In this Privacy Statement we describe and inform you about what Personal Data we process about you, how we process it, for what purposes we process it, to whom we may provide it, how long we retain it, how we secure it and what rights you have.

This Privacy Statement was drawn up pursuant to the General Data Protection Regulation ("GDPR"), in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which entered into force on 25/05/2018.

EOS Contentia is a collection company. It is located at Industriëlaan 54, 7700 Moeskroen/Mouscron, Belgium and has company number 0454.609.009.

A debt collection company can recover debts according to 2 scenarios:

Definitions:

• Customer/partner: the companies that either entrust EOS Contentia with a service contract for debt collection or sell a debt portfolio to EOS Contentia.
• Debtor: the debtor of the debt, either to the Client/Partner in the case of a debt collection service contract or to EOS Contentia in the case of a debt transfer

1° as a service provider for creditors

Our customers or partners, the creditors, entrust the recovery of their outstanding claims against debtors (debtors) to our company. Our firm offers debtors the possibility of paying their debts by means of an amicable settlement, without any legal proceedings. If the debtor fails to do so, legal proceedings can still be initiated for the recovery of the debt.

2° as principal or assignee in the context of a contract, in particular for the management and collection of debts when EOS Contentia has taken over a portfolio of debts from a creditor.

In order to establish and maintain contact with our client, our customer/partner, the creditor of the receivables we process the personal data of the contact persons, legal representatives or internal contacts designated to us by our client (hereinafter collectively referred to as "customer contacts").

The processing of client contacts' personal data is carried out on the basis of:

Account management:

• performance of a contractual obligation towards the creditor

Contract management:

• performance of a contractual obligation towards the creditor

Invoicing:

• performance of a contractual obligation towards the creditor

Reporting and analysis:

• Performance of contractual obligation towards creditor
• the legitimate interest of EOS Contentia in optimising recovery procedures and evaluating the outstanding debt(s) in the context of a debt transfer.

Audit and control:

• By the customer: performance of a contractual obligation towards the creditor;
• By public authorities: legal obligation

For all other processing operations: the justified interest of EOS-Contentients, which consists of

• improve recovery procedures,
• organising debt recovery faster, more efficiently and more cheaply

EPS Contentia is a service provider that decides only on the resources it deploys and the way in which recovery files are handled on behalf of the creditor. EOS Contentia keeps the creditor informed of the progress of debt recovery and is remunerated by the creditor for its services. The creditor determines the purpose (collection of the debts) of the processing and remains the owner of the claim.

EOS Contentia acts as creditor, owner of the claim, in the event of assignment of claims.
In this case, EOS Contentia is the controller who determines the purpose and manner in which your personal data are processed.

EOS Contentia processes the following personal data of client contacts in the context of a service contract for debt collection or a transfer of a debt portfolio:

• your identity and professional contact details (name, title, company address, professional e-mail address, professional telephone and mobile number, function and function title);

We kindly remind you that you are responsible for all data you provide to us and that we rely on its accuracy. If your data is no longer up to date, please inform us immediately.

We do not process special categories of personal data of client contacts.

Debt recovery management

• Contacts via correspondence, telephone, email
• Contacts via the client portal (online)

Information to the creditor

• Reporting on the status and progress of debt recovery for each debtor

Preservation, storage and processing via special software

• The management of the client contacts is done in specific management software (application, data base and backups).

Audit and control

• Legal obligation to communicate client contact's personal data for the purposes of public control (accounting, tax, legislation on the prevention, monitoring and detection of fraud, money laundering and other criminal activities).

Deletion and destruction of personal data after the retention period applicable to the specific processing.

Telephone calls between client contacts and our agents are recorded and used to check their quality and to train employees.

The calls will be stored for the period provided for in the Electronic Communications Act of 13/06/2005.

EOS Contentia may pass on personal data of client contacts:

For audits and controls

• The competent authority

Judicial authorities

• Combating fraud
• Legal obligation

All personal data of client contacts are stored, processed and kept only in the European Union (more specifically in Belgium, France and Germany). The transfer of data outside the European Union takes place on the basis of EU Standard Model Clauses on data protection where the country to which the data is transferred does not provide adequate protection within the meaning of the GDPR. No transfers will be made to the United States of America on the basis of the EU-US or Swiss-US Privacy Shield/Safe Harbour.

We will retain your personal data:

• as long as they are necessary for the legitimate purpose for which they were obtained, e.g. to ensure good recovery practices

All the client contact's personal data shall be retained for the period that the customer contact is designated as our contact by the creditor. If the creditor provides us with another customer contact, the previous customer contact is deleted.

