Privacy Statement

The protection of your privacy is extremely important. This Privacy Statement contains detailed information about how we handle your personal data.

We may modify this Privacy Statement to comply with any changes in the law and/or to reflect the way the bank processes personal data. This version was created on 22/12/2020 and will be effective 01/04/2021. The most recent version can be found on the website www.delen.be. We will inform you of any significant changes through the usual channels..

1. We handle your personal data with due care

Delen Private Bank NV (“Delen Private Bank”, “the Bank” or “we”), whose registered office is located at Jan Van Rijswijcklaan 184, 2020 Antwerp, Belgium, is a credit institution specialised in discretionary asset management. In this capacity, the Bank is responsible for processing personal data relating to clients and potential clients. We always handle personal data with due care.

2. Scope

This Privacy Statement applies to the following persons:

• past, present or potential clients and agents
• the representative / beneficial owner of legal entities that have a past, present or potential relationship with the bank
• person involved in any transaction with the bank, whether in his/her own name or in the capacity of a legal entity (e.g. legal representative, effective beneficial owner, etc.)

We obtain your personal data inter alia as follows:

• when you become a client of the bank or when you share data with us during the course of our business relationship;
• when you take on another role on an account (e.g. as a proxy)
• when you accept an invitation of an event organised by the bank
• when you contact the bank through one of our communication channels
• on the basis of public data and data that we obtain from third parties (e.g. beneficiary registers, financial databases, databases consulted for the purpose of combating money laundering and the financing of terrorism, online or via traditional media)

3. Which personal data do we process?

The term "Personal Data" refers to any data relating to you, which can identify you or which can be linked to you as a person. If you are a client or potential client of the bank, the bank processes data such as:

• your identification data, such as first name and surname, date and place of birth, identity card number, address, nationality, specimen of your signature, tax number/UK registry number, IP address and the type of mobile device or computer you use for our online applications
• your contact details, such as your address, email address, telephone number, personal or professional number
• your financial data, including account numbers, transaction data, credit records and overall asset situation
• your family situation, g. marital status, family situation and relationships
• your patrimonial data, g. a marriage contract or donation documents
• your areas of interest that you have communicated to us, such as hobbies
• the KYC identification data - 'Know your client'
• data collected through the use of the bank's digital applications
• data collected within the framework of Delen Family Services

• public data and data we obtain from third parties, including data from the Central Individual Credit Register or data from external companies that we use to complete our files
• the images from our surveillance cameras, for security reasons our offices can be fully or partially placed under camera surveillance
• the recordings of telephone and video calls, as the bank may record conversations by telephone or video with its clients in order to use them in the context of disputes or for audits

Sensitive data

The term 'Sensitive Data' refers in particular to data relating to health, ethnic origin, religious or political beliefs, genetic or biometric data or criminal data.

We collect sensitive data in the context of our KYC obligation and in the context of our specific services (e.g. estate planning).

KYC, which stands for 'Know Your Client', refers to all the procedures by which a bank can identify a client or potential client. As part of our duty of care to our clients, we must comply with regulations on combating money laundering, preventing terrorist financing and tax fraud.

We apply a range of measures in this regard. These include the collection of personal data necessary to prevent and detect fraudulent behaviour and behaviour that violates national and international regulations. We collect this information about the client in the course of our contractual relationship with him.

In this context, we will also check certain data we have collected against public or external databases and we must also check, identify and record any data relating to sources of information that contain judicial or criminal data about the client.

We also need to check whether the client is a Politically Exposed Person (PPP).

Third party data

In certain cases, the bank holds data on persons connected to you (e.g. when you share information or documents with us that relate to connected persons).

When you provide us with such information, we ask you to inform these persons about it and to notify them that we process the Personal Data concerned for the same purposes and under the same conditions as set out in this Privacy Statement.

Data on minors

We process data on minors when you open an account for them with the bank or when you provide data on them in the context of our business relationship, including in the context of Estate Planning or Delen Family Services.

4. Why and for how long do we process personal data?

The bank processes your personal data in order to provide you with an adequate service.

By ‘processing’ we mean all manual or automated operations that are performed on the data in question, such as the collection, recording, storage, consultation, adjustment, organisation, use, transfer or deletion.

More specifically, the bank processes your data on the basis of the following legal grounds:

• in order to conclude and correctly execute our contracts

Important examples in this context are: managing your accounts, executing transactions, estate planning and credit monitoring.

• to fulfil our legal obligations

When we open an account for you, we are required by law to collect personal data to confirm your identity and to determine whether we can enter into a business relationship.

Other important examples are: obligations under anti-money laundering and counter-terrorism legislation, obligations under MiFID II regulations, obligations under SRD II regulations, obligations under financial planner regulations, financial reporting obligations (e.g. to the Central Contact Point).

• to serve the legitimate interests of the bank or of the person concerned

This includes actions that (i) improve our services, (ii) relate to the preparation of internal reports, (iii) prevent, detect and monitor abuse and fraud, (iv) serve to compile statistics and perform tests, (v) are intended for direct marketing.

• with your consent for commercial matters

How long personal data is kept depends on the type of data. The bank uses data when it has a purpose to do so (for example, in the context of exercising a contract or on the basis of legal obligations on the part of the bank). For the exercise of your or our rights, this can be longer than the statutory retention periods. This also allows us to offer you, as a client, the best possible service, especially in the context of our KYC obligation and tax and Estate Planning services.

5. Can data be shared with third parties?

In order to fulfil some of our obligations, we transfer certain data to third parties, both internal (within the group) and external recipients (i.e. outside the group). As part of our banking activities, the bank may need to transfer personal data to countries located outside the European Economic Area (EEA).

