PRIVACY POLICY FISCONTI TAX CONSULTING

Fisconti Tax Consulting - WHO ARE WE AND WHAT DO WE DO?
We provide tax advice to our national and international clients concerning, inter alia, private equity, mergers and acquisitions, real estate, financial services, tax structuring and private clients (the Services). You can find more information about us and our Services on our website: www.atlas.tax (the Website).
This Privacy Policy applies to the use of our Services and to the use of our Website.
We consider your privacy very important. In this Privacy Policy we explain which personal data we collect through our Website and Services. We also clarify for which purposes we use personal data, how we protect them and how long we store them.

PRIVACY AND THE RELEVANT LEGISLATION
We comply with the General Data Protection Regulation ("GDPR"), which replaced the various privacy laws in the European Member States with effect from 25 May 2018. We also comply with other relevant legislation in the area of personal data protection, such as the Telecommunications Act concerning the use of cookies. All legislation referred to here and all related legislation will hereinafter jointly be referred to as the "Relevant Legislation".

PERSONAL DATA
In this Privacy Policy the term "personal data" refers to all information that can be used to identify you directly or indirectly. This definition is in accordance with the Relevant Legislation. This is a broad definition: under circumstances a dynamic IP address can even be considered personal data.

WHICH PERSONAL DATA DO WE COLLECT AND FOR WHICH PURPOSES
DO WE USE PERSONAL DATA?
We may collect various types of personal data of the users of our Website and/or Services, of our employees and of job applicants. Below we have detailed the personal data that we collect.

DATA OF OUR (POTENTIAL) CLIENTS:
(Personal) data Purpose(s)
Contact details of existing clients:
First and last name, email address and telephone number of the contact person. We use these data to:
- address our clients in the correct manner in our correspondence;
- contact and maintain contact with our clients;
- send commercial messages (only in case of an existing client who has not made use of the right to object or in case we have been given permission to do so).

Tax data of our clients:
Name and address of client, invoice data (Services provided, prices, VAT rates), contact details, wage data, company details, VAT number, Individual Tax Identification Number, shareholder relationship and all other relevant information from a financial perspective. We use these data to:
- draw up invoices for our clients;
- include them in our records for the Tax and Customs Administration;
- communicate to the Tax and Customs Administration;
- be able to provide services to our clients.

Bank details of our clients: Account number, IBAN and BIC. We use these data to process and keep a record of payments made by our clients.
Data in documentation clients: Personal data that clients provide to us in their documentation, such as names, contact details, wage data, company details, VAT number, Individual Tax Identification Number, shareholder
relationship and all other relevant information from a financial perspective (payroll records, tax data).

We use these data to provide our Services to our clients, by providing tax advice. Data pertaining to previous Services to our clients:
History of Services previously provided to the client. We use these data to:
- list which Services clients have purchased;
- send commercial messages about Services that might be of interest to the client, on the basis of services previously
provided to the client in question.

Identification details of our clients:
Passport copy We use these data to identify our clients, if we are obliged to do so pursuant to the Anti-Money Laundering and Anti-Terrorist Financing Act. We block the Individual Tax Identification Number and the passport photo and retain copies of identity documents for no more than five years.

Contact details of potential clients via contact form on the Website:
First and last name, company name, email address, telephone number (optionally) and any personal data included in the message. We use these data to:
- contact clients on the basis of their message;
- send commercial messages (only if clients have given us permission to do so).

DATA OF JOB APPLICANTS :
(Personal) data Purpose(s)
Contact details of job applicant: First and last name, email address and telephone number. We use these data to contact and maintain contact with the job applicant.

Application details of the job applicant:
Details on the CV (such as qualifications, work experience and training) and details concerning any disabilities of the job applicant, as a result of which the duties associated with the position cannot be performed. We use these data to assess which job applicant is a suitable candidate to join Atlas. We will remove the data of the job applicants after four weeks, unless the job applicant has given us permission to retain the data for one year.
Selection procedure details:

Job interview(s) notes and (if applicable) results of
assessments and psychological tests. We use these data to assess which job applicant is a suitable candidate to join Atlas. We will remove the data of the job applicants after four weeks, unless the job applicant has given us permission to retain the data for one year.

WHY ARE WE ALLOWED TO PROCESS YOUR PERSONAL DATA?
There are various bases in the Relevant Legislation pursuant to which we may or must process your personal data:

- PERFORMANCE OF THE CONTRACT:
Some data are necessary to perform the contract with our clients, such as the contact details and invoice data and the personal data that are included in the documentation that our clients send to us.

- LEGAL OBLIGATION:
We are obliged to keep a number of details in our records for the Tax and Customs Administration, such as invoice data and the country of your residence. In some cases we must process a copy of the passport and/or identity document pursuant to the Anti-Money Laundering and Anti-Terrorist Financing Act. We block the Individual Tax Identification Number and the passport photo and retain copies of identity documents for no more than five years.

- LEGITIMATE INTEREST:
We have a legitimate interest in the processing of other data, for example in the processing of the data of job applicants and the performance data of our employees.

- CONSENT:
We require consent to send newsletters and invitations to events via email to contacts that do not purchase paid services from us. This consent can also easily be withdrawn using the unsubscribe link in each newsletter or invitation.

