1.-  Data Controller

MERIDIA CAPITAL PARTNERS SGEIC, S.A.

1-Who is the data controller of your data processing?

The Data Controller and the owner of the website www.meridiacapital.com is MERIDIA CAPITAL PARTNERS SGEIC, S.A. with registered office at Avenida Diagonal, 640, 5th Floor 08017 -BARCELONA, with tax identification number A-64214240, registered at the Commercial Registry of Barcelona in page B-329676 and at the official registry of the Spanish Securities Market Commission (Comisión Nacional del Mercado de Valores) as of 15th January 2016 under registration number 112. (hereinafter MERIDIA CAPITAL PARTNERS SGEIC, S.A, or Data Controller)

 

Telf: +34 93 484 15 00

 

Email:protecciondedatos@meridiacapital.com

2.-  Personal data and Purposse of processing

Data Categories: Contact data and other necessary for the required purposes, such as responding to the information requested through our website https://www.meridiacapital.com and others necessary for the provision of our services or activities.

Purposes: Provide information, recruitment of our Staff, manage the requested investments or operations and the commercial and administrative management of the Company.

2- personal data we process and purposes

 

1-Types and categories of personal data we process.

 
a. Name, title, gender.

b. Your contact details, personal account, as well as your company name and business location including address, phone number, VAT number and your email address.

c. Economical or Financial information and information related to compliance of money laundering regulations.

c. Information on your requests and investments.

d. We could record your communications with us made by email or others.

e. Information collected when you use our website and other digital media, if applicable.

- When you visit our website, we may record your IP address, browser type, operating system, originating website and web browsing behavior.

f. Information related to social networks.

Depending on your social network settings, we may receive information from your social network provider. For example, when you identify yourself with a social network account to use our services, we may receive your social network profile including contact details, interests, and contacts. For more information on the personal data we receive from your social network provider and how to modify the settings, please refer to the website and privacy policy of your social network provider.

g. Information you choose to share with us. You can choose to share information with us, for example by giving us a comment on Twitter, completing a customer survey, or

submitting data for an event.

h. Information that you provide us to initiate a staff recruitment process including your CV and other personal or professional information.

 

2-Your personal data will only be used for the following purposes:

 

a. Register your personal data in our database if you are an investor or potential investor or client.

b. Carry out the necessary commercial and administrative procedures with the users of the web and our clients.

c. Contact you for contractual negotiations and to process your inquiries.

d. In case of formalizing contracts, purchases or investments, the data shall be used to process the corresponding contracts. In this regard, your data can be shared with third parties as detailed in point 5

e. To send commercial advertising communications by email, social network or any other electronic or physical way, if you have expressly consented to the sending of the commercial communications electronically. If you are a client of MERIDIA CAPITAL, we may send you commercial information related to your investments or the services that you have contracted. Communicate with you to answer your questions and process your complaints.

f. Communicate with you to obtain your opinion on the service provided or the quality of our products or services.

g. Likewise, the data collected during browsing is processed in order to provide access to the online content of the website, as well as to respond to the requests of the website users, to keep a record of visit statistics (IP addresses, browser data, country, page accessed, etc.) in order to help us develop better services and products, optimize our offer and provide more effective customer service and improve the design and content of our websites.

h. The data of Clients and / or Suppliers will be treated, within the contractual relationship that binds them with the person in charge, in compliance with the administrative, fiscal, accounting and labor obligations that are necessary under current legislation.

i. Objection or revocation. You can object or revoke your consent to receive marketing communications at any time by following the instructions in the relevant marketing communication or by contacting us at protecciondedatos@meridiacapital.com

j. If you fill in any of the forms provided on our website or in any other way, it will be necessary to provide certain personal data, which will be processed for the purpose for which they are requested.

k. The personal data of our employees will be used to comply with the corresponding labor and contractual obligations.

l. The purpose of the processing of your personal included in your CV or others you share with us during your participation in our staff recruitment process, is to carry on that process, and we inform you that:

If it does not fit the profiles required by the Company and in compliance with data protection regulations, it will be immediately erased, and we will not keep a copy.

