Dutch Business Partners - English

Privacy notice for suppliers, customers, service providers, consultants, investors and other business partners of OEP Master B.V.

For OEP Master B.V. (hereinafter "OEP") the protection of your personal data and your privacy is an important concern. The purpose of this privacy notice is to inform you which personal data of our suppliers, customers, service providers, consultants, investors and other (potential) business partners or their contact persons (hereinafter collectively "business partners") we process and which rights you are entitled to in accordance with Regulation (EU) 2016/679 (EU General Data Protection Regulation – “GDPR”) with regard to the processing of your personal data.

1. Responsibility for the processing of personal data
OEP Master B.V., 2Amsterdam – Eduard van Beinumstraat 30, 1077 CZ Amsterdam, Netherlands, is the controller for the processing of your personal data for the purposes set out under Section 3. Some processing activities are carried out under joint control with OEP Capital Advisors L.P., 330 N. Wabash Ave., Suite 3750, Chicago, IL 60611, US ("OEP US"), One Equity Partners Europe GmbH, Neue Mainzer Str. 84, 60311 Frankfurt am Main, Germany (“OEP Germany”) and OEP Italy S.R.L., Via Alessandro Manzoni 38, 20121 Milano, Italy (“OEP Italy”). For more information on processing under joint control with OEP US, OEP Italy and OEP Germany, please refer to Section 10.

2. Personal data processed
We process the following categories of personal data of our business partners:

  • Professional contact and organisational data (e.g. name, title, business address, business telephone number and email address, job title/position, bank details if necessary);
  • Communications data (content and traffic data, particularly emails);
  • Further information that is required to comply with ‘know your customer’ (KYC) and anti-money laundering obligations (e.g. passport/ID copies, AML letters, information provided in KYC questionnaires);
  • Information on criminal convictions and offences of co-investors who invest or are contemplating an investment in the Dutch OEP funds or portfolio companies of the Dutch OEP funds, if this is allowed or required under applicable data privacy laws;
  • Information that is contained in contracts, communication and other documentation relating to M&A transactions, investments and other deals which we obtain in the course of such deals, in particular about persons related to the relevant target company and its business dealings or who are otherwise involved in such deal, e.g. employees or business partners (e.g. share/asset purchase agreements with names, signatures, dates of birth, residential addresses and tax identification numbers of the parties’ representatives);
  • Other information that you provide to us or that we become aware of in the course of our business relationship and communications.

3. Purposes of the processing
We process your personal data for the following purposes:

  • Managing the receipt of goods (e.g. IT equipment and consumables) and services (e.g. consultancy services);
  • Management, optimisation and processing of our business relationships (including the performance of our contracts) with our business partners as well as the initiation or establishment of new business relations;
  • Management of operations of OEP's portfolio companies, including reporting to investors and organising board meetings and shareholder meetings;
  • Prevention and investigation of fraud or other criminal activities;
  • Verifying investors’ identities, including for background checks, anti-money laundering and ‘know your customer’ checks, reports and disclosures, and due diligence;
  • Security of our IT systems, architecture and networks;
  • Compliance with legal obligations of OEP and other companies of the OEP Group (including compliance with orders of public authorities) as well as for legal and tax advice.

4. Legal basis of the processing
We process your personal data on the basis of the following legal grounds:
for the performance of the contract concluded with you or in order to take steps at your request prior to entering into a contract (Article 6 para. 1 lit. b GDPR);
to comply with legal obligations to which we are subject (e.g. to comply with tax and anti-money laundering obligations; Article 6 para. 1 lit. c GDPR); and
to the extent the processing is necessary for the purposes of legitimate interests pursued by us or a third party and these interests are not overridden by your interests or fundamental rights and freedoms (Article 6 para. 1 lit. f GDPR), in particular to enable cooperation with other companies within the OEP Group, to maintain and safeguard business operations and company processes, to protect OEP and our employees, to perform contracts with a business partner with whom you are employed, to operate and administer our portfolio companies and other investments, to improve our services and identify new ways to develop and grow our business, and to establish, exercise or defend legal claims.

5. Recipients of the personal data
We will transfer your personal data to the following categories of recipients and grant them access to the extent necessary in each case and, where necessary, on the basis of a data processing agreement concluded between us and the recipient:

  • Employees of OEP;
  • Other companies of the OEP Group;
  • Technical service providers (particularly IT system providers and cloud service providers);
  • Legal and tax consulting firms;
  • Courts and other public authorities;
  • Third parties in the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or part of the business or assets of OEP (including any insolvency or similar proceedings), if applicable; and
  • Other third parties and service providers, to the extent this is necessary in individual cases.

