iCON Infrastructure LLP

Privacy Policy

Introduction

1.1 Who we are

We are iCON Infrastructure LLP (“iCON”, “we”, “us”), a limited liability partnership incorporated and
registered in England and Wales with company number OC364705 and registered office at 15 Golden Square, London, W1F 9JG.

iCON is registered as a data controller (as defined under European Data Protection Regulation
(Regulation (EU) 2016/679) with the UK Information Commissioner’s Office (“ICO”) and our
registration number is Z3441590.

1.2 Purpose of this Privacy Policy

We take your privacy very seriously. As such, we ask that you read this Privacy Policy carefully as it
contains important information about:

(a) what personal data we may collect from you;
(b) how we will use, store and protect your personal data;
(c) with whom we may share personal data; and
(d) your rights under relevant data protection laws.

It is important that you read this Privacy Policy together with any other privacy notice or fair
processing notice we may provide on specific occasions when we are collecting or processing
personal data about you so that you are fully aware of how and why we are using your data. This
Privacy Policy supplements the other notices and is not intended to override them.

2. Lawful basis for processing

Under data protection laws, we must have a legal basis in order to process your personal data. The
legal bases on which we may process your data are:

  • Legitimate interest: in order to carry on and promote iCON’s infrastructure advisory business
    and related activities.
  • Consent: where you have consented for us to process your personal data for one or more
    specific reasons.
  • Performance of a contract: in order to perform a contract that iCON may have with you.
  • Legal obligation: where processing of the data is required by law. For example, to carry out
    ‘know your client’ checks required by our regulator, the Financial Conduct Authority, or similar
    requirements in respect of any of our subsidiaries.

3. What data we may collect from you

We may collect and process the following personal data:

  • your name, email address, telephone number(s), organisation, role and information related
    to our business relationship with you;
  • for clients and commercial counterparties, the personal data of its representatives and staff, including the data set out above as well as date of birth, gender, financial information, visual images (such as copies of passports) and data contained in identity documentation;
  • cookie data (please see our Cookies Policy on our website www.iconinfrastructure.com for
    further information); and
  • technical data such as internet protocol (IP) address, browser type and version, time zone
    setting and location, browser plug-in types and versions, operating system and platform and
    other technology on the devices you use to access our website.
  • where permitted by law or to fulfil our regulatory requirements, we may process
    information about criminal convictions or offences and alleged offences for specific and
    limited activities and purposes, such as to perform checks to prevent and detect crime and
    to comply with laws relating to money laundering, fraud, terrorist financing, bribery and
    corruption, and international sanctions. It may involve investigating and gathering
    intelligence on suspected financial crimes, fraud and threats and sharing data between
    banks and with law enforcement and regulatory bodies.

4. How we collect information from you

We collect your personal data in a number of ways:

  • as you browse the iCON website certain information is collected automatically using cookies,
    server logs and other similar technologies. Please see our Cookies Policy on our website for
    further information;
  • during the communications between us, such as via email, telephone, correspondence or in
    meetings;
  • any personal information you provide to us or one of our subsidiaries during your relationship
    with us as a client or commercial counterparty of us or one of our subsidiaries; and
  • from third parties/public sources:

o any personal data shared with us by our investments and prospective investments;
o technical data may be obtained from the following parties:
(a) our website management provider,
(b) data analytics providers, such as Google Analytics, and
(c) investor reporting applications, such as Intralinks;

o identity and contact data from publicly availably sources such as internet searches,
Companies House, Financial Conduct Authority, OpenCorporates, 192.com and
Infogreffe or from subscription services such as Thomson Reuters, Dun & Bradstreet
or ratings agencies (and including updates of such searches from time to time).

5. How we use your personal data

We may use your personal data for the following purposes:

  • to contact you to discuss any iCON services and to respond to any queries you have raised;
  • to store your contact details in our Client Relationship Management databases;
  • where you are a client or commercial counterparty of iCON or one of our subsidiaries:

a. to provide the relevant services,
b. to carry out necessary anti-money laundering and anti-fraud checks, including any
periodic updates of the same,
c. to enable us or our subsidiaries to conduct day-to-day business activities with you,
and
d. to carry out general investor relations activities and communications;

  • to personalise your experience on the iCON website; and
  • as we believe to be necessary or appropriate:

o in order to comply with a legal obligation. This applies where the processing is
necessary for us to comply with the law,
o to enforce or apply this Privacy Policy, and
o to protect our legitimate rights, privacy, property or safety, and/or those of a third
party and your rights do not override those interests.

6. Marketing

We or our group companies contact you about our services where we are legally entitled to do so
and it is in legitimate interests to provide such information to you. In some cases, we may obtain
your consent for such marketing communications.

If you do not wish to be contacted in this way, you can tell us by contacting us at
privacy@iconinfrastructure.com. We will process your request to be opted-out of such marketing
communications within 30 days of receipt.

Where you opt out of receiving these marketing communications, we may still process your personal
data for other required purposes, as specified in section 5 above.

7. Third party links

The iCON website may contain links to and from other applications, plug-ins and websites of other
networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that
they (and any services that may be accessible through them) have their own privacy policies and that
we do not accept any responsibility or liability for these policies or for any personal data that may be
collected through these apps, websites or services. Please check these policies before you submit
any personal data to these websites or use such services.

8. Retention of your data

We will not retain your personal data for longer than is necessary for the purposes for which the
personal data is processed. This means that your data will only be retained for as long as it is still
required to provide you with services or is necessary for legal (including regulatory) reasons. When
calculating the appropriate retention period for your data, we consider the nature and sensitivity of
the data, the purposes for which we are processing the data, and any applicable statutory retention
periods. Using these criteria, we regularly review the personal data which we hold and the purposes
for which it is held and processed.

