DEH OÜ.

Introduction

Dives Enterprises is dedicated to upholding the privacy and security of personal information ("PI"), including sensitive personal information ("SPI"), in compliance with all relevant privacy and data protection regulations. Our operations span various jurisdictions, each governed by its own set of laws concerning PI processing. "Dives Enterprises", "we", "us", or "our" refers to Dives Enterprises Holdings OÜ and its subsidiaries, collectively referred to as the "Dives Enterprises Holdings". Dives Enterprises Holdings OÜ and the specific entity you engage with are the controllers of your PI.

References to "you" or "your" pertain to individuals whose PI is processed by Dives Enterprises, including individual investors, client employees, officers, or agents ("Representatives") with direct or indirect connections (such as those who invest through intermediaries), and beneficial owners of an organization or entity in connection with:

Provision of services to potential and existing clients.
Transactions in which we are involved (including those conducted on behalf of clients).
Services rendered to us by third-party vendors.

If your agreement is with the Dives Enterprises Group, the Dives Enterprises entity you engage with will serve as the controller of your PI. If you are an investor in a Dives Enterprises managed product, the relevant Dives Enterprises management company and, if applicable, the managed product itself will act as separate controllers. This privacy policy pertains to your association with Dives Enterprises.

PI (Personal Identifiiers) we collect about you

PI refers to information pertaining to an individual that can be used, either alone or in conjunction with other data sources, to identify that individual. PI excludes information where the individual's identity or specific details have been anonymized. SPI constitutes a sub-category of PI and includes information regarding race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health information, and genetic or biometric data.

The type of information we collect depends on the services provided, applicable laws, and our relationship with you. We categorize the PI we may process as follows (the listed examples for each category are not exhaustive):

Identification data
Contact data
Electronic Monitoring data
Financial data
Marketing, Behavioral, and Communications data
Professional Information data
Profile data
Services data
Dives Enterprises Building and Assets Security data
Technical data
SPI

In limited instances, we may collect information about criminal convictions and offenses when legally mandated; dietary requirements when arranging catering; disability information to facilitate reasonable accommodations in our facilities; political affiliations to determine if you are a politically exposed person.

We collect PI related to you through various means, including:

Directly from you when provided in connection with a Dives Enterprises product or service, such as a completed investment application form.
If you are a Representative of an organization or entity that is a client or vendor of Dives Enterprises, and that organization or entity provides us with your PI.
Throughout our relationship with you, including updates to your details, provision of additional PI, or changes in the services we provide to you.
From publicly available sources where you have engaged with us via social media or where your PI is considered for talent acquisition purposes, including public profiles on social media.
From third parties such as credit reference agencies.
Through visits to our websites or by logging into any of our online services.

We may also generate or derive PI, such as records of your interactions with us, subject to applicable law. Unless otherwise specified as optional, any PI we request is necessary to provide you, your organization, or entity with the requested products and services. Failure to provide requested PI may result in our inability to furnish those products and services.

Purpose and Legal Basis for Processing Your PI

The below table sets out the purposes and basis for which we process PI.

