Privacy Policy Sagard SAS

This policy describes how Sagard SAS collects and uses personal data and how you can exercise your rights with respect to your personal data. It has been prepared in accordance with the EU General Data Protection Regulation no. 2016/679 of 27 April 2016 (GDPR), as well as the French Data Protection Act no. 78-17 of 6 January 1978 on information technology, files and freedoms and its implementing decrees.

Sagard SAS takes the protection of your personal data very seriously. Should you have any questions, comments or concerns about this policy, please contact us using the contact details set out in section 7 “What are your rights and how can you exercise them?”.

1. Who is responsible for the personal data that we collect?

Sagard SAS is the Data Controller within the meaning of the GDPR. We collect personal data from our investors and professional contacts in the course of our business.

Processing means any operation or set of operations which is performed, whether or not by automated means, on personal data or sets of personal data, i.e. any information relating to an identified or identifiable natural person. Processing may include collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Sagard SAS, a company of the Power Corporation du Canada Group, is a French asset management company with accreditation from the French securities regulator (Autorité des marchés financiers, AMF) under number GP01046. It is registered in the Paris Trade and Companies Register under number 439 725 524. Its registered office is located at 49/51, Avenue George V, 75008 Paris, France – Tel: +33 (0)1 53 83 30 00 – Fax: +33 (0)1 53 83 30 30 – E-mail: [email protected].

2. How, why and on what legal basis do we use your personal data?

Sagard SAS collects personal data about visitors to its website, its service providers, its investors and potential investors, its professional contacts, its partners during the investments and divestments made by its funds, and, more generally, in the course of our relationship with you.

The data may be collected directly from you, obtained through public sources by a third party or provided by authorised intermediaries involved in the relevant financial transactions.

We need to collect a certain amount of personal data to do our work as an asset management company. However, we do not collect sensitive data (relating to racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership or genetic, biometric or healthrelated data or data concerning a person’s sex life or sexual orientation), except in the case of specific legal obligations.

The purposes and legal basis for processing your personal data differ depending on how it is used.

3. When you browse our website

Personal data collected. For monitoring and improvement purposes, we use cookies (small text files generated by the website and stored on your computer that identify you when you log on to our website) to collect and store certain data on our servers about all visitors to our website. These data include certain anonymous data collected for analytical and statistical purposes and to ensure that our website is functioning properly. You can change your cookie preferences at any time by adjusting your web browser settings. However, disabling cookies may impact your browsing experience.

If you contact us via our website, certain identifying data may be collected (surname, first name, email address, content of messages, etc.).

Purposes of the data collection. The personal data collected on Sagard SAS’ website is used to manage your browsing preferences, improve your user experience and manage relations with our contacts.

Legal basis for the data processing. Processing your personal data as you browse our website falls within Sagard SAS’ legitimate interest of giving you access to the website’s content and features and, more generally, managing and monitoring relations with our contacts.

4. When you invest or wish to invest in our funds

Personal data collected. In the course of its business, Sagard SAS collects the following personal data from its investors and potential investors: your identifying data (surname, first name, telephone number, postal address, e-mail address, etc.), information relating to your professional life (company, position, etc.) and, if you invest in one of our funds, financial and banking data relating to your investment (amount invested, date of investment, etc.), as well as identifying data required for compliance with legal or fiscal obligations (prevention of money laundering and terrorism financing or reporting obligations under French tax regulations, the Foreign Account Tax Compliance Act (FATCA), the automatic exchange of information in the field of taxation (DAC) or the Common Reporting Standard (CRS)).

Purposes of the data collection. The personal data collected is used to manage relations with our investors. In particular, the data is used for fund subscription purposes and to monitor our investors and potential investors, as well as to meet legal and fiscal requirements.

Legal basis for the data processing. On the one hand, the data is processed in order to fulfil the contract with the relevant investor. Without the data processing, Sagard SAS may be unable to fulfil its contractual obligations. Managing and monitoring its investors falls with Sagard SAS’ legitimate interest of managing its investor relations. Lastly, your personal data may be collected in order to comply with legal or regulatory obligations inherent to Sagard SAS’ business.

5. When you are one of our professional contacts, service providers or suppliers

Personal data collected. The personal data that we collect includes: your identifying data (surname, first name, telephone number, postal address, e-mail address, etc.), information relating to your professional life (company, position, etc.) and, if you are one of our service providers or suppliers, financial data relating to your contractual relationship with Sagard SAS (bank details, invoices, payment data, etc.).

Purposes of the data collection. The personal data collected is used to manage relations between Sagard SAS and its professional contacts and contractual relations with its service providers and suppliers.

Legal basis for the data processing. Processing your personal data falls within Sagard SAS’ legitimate interest of managing its relations with you. If you are one of our service providers or suppliers, the processing is required to fulfil the contract between you and Sagard SAS. Without the data processing, Sagard SAS may be unable to fulfil its contractual obligations. Lastly, the processing of some of your data is necessary to comply with Sagard SAS’ legal obligations (tax, accounting and transparency obligations).

