Desu Systems BV – privacy statement: what we do with the personal details of our visitors, customers, applicants and other relations. The General Data Protection Regulation (AVG) will apply as of 25 May 2018. In order to carry out our activities properly, it is sometimes necessary to process your personal data.

Personal data are data that provide information about an individual person, such as contact details, but also financial data or data about other privacy-sensitive matters. Of course, we have taken measures to comply with the new legislation. We would like to inform you about this.

Personal data

If we process personal data, we always do so carefully and in accordance with the law and our internal privacy policy. The basic principles of our internal privacy policy are:

• We will always tell you what we do with your details and how, for example, you can exercise your right of access and objection. • We only use the information for the purpose for which we have collected it (such as the execution of an agreement, customer relationship management, customer administration and marketing). • We do not collect, use and store more data than we need, to achieve the purpose for which we obtained the data and only if there is no other way to achieve the same goal. • The more privacy-sensitive the information, the less we use the data. • We only use the data to the extent that there is a reason mentioned in the law. • We have taken appropriate security measures against loss of or unauthorized access to personal data. • We do not provide your personal data to third parties. • In this privacy statement you will find information about what we do with the personal data we receive when we carry out our activities.

Privacy Statement 2018 ENG – Version 1.0
2
In this privacy statement we also provide answers to the following questions:

• What type of personal data do we process? • For what purpose do we process your personal data? • Why may we use your personal data? • Who has access to your personal data? • How long do we keep your personal data? • Who is responsible for the processing of your personal data? • Who can I contact if I have questions about the use of my personal data? • What about the use of my personal data by third parties? • How do we secure your personal data? • What rights do you have with regard to the use of your personal data (and how can you exercise them)? • Do you place cookies when I visit your website? • Do you use my data for sending newsletters?

Personal data of different target groups

Privacy statement for (website) visitors, customers and other relations

Who is responsible for the processing of your personal data?

Desu Systems BV is responsible for the processing of your data.

Which type of personal data do we process?

• Contact details (such as name, e-mail address, work address, telephone number, a message left by you, including any personal data you have left behind in that message). • Cookies (see below). • The name of the organization for which you work or that you represent, your job title or job title. • Data used to calculating or recording invoices, making payments and collecting receivables, including invoice and delivery addresses, when you purchase services or products from us. • Information related to the type of browser, OS or type of device that you use to visit our website. • Security camera images when you visit our offices. • Any other information that you may provide to us.

Privacy Statement 2018 ENG – Version 1.0
3
Further information about cookies

General visitor data is kept on our website, such as the most requested pages. The purpose of this is to optimize the layout of the website for you. The data can also be used to offer more specific information. No personal data will ever be sent / recorded by you via the internet.

Desu Systems BV uses Google Analytics on the website, a web analysis service offered by Google Inc. (“Google”). Google Analytics uses “analytical cookies” (text files placed on your computer) to help analyze the use of the website. With this information, Desu Systems BV can improve the quality and effectiveness of its website.

For the use of these analytical cookies it is not required to first obtain permission from website visitors, provided that Desu Systems BV complies with the 4 steps as included in the manual privacy-friendly setting of Google Analytics of the Dutch Data Protection Authority.

Desu Systems BV meets the above 4 steps and informs you about this as follows:

• Desu Systems BV has entered into a processor agreement with Google; • Desu Systems BV has privacy-friendly Google Analytics, which means that the information is anonymised as much as possible. The IP address consists of 4 so-called octets of 3 digits each. Desu Systems BV has chosen to mask the last octet of the IP address; • Desu Systems BV has deactivated the option “share data with Google” in the default settings of Google Analytics. This means that the collected information is not shared with Google or others. Desu Systems BV has also not allowed Google to use the obtained information for other Google services; • Desu Systems BV informs visitors on its website about the use of Google Analytics.

Finally, we inform you that Desu Systems BV does not use other Google services in combination with the Google Analytics cookies in addition to the use of AdWords.

Desu Systems BV does not place tracking cookies on its website itself, but if you use social media cookies, third parties can place them.

Privacy Statement 2018 ENG – Version 1.0
4
How do we use that information and on what basis do we do that?

We process personal data as mentioned above for the following reasons:

• For service purposes: to be able to follow up your message and to inform you about the next steps. • For relationship management, marketing, customer administration and service purposes (to inform you of the latest news about Desu Systems BV and relevant services, marketing and measuring response to our marketing campaigns, managing our CRM and improving the functioning of our website) . • To develop sales-promoting activities. • To be able to conduct adequate customer administration and debtor management. • For internal control and company security. • The use of your personal data is necessary for: • The execution of agreements with our customers. • Compliance with our legal obligations. • Promoting our legitimate interest to be able to (continue to) provide our services to our customers as efficiently as possible. • Promoting our legitimate interest to be able to provide our services as efficiently as possible to the visitors of our website and to use our website as well as possible and our relationships. • Looking after your legitimate interest in obtaining the right information. • The legitimate interest of Desu Systems BV to secure our properties.

Desu Systems BV uses the contact details of existing customers for sending quotations, invoices and relevant documents, service e-mails and sending commercial information, such as newsletters and invitations to events. You can always opt out of the emails with commercial information or set your preferences by using the unsubscribe option included in each message or by sending an e-mail to info@desusystems.com

Desu Systems BV uses contact details of other relations than its customers for sending commercial information, such as newsletters and invitations to events only if you have given permission in advance. You can always withdraw your consent by using the unsubscribe option included in each message or by sending an e-mail to info@desusystems.com . We will ask you for permission to use your contact details again after three years.

