Revo Capital Management B.V. (the Manager) provides you with this privacy policy on behalf of its own and on behalf of Revo Capital Fund II B.V. (the Fund). This privacy notice applies to the data processing activities of the Manager and the Fund. In the context of our activities as independent private equity fund and management company, we collect, hold, use and/or otherwise process personal data. Based on applicable data protection and privacy laws (such as the General Data Protection Regulation, (GDPR) and the Dutch GDPR Implementation Act), we qualify as 'joint controllers' with respect to the personal data that we process in that context. The privacy policy as set out here is applicable to both the Manager and the Fund.

We understand that your privacy is important and that you care about how your personal data is processed. We respect and value your privacy and will only collect and process personal data in the manner and for the purposes as described in this document and that is in compliance with our obligations and your rights under the applicable data protection legislation and regulations.

Revo Capital Management B.V.
Address: van Galenlaan 40, 3941VD Doorn, the Netherlands
Data Protection Officer (DPO): Cenk Bayrakdar

This Privacy Notice is relevant for investors and prospective investors in our funds or investment vehicles and individuals acting for, or on behalf of, or otherwise providing us with personal data with regard to (prospective) investors in our funds or investment vehicles (hereinafter also referred to as: 'you').

This Privacy Notice explains on what legal basis we may process your personal data and:
• what personal data we collect;
• for what purposes and how we may use/process such personal data;
• how we collect the personal data;
• how we store the personal data;
• for what period we store the personal data; and
• what your rights are under the applicable data protection and privacy legislation.

We encourage you to carefully read this Privacy Notice. From time to time, we may need to update this Privacy Notice. This may be necessary, for example, if the law changes or if we change our business in a way that affects the way we process personal data. In the event that the Privacy Notice will materially and/or substantially change, we will actively inform you of this change and provide you with the new version of the Privacy Notice. You may also ask us to send you a copy of the most recent version of this Privacy Notice. The most recent version of this Privacy Notice will always be available on www.revo.vc.

We collect personal data in various ways:
• Directly from you, for example when you provide us with your personal information by telephone, email or other correspondence;
• Directly from you, for example when you engage in business with us, for example by subscribing to our fund or investment vehicle;
• From third parties, for example tax authorities, credit agencies, governmental and competent regulatory authorities;
• From the company you work for (in case the investor is a legal entity);
• Otherwise, for example, from public sources such as the trade register, public directories or your website.

We collect or process some or all of the following personal data:
• Name, date and place of birth;
• Contact details, including but not limited to addresses, telephone numbers, facsimile numbers and email addresses;
• Function title;
• Investor status;
• Copy of utility bill;
• Ultimate Beneficial Owner (UBO) related information (documents showing whether you are an UBO) including the interests the UBO holds in relevant legal entities;
• Information about whether you are a politically exposed person or not;
• Country or tax residence and tax payer ID;
• Payment information/bank account details;
• Anti-money laundering identification (including passport or drivers' license) and verification documentation and, if applicable, additional information for any individual regarded as a politically exposed person;
• Information regarding your interest and holding in our funds or other investment vehicles, including ownership percentage, capital investment, income and losses;
• Excerpts of registers (public or not, for example excerpts from the Chamber of Commerce);
• Signature.

The following legal bases shall apply with respect to the processing of these personal data:
• The processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract with us (for an investor who is the data subject), such as further detailed in paragraph 5 section (a);
• The processing is necessary for compliance with legal obligations to which we are subject, such as further detailed in paragraph 5 sections (b) and (c); and
• The processing is necessary for the purposes of the legitimate interests pursued by us, such as our legitimate interest to enter into and execute a contract with a (prospective) investor in our funds or investment vehicles in case you act on behalf of such organization and the purposes further detailed in paragraph 5 sections (d), (e), (f) and (g).

We process your personal data for the following purposes:
(a) to provide the investment services to you and/or to comply with contractual obligations, we process your personal data. Without this data, we are unable provide the investment services to you and/ or to comply with our contractual obligations towards you;
(b) to provide the investment services/to comply with contractual obligations with (prospective) investors in our funds or investment vehicles in case you act on behalf of such organizations;
(c) to conduct credit checks;
(d) to comply with regulatory, fiscal, tax information reporting, anti-trust, anti-money laundering and terrorist financing and other legal and regulatory obligations;
(e) for the purposes of our internal administration;
(f) if necessary, for establishing, exercising and defending our legal rights;
(g) to monitor and record telephone and electronic communications for:
(i) quality, business analysis, training and related purposes in order to improve our service;
(ii) fraud prevention purposes, crime detection, prevention, (compliance related) investigation and prosecution; and
(iii) exercising and defending our legal rights.

Personal data will be kept throughout the life cycle of your investment in the Fund, however no longer than is necessary in light of the purposes for which we process them (we refer to the purposes as listed above in paragraph 5). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings, we will store the personal data for longer periods.

We will implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. More specifically, we have taken the following measures: access to personal data is limited to the persons with relevant responsible functions within the company and we have secured our devices with security passwords.Further, we seek to ensure that we keep your personal data accurate and up to date. In that respect we kindly request that you actively inform us of any changes to your personal data (such as a change in your contact details).

In the context of the purposes as listed above, we could share your personal data with third parties in the following situations:

• any bank, financial institution or other third party lender providing any form of facility, loan, finance or other form of credit or guarantee;
• to our affiliates or any authorized third party service provider, consultant or advisor engaged by us under the terms of any appropriate delegation or contractual arrangement, in order to provide the investment services to you, or to comply with regulatory requirements, or to provide (without limitation) the following functions:
o using our IT systems, software and business applications;
o supporting our IT and business applications support teams, accounting, legal, reporting, internal audit and risk management, administrative, transfer, document storage, record keeping and other related functions, and
o collecting, processing, transferring and storing 'customer due diligence', source of funds information and verification data under applicable anti-money laundering and terrorist financing laws and regulations,
• to liaise with any regulatory authority with whom we are required to cooperate with in relation to an investment.

Where relevant, we will implement safeguards to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements when engaging a data processor (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).

If you want to know what personal data we (the Fund as well as the Manager) have of you, you can ask us for details of that personal data and for a copy of it via the contact details included below in paragraph 12. This is known as a 'data subject access request'.

All such requests should be made in writing and sent to the email or postal addresses shown in paragraph 12 below. In principle, there is no charge for a subject access request. If your request is 'manifestly unfounded or excessive' (for example, if you make unnecessary repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within 10 working days after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months after the date on which we received your request. In this case you will, of course, be kept fully informed of our progress.

Under certain circumstances you have the right to:
• receive additional information regarding the processing of your personal data;
• rectify your personal data;
• the erasure of your personal data;
• object to (part of) the processing of your personal data;
• the restriction of (part of) the processing of your personal data; and
• data portability (receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization).

Finally you also have the right to lodge a complaint to the local data protection authority. The contact details of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) are as follows: Bezuidenhoutseweg 30 (2594 AV) The Hague; telephone no. 088 - 1805 250.

We do not undertake any automated decision making or profiling.