Legal Framework

In accordance with the provisions of the Regulation (EU) 2016/679 of the European

Parliament and of the Council of 27 April 2016 on the protection of natural persons with

regard to the processing of personal data and on the free movement of such data, and

repealing Directive 95/46/EC (“GDPR”) and any law, circular or regulation in the context of

GDPR, as amended from time to time, personal data may be processed by Exocent Fund,

the GFIA, and their service providers.

Exocent Fund and GFIA will act as data controller.

In accordance with articles 13 and 14 of GDPR, some information, as detailed in the present

notice, must be provided by the data controller to Data Subjects.

Data Subjects should be understood as identified or identifiable natural persons whose

personal data is processed by Exocent Fund/the General Partner, or by UCI Administrator

and Domiciliary Agent as data processors (the “Data Processors”) on behalf of the Exocent

Fund, such as (i) the limited partners of Exocent Fund, their ultimate beneficial owners,

directors, agents, authorised representatives, their designated contact persons (the

“Investors”), (ii) the ultimate beneficial owners, directors, agents, authorised

representatives, members of investment committees or advisory committees and designated

contact persons of the General Partner, Exocent Fund, service providers or the portfolio

investments of Exocent Fund (the “Representatives” and together with the Investors, the

“Data Subjects”).

The Data Processors may also act as independent data controllers when they determine the

purposes and means of processing.

Personal data should be understood as any information (as more detailed in section 2.2.

below) relating to an identified or identifiable Data Subject (the “Personal Data”).

General Requirements

Who is the data controller and who to contact?

Exocent Fund/the GFIA acts as data controller, determining the purpose and means of

processing.

The data controller and the service providers collect, store and process by electronic or other

means the Personal Data supplied by the Data Subjects, for the purpose of: (i) fulfilling the

services related to an investment in Exocent Fund by the Investors; (ii) performing services

for the General Partner and Exocent Fund; and (ii) to comply with their legal obligations and

specifically in compliance with the provisions of GDPR.

Data Subjects who wish to contact the data controller should contact:

In writing at the following address: Exocent Partners GP SA.

22, Rue Jean Wolter, L – 3544 Dudelange,

Grand Duchy of Luxembourg : Board of

Directors

You have the right to lodge a complaint at any time to the competent supervisory authority

on data protection matters, such as in particular the supervisory authority in the place of your

habitual residence or your place of work. In the case of Luxembourg, this is the Commission

Nationale pour la Protection des Données (“CNPD”). We would, however, appreciate the

opportunity to deal with your concerns before you approach the supervisory authority, so

please contact us in the first instance.

What kind of Personal Data is processed?

Personal Data includes, but it is not limited to: the name, address, passport or identification

card details, bank account details, granted amount and financial situation of each Data

Subject.

In particular the Personal Data of the Data Subjects processed includes, but it is not limited

to, the following categories:

identification data (e.g. name, date of birth, place of birth, gender, marital status, e-

mail, postal address, telephone number, country of residence, passport, identity card,

tax identification number and bank account details);

contact details;

source of wealth;

specific personal and professional information when the Data Subject is a

Representative; and

any other information provided by the Data Subjects in the context of services

provided to them.

How do we receive your Personal Data and who are the recipients?

Personal Data may be collected, recorded, stored, adapted, transferred or otherwise

processed by Exocent Fund, the General Partner and their service providers.

Personal Data is received either directly from the Data Subject or through service providers.

The following parties may have access to the Personal Data:

Exocent Fund;

The General Partner;

UCI Administrator;

Forvis Mazars; and

Swissquote Bank Europe SA.

Any affiliates or delegates of the foregoing, the employees of those entities, the appointed

legal and professional advisers of those entities may also have access to the Personal Data,

in connection with the operations of the General Partner or Exocent Fund.

The data controller(s) may sub-contract to another entity, the data processor (such as the

service providers), the processing of Personal Data. The data processors may also engage

sub-processors.

When the data controller(s) use data processors (such as the service providers), the data

controller(s) shall ensure that such data processors provide sufficient guarantees to

implement appropriate technical and organisational measures and that such processing on

behalf of the data controller(s) meet the requirements of GDPR and ensure the protection of

the rights of the Data Subjects.

When information is not collected directly from the Data Subject, the person providing the

Personal Data shall ensure to inform the end Data Subject about the processing of his/her

Personal Data and his/her related rights. The person providing the Personal Data shall

transfer the information described in this privacy notice to the relevant Data Subject(s) so

they can properly exercise their rights.

For which purposes do we process your Personal Data?

For the purposes of a contractual obligation

We process your Personal Data in relation to your investment in Exocent Fund. The

information required is necessary for you to make an investment in Exocent Fund. In this

regard Personal Data may be processed for the following purposes:

maintaining the register of partners of Exocent Fund; and

processing subscriptions and redemptions of shares and payments of distributions to

partners of Exocent Fund.

We process your Personal Data in relation to your mandate/role as Representative.