HOW LONG DO WE RETAIN THE PERSONAL DATA?
We retain the personal data for as long as we require them for the aforementioned purposes:

- PERSONAL DATA IN OUR RECORDS FOR THE TAX AND CUSTOMS ADMINISTRATION:
We retain these data for 7 years, unless we are under a legal obligation to retain the data for a longer period;

- PERSONAL DATA OF JOB APPLICANTS:
We retain these data for up to 4 weeks after the selection procedure, unless the job applicant has given us permission to retain the data for one year;

- PERSONAL DATA OF STAFF:
We retain the personal data in the staff file for 2 years, unless we are under a legal obligation to retain the data for a longer period;

- PERSONAL DATA OF CLIENTS:
We retain these data while we have a collaboration with the client and for up to 2 years after the end of the collaboration with the client, unless we are under a legal obligation to retain the data for a longer period;

- OTHER DATA:
We retain other personal data only while these are necessary for the purposes, we will remove your personal data as soon as these are no longer necessary for the purposes for which they are collected.

DO WE SHARE YOUR PERSONAL DATA WITH OTHERS?
We use "Processors" to help us with our Services. Within that context such Processors receive personal data from us, which they process on our instructions. For instance, we use Processors to store the login data and to handle payments made by our contacts.
The Processors that we engage for the processing of personal data are:
Purpose Location Clarification
External records management Registered office in
United States (storage in
NL) This organisation has its registered office in the US and is registered on the Privacy Shield List. The organisation offers an appropriate security level.

CRM software The Netherlands This organisation has its registered office within the EU and must therefore comply with the Relevant Legislation.
(Payroll) administration The
Netherlands This organisation has its registered office within the EU and must therefore comply with the Relevant Legislation.
Cloud hosting The
Netherlands This organisation has its registered office within the EU and must therefore comply with the Relevant Legislation.
Online declaration software Registered office in
Britain (Dutch Software) This organisation has its registered office within the EU and must therefore comply with the Relevant Legislation.

These Processors must follow our instructions strictly. They will therefore not use the personal data for their own purposes. We see to it that all of our Processors comply with the Relevant Legislation.
Apart from the above we will not share your personal data with others - unless we are under a legal obligation to do so.

EXPORTING PERSONAL DATA OUTSIDE THE EUROPEAN UNION
We may transfer personal data to parties outside the EU, in case one of our Processors has their registered office outside the EU. The transfer of data to parties outside the EU will always take place in accordance with the Relevant Legislation (such as Article 76 paragraph 1 of the Personal Data Protection Act - replaced by chapter 5 of the GDPR with effect from 25 May 2018).

HOW DO WE PROTECT PERSONAL DATA?
We protect all personal data that we process against unauthorised and unlawful access, alteration, disclosure, use and destruction. To that end, we have taken appropriate technical and organisational measures.

WEBSITES OF THIRD PARTIES
You may come across (hyper)links on our Website that link to the websites of partners, suppliers, advertisers, sponsors, licensors or other third parties. We have no control over the contents or the links that appear on such websites and are not responsible for the practices of websites linked to or from our Website. In addition to this, these websites, including their contents and links, may change at any time. These websites may have their own privacy policies, conditions of use and client policy. The browsing of and interaction on each other website, including websites linked to or from our Website, are subject to the conditions and the policy of the website in question.

CONTACT FORM
You can ask us questions or make requests by means of the contact form. In doing so you must fill in
your name, telephone number, email address and question/request. We retain these data until we have contacted you and have answered your question.

COOKIES
We make use of cookies on the Website. A cookie is a simple small text file that can be placed on your computer when you visit the Website. This text file identifies your browser and/or computer. When you revisit our Website, the cookie ensures that our Website recognises your browser or computer, for instance.
We make use of the following types of cookies:

- F UNCTIONAL COOKIES:
Functional cookies are essential for our Website to work. They allow us to navigate you through our Website and to make use of the functions incorporated therein.

- ANALYTICAL OR STATISTICAL COOKIES:
Analytical cookies are used to examine the quality and effectiveness of the Website. For instance, we can see how many users visit the Website and which pages are visited. We use this information to improve our Website and services.
If you do not want cookies to be sent to your computer, you can change this using the cookie settings of your browser. Please keep in mind that some functions or services of our Website may not function or may not function as well without cookies.

CHANGES TO THIS PRIVACY POLICY
We would like to improve our Website and Services continuously. That is why we may update this privacy policy from time to time. If we significantly change our privacy policy we will specify this on our Website, together with the updated privacy policy.

YOUR RIGHTS AND OUR CONTACT DETAILS
As described in the Relevant Legislation, you have the right to:
- Send us a request for access to and/or a copy of your personal data that we process, including the location where your data are processed, who receives your personal data, how long we retain your data and for which purposes we process the data. If you so desire we can also forward this copy to another data manager;
- Request us to correct or alter your personal data or to remove your personal data from our systems;
- Request us to restrict the processing of your personal data;
- Lodge an objection to the processing of your personal data with us;
- Lodge a complaint with the Dutch Data Protection Authority, if you believe that we process your
personal data unlawfully.