EOS-Contentia has appointed a Data Protection Officer (DPO):
E-mail: Privacy@eos-contentia.be
Postal address: Industriëlaan 54K, 7700 Mouscron/Mouscron, Belgium

If, after reading this Privacy Statement, you have further questions or comments with regard to the collection and processing of your personal data, please contact our DPO.

We make every effort to handle your Personal Data in a careful and legitimate manner in accordance with applicable regulations. Nevertheless, if you believe that your rights have been violated and if your concerns have not been addressed within our company, you are free to lodge a complaint with us:

Data protection authority
Drukpersstraat 35, 1000 Brussels
+32 (0)2 274 48 00
+32 (0)2 274 48 35
contact@apd-gba.be

You can also come there for all general questions relating to the processing and protection of Personal Data.

In addition, you may bring an action before a court if you believe that you would suffer damage as a result of the processing of your Personal Data.

In accordance with and subject to the conditions of Belgian privacy law and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:

• Right of access and inspection: You have the right to inspect, free of charge, the information we hold about you and to find out what it is used for.
• Right of rectification: you have the right to obtain rectification (correction) of your incorrect personal data, as well as to complete incomplete personal data.
• Right to erase data or restrict processing: You have the right to request us to erase or restrict the processing of your personal data in the circumstances and under the conditions set out by the General Data Protection Regulation. We may refuse the deletion or restriction of any personal data which is necessary for us to fulfil a legal obligation, the performance of the contract or our legitimate interest, and this for as long as these data are necessary for the purposes for which they were collected.
• Right to transfer data: You have the right to obtain the personal data you have provided us with in a structured, common and machine-readable form. You have the right to transfer this data to another data controller.
• Right of objection: you have the right to object to the processing of your personal data for serious and legitimate reasons. Please note, however, that you cannot object to the processing of personal data which is necessary for us to fulfil a legal obligation, the performance of the contract or our legitimate interest, for as long as these data are necessary for the purposes for which they were collected.
• Right of withdrawal of consent: If the processing of personal data is based on prior consent, you have the right to revoke this consent. These personal data will then only be processed if we have another legal basis for doing so.
• Automatic decisions and profiling: we confirm that the processing of personal data does not include profiling and that you will not be subject to fully automated decisions.

You can always view the data we process about you and, if necessary, have it corrected. All you have to do is request it via our Data Protection Officer with proof of your identity. This is in order to prevent your data from being passed on to anyone who is not entitled to it.

Personal data collected by EOS Contentia will only be stored and processed in the European Union. We take steps to ensure that the data we collect under this Privacy Statement is processed in accordance with the provisions of this Statement and the requirements of applicable law wherever the data is located.

We take the necessary technical and organisational measures to process your personal data to an adequate level of security and to protect them against destruction, loss, falsification, alteration, unauthorised access or accidental notification to third parties, as well as any other unauthorised processing of this data.

Under no circumstances can EOS Contentia be held liable for any direct or indirect damage resulting from the incorrect or unlawful use of the personal data by a third party.

EOS Contentia makes every effort to protect the security of your personal data. We use a variety of security techniques and procedures to protect your personal data against unauthorised access, use or disclosure.

EOS Contentia is also committed to reducing the risks of human error, theft, fraud and misuse of EOS Contentia facilities. EOS Contentia's efforts include raising staff awareness of security policies and training staff to implement security policies. EOS Contentia employees are required to maintain data confidentiality. Employee obligations include written confidentiality agreements, regular training on information protection and compliance with the company's policy on the protection of confidential information.

EOS Contentia quickly evaluates and responds to incidents that cause suspicions of unauthorised data processing. If EOS Contentia determines that your data has been unlawfully used (including by an EOS Contentia employee) or otherwise improperly obtained by a third party, EOS Contentia will report such misuse or acquisition to you immediately.

EOS Contentia will carry out annual compliance audits. Any employee found by EOS Contentia to be in breach of the GDPR is in breach of this Privacy Statement and will be subject to disciplinary action up to and including termination of employment. Any third party violating this privacy policy will be required by all agreements with EOS Contentia to indemnify and hold EOS Contentia harmless against claims relating to such violations.

Cookie controls are described in our Cookie Statement.

We will update this Privacy Statement as necessary to reflect customer feedback and changes to our services. When we post changes to this statement, we will revise the "last updated" date at the top of the statement. If there are material changes to the statement or to how EOS Contentia will use your personal data, we will notify you by prominently posting a notice of such changes before they become effective or by sending you a notice directly. We encourage you to periodically review this Privacy Statement to find out how EOS Contentia is protecting your information.