If we consider that your profile may fit our needs, but there are currently no vacancies, we will keep it for a maximum of 1 year in case any vacancy arises during this period. After this period, it will be erased if no vacancy arises or if it does not fit in any of the processes we start. We will not keep any copies, although if it were of interest to us, we could ask you for an updated version.

If your profile fits a position that is currently vacant, we will contact you shortly to initiate a selection process.

m. In accordance with the LSSICE, we inform you that MERIDIA CAPITAL does not perform SPAM practices, therefore, it does not send commercial emails by e-mail if it does not have the necessary legitimacy. In any case, you will always have the possibility to withdraw your consent to receive our communications.

We shall not process your personal data for any other purpose than those described except by legal obligation or judicial requirement.

Your personal data will not be subject to decisions based on automated processing that produce effects on you.

3.- Legal basis for processing  

Consent of the data subject, compliance with legal obligations, performance of a contract or pre-contract or legitimate interest.

3- WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF YOUR DATA? 

 

The legal basis for the processing of your personal data is:

  • Performance of a contract: this is when the processing of your personal information is necessary in order to perform our obligations under a contract.
  • Legal obligation: this is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency, or in relation to the systems for prevention of money-laundering.
  • Legitimate interests: we shall process information about you where it is in our legitimate interest in running a lawful business to do so to that business, so long as it doesn’t outweigh your interests.
  • Your express consent: in some cases, we would ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. You may withdraw your consent at any time by contacting MERIDIA CAPITAL PARTNERS SGEIC, S.A. at protecciondedatos@meridiacapital.com.

 

The legal basis for the processing of the personal data of the suppliers is based on the contractual relationship that is generated when we contract with them. The legal basis for the processing of the data of our employees is based on the employment relationship.

Curriculum Vitae (CV)

We inform you that in accordance with the provisions of the personal data protection regulations in case you send your CV to MERIDIA CAPITAL PARTNERS SGEIC, S.A. which is understood as any of the investee companies, managed or advised by MERIDIA CAPITAL PARTNERS SGEIC, S.A., it will be stored and processed to participate in the Staff selection processes carried out by us. The legal basis that legitimizes our processing is your expressed consent by voluntarily sending us your CV.

Likewise, we inform you that your CV shall be erased, and we shall not keep any copies, in case your profile does not match any of the positions offered by the Company. If your profile could potentially be interesting for the Company, your CV will be retained for a maximum period of one year for future Staff selection processes. You could update your CV at any time. After this period has elapsed without being selected for any process, it shall be erased, and we shall not keep a copy or keep any of your personal data.

 

4.- Data retention:  

If you do not withdraw your consent, the contractual relationship lasts or for the time required by a legal obligation.

4. DATA RETENTION. ¿How long shall we keep your personal data?

 

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

The personal data you provide us shall be kept for the time necessary to manage the information you request, or as long as there are contractual obligations deriving from services or content requested by users and subsequently until the expiration of legal, contractual or professional responsibilities that require its retention.

The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using our Services)
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period before we can delete them)
  • Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation, or regulatory investigations)

Once the data has met the needs for which it was collected, we will delete it permanently. However, we will keep your data longer, if necessary, to comply with legal obligations. Likewise, it may be necessary to keep them for the time necessary until the prescription of the legal responsibilities that are generated.

If we have your e mail in our database for the sending of commercial information, it will be kept if the necessary legal basis that legitimizes its conservation and use is maintained. You have the right to erasure of personal data concerning to your data at any time in order not to receive commercial information.

The personal data you provide us shall be kept for the time necessary to manage the information you request, or as long as there are contractual obligations deriving from services or content requested by users and subsequently until the expiration of legal, contractual or professional responsibilities that require its retention.

Once the data has met the needs for which it was collected, we will delete it permanently. However, we will keep your data longer, if necessary, to comply with legal obligations. Likewise, it may be necessary to keep them for the time necessary until the prescription of the legal responsibilities that are generated.

5.- Data Recipients:  

The data you provide will be incorporated into a database belonging to MERIDIA CAPITAL PARTNERS SGEIC, S.A., but they shall be available, for operational reasons, to any investee Companies, managed or advised by Meridia Capital or with its same control partner, but shall not be transferred to third parties, except those who must necessarily intervene to our internal management or the provision of our services.

