Privacy statement KYC

This statement provides information on how we approach processing your personal data as part of FMO investment process and applies for the Know Your Customer (KYC) and Know Your Supplier (KYS) processes as part of our legal obligation.

FMO believes it can have maximum impact to empower the entrepreneurs in developing and emerging countries. It is therefore of key importance that FMO knows with whom it is establishing a business relationship. FMO only wants to deal with clients and suppliers of good standing and reputation. 'Knowing' a customer or supplier means acquiring and monitoring all relevant documents concerning the identity of the customer or supplier, gaining insight into the business and its structure, and assessing the client or supplier risk (also known as Customer Due Diligence).

Where we use “KYC” in this statement we mean “KYS” as well.

In this privacy statement we explain why and how we use your personal information, your rights regarding this data, as well as the protections we have in place to safeguard it.

In this privacy statement you can read:

1. What personal information we collect, use and store
2. Why we use your personal data
3. How FMO collects the information
4. The legal basis for processing the information
5. How long FMO keeps the personal data
6. With whom FMO shares your information
7. How we protect your personal data. What you can do to protect it
8. What privacy rights you have and how you can exercise them
9. How and when we update this statement

1. What personal information we collect, use and store

We process personal data if we have, want to have, or have had a business relationship with your company or other legal entity, you and/or your company’s representatives. The people whose personal data we process includes:

• People who show an interest in FMO or our products and services.
• People who are connected in another way with a business or organization with which we have, want to have, or have had a business relationship (e.g. employees, executive directors, authorized representative or (ultimate) beneficial owners).
• Customers, Investees and Business partners such as Financing partner, Joint Venture partner, Fund Manager, Fund administrator, Custodian, Buyer.

During our KYC activities, FMO collects and may process various categories of Personal Data, such as:

• Name, address, email address, telephone number and other contact information;
• Date and place of birth;
• Nationality;
• When applicable whether a person is a political exposed person (PEP)
• Transaction details;
• Gender;
• Employment details;
• Marital status;
• Copies of identity documents (passport, national ID cards, identification numbers);
• Source of wealth;
• Utility bills, bank notices;
• Tax residency;
• Details of shareholdings and other assets which are legally or beneficially owned by the data subject;
• Details of people and organisations which may be connected to the data subject (family or otherwise);
• Details of previous employment/ownership through CV’s or similar documents

This information can be of Directors, Ultimate Beneficiary Owners (UBO’s), authorized representatives, mandated staff and/or in some cases family members.

2. Why we use your personal data

We use your personal data for the following purposes:

• Assessment, conclusion and performance of business agreements and compliance with our legal obligations as Financial Institution - Know Your Customer Process.
  Any personal data provided to FMO as part of the KYC due diligence will be used for the assessment, conclusion and performance of the agreement and for the purpose of KYC (Periodic or event driven) review.
• Audit and settlement of disputes
  Personal data is also used to do audits and in case of conflicts the settlement of the disputes.
• Responding to legal and regulatory requests
  To comply with lawful requests by public authorities, disclosure requests, or where otherwise required or authorised by applicable laws, court orders, government regulations, or regulatory authorities, such as the Dutch State Bank (DNB).

3. How FMO collects the information

We collect your personal information from a variety of sources. Sometimes directly from you,but also through the company or organization for who you are working or affiliated with, for example as an UBO.

If your company or organization transfers your personal data to us, we expect your business or organization to inform you about this.

We also collect personal data of employees or executive directors not being provided by your company or organization. For example, by retrieving these data from the Chamber of Commerce or other publicly available sources. We process this data as well. You can give this Privacy Statement to them so that they can learn how we deal with their personal data.

We may also obtain some information from third parties, e.g., partners with whom we do a joint investment deal, google searches (as part of our screening obligation) or publicly available websites (LinkedIn, Bloomberg, MarketScreener, etc) and screening lists.

Where we ask you to provide personal information to us on a mandatory basis, we will inform you of this at the time of collection and in the event that particular information is required by the contract or statute this will be indicated. The failure to provide mandatory
information will mean that we cannot carry out certain services. For example without requested KYC information, we cannot invest in your company or project.

4. The legal basis for processing your personal data

We are only using your personal data when it is allowed by law. We will use the following grounds:

Performance of a contract
We may need to collect your personal information to enter into a contract with you/ your organization or to perform the contract that you have of your organization has with us. For example, when we invest in your company, we need to use personal information for the execution of the deal.