When we determine that personal data can no longer be retained (or where you request us to delete
your data in accordance with your right to do so (please see section 12 below for more information)),
we ensure that this data is securely deleted or destroyed.

For more details about our retention periods, please contact us at privacy@iconinfrastructure.com.

9. Accuracy of your data

It is important that the personal data we hold about you is accurate and current. Please keep us
informed if your personal data changes during your relationship with us.

10. Security of your data

We seek to ensure that we have appropriate organisational and technical security measures to
protect your personal data. These measures include ensuring our internal IT systems are suitably
secure and implementing procedures to deal with any suspected data breach. All company desktops
have relevant antivirus and endpoint protection installed. IT penetration testing is carried out
regularly to test and mitigate the risk of intruders accessing the firm’s IT systems. We have a
dedicated, external IT team who monitor and upgrade our IT systems.

In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data
and, if required, will notify you and any applicable authority of such a breach.

11. Transfer of your data

Transfers within our group

We may share your data with other companies and branches within the iCON group, including our:

  • branch based in Düsseldorf, Germany;
  • our subsidiary general partner entities currently based in Guernsey; and
  • our Canadian subsidiary, iCON Infrastructure Canada, Inc.

Transfers to third parties

There may be circumstances in which we may also need to share your personal data with certain
third parties, including third parties located outside of the UK and the European Economic Area (EEA).
The third parties to which we may transfer your personal data include:

  • Suppliers. We employ other companies and individuals to perform functions on our behalf,
    including our software suppliers, data hosting providers, data analytics providers, and antimoney laundering tools;
  • Fund administrators and other service providers who assist us or our subsidiaries with the
    performance of services related to the investment funds which iCON advises and meeting
    business operational needs;
  • Banks who assist us or our subsidiaries by acting as depositories for client funds;
  • Other professional advisors such as accountants, lawyers, consultants and other business
    advisors engaged by us or our subsidiaries; and
  • Other third parties where required under law or applicable regulation, or in connection with
    legal or regulatory proceedings.

The security of your data is important to us and iCON will, therefore, only transfer your data to such
third parties if:

  • the third party has agreed to comply with iCON’s instructions, required data security
    standards, policies, and procedures and put adequate security measures in place;
  • the transfer complies with any applicable cross border transfer restrictions and suitable
    safeguards have been put in place; and
  • a written contract containing suitable obligations and protections has been entered into
    between the parties.

As mentioned above, iCON will only transfer your data where suitable safeguards have been put in
place. These safeguards are intended to ensure a similar degree of protection is afforded to your
data wherever it may be transferred and include:

  • only transferring your personal data to countries which have been deemed to provide an
    adequate level of protection for personal data by the European Commission;
  • where your data will be transferred by iCON outside of the EEA, entering into specific
    contractual terms which have been approved by the European Commission and which give
    personal data the same protection as within the EEA; or
  • where your data will be transferred to the US, ensuring that the third party to which we are
    transferring your data is part of the Privacy Shield.

We may also share your personal information with a purchaser or potential purchaser businesses
connected with iCON or its subsidiaries and in some circumstances, we may have to disclose your
personal information by law, either because our regulator, the courts or other law enforcement
agency has asked us for it, or to enforce our legal rights.

For more information on the safeguards used by iCON when transfers of personal data to third
parties, please contact us at privacy@iconinfrastructure.com.

12. Your rights

You have certain rights in relation to the personal data iCON process and hold about you. These
include:

  • Right to rectification: you have the right to require iCON to correct any inaccuracies in your
    data.
  • Right to erasure: you have the right to require iCON to delete your data, subject to certain
    legal requirements.
  • Right to restriction of processing: you have the right to require iCON to restrict the way in
    which iCON processes your personal data. You may wish to restrict processing if, for example:
    o You contest the accuracy of the data and wish to have it corrected;
    o You object to processing but iCON is required to retain the data for reasons of public
    interest; or
    o If you would prefer restriction to erasure.
  • Right to data portability: you have the right to obtain from iCON easily and securely the
    personal data we hold on you for any purpose you see fit.
  • Right to object to processing: you have the right to require iCON to stop processing your
    personal data should you wish the data to be retained but no longer processed.
  • Right of access: you have the right to request access to personal data that iCON may process
    about you.
  • Right to withdraw consent: you have the right at any time to withdraw consent allowing
    iCON to process your personal data.

If you would like to exercise any of the above rights, please contact iCON at
privacy@iconinfrastructure.com. We will respond to requests made by you within one month.

13. Amendments to this Privacy Policy

No changes to this Privacy Policy are valid or have any effect unless agreed by iCON in writing. iCON
reserves the right to vary this Privacy Policy from time to time. Our updated terms will be displayed
on the iCON website. It is your responsibility to check this Privacy Policy from time to time to verify
such variations.

14. Questions in relation to this Privacy Policy

You should also be aware that you have the right to raise any concerns in relation to how iCON
processes your personal data to the ICO (www.ico.org.uk).

We would, however, appreciate the chance to deal with your concerns before you approach the ICO
so please contact us in the first instance. iCON has appointed a data privacy lead (DPL) who is
responsible for dealing with any such concerns, in addition to overseeing questions in relation to this
Privacy Policy and handling requests in relation the exercise of your legal rights. If you have any
concerns, questions, or requests, please contact the DPL using the details set out below.

iCON Infrastructure LLP
15 Golden Square,
London,
W1F 9JG.

Email address: privacy@iconinfrastructure.com
Telephone number: +44 20 7292 9670
Last updated 14 June 2019