DATA PROTECTION NOTICE

We comply with the European General Data Protection Regulation, responsible dealings with your personal data is a matter of course for us.

You have the right to object to processing of your personal data if this is done for the purpose of direct advertising, to preserve legitimate interests or in the public interest.

  1. 1. Who is responsible for data processing and who can I contact?
    • Responsible for the processing of your personal data:
    • MPEP Luxembourg Management S.à r.l.
      26, rue Louvigny
      L-1946 Luxembourg
      Telephone: +352 27 86 17 20
      E-Mail: info@mpep.lu

      Managers: Christopher Bär, Liliane Armel, David Schäfer, Horst Güdel
    • In addition, "joint controllers" within the meaning of Art. 4 item 7 GDPR, Art. 26 GDPR are the following entities within the MPE group of companies:

    • MPEP Luxembourg GP S.à r.l.
      26, rue Louvigny
      L-1946 Luxembourg
      Telephone: +352 27 86 17 20
      E-Mail: info@mpep.lu

      Members of the Board:: Liliane Armel, Armin Prokscha, Ulrike Scholz

    • Munich Private Equity AG
      Keltenring 5
      82041 Oberhaching
      Germany
      Telephone: +49 89 66 66 94-500
      E-Mail: info@mpe.ag

      Members of the Board: Norman Lemke (CEO), Daniel Bertele, Marc Dellmann

    • Munich Private Equity Partners GmbH
      Keltenring 5
      82041 Oberhaching
      Germany
      Telephone: +49 89 66 66 94-372
      E-Mail: info@mpep.com

      Managing Directors: David Schäfer, Daniel Bertele, Christopher Bär

    • RWB PrivateCapital Emissionshaus AG
      Keltenring 5
      82041 Oberhaching
      Germany
      Telephone: +49 89 66 66 94-0
      E-Mail: info@rwb-ag.de

      Members of the Board: Norman Lemke, Daniel Bertele, Armin Prokscha

    • RWB Partners GmbH
      Keltenring 5
      82041 Oberhaching
      Germany
      Telephone: +49 89 66 66 94-0
      E-Mail: info@rwb-partners.de

      Managing Directors: Norman Lemke, Nico Auel

    • Walnut GmbH
      Keltenring 12
      82041 Oberhaching
      Telephone: +49 89 66 66 94-600
      Germany
      E-Mail: info@walnut-gmbh.de

      Managing Directors: Norman Lemke, Lars Gentz

    • You can contact our data protection coordinators as follows:

    • MPEP Luxembourg Management S.à r.l.
      data privacy
      26, rue Louvigny
      L-1946 Luxembourg
      Telephone: +352 27 86 17 20
      E-Mail: dataprivacy@mpep.lu

      Managers: Christopher Bär, Liliane Armel, David Schäfer, Horst Güdel
    • If offers from other providers ("third-party offers") are accessible from our online offer (internet presence, applications), our data protection notice does not apply to these third-party offers. In such a case, we are not responsible for the processing of your personal data within the framework of such third-party offers within the meaning of Art. 4 item 7 GDPR.

  2. 2. Which sources and data do we use?
    1. 2.1 Direct Transmission
      • If you contact us (e.g. application via mail or e-mail, interest in our products, etc.), you will transmit personal data to us. This data is processed by us in the context of the respective contact.
        In addition we may ask you to provide us with certain personal data required by the context (e.g. contract management) and you will transmit that data accordingly.

    2. 2.2 Transmission by sales partners
      • In case you get into contact with one of our sales partners and are interested in our products, you may request this sales partner to provide us with your personal data.

    3. 2.3 Visit of our internet presence
      • As a matter of principle, you can visit our internet presence without telling us who you are. Then, we merely find out
      • your IP address (person-related data, because it is possible under certain preconditions to learn of the identity of the owner of the internet access which has been used through information from the internet provider in question)
      • the name of the internet site accessed or the file accessed and the time of access and closing,
      • the quantity of data transmitted and
      • whether the access or closing was successful.
      • The data are exclusively used for administration and optimisation of the internet offer.
      • Your IP address is only evaluated by us in the event of attacks on our internet infrastructure. Your IP address is deleted as soon as we can rule out that an attack on our internet infrastructure has been made by it. This is done regularly.

    4. 2.4 Use of cookies
      • Cookies are also used within our online offer. Cookies are small data packages which are placed on your computer's hard disk via the browser. They serve to control the online offer during your visit or in the event of a later visit. We make your visit more comfortable as a result.
      • Some browsers permit cookies in their basic settings. If you do not want them, you can change your browser's settings. Please consult the information from the browser manufacturer to see how you can go about this. If you decide against cookies, it may be possible that parts of our online offer cannot be used.