Who do we share this information with?

Desu Systems BV will not provide your personal data to third parties, unless Desu Systems BV is obliged to do so on the basis of a statutory provision or a court decision. We also do not use your information to keep track of which ads are of interest to you or to allow ads to match your interests.
Privacy Statement 2018 ENG – Version 1.0
5

Desu Systems BV uses systems for the processing of your personal data. The suppliers of these systems can therefore also process personal data of you. For more information about these suppliers, please contact us via privacy@desusystems.com

It may also happen that third parties, such as our accountant and our legal and financial advisors, gain access to your personal data within the framework of assignments and / or supervisory tasks that Desu Systems BV performs in respect of Desu Systems BV.

Desu Systems BV has made agreements with all parties that have access to your personal data, so that there are sufficient guarantees for the careful processing of your personal data. This is in accordance with the law and the internal privacy policy of Desu Systems BV and this Desu Systems BV privacy statement. If we also give third parties access to your data, we will only do so if we are certain that these third parties only use the data in a manner that and for a purpose that is related to the purpose for which we obtained the data. And only in accordance with this Desu Systems BV privacy statement. In addition, the confidentiality and security measures required by law are always applicable to prevent your personal data from becoming known to other parties. We always look at how we can respect your right to privacy as much as possible.

Desu Systems BV does not store your personal data for longer than necessary for the purpose for which it was stored. We keep certain deadlines, and then we delete this data:

• If you have subscribed to a newsletter or have given permission to receive personalized messages, we will retain this permission for 2 years. Even if you decide at a certain moment that you no longer wish to receive the newsletter or personalized messages, we will retain the withdrawal of your request. • If you are a client of ours, we will retain your data during the agreement that you have entered into with us and then for another 3 years. • If you are a potential customer and you have expressly agreed that we will contact you, we will retain your data until you opt out or after 2 years from the time you last contacted us. • We always remove inactive client accounts after 7 years. • Tax regulations require us to keep our administration with your invoice, payment and order data for 7 years • We do not store camera images for more than 6 months. Unless we see something suspicious that we have to further investigate whether the images should be kept longer because of another legal obligation.

Privacy Statement 2018 ENG – Version 1.0
6
In all cases, Desu Systems BV may, for specific reasons, retain your data longer than indicated above if this is required by a statutory regulation or if longer storage is really necessary for carrying out our activities, for example to handle complaints, disputes to resolve or prevent fraud and abuse.

How do we secure your personal data?

We have taken all reasonable, appropriate security measures to protect our visitors, customers and relations against unauthorized access or modification, disclosure or destruction of personal data. We comply with the applicable security standards.

If despite the security measures there is a security incident that is likely to have adverse consequences for your privacy, we will inform you as soon as possible about the incident. We will also inform you about the measures that we have taken to limit the consequences and prevent repetition in the future.

Where do we store your data?

The personal data that we collect from you are always stored on the server of Desu Systems BV and / or its cloud provider (s) in the Netherlands and Europe. In exceptional cases, data may be transferred to and stored in data centers outside the European Economic Area (EEA). In those cases, they can also be processed by staff outside the EEA who work for us or for one of our suppliers. In that case, the third country’s data protection legislation will have been approved by the European Commission or other appropriate safeguards will have been put in place. Further information is available from our privacy coordinator via privacy@desusystems.com

What rights do you have with regard to your personal data?

• You may object to the use of your personal data, for example if you believe that the use of your personal data is not necessary for the performance of our activities or the fulfillment of a legal obligation. • You are entitled to inspect your personal data. This means that you can request which personal data is registered and for which purposes that data is used. • If you feel that we have incorrect personal data about you, you can have these personal details corrected. You can also ask us to limit the processing of your personal data, also for the period we need to assess your requests or objections. • You can also ask us to remove your personal data from our systems. • You can also ask us to ensure that your personal data is transferred to another party.

Privacy Statement 2018 ENG – Version 1.0
7
• We will comply with your request, unless we have a compelling, legitimate interest not to delete the data, which outweighs your privacy interest. If we have deleted the data, for technical reasons we can not immediately remove all copies of the data from our systems and back-up systems. We may refuse to comply with the aforementioned requests if they are made unreasonably often, demand unreasonably heavy technical efforts or have unreasonably severe technical consequences for our systems or endanger the privacy of others.

You can submit the aforementioned requests or make the aforementioned objection by sending a letter with your name, address, telephone number and a copy of a valid proof of identity to the privacy coordinator of Desu Systems BV. This can be reached via privacy@desusystems.com Remember to make your BSN number on the copy of the ID unreadable before you send it. Where can you get more information about how Desu Systems BV handles your personal data?

If you have any questions or want more information about the use of your personal data and your rights, you can contact the privacy coordinator of Desu Systems BV. This can be reached via privacy@desusystems.com

If you are not satisfied with the way Desu Systems BV deals with your questions, objections or complaints, you can submit a complaint to Desu Systems BV. You can contact yourself to complaints@desusystems.com

In the event that you are still not satisfied with the way Desu Systems BV has handled your complaint, you can also submit a complaint about the use of your personal data to the Dutch Data Protection Authority via https://www.autoriteitpersoonsgegevens.nl/en