6. Place of processing of personal data
Your personal data will be processed within the European Union ("EU") and the European Economic Area ("EEA") as well as outside the EU/EEA in so-called third countries by the parties specified in Section 5, in particular by service providers in the UK and the USA. In doing so, we take into account contractual confidentiality and non-disclosure obligations as well as the applicable data protection laws. We will not disclose your personal data to parties who are not authorized to process them.

Please note that there may be differences with regard to the applicable data protection laws between the respective member states of the EU/EEA and all other countries. The level of protection of personal data, especially when processed outside the EU/EEA, may therefore be lower than within the Netherlands. If processing takes place outside the EU or EEA, we will ensure that the recipient of your personal data guarantees an adequate level of protection (in particular by participating in the so-called EU-U.S. Data Privacy Framework or by concluding the so-called EU standard contractual clauses with us and, if necessary, by implementing additional protective measures).

7. Data sources
We process personal data that we have received in the course of our business relationship from you, the company that employs you, other business partners or third parties, or from publicly accessible sources.

8. Retention periods
We store your personal data only as long as it is necessary for the purpose pursued with the respective processing and as long as we are legally obliged to store it (e.g. due to retention obligations under commercial or tax law).

9. Rights of the data subject
Under the applicable data protection laws and provided that the relevant statutory prerequisites are met, you as a data subject have various rights against any controller, e.g. a right to request from us access to your personal data. Furthermore, these rights may include a right to rectification, erasure or restriction of processing as well as the right to data portability.

Where we process your data on the basis of the legitimate interests of OEP or a third party, you have the right to object to such processing on grounds relating to your particular situation at any time. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

You can exercise these rights by sending a request to Dunja Mauser, who can be contacted by email at dunja.mauser@oneequity.com.

Furthermore, you have the right to lodge a complaint about the processing of your personal data with the competent data protection authority.

10. Specifics in case of processing under joint control with OEP US, OEP Italy and OEP Germany

For the following processing operations concerning you, we determine the purposes and means of the processing jointly with OEP US, OEP Italy and OEP Germany and therefore act as so-called joint controllers:

  • Document management on a shared data storage: To the extent necessary to ensure efficient handling of business processes, customer needs related to the investments of OEP Group and other needs of OEP Group’s business partners (in particular to perform contracts with you or a business partner with whom you are employed, to enable cooperation with other companies within the OEP Group, and to operate and administer our portfolio companies and other investments), OEP, OEP Germany, OEP Italy and OEP US store files/documents which may also include personal data of their business partners on cloud-based shared data storages which their respective relevant employees can access. These files may include, for example, AML certifications and ESG reviews of the OEP Group’s portfolio companies and further documents related to the management of these companies.

This joint control is based on contractual agreements between OEP US, OEP Germany, OEP Italy and us which determine who fulfills which obligation under the GDPR in each case. Under the GDPR, we are required to make the essence of these joint controllership agreements available to you: we have stipulated that the processing operations mentioned above are subject to joint control and that each party is responsible for the lawfulness of its respective data processing. The information obligations are fulfilled by each OEP, OEP US, OEP Italy and OEP Germany towards their business partners. For this reason, you receive this privacy notice with respect to joint controllership from us. In addition, we, OEP US, OEP Italy and OEP Germany will promptly inform and assist each other to the extent necessary to respond to data subject requests. The data subject’s rights set forth in Section 9 above also apply without limitation with respect to the processing operations that are carried out under joint control with OEP US, OEP Italy and OEP Germany. In this respect, you can exercise your data protection rights both towards us and towards OEP US, OEP Germany or OEP Italy. As a data subject, you will generally be provided with the information from the controller you have contacted to exercise your rights. You can reach (i) OEP US at the address above or by email via dora.stojka@oneequity.com and (ii) OEP Germany and OEP Italy at the respective addresses above or by email via dunja.mauser@oneequity.com.

This privacy policy was last updated in June 2024.

TransformationalCombinationsWork With Us

© 2024 One Equity Partners. All Rights Reserved.
A FINE site.(Link opens in new window)

This website uses cookies. For more information, visit our Privacy & Cookie Policy