.

Depending on applicable law, these rights may include:

• Right to access. You have the right to request information regarding the processing of your personal information and access to the personal information we hold about you.
• Right to rectification. You have the right to request that Holtara correct any information you believe is inaccurate. You also have the right to request Holtara complete information you believe is incomplete.
• Right to erasure. You are able to request we erase your personal information in certain circumstances. There may be circumstances where you request us to erase your personal information but we are legally entitled to retain it.
• Right to restrict processing. You have the right to request that Holtara restrict the processing of your personal data under certain conditions. There may be circumstances where you object to or ask us to restrict our processing of your personal information but we are legally entitled to refuse that request.
• Right to object to processing. You have the right to object to Holtara’s processing of your personal data under certain conditions.
• Right to data portability. You have the right to request that we transfer the data we have collected to another organisation or directly to you under certain conditions.
• Make a complaint. You can lodge a complaint with the relevant data protection authority if you think that any of your rights have been infringed by us.

9.    Recording of communications

When individuals communicate with Holtara by way of telephone conversations and electronic communications, including emails, text messages and instant messages, these may be recorded and/or monitored for evidentiary, compliance, quality assurance and governance purposes or as required by applicable law.

10.    Email marketing and unsubscription

You can stop the delivery of marketing emails from Holtara at any time by unsubscribing or opting out via the link included in every email. Alternatively you can make a direct request to unsubscribe by emailing enquiries@Holtara.bm.

11.    How to contact us

If you have any concerns or questions about this privacy notice or would like to exercise your rights as a data subject, you can contact our Group Data Protection Officer:

Email: dpo@apexfs.com

Post: Group Data Protection Officer | Apex Group Ltd. | Vallis Building, 4th Floor | 58 Par-la-Ville Road | Hamilton, HM11 | Bermuda

12.    Updates

We will update this privacy notice when necessary to reflect changes in the law, our practices and in our services, as well as to ensure it is accurate and up to date. When we make an update we will amend the date at the top of this notice, you are therefore advised to check this privacy notice periodically.  We may also notify you in other ways from time to time about the processing of your personal information.