Processing Purpose	Category of PI	Basis of Processing
To consider opening an account, or entering into a relationship at your request, including performing anti-money laundering, anti-terrorism, sanction screening, fraud and other due diligence checks	Identification data Contact data Financial data Professional Information data Services data SPI	Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring we do not accept the proceeds of criminal activities or assist in fraudulent or any unlawful activities, such as terrorism
To deliver the services you have requested, including liaising with third parties (e.g., brokers for the purposes of executing transactions) and to provide access to our technology solutions services (e.g., Aladdin)	Identification data Contact data Financial data Profile data Services data Technical data Marketing and Communications data Professional Information data	Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring that you are provided with the best client services and visitor services we can offer, and securing a prompt payment of any fees, costs and debts in respect of our services
To manage payments, fees, and charges and to collect and recover money owed to us	Identification data Contact data Financial data Professional Information data Services data	Performance of a contract Legitimate interests: ensuring we can manage payments, fees and charges and to collect and recover money owed to us
To manage our relationship with you which will include notifying you about changes to our terms of business or this privacy policy	Identification data Contact data Profile data Marketing and Communications data Professional Information data	Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring we can notify you about changes to our terms of business or this policy
To interact with governmental or regulatory bodies or other competent national authorities	Identification data Contact data Financial data Services data Professional Information data	Legal or regulatory obligation Public interest
To detect or prevent fraud and/or other criminal activity and to protect our employees and assets	Identification data BlackRock Building and Assets Security data Contact data Electronic Monitoring data Financial data Professional Information data Profile data Services data Technical data	Legal or regulatory obligation Public interest Legitimate interests: protecting BlackRock and client assets, detecting, and protecting against breaches of our policies and applicable laws protecting BlackRock employees
To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities	Identification data Contact data Profile data Technical data Marketing and Communications data Professional Information data	Legal or regulatory obligation Legitimate interests: ensuring the efficient and secure running of our business, including through office and facilities administration, maintaining information technology services, network and data security and fraud prevention
To invite you to take part in market insight or other events, or client seminars or similar, and to manage your participation in them	Identification data Contact data Profile data Technical data Marketing and Communications data Professional Information data	Consent Legitimate interests: ensuring our client records are up to date, promoting our client services, receiving feedback, improving our services, identifying ways to expand our business
To send you marketing communications and service updates (including by paper and electronic channels) and to better understand how our websites and platforms are used and to improve user experience	Identification data Contact data Profile data Technical data Marketing and Communications data Professional Information data	Consent Legitimate interests: reviewing how clients use, and what they think of, our services, identifying ways to improve and expand our business
In relation to vendor services:
Purpose and/or activity	Type of data	Legal basis for processing
To engage you or the organization or entity you work for as a new supplier, including performing anti-money laundering, anti-terrorism, sanctions, fraud, and other background checks	Identification data Contact data Financial data Services data Professional Information data	Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism Public interest
To manage payments, fees, and charges and to collect and recover money owed to us	Identification data Contact data Financial data Professional Information data Services data	Performance of a contract Legitimate interests: ensuring we can manage payments, fees, and charges; to collect and recover money owed to us
Where we provide you access to our systems we need to manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, and data hosting	Identification data Contact data Profile data Technical data	Legal or regulatory obligation Legitimate interests: ensuring the efficient and secure running of our business, including maintaining information technology services, network, and data security

To whom we disclose your PI

In alignment with the objectives elucidated in the section &aposPurpose and Legal basis for processing your PI&apos above, we may divulge Personal Information (PI) in any jurisdiction to the following parties:

Other entities under the umbrella of Dives Enterprises Holdings OÜ.
Professional advisors, third-party entities, agents, or independent contractors rendering services to any entity under Dives Enterprises Holdings OÜ (such as IT systems providers, platform providers, financial advisors, brokers, consultants including legal and accounting professionals).
Providers of goods and services, intermediaries, brokers, marketing service providers (where permissible under applicable regulations), and other collaborating individuals and entities.
Competent authorities or their representatives (inclusive of national and/or international regulatory or enforcement bodies, agencies, courts, or other judicial or tax authorities) where mandated or permitted by relevant laws or regulations.
Prospective buyers, transferees, merger partners, or sellers and their advisors concerning an actual or potential transfer or merger of part or all of Dives Enterprises Holdings OÜ's business or assets.
Credit reference agencies or entities aiding in anti-money laundering, anti-terrorist financing checks, and fraud detection.
Individuals or entities to whom disclosure is sanctioned or compelled by local or foreign laws, regulations, or any other applicable instruments.

International Transfers and Service Providers

For the provision of global services and in the ordinary course of business operations, we may transfer PI to locations outside the jurisdiction of your residence or where services are availed, including processing centers of Dives Enterprises Holdings OÜ in the USA, Hungary, India, and Singapore. Despite potential variances in privacy and data protection laws, we enforce consistent levels of security and organizational controls across all PI processing activities. Our third-party service providers processing PI on our behalf are contractually obliged to adhere to Dives Enterprises Holdings OÜ's standards for PI processing.