4. DATA RETENTION. ¿How long shall we keep your personal data?

 

Your Personal Data will be processed by duly authorized personnel, and, if necessary or practical to fulfill the purposes indicated above, they may be processed, in certain cases, by third parties.

The categories of recipients to whom your Personal Data may be communicated are the following:

a. Data processors, such as IT providers, consultants, and other companies.

b. Public entities and Authorities, exclusively for the purpose of complying with legal and regulatory obligations, as well as the requirements of the police authorities if requested.

c. Other suppliers to whom, where appropriate, your personal data may be transferred, when is necessary for our normal operation, as financial institutions and insurers, among others.

d. Investee Companies managed or advised by Meridia Capital or with its same control partner, for operational reasons.

All of them are subject to the duty of professional secrecy or act under a legal obligation.

6.- Rights:  

Access, rectify and erasure your data, as well as other rights provided by current regulations.

6. RIGHTS ¿what are your rights when you provide us with your data?

 

If you wish to exercise the rights that the data protection regulations grant you, please send us an e-mail to the following address protecciondedatos@meridiacapital.com putting in the subject the right you want to exercise and attaching a copy of your national identity document or passport or by sending the same content by postal mail to MERIDIA CAPITAL PARTNERS SGEIC, S.A, Avenida Diagonal, 640, 5th Floor 08017 - BARCELONA.

The Rights that the current regulations recognize and that, where appropriate, may be exercised are:

Right of access to data:

You have the right to be informed by the Data Controller if your personal data is being processed or not, and if the process is confirmed, you shall be able to access it by providing the following information:

-The purposes of processing.

-The categories of data.

-The term or criteria for data retention.

Right to rectification:

You will have the right to request the Data Controller to rectify your data when they are inaccurate or incomplete by means of an additional rectifying statement.

Right to Erasure:

The data subject shall have the right to request the Data Controller to erase its data, when:

-The processing is illegal.

-The data subject has withdrawn its consent.

-They are no longer necessary in relation to the purposes for which they were collected or processed.

-The data subject has exercised the right of opposition and other legitimate reasons for the processing do not prevail.

-The data must be erased to fulfill a legal obligation of the Data Controller.

The data subject shall not have the right to request the Data Controller to erase their data when the processing is necessary:

-To exercise the right to freedom of expression and information.

-To fulfill a legal obligation of the Data Controller.

-For the preparation, exercise or defense of claims.

-For public interest based on current legislation for public health reasons or for historical, statistical or scientific research purposes.

Right to data portability:

You have the right to request the Data Controller to transfer your data to another Data Controller or to the same data subject, through a structured format of usual use and mechanical reading, when the processing is carried out by automated means and is based on:

-The consent of the data subject for specific purposes.

-The execution of a contract or pre-contract with the data subject.

The right to data portability will not apply when:

-The transmission is technically impossible.

-It can negatively affect the rights and freedoms of third parties.

-The processing has a public interest mission based on current legislation.

 

Right to restriction of processing:

1. The data subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:

- the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
- the processing is unlawful, and the data subject opposes the erase of the personal data and requests the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
- the data subject has objected to processing, pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

Right of opposition:

The data subject shall have the right to object to processing of personal data, on grounds relating to his or her situation, at any time. The Data Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right not to be subject to profiling:

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, mainly when is referred to the following personal aspects:

-Professional performance.

-Economic situation.

-Health.

-Preferences or personal interests.

-Reliability.

-Behavior.

-Location or movements of the person.

When profiling is based solely on automated processing:

-The data subject will have the right to be informed if the decision that can be taken could have legal effects that significantly affect him.

-The data subject will have the right to obtain human intervention from the Data Controller to express their point of view and to challenge the decision, if the processing has been authorized by:

-The explicit consent of the data subject.

-A contract between the Responsible and the data subject.

This right shall not apply if the decision:

- is necessary for entering, or for the performance of, a contract between the data subject and the Data Controller;
- is authorized by European Union or Member State law to which the Data Controller is subject, and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
- is based on the data subject's explicit consent.