    5. 2.5 Google Maps
      • Our online offer uses Google Maps to show maps and to produce directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043. If you use the further-reaching functions of Google, for example by clicking on the displayed map, you use a Google service outside our sphere of influence. In this case, the requirements and references stated by Google in this context apply.
      • On the website accessible at www.google.de, you will find further information on
      • the Google conditions of use ("general terms and conditions"),
      • additional use conditions for Google Map/Google Earth ("additional terms and conditions for Google Map/Google Earth"),
      • the Google data protection declaration, in which you will find information about the data which are recorded for which purpose and what Google does with these data.

    6. 2.6 Register request
      • In case of contract initiation and contract management we generally have to send a request to public or private registers in order to comply with our anti-money laundering dutys.

    7. 3. What do we process your data for and on which legal foundation?
      • We process your personal data in harmony with the European General Data Protection Regulation (GDPR) and the law of 1 august 2018.

      • 3.1 For performance of contractual and pre-contractual duties (Art. 6, subsection 1 b, GDPR)

        • Your personal data are in particular processed in order to enable fulfilment of our contractual duties towards you (e.g. holding contracts, employment contracts) and also, if applicable, to take pre-contractual measures if inquired by you.
          The details about this can be seen from the contracts/agreements in question.

      • 3.2 Within the framework of a balancing of interests (Art. 6, subsection 1 f, GDPR)

        • To the extent necessary, we process your data to attend to our legitimate interests or those of a third party (e.g. advertising, to the extent that you have not objected to the use of your data, measures for business control and further development of services and products, establishment of legal claims and defence in legal disputes).

      • 3.3 On the basis of your consent (Art. 6, subsection 1 a, GDPR)

        • If you have given us consent for the processing of personal data for specific purposes, processing is done on the basis of your consent. Consent granted can be withdrawn at any time. This also applies to consent granted before 25 May 2018. Please remember that the withdrawal only has an effect for the future. Processing done before receipt of the withdrawal is not affected.

      • 3.4 To fulfil a legal obligation (Art. 6, subsection 1 c, GDPR) or in the public interest (Art. 6, subsection 1 e, GDPR)

        • We are subject to various (legal) duties or statutory requirements, for example concerned with examination of identity, prevention of money laundering and control of risks, as well as fiscal control and reporting duties. We therefore process your data for these purposes, amongst others.

    8. 4. Who gets your data?
      • We only forward your data in extremely restricted cases, as described below.

      • 4.1 Service providers: Like many other enterprises, we also outsource activities for data processing to an extremely restricted extent to trustworthy external service providers who fulfil certain tasks and render services for us, e.g. payroll services.

      • 4.2 Business partners: Business partners: We forward your data to trustworthy business partners, so that they can render the services required by you for you, e.g. depositary bank.

      • 4.3 Public and state authorities: To the extent prescribed by law or necessary to protect our rights, we forward your data to agencies legally responsible for us under supervisory law or in any other way.

      • 4.4 Professional consultants and others: We forward your data to an extremely restricted extent to other parties, for example to professional consultants such as auditors.

    9. 5. How long do we store you data?
      • We erase your data when the purpose of the processing has been fulfilled or settled and we are not entitled or obliged to keep them stored for any other reason (e.g. statutory obligations).

    10. 6. Are my data forwarded to third countries?
      • We only forward your data to third countries if this is absolutely necessary or prescribed by law or you have granted us your consent.

    11. 7. Which data protection rights do you have?
      • 7.1 Each data subject has the right to:
        • information according to Art. 15 GDPR,
        • correction according to Art. 16 GDPR,
        • erasure according to Art. 17 GDPR,
        • restriction of the processing according to Art. 18 GDPR,
        • data portability according to Art. 20 GDPR.
        • In addition, a right to complain to a data protection supervisory authority exists (Art. 77, GDPR)

      • 7.2 Claiming all the aforementioned rights is free of charge for you as a matter of principle.
        • In the event of obviously unsubstantiated or - in particular in the event of frequent recurrence - excessive applications, we can however, according to the provisions of Art. 12 subsection 5, GDPR, either
          a) demand a suitable payment, in which the administrative costs for the notification or the performance of the measure applied for are taken into due account, or
          b) reject becoming active on the basis of the application.

      • 7.3 To exercise your rights, please get in touch with our aforementioned data protection coordinator. There, you will also receive further information on data protection.

    12. 8. Can this data protection declaration be changed?
      • From time to time, updating of this data protection declaration may become necessary, for example due to new statutory or official requirements and new offers in our online offer. In general, we recommend that you access this data protection declaration regularly in order to check whether there have been any changes. You can see whether changes have been made, amongst other things, if the date stated at the very bottom of this document has been updated.

    13. 9. Can I print or store this data protection declaration?
      • You can print or store this data protection declaration directly, for example via the print or save functions in your browser.

    14. Date: February 2021