For compliance with laws and regulations

Exocent Fund, the General Partner, the service providers and any of their affiliates are

subject to various legal obligations pursuant to statutory (e.g. laws of the financial sector,

anti-money laundering and combating the financing of terrorism laws, tax laws) and

regulatory requirements.

This covers processing of your Personal Data for compliance with applicable laws such as

the applicable legislation on Know-Your-Customer (“KYC”) and anti-money laundering and

combating the financing of terrorism (“AML/CFT”), compliance with requests from or

requirements of local or foreign regulatory enforcement authorities, tax identification and

reporting (where appropriate) notably under Council Directive 2011/16/EU on administrative

cooperation in the field of taxation (as amended by Council Directive 2014/107/EU), the

OECD’s standard for automatic exchange of financial account information commonly

referred to as the Common Reporting Standard, for Foreign Account Tax and Compliance

Act purposes, for the automatic exchange of information and any other exchange of

information regime to which we may be subject to from time to time.

Your Personal Data may be shared with Luxembourg tax authorities (or service providers for

the purpose of reporting) and may be forwarded by the latter to foreign tax authorities (failure

to provide correct information to us or to respond may result in incorrect or double reporting).

Automated decision making

Data Subjects should note that the Personal Data shall not be used for direct marketing,

profiling, or automated decision making.

For how long do we keep your Personal Data?

Your Personal Data will be kept in a form which permits its identification for the duration of

the service for which it was collected (i.e. for the duration of your investment in Exocent

Fund, a portfolio investment made by Exocent Fund, or the duration of your mandate) and

for the length of time required by applicable law.

Luxembourg laws relating to KYC and AML/CFT requires that documents be retained for a

period of five (5) or ten (10) years (depending on the specific processing) after the

relationship has come to an end and as advisable in light of an applicable statute of

limitations.

Rights of the Data Subject

Each Data Subject has:

1. a) a right to access his/her Personal Data processed by or on behalf of the data

controller(s). Data Subjects should send their requests as set out in section 2.1 ;

1. b) a right to have his/her Personal Data rectified if they are incorrect or incomplete;
2. c) a right to request the erasure (right to be forgotten) of his/her Personal Data in

accordance with the provisions of article 17 of the GDPR including in the following

situations: (i) where the Personal Data is no longer necessary in relation to the

Investor’s subscription in Exocent Fund, the portfolio companies invested in by

Exocent Fund or a mandate in the General Partner or Exocent Fund; and (ii) the Data

Subject objects to the processing of its Personal Data and there are no overriding

legitimate grounds for the processing; and (iii) where the data has been unlawfully

processed;

1. d) a right to request a restriction of the processing in accordance with the provisions of

Article 18 of the GDPR;

1. e) a right to lodge a complaint with the CNPD or the relevant authority of the Member

State in which the Data Subject resides or works in accordance with the provisions of

Article 77 of the GDPR; and

1. f) a right to receive the Personal Data concerning him or her or to request that it be

transmitted to another data controller, when feasible, in accordance with the

provisions of article 20 of GDPR.

To make any of the above requests you need to put the request in writing addressing it as

set out in section 2.1 of this notice.

Transfer of data outside European Economic Area

Personal Data of the Data Subjects may be processed by the service providers or their sub-

processors in accordance with the permitted purposes as set out in the Issuing Document of

Exocent Fund and subscription agreement of Exocent Fund, including where such

authorised entities are located outside Luxembourg or the European Union, in jurisdictions

where confidentiality and Personal Data protection laws might not exist or be of a lower

standard than in the European Union. In this case, any transfer of Personal Data to a third

country shall take place only if appropriate or suitable safeguards for the Data Subjects have

been put in place the service provider transferring Personal Data shall enter into a data

transfer agreement in the form of the EU Commission approved model contractual clauses

(as amended from time to time) or shall take any other measures satisfying the requirements

of the Data Protection Law for such disclosure, contractually ensuring that the Personal Data

is protected in a manner which is equivalent to the protection offered pursuant to

Luxembourg data protection laws. Data Subject may obtain a copy of the list of countries

where his/her Personal Data may be processed at the registered address of Exocent Fund.

Changes to the privacy notice and your duty to inform us of changes

It is imperative that the Personal Data we hold about you is accurate and current at all times.

Otherwise, this will impair our ability to provide you with the requested services (amongst

other potential and salient issues). Please keep us informed if your Personal Data changes

during the course of our engagement and professional relationship with you.

Amendments to this privacy notice will be made available at the registered office of Exocent

Fund and on this website.

Additional information

Exocent Fund or the General Partner may request the Data Subject to provide additional or

updated identification documents from time to time pursuant to on-going client due diligence

requirements under relevant laws, regulations and circulars, and Data Subjects shall comply

with such requests. Data Subjects should note that the data processed may be obtained

from, the service providers, or from public registers, when available. Data Subjects should

be aware that the information provided here above may be subject to changes.