 

7.- Supervisory Authority:  

You can direct claims arising from the processing of your personal data to the Spanish Agency for Data Protection (www.aepd.es)

7- SUPERVISORY AUTHORITY:

If you consider that MERIDIA CAPITAL PARTNERS SGEIC, S.A has violated any of your rights protected by the personal data protection regulations or that it has violated any obligation regarding the protection of Personal Data, you have the right to submit a claim to the competent Supervisory Authority which in Spain is the Spanish Agency for Data Protection located at Calle Jorge Juan, 6. 28001 - Madrid. Tel. 901 100 099 - 912 663 517

 

You can also submit an electronic claim through the electronic address that is available on their website https://www.aepd.es/

 

8.- Governing law & Jurisdiction  

This privacy policy is governed in each one of its extremes by the General Data Protection Regulation of the European Union and other related Spanish regulations

8. GOVERNING LAW AND JURISDICTION

 
This privacy policy is governed in each and every one of its aspects by Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons in regard to the processing of personal data and the free circulation of this data.

It is also governed by Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights. Likewise, our website is governed by Law 34/2002, of July 11, on Information Society and Electronic Commerce Services.

Any dispute arising from matters relating to our Website shall be exclusively subject to the jurisdiction of the courts of the city of Barcelona.

 

9.- DPO  

Our Company has appointed a Data Protection Officer. 

9. DATA PROTECTION OFFICER

 

MERIDIA CAPITAL PARTNERS SGEIC, S.A. has a Data Protection Officer that will perform the following functions:

•Inform and advise MERIDIA CAPITAL PARTNERS SGEIC, S.A. on the obligations that it must carry out to comply with the data protection regulations.

• Supervise that the suppliers of MERIDIA CAPITAL PARTNERS SGEIC, S.A. comply with what is required in the contracts of the person in charge of processing and ultimately with the regulations for the protection of personal data.

• Supervise the application at MERIDIA CAPITAL PARTNERS SGEIC, S.A. of the data protection regulations.

• Ensure the correct preservation of documentation related to the protection of personal data.

• Supervise documentation, notification and communication of personal data violations or security breaches.

• Act as a point of contact with the control authority of each country in which MERIDIA CAPITAL PARTNERS SGEIC, S.A. has a presence on issues related to data processing.

• Supervise the response to the requests of the supervisory authority, as well as cooperate with it when required.

• Offer information or advice to interested parties, regarding data protection.

You can contact our Data protection officer: protecciondedatos@meridiacapital.com

 

10.- Additional Information  

Additional information on safety and other aspects

10. ADDITIONAL INFORMATION

 

SECURITY MEASURES:

 

The data you provide will be treated confidentially. MERIDIA CAPITAL PARTNERS SGEIC, S.A. has adopted all the technical and organizational measures and all the necessary levels of protection to guarantee the security in the treatment of the data and avoid its alteration, loss, theft, treatment or unauthorized access, according to the state of technology and nature of the stored data. Likewise, it is also guaranteed that the processing and registration in files, programs, systems or equipment, premises and centers comply with the requirements and conditions of integrity and security established in current regulations.

 

SSL CERTIFICATE (SECURE SOCKETS LAYER)

 

We use reasonable safeguards to protect personal information against loss and theft, including encryption technology, restricted access, “firewalls,” and Secure Socket Layers (SSL). The SSL CERTIFICATE provides authentication, privacy and information security between MERIDIA CAPITAL PARTNERS SGEIC, S.A and the user. MERIDIA CAPITAL PARTNERS SGEIC, S.A has a SSL security certificate certificates secure internet connections by encrypting data sent between your browser, our website you're visiting, and our website server.

However, security over the internet cannot be guaranteed. Our Company does not assume any responsibility for any harm, loss, or damage you may experience or incur by the sending of personal or confidential information over the internet, and you should take your own measures to protect your sensitive information. If you have any questions about the security of our Site, contact us through protecciondedatos@meridiacapital.com

 

LANGUAGE

 

The language applicable to this Privacy Policy is English. Therefore, in case there is any contradiction in any of the versions we could provide in other languages, the English version will prevail.

11.- Update:    

This Privacy Policy was last updated in June 2022

11. UPDATE

 

This Privacy Policy was last updated in June 2022 but may be updated at any time. We recommend that you check it every time you access our website in case it has suffered alterations.