Legal obligation – AML and anti-terrorist financing legislation
The Money Laundering and Terrorist Financing Prevention Act (Wwft) and international sanctions legislation imposes obligations on banks and other financial institutions in the Netherlands to prevent money laundering and terrorist financing as much as possible. FMO processes personal data as part of this legal obligation.

Legitimate interest – reuse of information for other KYC Files
In case an UBO, director or representative is also forming part of another KYC file, the personal data of the aforementioned persons may be used under certain circumstances for new/other KYC reviews, as this has the same legal grounds but then for another file. If you object to the reuse, please let us know in advance.

5. How long FMO keeps your information

We will store your personal information for as long as is required or reasonably necessary for the purposes for which it was collected, as explained in this Privacy Statement, and in accordance with our Personal Data Retention schedule.

In some circumstances we may have to store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements. In that case we will follow the retention periods required by law and the personal data retention schedule. In case of AML the retention period is the legal retention period prescribed by law 5 years after the end of the contract.

6. With whom FMO shares your information

For the above purposes, personal information may be transferred within or outside of the jurisdiction, either within FMO or to third parties, including, but not limited to:

• certain third parties including suppliers, professional service providers. We have agreed additional safeguards to protect your information and have agreed data processing agreements with these parties
• FMO may disclose personal information when required by law or court order, or as requested by any government or regulator or law enforcement authority or agency.
• If applicable and under certain circumstances and proper contractual arrangements, it is possible and might be necessary for FMO to share this information (a) in the case of loan and debt transactions, with syndication parties, or other lenders; or (b) in the case of fund or equity investments, with other investors, shareholders, or group companies and affiliates. It may be necessary to share this information with such parties in order to fulfil legal requirements for the purpose of KYC /customer due
  diligence, where such parties are stakeholder or have a direct or indirect interest in the transaction at a given time.
• FMO may disclose or transfer personal data collected by FMO to other FMO offices insofar as reasonably necessary for the purposes of our service offering.

Where FMO transfers personal information internally within FMO or to any third party between different jurisdictions, including, but not limited to, transfers outside of the European Economic Area (EEA), and to other jurisdictions that have not been deemed to offer adequate protection, for the purposes outlined in this document, it will take appropriate steps to ensure that there is an adequate level of protection for personal information in place in accordance with applicable legal requirements. These steps can be in the form of concluding additional contracts or (technical) measures in case of transfers outside the EEA.

7. How we protect your personal data. What can you do to protect the data?

Personal Data held by us will be kept confidential in accordance with Data Protection Laws and applicable FMO policies and procedures.

We will take appropriate security and organizational measures to ensure that Personal Data is kept secure and safe from any loss or unauthorized disclosure or use.

(Suspected) data leaks can be reported through DPO@fmo.nl.

What can you do to protect the data?
With respect to KYC related documents such as copies of identification documents, being provided to avoid misusage (e.g. identity fraud), citizen service numbers may be crossed out on the identification documents.

We strongly advise you to send the data to us in a safe manner, for example through an encrypted file sender program, encryption or as password protected documents.

8. What privacy rights you have

You have a number of legal rights in relation to the personal data that we hold about you.

These rights include:

• the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you
• the right to withdraw your consent to our processing of your personal data at any time.
• in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible.
• the right to request that we correct your personal data if it is inaccurate or incomplete,
• the right to request that we erase your personal data in certain circumstances.
• the right to request that we restrict our processing of your personal data in certain circumstances.
• when we are processing on the grounds of legitimate interest, the right to object to the processing. In that case we must stop processing unless we have an overriding reason which will be communicated to you.

How to exercise of your rights
If you would like to exercise any of these rights, or you have any concerns about how your Personal Data is handled by us or wish to raise a complaint on how we have handled your Personal Data you may contact us via email at: DPO@fmo.nl.

Privacy complaints
If you have a complaint, we’d like to hear about it so we can find a solution first. You always have the right to lodge a complaint with the applicable data protection authority.

To protect your privacy, we will take steps to verify your identity before fulfilling your request; this can mean that we ask you to meet us in person in the office or ask you to identify yourself first.

9. How and when we update this privacy statement

FMO can change the privacy statement at any moment when triggered by regulatory requirements or for practical purposes. Older versions of our privacy statement will be stored in our archives. To view an older version of the privacy statement, please contact DPO@fmo.nl.

More information
Questions about this privacy statement can be directed to our data privacy officer
DPO@fmo.nl

You can also reach us at the following address:

FMO - Netherlands Development Finance Company
Privacy Officer/ Compliance department
Anna van Saksenlaan 71
2593 HW The Hague
The Netherlands

Version July 2022