Personal data protection policy

Preamble

As part of their activities, NextStage AM – an investment management company – acting as data controller and all managed investment vehicles, including NextStage SCA – a private equity firm – acting, for processing related to their operation, as joint managers of NextStage AM (hereinafter, together "NextStage" or "We") are required to process the personal data of their subscribers / investors, entrepreneurs, service providers, partners, distributors, prospects and Internet users .

NextStage pays particular attention to respecting your privacy and protecting your personal data, a guarantee of respect for everyone's fundamental rights and freedoms. NextStage implements strict rules to protect your personal data, in accordance with the regulations in force and in particular, the “Informatique et Libertés” law and Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016.

1. Purpose of the Personal Data Protection Policy

In order to inform you in a transparent manner, We have drafted this Personal Data Protection Policy (hereinafter the " Policy "). This is intended to inform you about all of NextStage's practices in terms of the collection, processing and protection of data allowing you to be identified, directly or indirectly (hereinafter the " Personal data ").

This Policy applies to all Personal Data processed by NextStage concerning its subscribers and investors, entrepreneurs, service providers, partners, distributors and prospects of NextStage, as well as visitors to the websites https://nextstage-am.com/ et https://sca.nextstage.com/ (hereinafter the " Sites ").

2. Why do we collect and process your Personal Data?

As part of the services offered, and in particular for our investment management activities, we collect and process your Personal Data for the following purposes:

Subscriber / investor relations – for the management and monitoring of subscriptions:
- To offer you subscriptions, in particular by sending newsletters and other communications, subject to obtaining your consent when necessary or exercising your right of opposition;
- To manage the contractual relationship that we have with you, in order to carry out the missions that you entrust to us and in particular for the management of subscriber accounts and more generally the monitoring of subscriptions to our products and investment vehicles;
- To respond to questions, requests and/or complaints that you may submit in connection with your subscriptions, and in general for the management of customer relations and the back office;
- So that you can access IT platforms allowing you to monitor your investment and access the regulatory and tax documentation of your investment;
Entrepreneur Relations – for managing and executing investments, including monitoring and managing relationships with our entrepreneurs (listed and unlisted companies);
Distributor relations – for the management of relations with our intermediaries who may benefit from underwriting delegation (wealth management advisors and business providers), including the management of online distributor accounts;
Relations with members of fund management bodies – for the management of our investment vehicles, in particular to ensure their administrative management and monitoring;
Service provider / supplier relations – for the management and monitoring of our commercial relations with each of our service providers and suppliers;
Candidate relations - for the management of your applications as part of our recruitment procedures;
Generally :
- For the performance of the legal, regulatory and administrative obligations incumbent on Us, in particular for the purposes of protecting personal data (management of complaints and requests to exercise rights in accordance with this Policy), for the purposes of the fight against corruption (declarations gifts and benefits), for the purposes of combating money laundering and terrorist financing and in particular to verify and update the data necessary for the “Know Your Customer – KYC” customer process, and finally via our professional alert system;
- To fight against fraud and for the management of complaints and disputes;
- To ensure the security of our premises and that of our visitors, via our video surveillance system;
- To respond to requests from administrative and judicial authorities.

In addition to the Personal Data that you provide yourself when you enter into a relationship with Us, We sometimes collect Personal Data concerning you indirectly, in particular within the framework of our checks for the purposes of the fight against money laundering and the financing of terrorism. This Personal Data may be identification data (surname, first name, contact details, date of birth, nationality) and data relating to the facts reported. They come in particular from financial and judicial institutions and from third-party organizations that are market leaders.

Subject to having obtained your consent where required by law, our Sites use cookies and similar technologies (“ Cookies ”) for the purposes of the proper functioning of our Sites, to better understand how Internet users interact with them and to send you commercial communications adapted to your profile. For more information about the Cookies we use and how you can disable them, please see our cookie policy.

In all cases, NextStage prohibits any use incompatible with the defined purposes. We ensure that your Personal Data processed is adequate, relevant and not excessive in relation to the purposes for which it is collected and/or subsequently processed.

3. On what legal basis do we process your Personal Data?

We only collect Personal Data when we have a lawful basis to do so. The processing purposes listed above are based on the following bases of lawfulness:

