PRIVACY AND DATA USAGE NOTICE
Iberis Semper, SCR, S.A.
Iberis Semper, Sociedade de Capital de Risco, S.A. and its affiliated entities (“Iberis” or “we” or “our”) is committed to protecting the security and privacy of European Union data subjects’ (“you”) personal data when processing the same. Iberis endeavours to ensure that any personal data we collect about you will, where relevant, be held and processed in accordance with the European General Data Protection Regulation (“GDPR”).
The terms ‘personal data’, ‘data controller’, and ‘processing’ have the meanings given to them in GDPR (which can be accessed at www.eugdpr.org), unless otherwise indicated.
2.1. This Privacy Notice demonstrates how we handle the personal data you provide to us, or which we collect about you, in the following ways (your “Data”):
- by you submitting Data to us through our website www.iberiscapital.com or from what we learn about you from your visit to our website;
- by you or a third party (such as your employer) submitting Data to us in the course of us providing services to you or a third party (such as your employer);
- by you or a third party (such as your employer) submitting Data to us where we are seeking to obtain services from you or a third party (such as your employer) as a service or asset provider to us;
- as a result of us using your Data (whether obtained from you, a third party, or the public arena) to contact you in connection to our clients; and
- as a result of us collecting Data about you from third party sources or other publicly available sources, such as your employer’s website.
3. Identity and contact details of Data Controller and Data Protection Representative
3.1. As per the provisions of article 37 of the GDPR, Iberis is not required to have a Data controller, however we believe it is important for you to have a go-to point for your concerns regarding your data. As such, data protection and privacy enquiries can be addressed to:
Post: João Henriques
c/o Iberis Semper, Sociedade de Capital de Risco, S.A.
Av. Conselheiro Fernando de Sousa, 19-13º Esq.
FAO: Data Protection
4. What we use your Data for
4.1. The following are the categories of your Data which we hold, the purposes for which we may process your Data, and the legal basis for the processing:
- For Data Subjects falling under ‘Website Users’ we hold Personal Details for Due Diligence Purposes and Response to Queries for Legitimate Interests and Consent;
- For Data Subjects falling under ‘Third Party Service Providers’ we hold Personal Details and a List of Services Provided for the Purposes of Discharging Contractual Obligations and Client Activities and we process under the legal basis of carrying out our Legal Compliance and Legitimate Interests;
- For Data Subjects falling under ‘Corporate Finance Contacts’ and ‘Clients’ we hold Personal Details, Financial Details, Employment and Career Details, Services Provided and Rendered, for the purposes of Client Activities, Direct B-2-C Approach, and Research Purposes. The Legal basis of processing such Data Subjects falls under Legitimate Interests, Consent, Performance of Contract, and Legal Compliance.
5. Data security
5.1. We have put in place appropriate security measures to prevent your Data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Data to those individuals who have a business need to know.
5.2. We have put in place procedures to deal with any suspected Data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
6. Who we share your Data with
6.1. We may on occasion be required to share your Data with the following categories of recipients:
- Other Iberis Group entities and affiliates;
- Third parties who provide services to us or on our behalf. For example, we use third parties as part of our IT infrastructure and engage with a number of other third parties as part of our wider business. A full list of all our third-party service providers that potentially have access to your Data is available on request;
- Other Iberis Group clients and corporate finance contacts where this is necessary in connection with the performance by us of services to our clients;
- in other cases:
- where we are required to do so by law or enforceable request by a regulatory body;
- where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights.
7. International Transfers
7.1. In certain circumstances, we may transfer your Data to our clients to countries outside the
European Economic Area (“EEA”), which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the GDPR.
8. Retention Period
8.1. We will only retain your Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, tax, regulatory, or reporting requirements.
To determine the appropriate retention period for your Data, we consider the amount, nature, and sensitivity of your Data, the potential risk of harm from unauthorised use or disclosure of your Data, the purposes for which we process your Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
8.2. As a general rule this means that your Data will be stored for a maximum period of 10 years from the date on which our relationship with you ends, after which time it will be put ‘beyond use’ if it is no longer required for the lawful purpose(s) for which it was obtained.
9. Your rights in relation to your Data
9.1. Under the GDPR, you have the following rights in relation to how we process your Data:
- right to request access: you may obtain confirmation from us as to whether or not your Data is being processed and, where that is the case, access to your Data;
- right to rectification and erasure: you have the right to obtain rectification of inaccurate
- personal Data we hold concerning you and to obtain the erasure of your Data without undue delay in certain circumstances;
- right to restriction of processing: you may require us to restrict the processing we carry out on your Data in certain circumstances;
- right to data portability: you have the right to receive your Data in a structured, commonly used and machine-readable format;
- right to withdraw consent and object to processing: where you have provided your consent to us processing your Data, you have the right to withdraw your consent at any time. Additionally, where we are relying on legitimate interests to process your Data you have the right to object to such processing. This can be done by emailing firstname.lastname@example.org at any time; and
- right to lodge a complaint: you may lodge a complaint with any supervisory authority in the EU. The supervisory authority for Portugal is the National Data Protection Authority (Autoridade Nacional de Proteção de Dados).
9.2. For further information on your rights, please see the Authority’s website here at
9.3. Please note that, in circumstances where you are seeking to exercise your rights as a data subject, we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your Data is not disclosed to any person who does not have a right to receive it.
10. Additional Information
10.1. We do not undertake automated decision-making or profiling of your Data.
10.2. We keep our data protection policy (including this Privacy Notice) under constant review and may change it from time to time to reflect our practices or to remain compliant with relevant legislation. We will notify you of any material changes to our Privacy Notice at which point you will be given the option to request that we cease processing your Data.