If PI is transferred out of the European Economic Area (EEA), we ensure a commensurate level of protection for your PI by either ensuring the destination country is deemed by the EU Commission to provide adequate protection or by implementing contractual clauses approved by the EU Commission.

Marketing and Opting Out of Marketing Communications

In certain jurisdictions, explicit consent may be required to receive marketing communications. However, you retain the right to opt-out of such communications at any time by utilizing the provided marketing opt-out mechanisms, contacting your designated Dives Enterprises Holdings OÜ representative, utilizing the contact details provided in the “Contacting Us” section of this Privacy Policy, or exercising your rights related to cookies as delineated in our Cookie Policy.

Third-Party Marketing or Sale of PI

Dives Enterprises Holdings OÜ does not engage in the sharing or selling of your PI to third parties for their independent marketing or other purposes.

Retention of PI

We will process your PI for the duration necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, accounting, reporting, internal policy requirements, or for the establishment or defense of legal claims.

PI Security

Employing a spectrum of physical, electronic, and managerial measures, we ensure a level of security commensurate with the risks associated with PI processing. These measures encompass:

Educating and training relevant staff on privacy obligations and cybersecurity best practices.
Ensuring confidentiality, integrity, availability, and resilience of processing systems and services.
Timely restoration of availability and access to PI in case of physical or technical incidents.
Administrative and technical controls restricting access to PI.
Technological security measures such as firewalls, encryption, and antivirus software.
Physical security measures including building access controls.
External technical assessments, security audits, and vendor due diligence.
Perimeter security, network segregation, application security, endpoint security, real-time monitoring of data leakage controls, layered cybersecurity defenses, and security incident reporting and management.

While we endeavor to safeguard PI, it's important to note that the security of data transmitted over the internet (including via email) cannot be guaranteed, and such transmissions carry inherent risks of access and interception. Therefore, we advise against transmitting any PI via open or unsecured channels over the internet. Though we strive to protect PI, we cannot guarantee the security of data transmitted to us or by us.

Rights

In certain circumstances you may have the following rights in relation to the processing of your PI:

Access: You have the right to request a copy of the PI we process regarding you and to be informed about how we utilize and share your PI.

Objection: You can object to the processing of your PI if (i) we process your PI based on legitimate interests or for the performance of a task in the public interest (including profiling); or (ii) if we process your PI for direct marketing purposes.

Correction: You have the right to request updates to the PI we process regarding you, or to correct any PI that you believe is inaccurate or incomplete.

Erasure: You may request the deletion of PI that we process regarding you, where we lack a legal or regulatory obligation or other valid reason to continue processing it.

Restriction: You can request that we restrict how we process your PI. For instance, if you contest the accuracy of your PI or have raised an objection that is under review.

Portability: You have the right to request a copy of your PI provided to us in a commonly used electronic format, such as through the completion of an application form.

Automated Decision Making: You may request manual intervention if automated decisions affect you legally or similarly.

Complaints

If you have concerns or complaints about how your PI is processed, please contact the Global Head of Privacy and Data Protection at [email protected]. You also have the right to lodge a complaint with a data protection authority or another competent authority with jurisdiction over privacy and data protection law in your country of residence or work, or in the country where you believe there has been an issue regarding the processing of your PI.

Cookie Policy

Please refer to our separate Cookie Policy.

Linked Websites

This Privacy Policy does not apply to third-party websites not owned or controlled by us, or to any third-party website where Dives Enterprises advertisements are displayed.

Changes to this Privacy Policy

We may periodically modify or amend this Privacy Policy, and we recommend checking our website regularly for any updates. Material changes will be communicated to you through appropriate channels, based on our standard communication methods.

Contact Us

The Head of Privacy and Data Protection oversees privacy and data protection compliance at Dives Enterprises Holdings OÜ. If you wish to exercise your rights or have any questions regarding this policy, please write us at:

Address: Tornimäe 7, 10145 Tallinn, ESTONIA
Email: [email protected]
Website: https://divesenterprises.com

PRIVACY POLICY