6. When you have dealings with Sagard SAS in connection with the investments and divestments made by the funds that we manage

Personal data collected. When our funds carry out transactions (identification of new investments, acquisitions, management, divestments, etc.), the personal data that we collect includes: your identifying data (surname, first name, telephone number, postal address, e-mail address, etc.), information relating to your professional life (company, position, etc.) and, if we carry out a transaction with you, financial data relating to the transaction, as well as identifying data for compliance with legal or fiscal obligations (prevention of money laundering and terrorism financing or reporting obligations under French tax regulations, the Foreign Account Tax Compliance Act (FATCA), the automatic exchange of information in the field of taxation (DAC) or the Common Reporting Standard (CRS)).

Purposes of the data collection. The personal data is collected in order to manage future or ongoing transactions as part of the acquisition, management or disposal of an investment by a fund managed by Sagard SAS in the course of its business.

Legal basis for the data processing. The data processing falls with Sagard SAS’ legitimate interest. Lastly, your personal data may be collected in order to comply with legal or regulatory obligations inherent to Sagard SAS’ business.

7. How long do we keep your personal data?

We only keep your personal data for as long as necessary for the purposes for which it was collected.

The retention period therefore varies depending on that purpose, as well as on any applicable operational, regulatory or legal requirements stipulating a specific retention period for certain types of data, any statute of limitation periods and the recommendations of the French data protection authority (Commission nationale de l’informatique et des libertés, CNIL) for certain types of data processing.

Your personal data is also kept to enable Sagard SAS to defend itself against and respond to legal claims and meet requests from authorities or regulators until the end of the retention period.

8. With whom do we share the personal data that we collect?

Your personal data is collected exclusively by competent Sagard SAS departments or by service providers and suppliers that are authorised to do so in view of the purposes of the processing. Your personal data will not be sold or transferred under any circumstances.

However, you should be aware that we may have to disclose your personal data to third parties.

In compliance with the applicable regulations, we may share your personal data with certain service providers and suppliers when such disclosure is strictly necessary for them to perform their services (custodians, lawyers, hosts, IT maintenance, etc.). For example, Sagard SAS uses a service provider to manage its investor portal. If you are an investor in one of our funds, the service provider will therefore have access to some of your personal data, including your identifying data (surname, first name and e-mail address).

In addition, we may have to share your personal data with the competent authorities and courts if so required by the law or regulations, as well as within the Power Corporation du Canada Group, where necessary and in compliance with the applicable regulations.

9. Is your personal data transferred outside the European Union?

Wherever possible, your personal data is processed within the European Union.

In certain cases, some of the aforementioned third-party recipients may be located outside the European Union and have access to all or part of the personal data that we collect. As such, some of your personal data may be transferred to third parties established in countries outside the European Union. Such third parties include the Power Corporation du Canada Group, when the transfer is strictly necessary and falls within its legitimate interests and complies with the applicable regulations.

Some of the recipients of your personal data are considered to provide a sufficient level of personal data protection because they are established in a country whose personal data protection regulations are recognised as providing a level of protection equivalent to the GDPR.

If the entity receiving your personal data is established in a country that does not offer a sufficient level of protection, we ensure that appropriate security and confidentiality measures are taken to protect your data. We are committed to ensuring that your data is protected in accordance with the strictest rules, in particular by using the European Commission’s standard contractual clauses, which enable us to ensure that appropriate safeguards are provided to protect your data.

10. How do we protect the personal data that we collect?

We have the appropriate organisational structure and technical resources in place to protect the security and confidentiality of your personal data and to prevent it from being altered, damaged, destroyed or disclosed to unauthorised third parties at any point in its processing.

The data that we collect is only accessible to authorised members of our staff and to our service providers when needed by them to perform their services. However, although we take all reasonable measures to protect your personal data, no transmission or storage technology is totally infallible.

In accordance with the applicable regulations, in the event of a personal data breach likely to result in a risk to individuals’ rights and freedoms, we undertake to notify the competent control authority and, when required by the regulations, the relevant data subjects (individually or collectively as appropriate).

Notwithstanding the foregoing, it is your responsibility to take sensible precautions to prevent any unauthorised access to your personal data and your devices (computer, smartphone, tablet, etc.).

11. What are your rights and how can you exercise them?

In accordance with the applicable personal data protection regulations, Sagard SAS ensures your rights regarding the processing of your personal data, namely:

• the right to be informed in a concise, transparent and intelligible manner about your data and its processing;
• the right to obtain access to your personal data and its rectification or erasure within the limits of the GDPR;
• the right to request the restriction of processing of your personal data;
• the right to withdraw your consent, if it was required when your data was collected;
• the right to specify guidelines regarding the use of your personal data after your death;
• where applicable, the right to data portability;
• the right to object to the processing of your personal data.

You can exercise your rights freely and at any time by sending us a letter enclosing a copy of your proof of identity either by e-mail to [email protected] or by post to Sagard SAS, Service Juridique, 49/51, Avenue George V, 75008 Paris, France.

In accordance with the applicable regulations and your rights as described above, you may also file a complaint with the CNIL in the event of a breach of the applicable personal data protection regulations and, in particular, the General Data Protection Regulation (GDPR).

12. Can the personal data protection policy be changed?

This personal data protection policy may be amended at any time, with effect from the date on which the update is published on our website.

We therefore invite you to consult this policy regularly.