The execution of the contract to which you are party or that of pre-contractual measures necessary or taken at your request. In this context, we only process your Personal Data to provide you with the products and services that you have requested from us.
Compliance with our legal and regulatory obligations. NextStage is subject to several legal obligations under applicable regulations. We must therefore process some of your Personal Data to comply with these obligations, for example those relating to the "Know Your Customer" customer process, obligations in terms of financial security and obligations related to the integrity of financial markets and activities on the financial markets and, in general, the obligations relating to the management and monitoring of the risks of non-compliance with banking and financial regulations.
Where necessary to ensure our legitimate interests without adversely affecting your fundamental rights and freedoms. In particular, to respond to your requests and, in certain cases, to send you information relating to our products and services, to ensure the security of our premises and our visitors, to ensure the proper functioning and improve our Sites and our services, to prevent fraud and to protect our rights and those of our customers and employees.
When necessary, your explicit consent (in particular for the sending of newsletters and the use of certain cookies). We ensure that your prior consent is requested prior to the collection of your Personal Data and that it can be easily withdrawn at any time. More specifically, We ensure that your consent is given by a clear positive act by which you manifest in a free, specific, informed and unequivocal manner your agreement to the processing of Personal Data concerning you. In particular, when your Personal Data is intended to be processed for several purposes, We will ask you to consent to each of these purposes. Finally, your consent will not be requested through boxes checked by default, nor interpreted because of your silence or inactivity.

In any event, NextStage complies with the principles of legality and fairness imposed on it.

4. Who has access to your Personal Data?

We are committed to maintaining the confidentiality of your Personal Data and complying with all legal requirements regarding the sharing and disclosure of Personal Data. In this respect, your Personal Data will only be accessible by a limited list of recipients, according to their needs and on a case-by-case basis.

Insofar as it proves necessary to achieve the purposes described above, NextStage communicates your Personal Data to other entities of the NextStage group, to its partners, to its distributors, as well as to its subcontractors and service providers. .

NextStage may also communicate your Personal Data to supervisory and regulatory authorities, to meet legal or regulatory obligations, or to respond to requests from legally authorized administrative and judicial authorities.

Some of our IT service providers are located outside the European Economic Area (in particular in the United States). We ensure that these transfers are framed by adequate guarantees, in particular by the signature of standard contractual clauses of the European Commission and by appropriate security measures.

In any event, NextStage communicates your Personal Data to the aforementioned recipients who need to know and only if this is necessary to carry out duly identified processing purposes.

5. How long are your Personal Data kept?

Your Personal Data is kept in a form allowing your identification for a period not exceeding that necessary for the fulfillment of the purposes described above. The storage periods applied are determined according to our needs, the rights of the persons concerned, the storage obligations and the applicable legal limitation periods.

At the end of these retention periods, your Personal Data will then be deleted.

6. Personal Data relating to third parties

The Group ensures at all times that it has all the procedures and logical and organizational architecture necessary for data security and respect for their confidentiality.

The Group maps and monitors the personal data collected. By nature, cartography
corresponds to all the record keeping or data retention obligations applicable in the context of asset management.

The Group is likely to share data with third parties and subcontractors in the strictly necessary context of its activities. In this case, the Group ensures that each third party implements personal data protection systems at least equal to those in force within the Group.

Personal data may be transferred to countries located in the European Union or outside the European Union. If this is the case, the persons concerned are precisely informed, and specific measures are taken to supervise these transfers.

7. How do we secure your Personal Data?

The Group implements all means necessary to guarantee respect for the rights of individuals to personal data concerning them. As such, it communicates on data processing and informs the persons concerned of the collection of data and the means of action for the respect of their rights, free of charge and at any time.

Each person subject to personal data processing can access them, have them rectified, request their deletion (within the limits of any applicable legal obligations) or oppose it, by writing to the Data Protection Officer.

This policy is posted on the Group's website and updated as necessary, in particular with regard to legislative and regulatory changes.

8. What are your rights and how can you exercise them?

You have various rights regarding the processing of your Personal Data:

Right to request access to your Personal Data;
Right to request rectification and erasure of your Personal Data;
Right to object to the processing of your Personal Data;
Right to request restriction of processing concerning you;
Regarding the management of subscriptions to newsletters and other communications from NextStage and the use of Cookies: right to withdraw your consent at any time;
Right to the portability of your Personal Data.

You also have the right to contact the competent authority for the protection of personal data and generally to lodge a complaint. In France, you can contact the Commission Nationale de l'Informatique et des Libertés (the "CNIL")

To exercise your rights, you can send your request to the address mentioned below in the section “Data Protection Officer and Contact”.

9. Data Protection Officer and Contact

NextStage has appointed a Data Protection Officer or “Data Protection Officer” (hereinafter the “ DPO ") with the mission of monitoring compliance with the rules applicable to the protection of your Personal Data in the context of NextStage's activities. NextStage's DPO is also the contact person for the CNIL, the supervisory authority, for any question relating to the management of your Personal Data.

If you have any questions regarding the processing of your Personal Data or this Policy, or if you wish to exercise your rights, please contact the DPO at the following address:

NextStage DPO – Legal & Compliance Department

19 avenue George V, 75008 Paris

dpo@nextstage.com

10. Modification of our Personal Data Protection Policy

This Policy may change. In this case, any processing changes or revisions will be logged on this page and flagged by updating the publication date.

This Policy was last updated on April 26, 2022

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-Necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies are used to store the user consent for the cookies in the category "Necessary".
cookielawinfo checkbox performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Privacy Policy