Privacy Policy

The purpose of this Privacy Policy is to inform stakeholders and business partners about how their personal data will be processed by Inter-Risco, Sociedade de Capital de Risco, S.A. (“Inter-Risco”), pursuant to and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation ("GDPR") and Law no. 58/2019, of 8 August ("Personal Data Protection Law") and other applicable legislation on the protection of personal data.

This Privacy Policy may be updated from time to time, so Inter-Risco invites all its partners to visit this site periodically in order to follow any changes to this Privacy Policy.

1. About Inter-Risco

Inter-Risco is an investment company that manages private equity funds with the aim of investing in small and medium-sized companies with growth potential. After an acquisition, Inter-Risco follows a strategy of direct involvement in all its portfolio companies throughout the life cycle of the investment, actively participating in all relevant decisions, which can range from defining the strategy to more day-to-day decisions. Inter-Risco, Sociedade de Capital de Risco, S.A., with headquarters at Rua de Sá da Bandeira, no. 481, 2nd floor (right side), 4000-436 Porto, is the Data Controller, defining the purposes of data processing. If you have any questions regarding this Privacy Policy, please send an e-mail to: privacy@ir-capital.pt.

2. Categories of Personal Data

As part of its day-to-day operations, Inter-Risco processes the personal data of legal representatives or employees of target or investee companies; representatives or employees of other companies with which Inter-Risco establishes business relations and individuals wishing to apply for a job opportunity. Inter-Risco processes the following categories of personal data:

• Identification data: name, date of birth, ID number, nationality, tax number;
• Contact data: email, mobile phone number, address;
• Bank account details: IBAN, SWIFT, ownership;
• Academic and professional information: academic qualifications, work experience, language skills (and other information contained in the curriculum vitae that the candidate sends to Inter-Risco in the context of a spontaneous application).

3. How and When Your Personal Data Is Collected

Personal data may be collected in the following circumstances and for the following purposes:

• When Inter-Risco analyses the KYC information of investors and beneficiaries of the Funds;
• When Inter-Risco executes investment transactions or proceeds to analyze business opportunities;
• When a company enters into a contract or a business relationship within the scope of Inter-Risco's activity;
• When an individual applies for a job opportunity.

4. Legal Grounds for Processing Personal Data

Inter-Risco's legal grounds for processing personal data are as follows:

• Pre-contractual due diligence and/or execution and fulfilment of the contractual relationship: your personal data may be necessary for the conclusion, fulfilment and management of a contract entered into with Inter-Risco.
• Compliance with a legal obligation: your data may be necessary for the fulfilment of a legal obligation that applies to Inter-Risco.
• Legitimate interest: your data may be necessary to carry out certain tasks related to the activity carried out by Inter-Risco, except in cases where your privacy and data protection rights prevail.

5. How Long Your Personal Data Will Be Retained

Inter-Risco will retain your personal data for as long as the contractual relationship continues. We may also retain data for as long as necessary for:

1. the fulfilment of legal obligations to which Inter-Risco is subject,
2. the fulfilment of regulatory obligations, and
3. the fulfilment or defense of any legal claims.

If you respond to a job opportunity, Inter-Risco will retain your personal data for a period of six months after the application, based on our legitimate interest, in which we will consider your profile for any opportunities that may arise in that period.

6. Holders' Rights

The data subject has the following rights:

1. Right of Access: Access your personal data;
2. Right to Rectification: Correct your personal data when it is inaccurate or incomplete;
3. Right of Restriction: Restrict, under certain circumstances, the further processing of your personal data;
4. Right to Erasure: Request erasure of your personal data under certain circumstances;
5. Right to Object: Object to the use of your personal data;
6. Right to Portability: Request the portability of personal data in certain circumstances.

Inter-Risco may have restrictions on the exercise of some of the aforementioned rights in the event of compliance with legal and regulatory obligations. In such cases, the data subject will be informed of these restrictions.

If you consider that the processing of personal data carried out by Inter-Risco is not in accordance with the applicable legislation, the data subject also has the right to lodge a complaint with the competent Supervisory Authority - CNPD (Comissão Nacional de Proteção de Dados, Rua de São Bento, n.º 148, 3º, 1200-821 Lisboa, Telephone: +351 213 928 400, Fax: +351 213 976 832, email: geral@cnpd.pt).

To request the exercise of their rights, data subjects should contact Inter-Risco's Data Protection Officer by email at: privacy@ir-capital.pt.

7. Transfer of Personal Data

Inter-Risco will transfer personal data to other entities only when necessary for the purposes mentioned above, and in compliance with the requirements established in the applicable legislation. Inter-Risco's data processors are contractually bound in accordance with Article 28 of the GDPR. In certain cases, Inter-Risco may transfer data to third parties located in third countries (outside the European Economic Area). Inter-Risco will only proceed to international data transfers to third parties located in countries that offer adequate protection, in accordance with the guidelines of the European Commission. Such international transfers will only be made subject to the adoption of appropriate safeguards, namely the adoption of Standard Contractual Clauses in accordance with Implementing Decision (EU) 2021/915 of 4 June 2021.

8. Data Security

Inter-Risco has implemented information security measures aligned with national and international best practices to protect your personal data, including technological controls, administrative, technical, and physical measures and procedures that guarantee its protection, preventing its improper use, unauthorized access, disclosure, loss, improper or inadvertent alteration, or destruction. When it comes to information security, we are committed to continuous improvement, which is our guiding principle in our day-to-day activities.

9. Cookies

Cookies are small text files sent by the website to the user's computer and stored there, containing information related to browsing the website. Through cookies, small amounts of information are stored by the user's browser so that our server can read them later. For example, data can be stored about the device used by the user, as well as their location and time of access to the site. Cookies do not allow any files or information to be extracted from the user's hard drive, and it is not possible, even through cookies, to access personal information that does not originate from the user or the way in which the user uses the site's resources. Any information stored in cookies that allows a user to be identified is considered personal data. Therefore, all the rules set out in this Privacy Policy also apply to them.

Website Cookies

Website cookies are those sent to the user's computer or device and administered exclusively by www.ir-capital.pt. The information collected through these cookies is used to improve and personalize the user experience, and some cookies may, for example, be used to remember user preferences and choices, as well as to provide personalized content. This browsing data may also be shared with any partners of the site, in order to improve the products and services offered to the user.

Social Network Cookies

The www.ir-capital.pt website uses social networks, which can be accessed from the website. In doing so, the cookies used by these networks may be stored in the user's browser. Each social network has its own privacy and personal data protection policy, and the natural or legal persons who maintain them are responsible for the data collected and the privacy practices adopted. Users can search the social networks for information on how their personal data is handled. For information purposes, we provide the following links, from which you can consult the privacy and cookie policies adopted by some of the main social networks:

• Internet Explorer
• Safari
• Google Chrome
• Mozila Firefox
• Opera

Managing Cookies and Browser Settings

Users may oppose the registration of cookies by the www.ir-capital.pt website by simply deactivating this option in their browser or device. Disabling cookies, however, may affect the availability of some tools and functionalities of the www.ir-capital.pt website, jeopardizing its correct and expected operation. Another possible consequence is the removal of user preferences that may have been saved, jeopardizing the user experience.

Below are some links to the help and support pages of the most commonly used browsers, which can be accessed by users interested in finding out more about managing cookies in their browser:

• Internet Explorer
• Safari
• Google Chrome
• Mozila Firefox
• Opera