GLOBAL PRIVACY POLICY

Last Update: May 2018

At Miko, we value your privacy and care about the way your personal data is treated.

For the purposes of this Global Privacy Policy (the “Policy”) the terms “Miko”, “us”or “our”generally refer to the company Miko N.V., having its registered offices at Steenweg op Mol 177, 2300 Turnhout (Belgium), and all its direct and indirect subsidiaries belonging to its group from time to time, a full list of which is publicly available through http://www.mikogroup.be/investor-relations/group-overview.

The purpose of this Policy is:

describing what personal data we collect about you;
how we obtain your personal data;
how we make use of your personal data;
on what basis we make use of your personal data;
how long we keep your personal data;
with whom we share your personal data;
which countries we might transfer your personal data to;
how we protect your personal data;
your rights in relation to your personal data;
how to make a complaint or contact us;
changes to this policy

What personal data do we collect about you?

We may collect personal data from you in the course of our business, including through your use of our websites, when you contact or request information from us, when you engage our services, purchase our products, (offer to) supply us with products or services, when you perform any job application through one of our recruitment or career sites, or as a result of your relationship with one or more of our staff, clients or suppliers.

The personal data that is processed by us may include:

Basic information, such as your name (possibly including name prefix or title), the company you work for, title or position and your relationship to a person;

Contact Information, such as your postal address, email address, phone number(s) and social media accounts;

Financial Information, such as payment-related information;

Technical Information, such as information from your visit to (one of our) website(s), applications or related to documentation or materials that we might send you through electronic means;
Profile Data including information collected progressively when you visit our website(s) which may include referral websites, pages you visit, actions you take, your use of the website(s), patterns of page visits and information obtained from forms filled out by you;

Technical Datasuch as information collected when you access (one of) our website(s) or login to our client platform(s), your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform or other technology on the devises your using;

Information provided to us by youin relation to meetings or visits to one of our facilities;

Any other informationregarding yourself that you may have provided us with

We may use different methods to collect your personal data, including by means of the use of channels such as:

Direct interactionsbetween us, such as registrations, submitting forms, subscriptions, requests, ….

Automated technologies or interactions, by means of cookies (please read through our Cookie Policy as available here);

Third parties or publicly available sources, such as the receipt of Technical Data from analytics providers such as Google based outside the European Economic Area.

How we use your personal data

Miko collects and processes personal data about you in a number of ways, including through your use of the website(s), as per our responses to queries received by you and in relation to us providing you with services or products.

This information is used by us:

to make the website(s) available and improve them, including auditing and monitoring its use;

to improve our product offering and services that our clients and yourself might possibly be interested in;

to provide you with the information, documentation or demonstrations which you have requested from us;

for marketing and promoting our offering, products, services, events,….

to manage our relationship with you, as a (possible) client or (possible) supplier thereby enabling you to receive or download information or documentation which we might provide you with;

to enable you to purchase goods or services from us, or to enable us to purchase goods or services from you;

for recruitment and human resources purposes

On what basis we make use of your personal data

Your personal data is used by us on the following base(s):

to enable us for perform an agreement;

to comply with legal or regulatory obligations imposed on us;

for legitimate business purposes as referenced in the section here above titled “How we use your personal data”

For how long we keep your personal data

The personal data processed by us will be retained by us for an appropriate retention period which depends on the type of data that is processed by us. The specific duration of such relevant period is based upon applicable data protection legislation, the purpose for which the relevant personal data is collected, processed and used by us thereby taking into account applicable legal and regulatory requirements imposed on us in the relevant countries where the relevant Miko entity conduct its business and good industry practices.

Who do we share your personal data with

Within our group

As an international company, Miko conducts its business in different countries. As a result thereof, any information including personal data that you provide us with may be shared by us with and processed by any entity or company that belongs to our group, a full and up-to-date overview of which is publicly available and can be consulted at all times through http://www.mikogroup.be/investor-relations/group-overview.

To third parties outside our group

We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.

We may however (decide to) share your personal data with certain third parties which we consider as “trusted” and with whom we have made sure necessary contractual arrangements are in place. Such trusted third parties may include:

professional advisors and auditors engaged by us;

suppliers or partners to whom certain services might be outsourced by us;

IT Services providers engaged by us;

Regulatory authorities, courts, government agencies or the alike thereof, if such disclosure would be required and imposed on us, whereby – in such event – we will use reasonable efforts to inform you thereof prior to performing such a disclosure unless we are legally restricted from doing so;

parties to whom we may seek to sell or transfer (parts of) our business or assets to, or – alternatively – we may seek to acquire other businesses or merge with them. In such event, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same was as reflected throughout this Policy.

We require any person or entity to whom we disclose personal data pursuant to this section to respect the confidentiality and security of your personal data and to treat it in accordance with applicable laws and regulations. We do not allow such recipients of your personal data to use it for their own purposes, and we only permit them to process your personal data for specified purposes and in accordance with our instructions.

Which countries we might transfer your personal data to

In order for us to provide our services, offer our products or conduct and organize our businesses efficiently, we may need to transfer your personal data to locations outside the country or jurisdiction in which you have provided us with your personal data or where you are visiting our website(s) for the purposes as set out in this Policy.

We would like to inform you that such transfer of your personal data may include a transfer of your personal data from a location inside the European Economic Area to a location outside the European Economic Area, or – alternatively – from a location outside the European Economic Area to a location inside the European Economic Area.

As the case may be, the level of protection that is applicable in relation to your personal data in countries or locations that are located outside the European Economic Area, may be less that the level of protection offered within the European Economic Area.

However, whenever we transfer your personal data out of the European Economic Area, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;

where we use certain service providers, we may use specific contracts approved by the European Commission which gives personal data the same protection it has within the European Economic Area; and

where we use providers based in the US, we may transfer personal data to them if they are certified under the EU-US Privacy Shield which requires certified providers to have in place and maintain a similar level of protection to the personal data as if it was processed within the European Economic Area.

How we protect your personal data

Taking into account the state of technology, the costs of implementation and the nature, scope, context and purposes of the processing of personal data by us, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures in order to ensure a level of security which is considered appropriate to the risk of processing.

We ensure that those who have permanent or regular access to your personal data, or that involved in the processing of personal data, are trained properly and informed of their rights and responsibilities when processing personal data.

Your Rights in relation to your personal data

We would like to encourage you to make sure that your personal data as processed by us is accurate, so please do not hesitate to contact us in the event certain elements in relation to such personal data would have changed.

Under certain circumstances, you have rights under data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.

Details of your rights are set out below:

right to be informed about how personal data is used– you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;

right to access personal data– you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;

right to have inaccurate personal data rectified– you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;

right to have personal data erased in certain circumstances– you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;

right to restrict processing of personal data in certain circumstances– you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;

right to data portability– in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);

right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes– you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and

right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect– you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.

You may exercise any of your rights at any using the contact details set below in this Policy. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How to make a complaint or contact us

If you would have any questions, concerns or if you would like to make a complaint about our processing of your personal data, we kindly invite you to contact us thereby using the contact details as set out here below:

MIKO N.V.

GROUP LEGAL

Steenweg op Mol 177

2300 Turnhout

Belgium

E-mail: dataprotection@miko.be

You are obviously entitled to raise any concerns you may have directly with your local data protection authority directly prior to contacting us. However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you have in relation to the processing of your personal data by us.

Changes to this policy

We have the right to amend the terms and conditions as outlined in this Policy in the future. In the event such amendment would occur, the new policy will be made available through our website and/or, if such amendments are considered material, be communicated to you by e-mail. Please check out the website(s) frequently in order to be informed of any updates or changes to this Policy.