Governmental, legal and supervisory authorities

In order to comply with our legal obligations, we must disclose certain data to governmental, judicial and regulatory authorities:

• public authorities and regulatory authorities and supervisors such as the FSMA or the National Bank of Belgium
• the tax authorities may require certain reports from us, g. in the context of FATCA/CRS
• the judicial / investigative services (police, prosecutor, courts and arbitration / mediation authorities) upon legal request
• the notaries, g. within the framework of a notarial deed or when processing inheritance files

Bank J. Van Breda

Data may be provided by Delen Private Bank to Bank J. van Breda for clients or potential clients introduced by the latter. Bank

1. van Breda may use these data among other things:

• to prevent misuse and fraud
• to compile statistics and carry out tests
• in the context of commercial services
• when we act as a third-party pledgee
• to improve the quality of the services to the aforementioned clients

Financial institutions

When you make a transfer to an account at another bank, the transaction always involves an institution other than the bank or a specialised financial company. For the settlement of securities and payment transactions, both nationally and internationally, we as the principal are required to provide the other bank with data relating to you, such as your name, your address and the account number in our books.

In the context of money transfers or transactions in financial instruments, the data required to carry out the transactions is processed by third parties involved in the transaction (e.g. correspondent banks, stock exchanges, financial messaging service providers, etc.), which may be located outside the EEA.

Other Service Providers and third parties

Within the framework of our services, the bank can - with your (tacit) approval - also share information with third parties indicated by you or with third parties proposed to you by the bank, such as notaries, external lawyers, lawyers, accountants or auditors.

Furthermore, in the event that certain tasks are outsourced, the bank may pass on data to carefully selected third parties who process certain data on the bank's instructions. For this purpose, the bank uses third party processors who, in the opinion of the bank, offer adequate guarantees for the protection of this data. These third parties undertake to preserve the confidentiality of the data.

The following are non-exhaustive examples of activities in which the bank may share certain data with external service providers:

• when managing correspondence with our clients (e.g. when communicating by post)

• when organising direct marketing campaigns
• when organising events
• in the context of external archive management
• within the framework of managing disputes (e.g. engaging a law firm)

6. Your rights and excercising them

You also have a number of rights concerning the personal data that the bank processes. You will find an overview below:

• you can view your data

You can inspect the personal data that we process for you and/or request a copy.

• you can have your data corrected

In so far as the personal data that we maintain are incorrect or incomplete, you have the right to request that these data are corrected. If we have passed them on to a third party, we will inform this party of your request for correction.

• you can object to a certain use of your data

You have the right to object to a certain use of your personal data. We will comply with this request unless the processing is necessary for legal purposes or to fulfil our contractual obligations.

For example, you can object to commercial messages being sent. When you become a client with the bank, we may ask you if you want to receive invitations to our events. If you change your mind at a later date, you can stop the sending of these, in particular by contacting your relationship manager.

When we process personal data on the basis of your consent in the case of active canvassing, you always have the option of withdrawing your consent.

• you can ask for your data to be transferred to a third party

You have the right to request the personal data you have provided us with to be transferred to a third party. If it is technically possible, we will ensure the transfer of your personal data.

• you can have your data deleted

If you suspect that we are unlawfully processing certain data, you can request that we delete it. We will comply with this request unless the processing is necessary for legal purposes or to fulfil our contractual obligations.

Exercising your rights

You can exercise your rights by sending a letter to Delen Private Bank NV, Jan Van Rijswijcklaan 184 - 2020 Antwerp, for the attention of the 'Data Protection Officer' or by sending an e-mail to privacy@delen.be.

In order to ensure the confidentiality and protection of your data, we can ask you for a copy of your proof of identity or additional information to verify your identity.

Any request for the exercise of a right that you make to the bank will be dealt with and answered within the statutory time limit.

In some cases, we may refuse to comply with your request, or we may charge you a fee for processing your request, if it is deemed to be improper, repetitive, or if it results in excessive costs.

Should the Data Protection Officer decide that no action can be taken on a request, he or she will inform you no later than one month after receiving the request. In this case, the reason of the action will be provided to you.

Your right to lodge a complaint

If you do not agree with the bank's position, you have the right to lodge a complaint. You can send this to the Data Protection Officer of Delen Private Bank NV via privacy@delen.be. You are also free to contact the Belgian Data Protection Authority via the details given below, or the data protection authority of your own country:

• by postal mail: tot he attention of Gegevensbeschermingsautoriteit, Drukpersstraat 35, 1000 Brussel
• via the website: https://gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen

7. How do we protect your personal data and what can you do to help us?

We take appropriate technical and organisational measures (policies and procedures, IT security, etc.) to ensure the confidentiality and integrity of your personal data and processing. To ensure the security of your personal data, we apply a number of internally developed policies and standards to all our activities. These are regularly updated to take into account the latest regulations and developments in this area.

For example, bank employees are subject to confidentiality obligations and must not disclose your personal data in an unlawful manner or when it is not necessary for the performance of their duties. To help us protect your personal data permanently, you should always contact the bank if you suspect that your personal data has been misused.

We use all our human, technical and IT resources to protect your data. You can equally contribute to the protection of your data as follows:

• install anti-virus software, anti-spyware software, a firewall and keep this software up-to-date
• do not leave your equipment and mobile devices unattended
• report the loss of your digipass to the bank immediately to block its use
• log out of online banking tools when you are not using them
• keep your passwords strictly confidential and use strong passwords (avoid combinations of letters and numbers that are easy to guess)
• stay alert on the internet and learn to recognise suspicious activities, such as website address changes or phishing emails asking for personal information